# Do I really need 5 static ip addresses?



## aclumpkin (Jun 7, 2012)

I work in a small business (8 people in office). The boss has finally allowed me to upgrade our much outdated network and add a NAS to the network. We are currently sharing files by email and flash drives... ugggh.

So here is the new setup... a new front end Zyxel USG100 VPN/Firewall/Router goes into new Cisco unmanaged gigabit switch. On switch will be the QNAP NAS, a few WAPs, and obviously the work computers.

So I called Time Warner Cable (business class today) about getting a static IP address. I know you don't have to have one but I would like to have one for the VPN. Anyway, TWC says we can either add 1 static ip for $20/month or 5 static ip's for $30/month. My immediate question to them was: why would I need 5 static ip addresses?

So that is my question, is there some reason I need or should get 5 static ip addresses? To make the question easier, disregard the cost... I am really not worried about spending an extra $10 a month if we can utilize some or all of the extra static ip's.

My understanding is that if we only went with one, the static ip will hit the router and then I can assign an internal static ip to the NAS and give it a specific router port to access it that way. I also have talked to Zyxel and they have client VPN programs that the remote users can load on their computers to easily login to the VPN. So again, is there any need 5 static ip's? The TWC rep said that I could have one static ip for the router / network and static ip for the NAS. I could easily be wrong but I just don't see it.

Any help / thoughts / recommendations would be greatly appreciated. Thanks!


----------



## azedgetech (Apr 27, 2012)

Hi there. Thanks for your question/post.

I would say that of the question is whether you "need" a block of IP's in your present scenario, no you don't. You could get by even with a dynamic address & a dyndns configuration.

However, how could you potentially USE the block of IP's, & be thankful one day that you made that choice? As the company grows their IT needs will grow. Right now, it is just a NAS & a VPN. What about six months or a year from now? Two years? You can certainly do some port forwarding in the router (Zywalls can be challenging...), or, if you add another server, say, for email or an externally available portal etc., point your public name to your new address, & all traffic for that/those ports, you'll point to the internal address of the new server. While normally it wouldn't matter much if that new server had it's own external IP, it does become important if you have an internal resource that a vendor wants steady access to, such as a security company, HVAC system, or some other third party.

Another way that having the block of IP's available is beneficial is if you happen at some point to sublease some portion of your space. Part of the lease can include the internet access, & they would just need to bring in their own router. Put a switch between the routers & the internet source, give them one of your spare IP's, & suddenly they have internet access along with a private LAN configuration, without the initial setup cost of an ISP.

Just a couple of thoughts, but hope that helps your decision-making!


----------



## Wand3r3r (Sep 17, 2010)

"The TWC rep said that I could have one static ip for the router / network and static ip for the NAS."

The tech was wrong. To assign a public ip to the NAS would require either putting in the dmz or off a switch before the firewall router. Both would expose the NAS to internet hacking.

I would suggest you don't need a static ip at all and save yourself the $20 a month.
With a dynamic ip and dyndns you would use a domain name to connect to the vpn. Dyndns would update the ip address of the domain name when the dynamic ip changes.

Pretty simple really, [requires a pc being on at work with the dyndns update client installed to update the domain url].


----------



## azedgetech (Apr 27, 2012)

To assign a public ip to the NAS woand3uld require either putting in the dmz or off a switch before the firewall router. Both would expose the NAS to internet hacking.
[/QUOTE]

Good catch, Wand3r3r, not sure why the tech would recommend putting the NAS on a public IP.

I agree with Wand3r3r on the dyndns solution to your VPN concern, as I had said as well, & the potential needs I had mentioned are just that - potential. You can always upgrade to a static block down the road if some of those potentialities become realities.


----------



## aclumpkin (Jun 7, 2012)

Thanks SO much for the input! 



Wand3r3r said:


> The tech was wrong.


I could not agree more... it seemed fishy to me.



Wand3r3r said:


> To assign a public ip to the NAS would require either putting in the dmz or off a switch before the firewall router. Both would expose the NAS to internet hacking.


Yep, exactly, this was what I am worried about and obviously not how it should be setup.



Wand3r3r said:


> I would suggest you don't need a static ip at all and save yourself the $20 a month. With a dynamic ip and dyndns you would use a domain name to connect to the vpn. Dyndns would update the ip address of the domain name when the dynamic ip changes.
> 
> Pretty simple really, [requires a pc being on at work with the dyndns update client installed to update the domain url].


I do agree that that would be simple but the issue I have is that that may prove to be difficult in our office (leaving a pc on). All but one of us have laptops (docking stations at work) that take them with them when they leave work and the one that has a desktop is quite a stickler about shutting down every day before they leave work. So that is why I am thinking it might be nice just to have one... so I don't have to worry about making sure someone leaves their computer on.



azedgetech said:


> You can always upgrade to a static block down the road if some of those potentialities become realities.


Great advice and something I will keep in mind.

Thanks again!


----------



## aclumpkin (Jun 7, 2012)

Oh, and one last question please. If I do go the static ip address way (you bring up good points and I will be looking into dyndns and talking with the one desktop person), how do I register for free a domain name to that ip address?

For example, if I get a static ip address of 111.111.1.111 and I want someone to be able to put www.ourcompanynas.com in their web browser to get to our network and NAS, is there somewhere where I can set that up for free?

Thanks!


----------



## Wand3r3r (Sep 17, 2010)

dyndns again or godaddy
Managed DNS | Outsourced DNS | Anycast DNS

with static you would not need the client running on the pc since your ip would never change.


----------



## Xeneth (Mar 11, 2009)

Short answer, no. You really don't need one with dynamic dns methods (already was given examples). The usefulness of a static IP is a small amount of security. Basicly, if you know what you IP is, you know if you connect to something other then that. This is minimal though.


----------

