Mix of Public Static IP and Private DHCP LAN

September 19, 2009 at 21:53:21
Specs: Windows Vista
I have a home network in which I'm trying to get a mix of a public static IP and the rest private DHCP IPs. Here's what I started with:

The service is AT&T U-Verse with their 3800HGV-B Gateway.

Here's what I started with.

Gateway set to DHCP for everything. Connected are:
Computer1 (Vista, wired)
Computer2 (Vista, wired)
Computer3 (OSX, wireless)
Printer (wired)

There are two shared folders on Computer1 which Computer2 accesses on a daily basis. This works fine.

Today I switched to a public static IP so that I can set up a software VPN server. So now I have

Computer1 99.70.XXX.XXX
Computer2 192.168.1.XXX
Computer3 192.168.1.XXX
Printer 192.168.1.XXX

Computer2 can no longer access Computer1 shares unless the Windows firewall is turned off. I'd rather not do this. I'm pretty sure it's because the subnet mask and gateway are not the same.

For the public static
Subnet mask: 255.255.255.248
Gateway: 99.70.XXX.XXX

For the DHCP
Subnet mask: 255.255.255.0
Gateway: 192.168.1.XXX

All IPs, even the static, are assigned via DHCP, so I can't change the subnet mask or gateway.

Any advice?


See More: Mix of Public Static IP and Private DHCP LAN

Report •


#1
September 20, 2009 at 02:37:20
even the static, are assigned via DHCP

It it is assigned by DHCP the its a dynamic IP address. A static IP address is one you have entered manually with the uses of DHCP.

You cannot have public and privates addresses on the same network, somewhere between them there has to be a router that is using Network Address Translation. if you want computer 1 to be the VP server it still needs a privates address. You then configure the router it pass VPN requests fro the public side to the private side. Not all routers are capable of using VPN pass through as it is called

Stuart


Report •

#2
September 20, 2009 at 05:38:39
Computer2 can no longer access Computer1 shares unless the Windows firewall is turned off. I'd rather not do this. I'm pretty sure it's because the subnet mask and gateway are not the same.

You're mostly correct, it's because they're on different subnets. This means not only is the SM and gateway different, but so is the actual subnet (IP addressing scheme) itself. Take a look, you're using a Private class C internally (192.168.1.0) and your external is a public (routable) subnet (99.70.0.0) It's impossible for those two subnets to "talk" to each other without a router between them

You can put a second NIC in Computer1, configure it for your 192.168.1.xxx network and plug it in to the same switch as the rest of that network and you'll be able to connect to it from Computer2 again and still have Computer1 do it's VPN thing.

What Stuart said is correct, a Static IP assignments are different from DHCP assigned.

If you have a SOHO router, and it sounds like you might, you could check it's info and see if it can be used as a VPN endpoint. If it can, use it instead of Computer1. If it can't, can it do VPN passthrough? If yes, then set it up to point the VPN passthrough to Computer1.

This would leave Computer1 with a 192.168.1.0 address, communicating with the rest of the LAN without having to add and extra NIC and all the rest of your LAN would still have internet connectivity without extra hassles and equipment.

If you're just going to be using a VPN client on Computer1 to connect to a work environment then you shouldn't need a static, public IP or anything else other than the client software.


Report •

#3
September 20, 2009 at 08:18:16
There is a router between the two computers. It assigns the static public address to Computer1 (99.70.xxx.xxx) and assigns the private DHCP address to Computer2 (192.168.xxx.xxx). It does both of these through DHCP. So while it is using DHCP, it always assigns the static public address to computer1.

I'm setting up a VPN server, not client, which is why I need the static. I've asked and yes, it can do a VPN passthrough to Computer1.

If I understand what you're saying, the router should map the public (99.70.xxx.xxx) to a new private (192.168.xxx.xxx), correct? However, this seems impossible with this router. If you want a static IP, it passes it all the way to Computer1, assigning it the public static IP.


Report •

Related Solutions

#4
September 20, 2009 at 09:39:18
It assigns the static public address to Computer1 (99.70.xxx.xxx)

You seem to be getting confused between static IP addresses and dynamic IP address and public and private IP addresses.

A public IP address can only be assigned by someone that has had that IP address assigned to them by IANA. Thus usually means an ISP. A router cannot assign a public IP address, It would be chaotic if it could.

A private address is one that had been designated as such by IANA and they fall within specific ranges. Class A, B, & C. The most common is a class C address which fall into the range 192.168.x.x. These are the IP address a router a assigns via DHCP.

IANA

Private IP addresses

Private_network
A static address is one that is entered manually, NOT via DHCP. An address obtained via DHCP is a dynamic address. It is called a dynamic address because it can change depending on the way the DHCP server is configured.

