On Thursday, December 2, 2004, at 02:19 PM, Warren Michelsen wrote:

At 12:42 PM -0600 12/2/04, Mike Hebel issued a series of ones and zeros which decoded as:
On Thursday, December 2, 2004, at 12:23 PM, Warren Michelsen wrote:

One is a DSL Modem/Router unit (which is really just a Router, but for
sake of clarity, I'll refered to it as the combo). This unit the WAN port
is a DSL interface.

I thought we'd established that this is NOT what I want. DSL is not Ethernet. My connection is Ethernet, NOT DSL.

What he's referring to is that some "DSL" routers are actually designed to plug into the ethernet port of a DSL modem rather than directly into the phone line.

I'm sure some are but he specifically said the WAN port is DSL.

Yes but not in the case of the WRT54G.  If it's RJ-45 it's ethernet - almost 100% sure here.  The ones that are DSL modem/router combo machines have a standard phone connector on the DSL WAN side.  (This is where picking the phone or e-mailing Linksys would solve a lot of confusion here.)

I've found that most routers - even home ones - allow you to do things like port forwarding which allows servers to be run behind >> NAT.

I need more than that. I run twp web servers, so simply forwarding port 80 to somewhere is not going to cut it. I need multiple, public IPs to show.

Thus you turn off NAT on the router and it becomes static.  You set it to the default gateway address for your /28 subnet - your ISP should be able to give you a static to set it to.  It's address becomes the default gateway for your /28 subnet machines.

Actually I just static route my machines on my IPs.  The router passes the IPs in unchecked

That sounds like what I need.

That's static routing.  If you're looking for a simple solution you're going to almost certainly have to call the manufacturers to make sure the router in question is capable of static routes - most are. Google says the WRT54G can be set that way:

and I put internal firewalls/NAT services on them as needed.

? "Them' meaning IPs? You can block given ports and incoming IPs from reaching your network IPs?

I have 5 static IPs.  They are all directly routed through the Speedstream.  Ignore the term DSL and focus on WAN and LAN sides.  WAN is outside, LAN is inside.  The machines (servers/firewalls/etc.) are set to one of the static IPs.

For instance one of the paths from the router to my inside network is:

Internet -> Router(Set to gateway IP for 5 statics) -> Firewall(Set to one of the static IPs) -> Webserver(Set to an internal address behind the firewall.)

On each IP I personally have separate firewall machines but that doesn't have to be the case.  I could put a firewall on the LAN side of the router in front of my servers.  Or you can enable packet filtering (fancy name for firewall) on the router itself for those statics.

I have a /28 subnet. When configuring machines on my subnet, I use xx.xx.xx.129 as the gateway address. If I have my own router, will this be the address of the LAN port on it?

That xx.xx.xx.129 address is the address of the default gateway for your /28.  If there is no NAT being done then there is no difference between the WAN and LAN addresses on the router itself as it takes the place of the default gateway address and passes the /28 addresses transparently.   Your ISP should be able to help you with that info without too much trouble - just escalate the call to Tier-2 support if you can as Tier-1 in my experience knows nothing about static routing usually.

Mike Hebel
