Hello all,
I have a quick question. I recently got some static IPs for my modem and would like to have a static IP (eventually I'll probably have a domain name resolve to it) but for now I would like to get it set up so that the ip address resolves to subsonic; or as close to that as we can get. Here is how things are set up.
WAN->modem->switch->Subsonic Server
It is a comcast modem and we're using a dlink DIR-655 router.
I think I need to do a 1-to-1 NAT something or another to have one of our 5 IPs resolve directly to the subsonic machine?
Any advice would be super appreciated!!!
Static WAN IP
Moderator: moderators
5 posts
• Page 1 of 1
Static WAN IP
by abraxassc » Mon Apr 22, 2013 8:02 pm
- abraxassc
- Posts: 14
- Joined: Thu Jan 03, 2013 6:45 am
Re: Static WAN IP
by aweber1nj » Tue Apr 23, 2013 11:27 pm
So you're placing your Subsonic Server open to the internet, without a firewall between it?
Hopefully you understand the risks of putting ANY computer directly on the net without a firewall, and you've thoroughly implemented and tested a software firewall on the Subsonic Server.
If all that is true, in the diagram you drew, you can assign your Subsonic Server one of the static IP Addresses you purchased and connect to it directly from anywhere by ip address (or use a DDNS or use the subsonic premium feature to register your server as its own name in the subsonic.org domain).
That should work unless Comcast tells you a different way to use the static IPs behind their modem, and if you're truly referring to a network switch in that diagram (you didn't mention one), not the DLink gateway/router, which is an entirely different story.
-AJ
Hopefully you understand the risks of putting ANY computer directly on the net without a firewall, and you've thoroughly implemented and tested a software firewall on the Subsonic Server.
If all that is true, in the diagram you drew, you can assign your Subsonic Server one of the static IP Addresses you purchased and connect to it directly from anywhere by ip address (or use a DDNS or use the subsonic premium feature to register your server as its own name in the subsonic.org domain).
That should work unless Comcast tells you a different way to use the static IPs behind their modem, and if you're truly referring to a network switch in that diagram (you didn't mention one), not the DLink gateway/router, which is an entirely different story.
-AJ
- aweber1nj
- Posts: 6
- Joined: Tue Apr 23, 2013 6:40 pm
Re: Static WAN IP
by abraxassc » Thu Apr 25, 2013 3:42 am
Thank you for that post! To clarify a few things - I do have a firewall appliance which I will be putting between subsonic and the switch.
Here is a better description:
WAN Network -> Comcast Business Modem (5 statics loaded to it) -> 1 of the lan ports goes to a dlink router (DIR-655) -> One of the ports from this connects to the firewall appliance (Untangle loaded on to an old 1u rackmount server, I initially omitted this as I had thought setting up the static without it would be easier and I could then figure out how to add the firewall after) -> this connects to an unmanaged Netgear 8 port poe switch -> 1 of the lan ports from this connects to the linux server (running apache and tomcat and the Subsonic WAR)
I hope this provides a better description of the network. Further, if it helps, the comcast modem translates the WAN to 10.1.x.x and then I set up the dlink as the gateway for the 192.168.1.x network. I guess I'm not sure where I would assign a static IP to the linux box - I imagine just assigning the WAN IP to the NIC would not actually work as I figured there would have to be a rule for passing traffic from the modem to the dlink router first and then from the dlink router to the apache server next?
Again, sorry for any lack of clarity, I'm more of a hardware hacking and OS/software troubleshooting kinda guy
Here is a better description:
WAN Network -> Comcast Business Modem (5 statics loaded to it) -> 1 of the lan ports goes to a dlink router (DIR-655) -> One of the ports from this connects to the firewall appliance (Untangle loaded on to an old 1u rackmount server, I initially omitted this as I had thought setting up the static without it would be easier and I could then figure out how to add the firewall after) -> this connects to an unmanaged Netgear 8 port poe switch -> 1 of the lan ports from this connects to the linux server (running apache and tomcat and the Subsonic WAR)
I hope this provides a better description of the network. Further, if it helps, the comcast modem translates the WAN to 10.1.x.x and then I set up the dlink as the gateway for the 192.168.1.x network. I guess I'm not sure where I would assign a static IP to the linux box - I imagine just assigning the WAN IP to the NIC would not actually work as I figured there would have to be a rule for passing traffic from the modem to the dlink router first and then from the dlink router to the apache server next?
