Generic Firewall Guide

This is a generic guide to configuring most firewalls and routers behind Sharedband.
If you normally use an IT company we would recommend speaking to them first to avoid any unforeseen circumstances.
There is an FAQ section at the back of this guide.

Step 1 – Sharedband Installation

Install Sharedband using the relevant quick install guide and make sure you can connect to the internet by plugging in a PC directly into the Sharedband routers or the switch if you are using one.

We recommend you run a couple of speedtests. You can use our online tester here: http://speedtest.sharedband.net

Step 2 – Pre setup

By default Sharedband Netgear routers use the range (subnet) 192.168.0.1-254 and Sharedband neutral routers (Linksys, Power routers etc) use 192.168.3.1-254.

The LAN (secure) and WAN (unsecure/internet) interfaces on your firewall need to be in different subnets (ranges).
Very Simplified, a subnet is a range of IP addresses e.g 192.168.0.1 to 192.168.0.254.
You need to make sure the 3rd number separated by dots (in this case 0), is not the same on both LAN and WAN interfaces. If the number is the same please follow the relevant guide to changing the IP range on the Sharedband routers.

We highly recommend you set a static address on your firewall to stop a potential issue later on.
Pick an IP address for your firewall outside of the DHCP range, we recommend somewhere between .18 and .99.

Step 3 – Configuring the firewall

Log on to the firewall and edit the WAN interface settings.
Set the IP address to be static and enter the IP address you picked above.
The subnet mask will be 255.255.255.0.
The gateway will be 192.168.0.250 for netgears and 192.168.3.250 for neutral routers (unless you changed it in step 2)
The primary DNS sever address will be the same as the gateway.
If you have space for a secondary DNS server you can either use a public DNS like google or opendns (8.8.8.8 or 208.67.222.222) or leave it blank.
Save the settings and reboot the firewall if necessary.

 Plug a PC in behind the firewall and check you have internet access. If not there may be and additional step necessary, please see the trouble shooting section.

Step 4 – Forwarding all traffic.

Follow the below guide and do a host allocation. In the destination box put in the IP address of your firewall you set above (e.g. 192.168.0.50). By doing a host allocation you are forwarding all ports and protocols to the firewall, VPNs and your existing port mappings should now work.

http://support.sharedband.com/index.php?act=article&code=view&id=15

 

FAQ

Q. What is going to change?

A. Your public IP address will change.
If you use an onsite mail server such as SBS or Exchange, this could stop outgoing mail.  Reverse DNS may need to be setup.
If you have any VPNs setup you will need to change the public IP people use to access your VPN server.

Q. What is my public IP address?

A. Using the details in the welcome letter, log on to the Sharedband NOC.
Click on the configuration and then click IP address mappings. Your static IP/s will be listed here.

Q. Can I put the public IP on the WAN interface of the firewall?

A. To do this you need to have 4 public IP addresses from Sharedband that form a subnet.
Due to the impending shortage of IPv4 addresses most firewalls don’t require a public IP on the WAN interface. All traffic can be forward to your firewall so your existing VPNs and port forward will still work. If you do need the public IP on the WAN interface, please speak to whoever manages your Sharedband account.

Troubleshooting.

Q. I’ve plugged my PC into my firewall but I can’t access webpages or it takes a long time before the page starts to load.

A. This is maybe a DNS error. Log into your firewall and look under the DHCP settings. Your Primary DNS server will need to be the same as the Sharedband gateway you set in step 3.
If you have a SBS server you may need to change the DNS servers on that.
Ensure you are connected with a cable to the firewall (on a LAN switch) and make sure your PC is using DHCP.
If you still can’t connect please raise a ticket: http://support.sharedband.com/

Q. My VPN will not connect.

A. Depending on what type of VPN you may need to configure the VPN device to work though NAT. This can be as simple as specifying the public IP address in the VPN config. Please refer to the manufacture’s documentation for your VPN device.