Routing from LAN/Sonicwall to Comcast DHCP Client
-
@notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:
Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.
I have rules in the Sonicwall to allow from 10.1.10.x to 192.168.1.x, even though they are not required. (The traffic is initiated by the device on the 192.168.1.x LAN network)
No NAT rules on the Comcast CPE. It shouldn't be needed because I am not trying to use the CPE public IP address as a destination, only as a gateway.
Yes, all three are the same. The two SWs are plugged into the CPE.
CPE = xx.xx.xx.98
SW1 = xx.xx.xx.97
SW2 = xx.xx.xx.96Only one ISP in the mix.
So this is what your setup looks like?
I'm not sure, but I wouldn't be surprised if the SW simply goes bork trying to deal with private IP ranges on a port that you've designated as a WAN.
Still puzzled as to why you've got 3 edge devices...
Assuming this diagram is correct (man it's weird if it is) then adding the route to the internal 10.x.x.x address should have worked.
But since it's not, try adding a virtual adapter on the WAN interface of the SonicWall and assigning it IP 10.x.x.x in the same range as the web server. Now the web server won't know how to get back, so you'll need a route entry on the webserver as well.*Edit - after reading and posting a lot more - The 192.x.x.x client should be reaching out to the Public IP of the CPE, not the 10.x.x.x address, then the CPE might route your stuff as desired, read below for more info.
I've never seen a Cable connected box used as the diagram suggests. Normally anything connected to the cable connected box would have a real IP, not a 10.x.x.x address, unless as Jared said, the cable connected box is a cable/router combo box.
-
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
192.168.1.x TO 10.1.10.44 does not work. The sonicwall claims the 10.1.10.x subnet is on the WAN port and reachable through 96.x.x.x (Cablem Modem's Public IP).
Of course the SonicWall thinks that, it's not directly aware of any other path to a 10.x.x.x network, so it must go to the default route.
All I can guess is the cable modem is not turning the traffic around and putting it back on it's 10.1.10.x lan subnet.
Yeah, this doesn't surprise me. It's generally not used the way you are using it. I've never seen anyone intentionally use a cable connected box to assign DHCP addresses for a client, while also statically assigning addresses to others.
-
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@jaredbusch said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
All I can guess is the cable modem is not turning the traffic around and putting it back on it's 10.1.10.x lan subnet.
This would not be a modem if it could. It would be a router.
So I added a static route to the Comcast Cable Modem. So now it is a router.
Still no joy.
While this seems correct, it might not work as you expect. You might only be able to create static routes on the IP range that's inside the DHCP pool.
Again, I'm sure the box isn't meant to be used as you are using it.
Can you assign a static IP to the webserver?
-
@notverypunny said in Routing from LAN/Sonicwall to Comcast DHCP Client:
Have you got the appropriate rules in place to allow WAN > LAN as well as the NAT rules on the Comcast CPE? Can you get to the webserver from another connection? Keep in mind that since you're using the public IP it's got to be configured and managed as an independent, internet-facing service. Are all 3 devices (the 2 SW and the Comcast CPE) on the same connection and the IPs part of the same subnet or are we dealing with multiple discrete ISP lines? There's lots of room for incorrect assumptions to be made with the info you've provided. If possible, I'd put everything on one device, preferably the strongest of the 2 SW units and manage everything that way.
This point brings up a good point.
Assuming the CPE can't route, you'd need to reach out to the Public IP that's in front of the DHCP range the CPE is providing. Then make sure sure the CPE is able to trombone route and that the correct port redirections are in place on the CPE to get traffic through the CPE's NAT to the DHCP webserver client.
As @notverypunny asked - can you reach the webserver from something outside of your network?
-
@dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:
As @notverypunny asked - can you reach the webserver from something outside of your network?
No. That's verboten.
-
I'm going to contact the web server people and ask if we can move it to our LAN subnet.
-
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:
As @notverypunny asked - can you reach the webserver from something outside of your network?
No. That's verboten.
then I'm confused - why it is attached in the manner it is? Who's supposed to access the webserver?
-
@dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:
then I'm confused - why it is attached in the manner it is? Who's supposed to access the webserver?
People on the sonicwall LAN.
-
@dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:
But since it's not, try adding a virtual adapter on the WAN interface of the SonicWall and assigning it IP 10.x.x.x in the same range as the web server. Now the web server won't know how to get back, so you'll need a route entry on the webserver as well.
This was the closest to the way we went.
I used an available physical port on the Sonicwall, assigned it a static IP (10.1.10.253) on the Comcast Cable Modem internal LAN subnet.I then added a static route on the Sonicwall to find the Comcast LAN and I added a route on the Cable modem to find the Sonicwall LAN.
It works just as we want.
Thanks for all the comments, it helped lead us to a solution to handle this non standard configuration.
-
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:
But since it's not, try adding a virtual adapter on the WAN interface of the SonicWall and assigning it IP 10.x.x.x in the same range as the web server. Now the web server won't know how to get back, so you'll need a route entry on the webserver as well.
This was the closest to the way we went.
I used an available physical port on the Sonicwall, assigned it a static IP (10.1.10.253) on the Comcast Cable Modem internal LAN subnet.I then added a static route on the Sonicwall to find the Comcast LAN and I added a route on the Cable modem to find the Sonicwall LAN.
It works just as we want.
Thanks for all the comments, it helped lead us to a solution to handle this non standard configuration.
Why go through all of these hoops when
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:
then I'm confused - why it is attached in the manner it is? Who's supposed to access the webserver?
People on the sonicwall LAN.
If those are the only people with access - why not just put it on that LAN?
-
@dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:
If those are the only people with access - why not just put it on that LAN?
Other equipment it talks to on another network; and we do not have access to that other equipment.
-
@jasgot said in Routing from LAN/Sonicwall to Comcast DHCP Client:
@dashrender said in Routing from LAN/Sonicwall to Comcast DHCP Client:
If those are the only people with access - why not just put it on that LAN?
Other equipment it talks to on another network; and we do not have access to that other equipment.
Where is that network? how does the web server get to that network now?