modem -> [Router/firewall ] -> Exchange server

[funnelhead]

Hello Everybody, and esp those kind helping type of people.

About 3 weeks ago BT shut off [without asking] the adsl connection of a small bussiness customer of mine. 16 days later we get the connection back. the problem is: the IT company that installed everything put their own passwords in and then buggered off. The only way i could get back in was to factory reset both modem-router and firewall-router.

grr.

I havent set something like this up before and was hoping to learn it up at my leisure, but no chance now - I need the H-team!

ok goes like this

BT connection (static range) -------> modem router (2wire 2700) -------> firewall router (netscreen 5gt) ------>switch ------>server (dhcp + dns) + workstations


My main dizzy part is this - do i want the 2wire 2700 fowarding the connection IP x.x.x.14 to the untrust port of the firewall.

OR

do i want it assigning the first static ip in the range x.x.x.1 to the untrust port of the firewall, then DMZ all traffic to that device?


I THOUGHT it should be the 2nd option - but when i do this the netscreen refuses to pickup x.x.x.1 as a valid dhcp address - it just says 0.0.0.0 .

if i then set the untrust port to x.x.x.1 static(on the firewall) it all starts working..... until the dhcp lease on the 2wire runs out (24-99hrs) and it suddenly gets the idea the netscreen is gone, don't think i'll bother sending anymore traffic that way, jimmy.




I KNOW i'm being a bit specific here - BUT if someone could point me in the right direction of how to use a [Router] ------------> [Firewall] ------------->[exchange server (dhcp/dns)] i would be most happy.

All the combinations of pppoa/pppoe/bridge mode are sending me up the twist!



f

[funnelhead]

ok, nevermind all the crap above.

if i put the adsl router into "bridge mode" - it's basically then just putting the signal onto Ethernet, without logging in.

do i then have to configure the firewall router in PPPoE mode??


and whats 1483 bridge mode?


Ahh!

[burble]

It's been ages since I've dealt with a setup like this (we used to have an internet facing test environment running over ADSL with a /29 subnet).

What I'd do is setup the ADSL router to do the PPPoA and then you should have the remainder of your internet subnet available on the LAN side of the router. Connect the WAN port of the firewall to one of the LAN ports on the router. Setup the WAN interface of the firewall to be the next IP up from the WAN interface.

Setup your firewall rulls to allow the stuff you want and that should be it.

[funnelhead]

ooo thanks for the response burble.

Thats sorta what i did:

our range is 81.150.250.0 -> 81.150.250.14.

The router is set to .14(as decreed by bt) the wan on the firewall is then set to .1.

In the router i set the .1 as the DMZ to which ALL traffic be fowarded.

unfortunately the firewall in the router is still active in this mode, so incoming connection attempts (like webserver or vnc requests) GET BLOCKED!! aaahhhhhh!!

Apparantly the only way to turn the spi firewall off is to set the thing to bridge mode (rather than bridging networks in pppoa)

This is where i get get stuck

[burble]

Ahh, I see what you mean. Short of shouting at BT and getting them to make their router act as just a router I can't think what else to suggest as I've never used a Netscreen firewall - I'm a Cisco fanboy.