Again, sorry for any lack of clarity, I'm more of a hardware hacking and OS/software troubleshooting kinda guy
- abraxassc
- Posts: 14
- Joined: Thu Jan 03, 2013 6:45 am
Re: Static WAN IP
by aweber1nj » Thu Apr 25, 2013 1:07 pm
If everything is inside your firewall (untangle is a good choice), you don't need all those static IPs. You can use one, and that would be very handy -- saves you from having to do DDNS (which isn't terribly hard, but it's just another thing to keep track of).
You assign one static IP from comcast to the "RED" NIC of the firewall. This is the only one you need/use (you might have other stuff going on to use the others, but not in this case for sure).
First thing to do: You should setup your subsonic PC/Server to have a relatively static address. If you're using DHCP, set the dhcp-server to "reserve" the IP that the subsonic PC has now, so it'll always give it out to only that PC...it's kind of like making the subsonic box have a static address, but you don't have to go through the motions on the side of the PC. I don't know what you're using for dhcp on your LAN...if it's in untangle, chances are it's dnsmasq, which is pretty easy to configure to do that, and untangle might have a page to just do it for you. Then you can rest assured that everytime you reboot your subsonic box, it'll receive the same IP Address from the dhcp server.
In the untangle box, you need to configure "Port Forwarding". I'll keep it simple and assume you're using port 4443 as your HTTPS port for subsonic (you can use virtually any, but that's referenced in the FAQ, so just following along with that). Forward (TCP) port 4443 from the "RED" interface to port 4443, IP Address of the Subsonic box (choose NAT if it asks).
Now, from the internet, just use the comcast, static address (which is really the untangle firewall) as if it were your subsonic host. Any traffic sent to that address, port 4443 will be forwarded to your subsonic host, where it can respond back. (Choose https://<comcastip>:4443 if your subsonic client is asking for the server address.)
That's a lot to think about. Ping back if you get stuck. This should work and keep your subsonic box safe. AND, if I'm right, you can probably return some of those extra static IPs to comcast for a reduction in your monthly bill.
You assign one static IP from comcast to the "RED" NIC of the firewall. This is the only one you need/use (you might have other stuff going on to use the others, but not in this case for sure).
First thing to do: You should setup your subsonic PC/Server to have a relatively static address. If you're using DHCP, set the dhcp-server to "reserve" the IP that the subsonic PC has now, so it'll always give it out to only that PC...it's kind of like making the subsonic box have a static address, but you don't have to go through the motions on the side of the PC. I don't know what you're using for dhcp on your LAN...if it's in untangle, chances are it's dnsmasq, which is pretty easy to configure to do that, and untangle might have a page to just do it for you. Then you can rest assured that everytime you reboot your subsonic box, it'll receive the same IP Address from the dhcp server.
In the untangle box, you need to configure "Port Forwarding". I'll keep it simple and assume you're using port 4443 as your HTTPS port for subsonic (you can use virtually any, but that's referenced in the FAQ, so just following along with that). Forward (TCP) port 4443 from the "RED" interface to port 4443, IP Address of the Subsonic box (choose NAT if it asks).
Now, from the internet, just use the comcast, static address (which is really the untangle firewall) as if it were your subsonic host. Any traffic sent to that address, port 4443 will be forwarded to your subsonic host, where it can respond back. (Choose https://<comcastip>:4443 if your subsonic client is asking for the server address.)
That's a lot to think about. Ping back if you get stuck. This should work and keep your subsonic box safe. AND, if I'm right, you can probably return some of those extra static IPs to comcast for a reduction in your monthly bill.
- aweber1nj
- Posts: 6
- Joined: Tue Apr 23, 2013 6:40 pm
Re: Static WAN IP
by abraxassc » Tue Apr 30, 2013 4:41 am
Thanks! That did what I needed; I thought there would be more than just setting NAT for the device from the router. Tossed in the firewall, set nat rules there, all is good to go
- abraxassc
- Posts: 14
- Joined: Thu Jan 03, 2013 6:45 am
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 31 guests