[Chugalug] Ubiquiti EdgeRouter/Web Server Question

Hello,

I feel as if I should know what I am about to ask but the exact details are slightly fuzzy. But I will break it up in a couple of pieces so that its easier to explain what I have and want to do.

I have a web server, edge router x, and an older unmanaged switch. I pay for 1 static ip from my isp and get 4 more dynamic. I receive a total of 5 ips and can have any combination of static/dynamic addresses but am limited to only 5. I have my incoming wan going to the switch along with the wan of the erx and the web server. This setup works alright except that the older switch is a pretty big bottle neck to my home network. This configuration uses the 1 static and 1 dynamic ip.

I would like to eliminate the switch and fully use the erx. This is where I am not sure what I need to do. 

It seems that I should assign my server a local ip and assign my public static to the wan port of the erx and dnat the traffic from my public ip to the set local ip. However, I feel like I should keep my web server traffic off of my home network. Which I can assign multiple addresses to a single port on my erx but it will not let me assign a dynamic and a static on the same port. I also considered bridging the wan port and the port the web server is connected to but this would eliminate available firewall options for my server although this may not be necessary.

Is there a way around this or a better way to get this operational? Should I just get a 2nd static ip from my isp and use one static for home traffic and one for public? Or am I completely wrong and need to go about this a totally different way?  Also, considered getting a newer/gbit switch but if there is a solution with out additional purchases Id like to shoot for that but if that is really the best option I will still do the switch upgrade.

 

Thanks, 

David R.

PS. My internet connection is residential fiber with Ringgold Telephone Company and extra static ip addresses are only $2 per month to add on.

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

Replace the switch with one that supports VLANs/tagging and then create VLANs for public, DMZ, and LAN networks on it. Then you can use two ports of the ERx to control your internal and external networks.The other option is to just use another port on your ERx for the DMZ (aka web server).  If it was me and I just had the ERx and a switch, I would be using a cheap Cisco, HP, or Ubiquiti managed switch as it would give me the most flexibility and performance.

-Aaron

On Wed, Oct 4, 2017 at 1:41 AM, David Rucker <[hidden email]> wrote:

Hello,

I feel as if I should know what I am about to ask but the exact details are slightly fuzzy. But I will break it up in a couple of pieces so that its easier to explain what I have and want to do.

I have a web server, edge router x, and an older unmanaged switch. I pay for 1 static ip from my isp and get 4 more dynamic. I receive a total of 5 ips and can have any combination of static/dynamic addresses but am limited to only 5. I have my incoming wan going to the switch along with the wan of the erx and the web server. This setup works alright except that the older switch is a pretty big bottle neck to my home network. This configuration uses the 1 static and 1 dynamic ip.

I would like to eliminate the switch and fully use the erx. This is where I am not sure what I need to do. 

It seems that I should assign my server a local ip and assign my public static to the wan port of the erx and dnat the traffic from my public ip to the set local ip. However, I feel like I should keep my web server traffic off of my home network. Which I can assign multiple addresses to a single port on my erx but it will not let me assign a dynamic and a static on the same port. I also considered bridging the wan port and the port the web server is connected to but this would eliminate available firewall options for my server although this may not be necessary.

Is there a way around this or a better way to get this operational? Should I just get a 2nd static ip from my isp and use one static for home traffic and one for public? Or am I completely wrong and need to go about this a totally different way?  Also, considered getting a newer/gbit switch but if there is a solution with out additional purchases Id like to shoot for that but if that is really the best option I will still do the switch upgrade.

 

Thanks, 

David R.

PS. My internet connection is residential fiber with Ringgold Telephone Company and extra static ip addresses are only $2 per month to add on.

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

--

Aaron Welch

Chief Mechanic @ Geek Ventures
<a href="tel:(423)%20505-9999" value="+14235059999" target="_blank">423-505-9999
[hidden email]
"Enabling people to do great things with their own ideas."

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

Hey Aaron,

Do you have any Ubiquiti 8 port switches for sale?

Dean 

Hope you have a great day,

Dean Warren

On Wed, Oct 4, 2017 at 9:59 AM, Aaron welch <[hidden email]> wrote:

Replace the switch with one that supports VLANs/tagging and then create VLANs for public, DMZ, and LAN networks on it. Then you can use two ports of the ERx to control your internal and external networks.The other option is to just use another port on your ERx for the DMZ (aka web server).  If it was me and I just had the ERx and a switch, I would be using a cheap Cisco, HP, or Ubiquiti managed switch as it would give me the most flexibility and performance.

-Aaron

On Wed, Oct 4, 2017 at 1:41 AM, David Rucker <[hidden email]> wrote:

Hello,

I feel as if I should know what I am about to ask but the exact details are slightly fuzzy. But I will break it up in a couple of pieces so that its easier to explain what I have and want to do.

