Moving from public IP to Private

[dobbythenerd1]

Hello!

I'm trying to think of a way to get the business i work for moved from a public IP on every device to Private (192. or 10.) 
But im struggling to come up with a solution. We currently have a NETGEAR ProSafe VPN Firewall FVX538 and a Draytek vigor2952 
The plan is to replace the netgear with the Draytek. I want to have the 10. ip address's on the draytek and the original public ip address's on the netgear. the move will be done slowly and eventually the multiple public ip address for each pc will be no more.
We have one BT line coming to the building. Any advice how could i tackle this? My networking knowledge isn't the best but i have been assigned this task. 

[igormp]

Are you sure every PC has a public IP?

 

That would mean that your ISP gives you enough IPs and you route those through your router for each device.

 

What does one of those "public ips" look like? (you can send me just the two first octets for security reasons, ofc).

[Alex Atkin UK]

11 minutes ago, igormp said:

Are you sure every PC has a public IP?

 

That would mean that your ISP gives you enough IPs and you route those through your router for each device.

 

What does one of those "public ips" look like? (you can send me just the two first octets for security reasons, ofc).

Its certainly possible, this did used to be a thing back before the Internet got so big.  Many years ago I even had a small subnet as a home user, as web servers didn't support hosting multiple subdomains on the same IP address back then.

 

Businesses are very reluctant to change, especially as "the move will be done slowly" is not really practical, it would just make the whole thing a lot more complicated than it needs to be.  It really needs to be done all at once.

[dobbythenerd1]

1 hour ago, igormp said:

Are you sure every PC has a public IP?

 

That would mean that your ISP gives you enough IPs and you route those through your router for each device.

 

What does one of those "public ips" look like? (you can send me just the two first octets for security reasons, ofc).

 

So the company was setup in 1970 odd with 5 staff. This became 40 over the years and since the start of COVID we have now have 85. We own from the octet final 1 to 254

[igormp]

Oh, wow, interesting, I never saw something like that haha

 

Well, then ignore what I said, I have no experience with such setup  

[Alex Atkin UK]

9 hours ago, dobbythenerd1 said:

 

So the company was setup in 1970 odd with 5 staff. This became 40 over the years and since the start of COVID we have now have 85. We own from the octet final 1 to 254

Its going to be complicated to do it gradually as you'd effectively be running both a LAN and the WAN at the same time.  With managed switches I suppose you could setup the new LAN on its own VLAN and swap clients one by one onto that VLAN, but the problem is if you need those machines to talk to each other and for what purposes.

The router could NAT between the two (if its configurable enough) but this might not work with all software and would likely be a none-starter for anything heavy bandwidth.  As it was only handling plain routing before, I'm not even sure how powerful it will be for NAT for the Internet alone never mind handling Public to Private NAT internally too.

I'd certainly target any machines that only need Internet access first.

[wseaton]

It all depends on what the machines are doing. If they are just surfing the net and not being direct servers for something  then configure one of the routers for DHCP and start putting them behind it . Pick any RFC 1918 you wish (private IP range). Just because you own the full octet doesn't mean you need to use it.

 

Some older ISPs insist on all client devices have a static address. I doubt if this is an issue here. Unless all those machines are hosting web services just move them behind a router running DHCP.

 

 

 

 

[Alex Atkin UK]

1 hour ago, wseaton said:

It all depends on what the machines are doing. If they are just surfing the net and not being direct servers for something  then configure one of the routers for DHCP and start putting them behind it . Pick any RFC 1918 you wish (private IP range). Just because you own the full octet doesn't mean you need to use it.

 

Some older ISPs insist on all client devices have a static address. I doubt if this is an issue here. Unless all those machines are hosting web services just move them behind a router running DHCP.

My thought were things like printers, they might need to be static.  Like you said, depends on what is actually on the network.

[dobbythenerd1]

Thanks for the replies everyone. We are going to make the move to a new router/firewall with the 10.0.0.0 ip range. We will still have to manually enter IP address's for the equipment we use however i have accepted it need to just bite the bullet and do it.