Setting up Network with 5 static ip's. Router Selection help needed.

[Platestealer]

Currently I have just 1 static IP with an apple airport extreme router using port forwarding (extremely reliable), but we are getting fiber at our building and are getting 5 static ips (/29) (20 mb/s speed). This is how I was thinking of assigning the ip's to:

1. Acti NVR (enr-140)
2. Building Automation controller
3. Security Card Access controller
4. Our personal business use
5. Possibly a Guest Network

The first three will want to be accessed remotely (NVR, automation and card access).

I am looking for a good router (reliability/stability is most important) that would handle this (security is not a big concern, just need some sort of firewall). Should I get one that has DMZ capability or should go the path of using 1:1 NAT with a router?

If someone has any input, it would be greatly appreciated.

 

[kanewolf]

Although you might like to access the DVR, building automation and card readers remotely, I wouldn't recommend putting them on a public IP address. I would recommend you setup a VPN gateway that has access to them. That way you have security checks prior to things that should be essential business assets.

 

[Tom Tancredi]

I second that. It would BEST PRACTICE to just setup a normal network (Firewalled router to Fiber, then setting in the router's table the set IPs, the rest are DHCP for other purposes like the GUEST Network - Bad idea btw unles syou isolate it and keep a tally of who / what they are DOING on your network). Then install the VPN to have it remotely accessible via your remote system, so the SECURE tunnel lets ONLY you in to access those resources when you need to.

As this is a business, and you wish LIABILITY to be a factor for any issues, I would recommend contact a local B2B IT Networking company that specialized in setting that up. Some cases can be a small simple Linux based Router / Server to provide all those functions and they can be relied on in case something futters up (say power failure nearby resets the Router). Also they will be insured to keep both your privacy as well as against liability for causes of damage to your business, security, privacy if you feel you were exposed.

 

[bill001g]

Partially it depends on how the IP are being delivered to you. Some ISP...ie att uverse comes to mind...are somehow mapping this to the router in a non standard way. This means you need their router and are pretty much at their mercy to how you set this up. Until very lately you had to do one-one nat there was no way to really assign the ip to the end device. Their newest devices partially allow direct assignment.

Things that look like cable modem they just directly put these on the modem which means it makes it very hard to even put a router in, they pretty much think you are going to plug the devices into a dumb switch you have behind the modem. It is possible to use a router but it takes a very odd configuration to make it work.

If this is done the more standard way a commercial connection is put in you will have some other ip for you wan ip and they route the /29 to that.

So if your wan ip was 123.123.123.123 they would have a route that says x.x.x.x/29----> 123.123.123.123 When it is done this way it is the most flexible since you can actually use all 8 ip if you are creative.

In any case you are not likely to find anything called a "router" at a consumer store that will work. Almost all those devices are stupid they will take a single wan ip and NAT it to a single LAN subnet. These are actually best called gateways and not routers. You need a actual router. Many commercial ones on the market, the more expensive being things like cisco or juniper. These will be the easiest to setup because you will find lots of forums and support from the vendors. If cost is a big factor you can load third party firmware like dd-wrt on a consumer "router"

Still you need a good understanding of how the ISP is delivering the /29 to you.