I think I may be taking on the impossible but here goes. I have a network that is running on public IP Addressing. The original network was setup using NAT but now there is a software application running DCOM that does not support NAT. They need it assigned to a public, static IP Address. The connection is an XDSL with a Cisco 678 modem.
I've read the CBOS manual and there is such thing as filters that I can put on the Modem. From my understanding they are much like the ACL lists for a Cisco router (which I know about). I attempted to setup the filters today but ran into problems. I was hoping someone can explain their features a little more here.
I was told that the filters don't pass through over the modem. But the CBOS tells me all packets passing through the modem so I'm a little confused.
I’m running 5 total public IP Addresses on the ETH0 side of the modem and the modem is setup to route to those addresses. I’m running a SOHO router in between the ETH0 and the LAN to keep my NAT Addressing and the WAN side of the router is setup with one of the public addresses. I need to install a second system that will contain some sensitive data and I don’t really want it on the Internet so I wanted to lock down only the DCOM ports to this system. I though I had the filters down by setting it up to match one of the public IP Addresses…
Set filter 0 on allow incoming eth0 0.0.0.0 0.0.0.0 198.103.12.## 255.255.255.255 Protocol TCP srcport 135-140 destport 135-140
Set filter 1 on allow incoming eth0 192.103.12.## 255.255.255.255 0.0.0.0 0.0.0.0 protocol tcp srcport 135-140 destport 135-140
The above is just a sample, I know it will not pass any other port ranges without adding them in
The problem is once I setup those filters that stops all traffic going across the modem and no traffic passes over 135-140 port range.
Please tell me if I’m going the wrong way with this or I’m attempting to so something the modem was not designed to do. I thought I understood the filter rules but now I’m wondering if they will only work between the Wan0-0 and Eth0 ports and not any address not assigned to an internal interface on the modem.
My problem is with the software, if the software supported NAT then I wouldn’t have a problem but I don’t want to place this system out on the internet without some protection. Any help would be appreciated on this matter…
david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*
I've read the CBOS manual and there is such thing as filters that I can put on the Modem. From my understanding they are much like the ACL lists for a Cisco router (which I know about). I attempted to setup the filters today but ran into problems. I was hoping someone can explain their features a little more here.
I was told that the filters don't pass through over the modem. But the CBOS tells me all packets passing through the modem so I'm a little confused.
I’m running 5 total public IP Addresses on the ETH0 side of the modem and the modem is setup to route to those addresses. I’m running a SOHO router in between the ETH0 and the LAN to keep my NAT Addressing and the WAN side of the router is setup with one of the public addresses. I need to install a second system that will contain some sensitive data and I don’t really want it on the Internet so I wanted to lock down only the DCOM ports to this system. I though I had the filters down by setting it up to match one of the public IP Addresses…
Set filter 0 on allow incoming eth0 0.0.0.0 0.0.0.0 198.103.12.## 255.255.255.255 Protocol TCP srcport 135-140 destport 135-140
Set filter 1 on allow incoming eth0 192.103.12.## 255.255.255.255 0.0.0.0 0.0.0.0 protocol tcp srcport 135-140 destport 135-140
The above is just a sample, I know it will not pass any other port ranges without adding them in
The problem is once I setup those filters that stops all traffic going across the modem and no traffic passes over 135-140 port range.
Please tell me if I’m going the wrong way with this or I’m attempting to so something the modem was not designed to do. I thought I understood the filter rules but now I’m wondering if they will only work between the Wan0-0 and Eth0 ports and not any address not assigned to an internal interface on the modem.
My problem is with the software, if the software supported NAT then I wouldn’t have a problem but I don’t want to place this system out on the internet without some protection. Any help would be appreciated on this matter…
david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*
