need some subnetting help please

I have a comcast business block of IP addresses, here is what
comcast provided:

70.88.100.104 is my network
..105 - 109 are usable
..110 is gateway
..111 is broadcast
mask is 255.255.255.248

i need to break this into two subnets,
so i set the mask to 255.255.255.252
which gives me
..104 network
..105, .106 usable
..107 broadcast

..108 network
..109, .110 usable
..111 broadcast

the question i have is what happens to the gateway? i cant
use .110 for both networks. im really not sure what
to do in this case.

(the reason for this is my router requires that if i
want to put a box on the DMZ it has to be in
a different subnet than the rest of the network).

RobR wrote:
> I have a comcast business block of IP addresses, here is what
> comcast provided:
>
> 70.88.100.104 is my network
> .105 - 109 are usable
> .110 is gateway
> .111 is broadcast
> mask is 255.255.255.248
>
> i need to break this into two subnets,
> so i set the mask to 255.255.255.252
> which gives me
> .104 network
> .105, .106 usable
> .107 broadcast
>
> .108 network
> .109, .110 usable
> .111 broadcast
>
> the question i have is what happens to the gateway? i cant
> use .110 for both networks. im really not sure what
> to do in this case.
>
> (the reason for this is my router requires that if i
> want to put a box on the DMZ it has to be in
> a different subnet than the rest of the network).
>
>
>

You can't do what you describe, unless your DMZ can be natted. And in
that case, you can have any network range you want for the DMZ.

The problem is exactly what you wonder about - what happens to the
gateway. The outward (internet) facing interface on the firewall needs
to be on the same subnet as the ISP router at 70.88.100.110. Trying to
sbunet that will cause issues - incoming packets that may nee dto be
routed by the firewall will appear local to the ISP gateway, etc.

What type of firewall is this? Most do support NAT for the DMZ.

"snertking" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> RobR wrote:
>> I have a comcast business block of IP addresses, here is what
>> comcast provided:
>>
>> 70.88.100.104 is my network
>> .105 - 109 are usable
>> .110 is gateway
>> .111 is broadcast
>> mask is 255.255.255.248
>>
>> i need to break this into two subnets,
>> so i set the mask to 255.255.255.252
>> which gives me
>> .104 network
>> .105, .106 usable
>> .107 broadcast
>>
>> .108 network
>> .109, .110 usable
>> .111 broadcast
>>
>> the question i have is what happens to the gateway? i cant
>> use .110 for both networks. im really not sure what
>> to do in this case.
>>
>> (the reason for this is my router requires that if i
>> want to put a box on the DMZ it has to be in
>> a different subnet than the rest of the network).
>>
>>
>>
>
> You can't do what you describe, unless your DMZ can be natted. And in that
> case, you can have any network range you want for the DMZ.
>
> The problem is exactly what you wonder about - what happens to the
> gateway. The outward (internet) facing interface on the firewall needs to
> be on the same subnet as the ISP router at 70.88.100.110. Trying to sbunet
> that will cause issues - incoming packets that may nee dto be routed by
> the firewall will appear local to the ISP gateway, etc.
>
> What type of firewall is this? Most do support NAT for the DMZ.

it's a zyxel zywall 35 which does support NAT to the DMZ
but the problem is that the box I want on the DMZ is running
Asterisk VOIP PBX which apparently can't sit behind a NAT.
would this work if i just ran the cable modem to a hub and
plugged both the router and the Asterisk server into the
hub?

"RobR" <(E-Mail Removed)> wrote in message
news:c5aCf.3556$ie3.1581@trndny09...
>
> "snertking" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> RobR wrote:
>>> I have a comcast business block of IP addresses, here is what
>>> comcast provided:
>>>
>>> 70.88.100.104 is my network
>>> .105 - 109 are usable
>>> .110 is gateway
>>> .111 is broadcast
>>> mask is 255.255.255.248
>>>
>>> i need to break this into two subnets,
>>> so i set the mask to 255.255.255.252
>>> which gives me
>>> .104 network
>>> .105, .106 usable
>>> .107 broadcast
>>>
>>> .108 network
>>> .109, .110 usable
>>> .111 broadcast
>>>
>>> the question i have is what happens to the gateway? i cant
>>> use .110 for both networks. im really not sure what
>>> to do in this case.
>>>
>>> (the reason for this is my router requires that if i
>>> want to put a box on the DMZ it has to be in
>>> a different subnet than the rest of the network).
>>>
>>>
>>>
>>
>> You can't do what you describe, unless your DMZ can be natted. And in
>> that case, you can have any network range you want for the DMZ.
>>
>> The problem is exactly what you wonder about - what happens to the
>> gateway. The outward (internet) facing interface on the firewall needs to
>> be on the same subnet as the ISP router at 70.88.100.110. Trying to
>> sbunet that will cause issues - incoming packets that may nee dto be
>> routed by the firewall will appear local to the ISP gateway, etc.
>>
>> What type of firewall is this? Most do support NAT for the DMZ.
>
> it's a zyxel zywall 35 which does support NAT to the DMZ
> but the problem is that the box I want on the DMZ is running
> Asterisk VOIP PBX which apparently can't sit behind a NAT.
> would this work if i just ran the cable modem to a hub and
> plugged both the router and the Asterisk server into the
> hub?
>

the switch did the trick. asterisk is up and running and
hanging out on the net with no firewall in all it's glory .