How to use public ip for servers behind the zentyal box?

[biswa4u]

Hi,

I am a novice using zentyal...

Anyone please suggest to solve the problem...

I have got a WAN ip with /30 subnet and the range of 6 public ip's with /29 subnet from ISP

My network scenerio is...

       ISP
        |
      WAN
        |
   ZENTYAL
        |
      LAN (web server using those public ip's)

The ip address of Servers on LAN are not visible from outside... but I need it to be visible...

think... the Zentyal box NATed those public ip's too...

how to solve the problem? so that... "what is my ip" shows those public ip addresses asign to the servers...

currently "what is my ip" shows the public ip address of the WAN...

Thanks in advance...

Biswajit Das

[christian]

I have got a WAN ip with /30 subnet and the range of 6 public ip's with /29 subnet from ISP

I don't understand this 
You have only 2 IPs for the WAN and 6 from ISP... what doest it mean? That you have from ISP 6 IPS used for router(s) and then only 2 public IPs you can use behind this router(s)?  Please elaborate.

Then you also need to elaborate a it on why you need your internal IPs to be seen from outside. Either there is a specific valid reason (I've no doubt although I don't understand) or there is something you misunderstand.

If these "internal servers" need to be seen from outside, do not put them inside, this is as simple    Create DMZ using your /29 subnet and plug your servers there.

Then if goal is, as I suspect, to make these servers accessible from outside, there is no need to expose their IP address. All this "what my IP stuff" is useless.
Depending on what these servers are, you can either use Zentyal forwarding capability or, in case of web servers, implement reverse proxy, although not (yet  I hope ) part of Zentyal components, this is easy to deploy.

[Marcus]

Hello biswa4u & christian,

Unfortunately you'll have to bridge your interface manually or use a switch before the Zentyal server.

e.g.
       WAN
           |
       Switch
     /            \
Servers    Zentyal

This is what I'm doing since 8 ports unmanaged switches are dirt cheap.

in case of web servers, implement reverse proxy, although not (yet  I hope ) part of Zentyal components

If this is good enough, you may refer yourself to this post:
http://forum.zentyal.org/index.php?topic=3054.0

@ christian
Some licensing requires public IP.

e.g.
S*lusVM or cPan*l

My 2 pennies;
This is a feature that should be offered on Zentyal instead of a 1-on-1 LAN configuration. Especially with the VMs.

Best,

Marcus

[christian]

If public IP is required because of licence, then why would you deploy such server internally. Put it either outside on on DMZ.
What you show is clearly "outside". Why not. In such case, Zentyal is not used as least for its FW features.

Another approach is:

 

Code: [Select]

     WAN
       |
   Zentyal ------ DMZ ---- (servers)
       |
   intranet

[biswa4u]

Well...

Thanks for the replies...

I am trying to describe my requirements....

1. I have purchased a lease shdsl line for internet from ISP.
2. ISP supplied a WAN ip + a GATEWAY ip for the internet access. (/30 subnet)
3. ISP also lease 6 public ip for the use of servers, online-security-camera, web server etc.
4. Some search engine block those ip addresses temporarily if there is a heavy search generated from.
5. If search engines block a public ip, so we can pick another.
6. So, I need my public ip address should be exposed... so that if it blocked... then I could pick another...
7. In the mean time, I need, network should be protected by firewall and the load balencing capability of zentyal.


Plz suggest...

best regards.
Biswajit

[christian]

2. ISP supplied a WAN ip + a GATEWAY ip for the internet access. (/30 subnet)
3. ISP also lease 6 public ip for the use of servers, online-security-camera, web server etc.

not sure I understand    does it mean you got 2 + 6 IPs (in 2 different subnets) from your ISP. What does "WAN IP + gateway" means, from technical standpoint?

4. Some search engine block those ip addresses temporarily if there is a heavy search generated from.
5. If search engines block a public ip, so we can pick another.

I don't understand this one too 
This would mean that using search engine from large company using proxy will generate heavy search and therefore blocking... 

Well, I'm so lost that I can't really help. Sorry

7. In the mean time, I need, network should be protected by firewall and the load balencing capability of zentyal.

means you need 2 different internet access, not only one as you explain...