# 2 Internet gateways on 1 LAN



## etzeppy (May 13, 2005)

I have a simple peer-to-peer network. It has a Netgear router that serves as a DHCP server and internet gateway. The internet connection is DSL with a static IP.

I run a small email server which is why I have the static IP. I am looking at a different ISP that will provide multiple static IPs. It would be nice to provide a dedicated IP for the mail server and use a different IP as the internet gateway for standard internet usage on the LAN.

I am trying to figure out how I would pull this off technically. The mail server machine would need to be on the LAN but use a dedicated static IP on the internet. The other LAN users would user would share a different IP or even dynamic IP for their internet gateway. Both IP's on the internet side will be on the same internet "pipe".

If someone could point me in the right direction, I would appreciate it.


----------



## lorjack (Nov 15, 2007)

DD-WRT can do this and you won't have to buy any more equipment. And they even have an excellent guide on how to set it up. 

Multiple public IPs with one router using DD-WRT


----------



## etzeppy (May 13, 2005)

lorjack said:


> DD-WRT can do this and you won't have to buy any more equipment. And they even have an excellent guide on how to set it up.
> 
> Multiple public IPs with one router using DD-WRT


Thank you for the tip. This looks interesting.


----------



## etzeppy (May 13, 2005)

lorjack said:


> DD-WRT can do this and you won't have to buy any more equipment. And they even have an excellent guide on how to set it up.
> 
> Multiple public IPs with one router using DD-WRT


It looks like my router is not supported with DD-WRT. What is the traditional way to accomplish this? Even if I have two routers, how do share one modem and put all machines on the same LAN?


----------



## Wand3r3r (Sep 17, 2010)

Your post is a bit unclear if you are going to be running two isp services or just a single one with multiple static ips.

You can easily do what you want with one isp and multiple static ips.

Please clarify your plans for further recommendations


----------



## etzeppy (May 13, 2005)

Wand3r3r said:


> Your post is a bit unclear if you are going to be running two isp services or just a single one with multiple static ips.
> 
> You can easily do what you want with one isp and multiple static ips.
> 
> Please clarify your plans for further recommendations


One ISP, one cable modem, and one LAN. I am just trying to get the email server application on a dedicated IP. However the PC that hosts the email application still needs to be accessible on the LAN.

The reason for doing this is that all internet activity in the office is currently on the same static IP as the email server. If someone gets an email virus or some other malware, the IP can end up on an email server blacklist. It has happened twice.


----------



## Wand3r3r (Sep 17, 2010)

given your situation consider the following;

put a switch between modem and router.
assign ip to router wan
connect the mail server to the switch and assign ip

some routers allow you to use a public ip when the server is in the DMZ zone.

you should be able to access the mail server via its public ip address from your lan.

###############################################

"If someone gets an email virus or some other malware, the IP can end up on an email server blacklist."

This is usually not the case. If every wan ip was blacklisted when someone sent an infected email because they were virus infected, no one would be send/receiving email in the world.

A ip address gets blacklisted due to broadcasting spam.

You need to make sure your server has not been hacked and that no device on your network is part of a botnet.

Botnet - Wikipedia, the free encyclopedia

you really should have a firewall router between the email server and the internet.


----------



## etzeppy (May 13, 2005)

Wand3r3r said:


> This is usually not the case. If every wan ip was blacklisted when someone sent an infected email because they were virus infected, no one would be send/receiving email in the world.
> 
> A ip address gets blacklisted due to broadcasting spam.
> 
> ...


A desktop was infected by a rootkit that turned it into a spam server. It spewed spam overnight before it was caught. Have since blocked more ports. The experience made me think it not wise to share an IP for both a server and internet gateway. It could be paranoia, I realize.


----------



## Wand3r3r (Sep 17, 2010)

the real issue is how the unit got infected. prevent the infection you prevent the blacklist.

consider a sonicwall router/firewall with subscriptions for a much better level of protection.

hopefully you wiped and reinstalled the compromized system. any less than that means your network is still at risk. hackers leave back doors back into the system. If it were me I would be paranoid about ALL the devices on the network at this point.


----------



## etzeppy (May 13, 2005)

Wand3r3r said:


> the real issue is how the unit got infected. prevent the infection you prevent the blacklist.
> 
> consider a sonicwall router/firewall with subscriptions for a much better level of protection.
> 
> hopefully you wiped and reinstalled the compromized system. any less than that means your network is still at risk. hackers leave back doors back into the system. If it were me I would be paranoid about ALL the devices on the network at this point.


The "event" was almost a year ago and no new issues have occurred (after some beefed up security). However, I am now looking at a new ISP and thought it would be a good idea to isolate the public IP of the email server, which is why I posted the initial questions. It might be unnecessary but if it is easy enough to do, I will consider it.


----------