I have a web server, edge router x, and an older unmanaged switch. I pay for 1 static ip from my isp and get 4 more dynamic. I receive a total of 5 ips and can have any combination of static/dynamic addresses but am limited to only 5. I have my incoming wan going to the switch along with the wan of the erx and the web server. This setup works alright except that the older switch is a pretty big bottle neck to my home network. This configuration uses the 1 static and 1 dynamic ip.

I would like to eliminate the switch and fully use the erx. This is where I am not sure what I need to do. 

It seems that I should assign my server a local ip and assign my public static to the wan port of the erx and dnat the traffic from my public ip to the set local ip. However, I feel like I should keep my web server traffic off of my home network. Which I can assign multiple addresses to a single port on my erx but it will not let me assign a dynamic and a static on the same port. I also considered bridging the wan port and the port the web server is connected to but this would eliminate available firewall options for my server although this may not be necessary.

Is there a way around this or a better way to get this operational? Should I just get a 2nd static ip from my isp and use one static for home traffic and one for public? Or am I completely wrong and need to go about this a totally different way?  Also, considered getting a newer/gbit switch but if there is a solution with out additional purchases Id like to shoot for that but if that is really the best option I will still do the switch upgrade.

 

Thanks, 

David R.

PS. My internet connection is residential fiber with Ringgold Telephone Company and extra static ip addresses are only $2 per month to add on.

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

--

Aaron Welch

Chief Mechanic @ Geek Ventures
<a href="tel:(423)%20505-9999" value="+14235059999" target="_blank">423-505-9999
[hidden email]
"Enabling people to do great things with their own ideas."

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

Sorry, I just have 24 and 48 port H3C POE switches at the moment.

-Aaron

On Sun, Oct 8, 2017 at 8:11 AM, Dean Warren <[hidden email]> wrote:

Hey Aaron,

Do you have any Ubiquiti 8 port switches for sale?

Dean 

Hope you have a great day,

Dean Warren

On Wed, Oct 4, 2017 at 9:59 AM, Aaron welch <[hidden email]> wrote:

Replace the switch with one that supports VLANs/tagging and then create VLANs for public, DMZ, and LAN networks on it. Then you can use two ports of the ERx to control your internal and external networks.The other option is to just use another port on your ERx for the DMZ (aka web server).  If it was me and I just had the ERx and a switch, I would be using a cheap Cisco, HP, or Ubiquiti managed switch as it would give me the most flexibility and performance.

-Aaron

On Wed, Oct 4, 2017 at 1:41 AM, David Rucker <[hidden email]> wrote:

Hello,

I feel as if I should know what I am about to ask but the exact details are slightly fuzzy. But I will break it up in a couple of pieces so that its easier to explain what I have and want to do.

I have a web server, edge router x, and an older unmanaged switch. I pay for 1 static ip from my isp and get 4 more dynamic. I receive a total of 5 ips and can have any combination of static/dynamic addresses but am limited to only 5. I have my incoming wan going to the switch along with the wan of the erx and the web server. This setup works alright except that the older switch is a pretty big bottle neck to my home network. This configuration uses the 1 static and 1 dynamic ip.

I would like to eliminate the switch and fully use the erx. This is where I am not sure what I need to do. 

It seems that I should assign my server a local ip and assign my public static to the wan port of the erx and dnat the traffic from my public ip to the set local ip. However, I feel like I should keep my web server traffic off of my home network. Which I can assign multiple addresses to a single port on my erx but it will not let me assign a dynamic and a static on the same port. I also considered bridging the wan port and the port the web server is connected to but this would eliminate available firewall options for my server although this may not be necessary.

Is there a way around this or a better way to get this operational? Should I just get a 2nd static ip from my isp and use one static for home traffic and one for public? Or am I completely wrong and need to go about this a totally different way?  Also, considered getting a newer/gbit switch but if there is a solution with out additional purchases Id like to shoot for that but if that is really the best option I will still do the switch upgrade.

 

Thanks, 

David R.

PS. My internet connection is residential fiber with Ringgold Telephone Company and extra static ip addresses are only $2 per month to add on.

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

--

Aaron Welch

Chief Mechanic @ Geek Ventures
<a href="tel:(423)%20505-9999" value="+14235059999" target="_blank">423-505-9999
[hidden email]
"Enabling people to do great things with their own ideas."

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

--

Aaron Welch

Chief Mechanic @ Geek Ventures
<a href="tel:(423)%20505-9999" value="+14235059999" target="_blank">423-505-9999
[hidden email]
"Enabling people to do great things with their own ideas."

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug