So, I ran into something new (to me) today. I contacted the ISP for one of our offices asking for more public Static IP addresses for our business needs. We had 8 in a /24 subnet and were using them all up. I know that with other ISPs, when I ask for more than 8, I'll usually be supplied a complete subnet, the first usable IP being the gateway and the others available for whatever I need.
What I ran into today, though, was that they were supplying me with a "CIDR Block". When it was described to me, I figured--- ok fine, they are giving me a subnet just like what I'm used to. I took down the network ID and subnet, DNS servers, and agreed on the phone that the first available IP will be the gateway, and even (falsely) clarified with the tech on the phone that they will configure the cable modem to grab that first IP, fine.
I set up my sonicwall to use the new subnet, and nothing worked. I was assigned a subnet in the 174.7x.x.x range. What was explained to me is that I need to setup my router to grab a specific gateway IP in their 98.17x.x.x range (which was very similar to my old 8 IPs), then they will route the 174.7x.x.x IPs to that gateway.
Long story short (ha!), this is how it worked.
The WAN port of my sonicwall is configured for the gateway IP.
One of the LAN ports of my sonicwall is in the LAN zone and that's where the workstations and network devices reside.
One of the other LAN ports is in it's own zone which I named "CIDR Block". That LAN port has the first IP of the block assigned to it, and the other devices that are taking up IPs in that block are wired into that port through a switch and point to it as its gateway.
Sloppily, I used the setup wizard to create all the NAT, firewall, and routing rules (Send all services from to ) for each available CIDR IP, and things started working. This was tedious since I ran the wizard one time for each IP, but it worked and I was quickly running out of time.
So, I finally grasped the concept. I need to find a more elegant way for the sonicwall to handle it, but here is the jist:
If an ISP gives you a CIDR block, what they are doing is routing requests being sent to those IPs to your gateway IP. Your router needs to handle them all from there. Making it do that is the tricky part, you need to have a powerful router to make this work, and the ISP is of little help.
One cool part about it is that I was able to setup DHCP on that CIDR network so that we can plug in our stuff that needs to be accessible from the outside, grab an IP from DHCP, and we're good to go. Better yet, I can remotely look at the active DHCP clients and see what's going on. This also allowed me to eliminate the switch that used to be between the cable modem and my sonicwall. I can see some benefits to it, but yeah, I didn't expect to be using my brain that much on a Saturday.
Anyone else have any experiences with this kind of setup that they want to share?