Cyberoam router with two public IP blocks

November 25, 2010 at 07:11:24
Specs: N/A
Hi Everyone,

I need help in configuring Cyberoam 25i with two public IP address blocks. My ISP gave me two blocks of IP addresses which is given below.

WAN Block

LAN Block

I have IPCop firewall behind this router which will be the gateway for my workstations and I have VLAN configured for our servers.

I'm able to access internet only when I enable masquerading on the router. This makes the IPCop's IP address is rewritten as my WAN port's IP address.

I would like to disable masquerading on the router and do simple routing between two ports since I have NAT enabled on the IPCop.

Can anyone help/guide me to configure the routing?

Thanks in advance.


See More: Cyberoam router with two public IP blocks

Report •

November 25, 2010 at 07:53:28
I'd love to help you but I have no experience with that router.

I do have to wonder why you're using a block of routable IP's internally though:

LAN Block

This doesn't make a lot of sense to me. Most everybody uses NAT and Private IP's internally on the LAN.

To be honest, I'm not sure why you need the block of external IP's either. You only have one device (the WAN interface) that you mention. I suppose if you're planning on having a lot of outward facing servers (like web servers) I understand. But you don't mention that. So perhaps you could explain your need for the aforementioned blocks of IP's (both internal and external).

I have IPCop firewall behind this router which will be the gateway for my workstations and I have VLAN configured for our servers

I have no experience with IPCop either so can't help you with that. You mention a VLAN for servers....what about clients? If you're going to use VLAN's, I would use them in all cases not just for servers. I would have a client VLAN, a server VLAN, a printer VLAN. You may actually have need for multiple client VLAN's. You might for instance want to keep the finance department separated from everyone else for example.

Perhaps if you start at the begining and give us an overview of your setup, how it connects physically as well as logically, and explain what it is you're trying to achieve we can find a way to help you make this work.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***

Report •

November 25, 2010 at 08:26:38
Hi Williams,

Thanks for your response.

Even I'm not in favor of having two IP blocks for this connection and I dont need a router since my IPCop does well with the existing connection, but my new ISP forces me to have two blocks and introduces me the new router.

My intention is to route all my traffic (includes workstations, various kind of servers) through IPCop. Though I cant avoid having the router. The below scenario explains my setup

IPCop firewall <->DMZ

All my private networks are configured behind IPCop and I do masquerading on IPCop.

The second block will be used on my servers as well as gateway after masquerading in IPCop.

The first block is just for connecting to our ISP and used for nothing except routing between two blocks.


Report •

November 26, 2010 at 00:19:07
Hi Senthil,

What you have to do is to have a private LAN between you Cyberoam and your IPCop like that :

IPCop --- DMZ

Then, into the cyberoam you can create Virtual Host to translate public IP to private IP.

Lets take an example, you have a webserver and a mailserver. You want to use for your webserver and for your mailserver. Into the cyberoam you create a virtual host with range of IP. External IPs : - and Mapping IP (Internal IP) : - You have to create both and on your IPCop and you have to route to your webserver and to your mailserver.

That's the easier way to do. You can do with public IP on your webserver, but it is more complicated.

Report •

Related Solutions

Ask Question