I just upgraded to Business Class, the tech installed the SMC gateway and the phone modem, and I am looking at setting up the static IPs (no thanks to Comcast) for specific hosts on my network, which in my instance are a dual quad-core Xeon with 16 GBs RAM and 1 TB storage running ESXi, and several Ubuntu Server 12.04 VMs running on the ESXi server. So here's how I think it can be done.
For DHCP for my Macs, I have a Cisco router on which I've left DHCP active, I've put it in bridge mode, assigned it the IP address 10.1.10.254 with a gateway of 10.1.10.1, and so all my Macs, ESXi server, and guest VMs are all on the same (single) private network. This is a bit more elegant than running two private networks--the only thing I need to look out for are duplicate IP assignments, and I have that potential issue boxed in with a bit of dividing my network into subnets.
So now I am attacking the static IP issue. I could do this a couple ways--the first is to assign the ESXi server and guest VM's subnet of public static IPs and stick it in a DMZ. One efficient thing about this approach on the face is that once the ESXi server is out in the open, so are all the guest VMs. So I all I would need to do is set up routing between a subnet of public static IPs and my private network between the server, the guest VMs, etc.
But this seems a bit of a hack to me. Why should I put a VM host and a bunch of guests out in the open? Seems like 1-to-1 NAT would do the trick with less effort and more elegance--I simply use the SMC gateway's 1-to-1 NAT tab to enter the public static IPs and map them to private static IPs of guest VMs. So I entered 4 public static IPs that I want to map to 4 private static IPs. Easy enough. But . . .
When I click "Enable" in the SMC gateway's UI for any of the static IP mappings, the gateway reboots, and I go back to the 1-to-1 NAT tab and the enabling UI widget isn't enabled. So I get on the phone with Comcast Business Class tech support, and the tech refuses to help me because this is "a networking issue" (I thought it was an issue of Comcast's hardware engaging in unexpected behavior), tells me all the static IPs are active (which is what I would expect Comcast to say, since that did not look at my gateway, and anyway those public static IPs are live and in their routing table, having been activated). She won't even ping one of my public static IP addresses assigned to a VM running Linux to see if anything comes back. Thanks.
So is 1-1 NAT broken on the SMC box? Is there an incantation I need to chant to get it to work? If this is normal behavior to not enable a mapping and instead rebooting and not changing state, then it seems to me that Comcast Business Class is not much better than Xfinity service, just a **** of a lot more expensive and complicated. I guess I can try the DMZ approach, but that would be the definition of a hack because I would be using broken hardware to run a remote office.
Thoughts are appreciated. Thanks for your time, Kris
Thanks for your question kmagnusson.
If I missed something in your post, I apologize.
The easiest way I know of to utilize multiple external IP's is to set the SMC to bridge and assign the external IP's to individual routers. For example, the Cisco for your server and another separate router for the Guest network and another for the Macs. If you have more IP's then ports on the SMC gateway, you can add a switch.
If you want to assign separate external IP's to the Ubuntu VM's on the server, we'll have to get input from some of the other members. I have not worked with virtual machines or enterprise type networks.
If you are running an internal mail server, you will need to make sure Comcast assigns the appropriate reverse DNS to the External IP or many mail servers will reject the emails you send.