Static IP with port forwarding

[Snapkop]

Hi All,

I am turning to MYBB to solve my problem (if possible). Google is failing me.

My aim: I am trying to setup a PC in order to do teleradiology from home with my limited network knowledge. My current setup. I was told I need a static IP address form my ISP. I can't use DDNS or something similar. Think it is a limitation of the software used. So my requirement is to get 1 pc (a mac) to connect to the internet with a static IP. I also need to forward some ports to the mac. I then have multiple other devices that needs to connect to the internet without the need for a static ip.

Current setup: When applying for a static IP the ISP provide you with a pre-configured router. I signed up with Cybersmart and was a sent a Billion router. I connected this router to my phone line. I have the Mac connected to the billion with a static IP assigned. I then have my previous Cisco router connect to the Billion with the other available static IP. The rest of my network then connects to the Cisco and gets assigned internal dynamic IP's.


1. DSL line
2. Billion
3.1 Mac (connected to Billion)
3.2 Cisco router (Connected to Billion)
4. All other devices - smart phones, laptops etc (Connected to Cisco)

The problem: The radiology software techs informed me that they need to forward some ports to the mac in order for the software to work. Cybersmart said they can't do it on their side (I believe some other ISP's do) and forwarding the ports on the router also seems to be a problem. With the pre-configured router the NAT has been disabled and according to the manual if you disable the NAT port forwarding becomes invalid.

Is there any other configuration that will ensure the MAC gets assigned a static IP and I can do port forwarding to the Mac via one of the routers. This seems like a complex problem because after a week and a half struggling between the ISP and the radiology service provider I am still no closer to a solution.

Last question - Where can I start looking for a networking expert to help as I assume this knowledge wont reside in the retail outlets (incredible connection, etc). I am based in Pietermaritzburg.

Thanks

 

[noswal]

does www.portforward.com not help with your router set up?

 

[bin3]

Hmm: Not sure ... Put the mac on the Cisco and forward everything you need using the Cisco (assuming it's natting) ?

 

[InvisibleJim]

OK, I think I see how your setup is working. Your Cisco router is connected to the billion and you have allocated it one of the external static IP's provided by your ISP and is performing NAT between your LAN and the internet.

What you need to do is connect the Mac on your LAN (ie via the Cisco, not the Billion) and assign it a static address on your LAN. Then enable port forwarding on the Cisco router for the port(s) you need to the LAN address of the Mac. The Static IP to point the radiology software at is the external static IP of your Cisco router.

Leaving the Mac connected to the Billion with a static IP would work without port forwarding (open the necessary ports on the Mac's firewall) but having it on the LAN behind a router/firewall/proxy will be much more secure so that is what you should do.

 

[Snapkop]

Hi InvisibleJim,

You have my setup spot on.

Leaving the mac on the billion, I can try opening the ports on the mac firewall and see if that works. The techies from the radiology software insist we have to forward ports either the ISP must do it on their network or I will have to do it on the router.

If I wanted to put the mac behind the cisco. How would that work. I will have a static ip lets say x.x.x.x assigned to the cisco, then the mac will have its own IP internal IP assigned by the cisco lets say y.y.y.4 and I assume the rest of my internal network will get y.y.y.5-whatever. I do the port forwarding on the cisco to the internal IP of the mac. Then in the radiology software do they use that static IP assigned to the router? Therefore the mac will still in theory have the same static IP address as the Cisco router, and the software that needs to send images to this machine will be able to reach it on this same static IP?

 

[CodeMaster]

Why not just leave the Cisco router out of the equation. Connect all devices to the Billion. Set the Mac to static IP, and set all your mobile devices to DHCP.

 

[InvisibleJim]

Hi InvisibleJim,

You have my setup spot on.

Leaving the mac on the billion, I can try opening the ports on the mac firewall and see if that works. The techies from the radiology software insist we have to forward ports either the ISP must do it on their network or I will have to do it on the router.

If I wanted to put the mac behind the cisco. How would that work. I will have a static ip lets say x.x.x.x assigned to the cisco, then the mac will have its own IP internal IP assigned by the cisco lets say y.y.y.4 and I assume the rest of my internal network will get y.y.y.5-whatever. I do the port forwarding on the cisco to the internal IP of the mac. Then in the radiology software do they use that static IP assigned to the router? Therefore the mac will still in theory have the same static IP address as the Cisco router, and the software that needs to send images to this machine will be able to reach it on this same static IP?

The WAN (external) connection on the Cisco (ie the one connecting to the Billion) will be configures with one of the static IP's provided by your ISP. The also has an IP on the LAN which is the default gateway IP for your LAN. Your Cisco router is also allocationg dynamic IP's to the devices on your LAN via DHCP.

The Mac needs to connect to the LAN and should have a unique static address set within the same subnet as the LAN (ideally you want to configure the DHCP on your Cisco not to allocate this address dynamically.)

You then need to configure port forwarding on the Cisco so that any packets arriving at it's external IP on the ports you want are forwarded to the static IP on the LAN that you have set for the MAC.

 

[InvisibleJim]

Why not just leave the Cisco router out of the equation. Connect all devices to the Billion. Set the Mac to static IP, and set all your mobile devices to DHCP.

