News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Can firewall have the same IP address for WAN and LAN

    Home Forums Networking – routers, firewalls, network configuration Can firewall have the same IP address for WAN and LAN

    Viewing 3 reply threads
    • Author
      Posts
      • #2371865
        BByg3223
        AskWoody Plus

        I have a misbehaving firewall device that I’m going to have to take offline until a replacement arrives. I’ll be stuck depending on the firewall in the ISP modem. (Bother). I need to minimize the downtime while I reconfigure the modems LAN IP address.

        I want to change the LAN address of the modem to be the same as the LAN address of the bad firewall and turn off the modems DHCP serving. Then unplug the modem from the firewall device WAN port, and unplug our network from the firewall LAN port. Then plug the network directly into the modem LAN port. On our internal network DHCP is served from another server and not the firewall device.

        Is there any reason that this won’t work? I figure that network downtime while I unplug and plug in cables to be about 30 seconds.

        Incidentally, the problem with the firewall device is that it is occasionally disconnecting from the modem without the modem or firewall logs shedding any light as to why. Our ISP has already replaced the modem without solving the issue. We’re a church and have a major event streaming in a few days. The connection cannot be allowed to drop during the event!

      • #2371939
        Alex5723
        AskWoody Plus

        WAN and LAN devices can’t have the same IPs.
        LAN has internal IPs not visible from the outside (for security).
        WAN has external IPs visible to all.

      • #2372028
        anonymous
        Guest

        Actually it seems to work. I did some experimenting yesterday and made this change resulting in three separate networks.

        First is the public WAN, the Internet.

        Second is the ISP modem LAN. I gave the LAN port of the modem the IP 10.124.94.1. It has only one client, our firewall’s WAN port.

        The third network is the LAN side of the firewall. It contains all our clients. They can only connect to the firewall. They cannot directly connect to anything on the WAN side of the firewall. So they do not care what the IP address range for the WAN side of the firewall. The firewall does all the NAT work.

        It all works just fine. Makes sense really. After all there are oodles of independent 192.168.x.x networks hiding behind routers and firewalls, and they all can connect to the internet and not, directly, to each other.

        • #2372105
          anonymous
          Guest

          Dear (other) anonymous,

          You should test the software to be used for your upcoming “streaming event” before declaring victory.

          As Paul T indicates, double-nat can sometimes present difficulties.  I would suggest putting your ISP modem into transparent bridge mode, leaving your firewall to act as the (only) router.  Hard to give concrete advice, since you never mentioned the specific equipment involved.

          See this article for example, and/or google double+nat

          Good luck.

           

      • #2372091
        Paul T
        AskWoody MVP

        Your suggested solution is perfectly valid – as you found out.

        The downside of having router > firewall > network is you “double NAT” the internal devices, although this isn’t an issue if you are just surfing / email etc.

        cheers, Paul

    Viewing 3 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Can firewall have the same IP address for WAN and LAN

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.