If I understand what you're saying, the router should point the public (99.70.xxx.xxx) to a new private (192.168.xxx.xxx), correct?

Yes, that's what Network Address Translation does. The public IP address shroud only appear on the public side of the router, not on a particular computer.


It sounds like you might have computer 1 in the DMZ, Not an ideal solution but sometimes necessary if the router did not have VNP pass-through abilities. but you say it has, therefore a DMZ is not necessary and is undesirable

You configure computer 1 to get a DHCP address from the router in the same manner as computers 2 & 3, then configure the router to pass VNP requests to that computer.

However, this is impossible with this router.

I bet you it does as this is the main function of a SOHO router. How are computer 2 & 3 getting an IP address? Is it static or DHCP? It cant be both.

Stuart


Report •

#5
September 20, 2009 at 12:57:08
No confusion at all between static and dynamic, and public and private. The public static address block was assigned to me by my ISP. It is a block of 8 IPs, 5 usable, and are in the form 99.70.xxx.xxx. My private setup is via the normal 192.168.xxx.xxx.

Now, the ONLY way to assign the static IPs is through the router DHCP. Within the routher GUI, there is a address allocation setting, where you set the DHCP settings. One of the settings is to map the public static IP to a specific device. This is the only reliable method with this router. You can set the static info on the device, but the router will not see it. The ONLY way the router sees a device is through a DHCP request. A few people have said they can set up the static the traditional way, but it is not reliable. Sometimes the router will see it, sometimes not.

BUT, when you map the public static IP, it doesn't just map it to the device, it actually assigns the public static IP to the device. No private IP at all. And I've looked every where for a way to do this, but so far I haven't found it.

No, nothing is in DMZ mode.

Computer 2 & 3 are getting their private IPs through DHCP as well.

As you can see, this router is weird. And it's documented well online that it's weird.

The only thing I can think of doing now is putting a "normal" router behind the uverse router and put it in DMZ mode. The only downfall I can think of is the uverse router will only let me pass one public static IP. There is no way to pass the entire block, and this is documented.


Report •

#6
September 20, 2009 at 13:58:19
the ONLY way to assign the static IPs is through the router DHCP

No you do not not. The only way to assign as static IP address is to type it into the computer yourself. If it assigned via DHCP it is a dynamic address.

One of the settings is to map the public static IP to a specific device.

That puts it into the DMZ.

Computer 2 & 3 are getting their private IPs through DHCP as well.

So what is stopping you from doing the same with computer 1

Stuart


Report •

#7
September 20, 2009 at 14:21:18
If I type the static address into the computer myself, which I've tried, it does not work. The router never sees the device. So, ok, it's a dynamic address, but it's always assigning the public static address to that computer. Here is what the router says about that specific connection. It is clearly a public address (one of the 8 static assigned to me).

Connection Type: Ethernet
IP Address: 99.70.xxx.xxx
IP Address Allocation: DHCP
IP Address Type: Public

There is another option, to change to DMZplus, but I have not selected that.

Nothing is stopping me from doing the same with Computer1, except then the static IP is not used anywhere. There's no way in the router to say 99.70.xxx.xxx = 192.168.xxx.xxx behind the router. That is, unless the AT&T tier 2 reps say is wrong, which I'll admit could easily be the case.

In the router interface, they had me configure the Public Routed Subinterface section with the following.

Router Address: 99.70.xxx.xxx
Subnet Mask: 255.255.255.248

Then, in the Address Allocation, they had me select the public static IP of my choice from my block of 99.70.xxx.xxx under the WAN IP Mapping.


Report •

#8
September 20, 2009 at 14:21:36
Would it help if I posted screen captures of the options?

Report •

#9
September 20, 2009 at 20:04:38
Stuart,
This modem/router combo unit appears to have an odd idea of how to configure a DMZ.

See: 3800HGV-B Uverse Router Userguide
http://www.scribd.com/doc/3849281/3...

This router does have a few good features that other routers don't provide. However, it is my opinion that it would be better to replace this router with a more mainstream router.


Report •

#10
September 20, 2009 at 21:14:27
Unfortunately, it does not appear I can use anything else with the U-Verse service. I'm stuck unless I change ISP, and I'm not going to do that because Time Warner is terrible around here.

Report •

#11
September 21, 2009 at 08:23:34
"The only way to assign as static IP address is to type it into the computer yourself. If it assigned via DHCP it is a dynamic address."

Sorry but this is incorrect. You can assign static ip via dhcp. It's called mac filtering or ip reservations depending on who you are talking to. This is still defined as static ip assignments since only that device can get that assigned/reserved ip.

Though if the only issue you were having was with the windows firewall all I would have done was configure it to trust those addresses in the 99.70.XXX.XXX range.


Report •


Ask Question