Cable modem, with one machine having external address
|
|
|
 |
 |
Cable modem/router allocating DHCP addresses
Internal machines on private addresses
One machine set to have cable modem allocated address
NAT for other machines |
 |
 |
 |
|
|
|
|
|
|
|
In this configuration there is a cable modem allocating a single address
by DHCP. This is normally intended for use with one PC (so check if terms
and conditions allow for use of a network).
The FireBrick will obtain an address from the cable modem, and provide
NAT to a private address block on the inside of the network. PCs on the
inside are allocated addresses by DHCP.
One machine on the inside is to have a public address, so as to allow
incoming email, web, etc. This address may change because the cable modem
service allocated by DHCP, but with the FireBrick constantly renewing addresses,
it is unlikely.
-
Create a WAN subnet, marked DHCP client
-
Create a LAN subnet marked DHCP mirror - give it a name such as "SERVER",
and mark it DHCP Restrict
-
Create a LAN subnet on a private address range, e.g. 10.0.0.1 mask 24 (255.255.255.0)
and set DHCP server addresses (e.g. 10.0.0.10 to 10.0.0.99), and mark as
NAT
-
Create a portmap, WAN to FireBrick mapped to LAN with nothing else filled
in
-
Ensure the server PC has a name, such as "SERVER" which is the same as
the first LAN subnet
-
Adjust filters as required
You should find the WAN subnet gets an address, and the gateway and DNS
server addresses are set up automatically.
The LAN subnet should claim to be an address (the gateway address)
and allocating a single DHCP address (the WAN address). Using DHCP restrict
ensures this will only be issued to a machine called "SERVER".
The PC called SERVER should be set to collect IP automatically (DHCP),
and should get the FireBricks WAN address allocated to it on the LAN
The port map ensures the FireBrick will pass on packets from the internet
to the internal PC.
Other PCs get private addresses by DHCP and are NATed.