I have a new installation of BT Infinity for Business with 5 static IP addresses. I have been unable to configure my DrayTek Vigor 2830 with the static IPs so I’m hoping that someone who has managed to get this setup to work could point me in the right direction.
BTW, IP addresses shown below are not real, but are they are consistent to explain what I’m trying to do.
Here’s what I’ve got:
BT Infinity for Business with a block of 8 static IPs, 5 of which I am free to use. The addresses are (not the real ones):
253.81.17.88 (network address)
253.81.17.89 to 253.81.17.93 (available IP addresses)
253.81.17.94 (router)
255.255.255.248 (subnet mask)
DrayTek Vigor 2830 router, with latest firmware 3.3.7.1 (14 May 2012).
I would prefer to use the router’s NAT feature rather than assigning public IPs to my devices outright, so I’ve tried the following which others apparently have managed to get to work. Before I started I reset the router to its default values.
WAN > General Setup
WAN2 is enabled with its default values (Ethernet / Auto negotiation), WAN 1 and WAN 3 are disabled.
WAN > Internet Access
Configured as PPPoE with username xxxx@hg70.btclick.com and password from the welcome letter.
Because BT assigns a dynamic peer address and does some internal DNS magic to link in the static IP block, in the IP Address Assignment Method section I’ve set Fixed IP to No (Dynamic IP).
In the WAN IP Alias screen I’ve then entered the 5 static IPs (see above) at indices 2 to 6 – all set to Enabled, but the “Join NAT IT Pool” box left unchecked. My dynamic IP is shown at index 1.
LAN > General Setup
LAN 1 is enabled, the rest are not. Onto the Details page. NAT IP Address (i.e. this Router) is 192.168.1.1, subnet mask 255.255.255.0. DHCP is enabled with Start IP Address as 192.168.1.21 and Gateway IP Address as 192.168.1.1. Relay Agent is left blank. I’ve also left the DNS Server addresses blank.
So far I’m able to connect to the internet, but I’m obviously only going out on the dynamic IP.
Because I want to run my SMTP server and secure website, I’ve then opened up some ports.
NAT > Open Ports
On index 1, enabled open ports on WAN2 for incoming IP 253.81.17.89 (this is my first static IP, I’d entered these as the WAN IP Aliases, see above), Local Computer 192.168.1.2, for TCP for start/end port 443 for HTTPS, and the same again for SMTP (port 25) on index 2.
This should allow me to access the Exchange Server at https://253.81.17.89:443, but it does not. No response when I check that port using e.g. the port scanner at http://www.t1shopper.com/tools/port-scan/. If I open up the ports on my dynamic IP address instead, then I do get the expected response on port 443 so at least the principle seems correct.
What am I doing wrong?
NAT > Address Mapping
I can’t get to my Exchange server from the outside. But at least I want to get to the outside from the server, and when I do that I want to use the static IP rather than the dynamic one. That’s what the address mapping should do.
At index one, I set Protocol to ALL, WAN Interface to WAN2, WAN IP to the static alias 253.81.17.89, Private IP is that of my server 192.168.1.2 and Subnet Mask is /32, i.e. a single address.
As soon as I enable this mapping, I can no longer get out onto the internet at all.
What am I doing wrong?
Conclusion
I’d be really grateful for any tips on how to get this to work. From reading other people’s posts I think it should be possible.
I am wondering whether there might be an issue with BTs configuration of my IP range? Perhaps I’m barking up the wrong tree and my router configuration is correct but the fault is elsewhere?
Note
I have tried also the “original” or “alternative” approach which is to ignore the DrayTek’s NAT function and instead tried to use the ”No NAT” approach and assign the public static IPs directly to my devices.
I assigned one of the static IPs to the WAN-facing network card of my server. On the router, starting again from the factory defaults I configured the WAN and then, in LAN > General Setup I enabled the IP Routed Subnet. The IP Address I set to 253.81.17.88 (the network address that BT assigned to me) and Subnet Mask to 255.255.255.248. The DHCP Server Configuration section I left empty as I manually set the fixed IP on my server.
But that didn’t work either. Any ideas?
Solved! Go to Solution.
SOLUTION
The configuration steps I posted in my original article are, in fact, absolutly correct. So if you've got a DrayTek Vigor 2830 or similar device, this is how you can configure it to make use of your multiple static IP addresses without losing your NAT function.
After much perseverance with BT's IT support - who to their credit were very helpful - it turned out that the issue was due to another user having mistyped their username and typed in mine instead, and that user was therefore camping out on my IP range.
Moral of the story: Change your default network password!
I am not familiar with the Draytec - I stopped using them a few years ago but,
Firstly can you ping the routers public address externally?
From what I can remember you would probably be better of with a modem/router running in bridged mode to a firewall.
Also if you intend too have all your servers on one subnet and no DMZ then I would suggest using just one of your IP addresses and translate the router public address to the private address range and use port forwarding on the router to the fixed LAN IP addresses of your exchange server etc.
Also can the Draytec support secondary networks? This would be required to forward the public IP's to the internal servers if you want the servers to have public addresses because the subnet mask given for the 5 usable addresses will allow you just that - 5 computers.
The Draytec must also be set to receive its IP address dynamically as BT "supernet" the addresses.
I would be much simpler with one public IP address as you can then set the draytec with that IP and port forward to the LAN.
SOLUTION
The configuration steps I posted in my original article are, in fact, absolutly correct. So if you've got a DrayTek Vigor 2830 or similar device, this is how you can configure it to make use of your multiple static IP addresses without losing your NAT function.
After much perseverance with BT's IT support - who to their credit were very helpful - it turned out that the issue was due to another user having mistyped their username and typed in mine instead, and that user was therefore camping out on my IP range.
Moral of the story: Change your default network password!