Hey there FQ'ers

I've got a question for ya, maybe you've got an answer?

Setup:

We have 14 IP adresses that our DSL provides to us. I believe they simply pass through the Cayman Router to the computers, and each one has a static IP adress. So they are visible to the world. (passworded, of course)

btw: this is not my idea

We have a second router (Linksys 1 port), which I am pretty familiar with. We'd like to take 1 of those 14 IP adresses and serve and Internal set of IP's to a few extra computers. In the range of 192.168.1.xx (on an internal network)

Is there any inherent problem having two different sets of IP's available on 1 network? Is there any issue with serving IP adresses via DHCP from the single IP adress (I know that normally there is not, but am asking about this particluar case)

Thanks in advance for your help. I know enough to generally get a network of macs up and running using the Linksys, but this is getting a bit more complicated.

Evie

You might have trouble running the Linksys behind the Cayman. I am guessing the DSL line connects directly to the Cayman (you don't have a DSL modem). The problem with 2 subnets is the computers are going to have problems communicating with each other.

It sounds pretty messy anyway. You would be better off ditching the Cayman and getting a DSL modem so you could use the Linksys normally. If someone really needed a static ip you could still do it.

Thanks for pitching in!

Well, the thing is, for some reason that is still unclear to me, we need to have the 12 or 13 static IP's accessible to the world. There is some application that this client uses that they swear they must have static IP's not on an internal network.

(one reason is that they use Timbuktu remotely, but the other reason is an application called Helix (some secure webform blah blah reservation system)

I believe the Cayman to be the better, more expensive, more robust router. No? The Cayman I am sure can do all the things that the Linksys, just not as user-friendly as the Linksys.

I do have an extra DSL modem (Acatel 1000) not the best...

Do you know how to use Timbuktu remotely over a VPN?

-a waterfall of questions.
%)

You can have a hub (or more) daisy chained off a DSL router but AFAIK daisy chaining a DSL router off another could be tricky.

It sounds to me (but I could well have misunderstood) that you want NAT (Network Adress Translation) between the internal network's bunch of IPs and the one 'real' external IP assigned to that sub-network.

How you achieve this daisy chained from a main router, I'm not sure. But it must be possible - there must be a Linux doohdad to achieve this. My other suggestions won't work for you as you want the other computers to keep their live external IP addresses intact (I was thinking of NAT for the whole network).

Not sure if that mumbo-jumbo helped! %)

regards,
Jason

Evie,

The first thing you have to make sure of is that you have only one DHCP server for a network. I've had to deal with so many problems with one of those hardware routers on a network that already had a DHCP server running (somebody decided to plug the wrong port into the network).

In addtion to that, I believe you would have to mess with the IP routing tables on both the Cayman and DSL router to get all machines to talk to each other (if you want that - read as messy and don't touch unless you know what you are doing - especially if this is a high paying customer and somebody else is maintaining their network). I believe that's what Jason was talking about.

Hope this helps,
Manish

There have already been posts with good info, but I thought I would throw in my two cents.
I agree that you should go with one router as subnetting would be somewhat more complex. I personally use a router with a switch to increase the number of ports available. I use both the DHCP and static functions of the router for one of the same reasons as your client. I use remote administration on my server and have that set to static so that I can forward only the appropriate port to that IP address. This helps sith security since only that one IP is exposed to the world and only on that one port. Yes, a port scan will still probably find the port open, but limiting the machines that have that exposure allows a single point of contact. This is especially true in the case of your client since the port for Timbuktu is most likely a commonly scanned port.
Hope this helps.

I don't know anything about Cayman routers but you would think you should be able to use one of those IP addresses for NAT. Even if you hooked up both routers to a hub you are still going to have to deal with figuring out how to remove one of the ip addresses for use in the Linksys. What model Cayman is it so I can try to download the manual.

If you want to use both routers you are going to hook them up like:

DSL Line->DSL Modem->HUB/Switch->ROUTER1 & ROUTER2

I do this here and it works fine but the 2 subnets behind the routers don't need to talk to each other.

Evoir,
I have a 4 port Linksys at home. I don't see any reason why you can't connect the linksys to one of the available ports from the Cayman router. The problem is that your computers on the Cayman router will see your entire network of computers on the Linksys router as a single IP address. Depending on your specific application, there may be ways to address this... but you'll have to assign static IPs on the Linksys, not dynamic. You will need to set up port mapping on the Linksys once you have static IPs assigned. Whether this will work for your client will depend on whether Timbuktu can be set up to access non-standard ports. If it can be, I think that you can get things working:

Let's say you have your Linksys running off the Cayman router with an IP address of 10.1.1.175 and 10 computers set up on the Linksys network with IPs in the range of 192.168.1.1 - 192.168.1.10. You can map port 80 on the Linksys to the internal IP 192.168.1.1 (for example). So, all port 80 requests to the IP address of 10.1.1.175 pass through to the computer located at internal IP 192.168.1.1.

So, if you're trying to run 10 different web servers off the Linksys, you can probably forget about it (unless you can get people to use non-standard ports). However, if you're trying to do remote administration and can specify which ports are to be used, this method would work fine. On your Linksys, you would open up 10 ports that map to 10 internal IPs. Now, requests sent to 10.1.1.175:100 would map to 192.168.1.1:100 and requests sent to 10.1.1.175:101 would map to 192.168.1.2:101.

Does this make sense? -Matt

You guys are great. I'm gonna check out some of your suggestions (and read some of the manual). Both legs of the network need to talk with one another. Thanks. I'll report back.

Matt's suggestion is a good one. Since you would be using NAT with a static ip on the Linksys behind the Cayman it should work. You are going to have to set some static routes in the Cayman so it knows about the subnet behind the Linksys though since you want the 2 subnets to talk to each other.