The billion isn't set up for NAT. Effectively the Billion is managed by the ISP so the OP shouldn't mess with it. Connecting his own router or proxy to provide NAT and LAN services is the correct arrangement.

 

[Snapkop]

Codemaster, InvisibleJim is correct because the router is pre-configured it does not allow me to do this.

InvisibleJim, I have done exactly what you said. I have assigned one of the static IP's to the Cisco router to ensure it always gets the same IP via DHCP on the Billion. Then on the Cisco I assigned one of the IP's within the subnet of the LAN to the MAC. I also done the port forwarding on the Cisco to the Mac to its internal IP.

The Mac is brand new so I saw that the firewall on this is turned off, should I turn it on and I assume I will have to open the same ports on there if needed. I can't see a way to open ports it just allows you to specify a specific application that needs access through the firewall. Is it as simple as that?

If the Mac is behind the Cisco (with port forward done) which is behind the Billion does that not mean we have to forward any ports on the Billion it will it allow all traffic through?

Unfortunately I do not know if the Osirix (radiology) software is setup to listen to incoming images so there is no way of testing this. I can only do this Monday morning. Thanks for your help.

 

[InvisibleJim]

So long as your Cisco external IP stays the same you should be good from that point of view. The Billion will forward everything to the Cisco and then the Cisco will forward any of your configured ports to the Mac.

You will need to open the ports on the Mac firewall but I don't use Macs so I can't tell you how. If it has an option to allow the Osirix application or one of it's components then that should include the correct port, otherwise you will have to configure some sort of custom rule. It is OK to temporarily disable the firewall on the Mac while troubleshooting connection problems.

You can try testing the set up from using telnet from if you have access to a PC with a separate internet connection (ie external to your LAN.) The software on the Mac will need to be listening for and accepting connections on the target ports for this to work.

 

[b@nD]

Suggestion ?

The billion isn't set up for NAT.
Effectively the Billion is managed by the ISP so the OP shouldn't mess with it.
Connecting his own router or proxy to provide NAT and LAN services is the correct arrangement.

In essence then the Billion is just acting as a dumb ( ADSL ) modem ?
How many public IP addresses has the ISP supplied ?
Why use the Billion at all ? ( Assuming the OP has a decent Cisco router -- what does he have anyway ? )
Why specifically a MAC ? ( is the special software coded for the Mac OS ? )

So much networking equipment for just ONE computer ?

I would think that on a decent Cisco you should be able to configure multiple dialers -- one with a public IP for the special application
and
One for a dynamically assigned ISP IP for other devices

Using specific NAT statements including port forwarding and PAT ( overload )

Why did the OP not go with Telkom business -- they have capable techs in PMBG ( and supply Cisco routers )

 

[InvisibleJim]

In essence then the Billion is just acting as a dumb ( ADSL ) modem ?
How many public IP addresses has the ISP supplied ?
Why use the Billion at all ? ( Assuming the OP has a decent Cisco router -- what does he have anyway ? )
Why specifically a MAC ? ( is the special software coded for the Mac OS ? )

So much networking equipment for just ONE computer ?

I would think that on a decent Cisco you should be able to configure multiple dialers -- one with a public IP for the special application
and
One for a dynamically assigned ISP IP for other devices

Using specific NAT statements including port forwarding and PAT ( overload )

Why did the OP not go with Telkom business -- they have capable techs in PMBG ( and supply Cisco routers )

The package that the OP has bought sounds like a typical business ADSL offering. Unlike a typical home offering the junction of maintenance between you and the ISP is the ethernet cable from your network into their router/modem and they control the config on that router. I imagine they do it this way because businesses typically connect their LAN via one or more proxies or UTM gateway devices that they control. Most of the business static IP packages that I am aware of allocate 5 external static IP's for your use. I have never give much thouth to how the ISP's router is actually configured in these setups but I would guess that it is doing some basic routing at the layer 3 level whereas a pure modem is a layer 2 device.

What the OP happens to have is a Cisco router and this seems OK in place of another gateway device for the LAN. I'm sure it could be configured as you suggest but leaving the Billion in place is simpler from the user's point of view.

The OP also mentions a number of other devices on the LAN side so it is not all just for one computer.

 

[b@nD]

"Die OU Wet"

I'm sure it could be configured as you suggest but leaving the Billion in place is simpler from the user's point of view.

He is surely paying for it as well ?
Hope he reports back when it is all working

 

[eCliPSe]

The billion isn't set up for NAT. Effectively the Billion is managed by the ISP

0o that is just stupid. Kick the ISP square in the nuts... Nat is not that complicated on a billion.....

This whole thing sounds back to front. Normally the ISP supplies the Cisco router not a cheap as$ billion xD

 

[InvisibleJim]

0o that is just stupid. Kick the ISP square in the nuts... Nat is not that complicated on a billion.....

This whole thing sounds back to front. Normally the ISP supplies the Cisco router not a cheap as$ billion xD

It's not stupid if you want to connect your own gateway/proxy (doing NAT amongst other things) to the router and just want the internet connection. Also AFAIK a few ISP's have offered deals with Billion routers instead of Cisco for quite some time with business ADSL.

I think you can have them configure NAT on the router either as an extra charge or part of the initial setup.