New Member
Posts: 1
Registered: ‎03-16-2014

Multiple IP on WAN with two LAN - NAT

 
I have 13 IP addresses that I assigned to eth1 interface that I will use and WAN.
 
I have set up 2 LAN's on eth0 (192.168.1.0) and on eth2 (192.168.2.0)
 
I want  to map an IP address (one of 13) on eth1 to any of the networks local IP (eth0 or eth2 ) address on a group(can I group ports) of web ports (tcp 80, tcp 443, tcp 22, tcp 21 etc).
 
I will be pleased if anyone can help 

 

Regular Member
Posts: 536
Registered: ‎11-12-2013
Kudos: 78
Solutions: 3

Re: Multiple IP on WAN with two LAN - NAT

sorry if this is off topic or irrelevant. but i would also like to do something similar to this

my situation is that i get 2 public ip from my ISP, currently 1 goes to ERL and the other goes to another xbox (because of upnp problems with ERL i am forced to do this to get open nat on 2 consoles)

the problem with this is. my brother uses an app on his iphone to play music onto his xbox over the network. so because he is on a seperate ip now it does not work. if i could somehow give it that second ip through the ERL and allow the xbox to talk to the rest of my network on another ip that would be great. kinda doubt its possible though.

very lucky i even have 2 ip's in the first place to solve this UPNP issue with the ERL. patiently waiting for the 1.5 beta with miniupnpd support.

T1200 - ERX - UAP - R7000 - WEB6000Q
Highlighted
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: Multiple IP on WAN with two LAN - NAT

[ Edited ]

One thing you could do is forward all the traffic from the secondary address to a specific host on the LAN.  For example:

publicforward1.png

In picture above I have both 172.16.3.60 and 172.16.3.61 on eth0.  172.16.3.60 is the primary addresss of the router and all traffic hit 172.16.3.61 I will forward to host 192.168.1.10.  First I'll make a static dhcp mapping so the server always gets 192.168.1.10:

publicforward2.png

Then add a destination NAT rule to send all traffic on 172.16.3.61 to 192.168.1.10:

publicforward3.png

We'll also need a source NAT rule so that traffic coming from 192.168.1.10 goes out with the right address:

publicforward7.png

Unfortunately this need source NAT rule need to come before the masquarade rule, so we can drag-n-drop it to be the rule source NAT rule and then click "save rule order".

publicforward6.png

Then the last thing is add a firewall rule to allow 192.168.1.10 (note DNAT happens before firewall).

publicforward4.png

It's worth noting that now all in bound traffic to 172.16.3.61 to forwarded to 192.168.1.10, so that internal server has effectively no firewall at all protecting it.  This maybe what is desired, but if not the destination NAT rule could add states "establed/related" so that only session initiated from the server are allowed in.

Using "show nat translations" I can see that the proper translations are occurring:

ubnt@ubnt:~$ show nat translations 
Pre-NAT              Post-NAT             Type  Prot  Timeout 
192.168.1.10         172.168.3.61         snat  tcp   112     
172.16.3.61          192.168.1.10         dnat  tcp   7187    

 Attached is the complete config.boot file for this example.

EdgeMAX Router Software Development
Attachment
Regular Member
Posts: 536
Registered: ‎11-12-2013
Kudos: 78
Solutions: 3

Re: Multiple IP on WAN with two LAN - NAT

ok, but what i dont know how to do or if i can do is how to pull the second ip to the same router. im getting dynamic IP's, and im about 99.99% sure only 1 ip can be attached to the mac, so essentially i would have to make the router advertise 2 mac addresses, if this is possible, how would i do it? i could do 1 ips through 1 port or 1 ip through each port and use 2 as i am only using 2/3 of my ports now and have a free one.

T1200 - ERX - UAP - R7000 - WEB6000Q
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: Multiple IP on WAN with two LAN - NAT

I seem to recall people have done that with psuedo-ethernet interfaces.

EdgeMAX Router Software Development
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: Multiple IP on WAN with two LAN - NAT


@ConnorM wrote:

ok, but what i dont know how to do or if i can do is how to pull the second ip to the same router. im getting dynamic IP's, and im about 99.99% sure only 1 ip can be attached to the mac, so essentially i would have to make the router advertise 2 mac addresses, if this is possible, how would i do it? i could do 1 ips through 1 port or 1 ip through each port and use 2 as i am only using 2/3 of my ports now and have a free one.


See - LINK.

EdgeMAX Router Software Development
Emerging Member
Posts: 87
Registered: ‎07-04-2013
Kudos: 31
Solutions: 3

Re: Multiple IP on WAN with two LAN - NAT

Trying to do exact same setup like this but having issues.  See this thread for config info.

Emerging Member
Posts: 75
Registered: ‎06-07-2013
Kudos: 22
Solutions: 3

Re: Multiple IP on WAN with two LAN - NAT

i was able to do it with pseudo ethernet ports, however the only issue is after the router has more than 1 gateway, the only way i could figure out to get internet working is to have a bunch of modify rules

New Member
Posts: 9
Registered: ‎06-08-2014

Re: Multiple IP on WAN with two LAN - NAT

Can you please tell how to make server 172.168.3.61 accessable from LAN in this example? (I don't want to use local IP address 192.168.1.10, since there is domain name that always resolves to 172.168.3.61).

 

New Member
Posts: 30
Registered: ‎12-11-2014
Kudos: 3
Solutions: 1

Re: Multiple IP on WAN with two LAN - NAT

[ Edited ]

I have followed this tutorial to a T but when ever I try and hit the external IP address it just takes me to the Routers' management Login instead of using NAT.

 

Dest NAT config

http://snag.gy/f3ssz.jpg

 

Source NAT config

http://snag.gy/mUzw5.jpg

 

Interface Config

http://snag.gy/w2icz.jpg

 

Firewall Ruleset

http://snag.gy/ebB2O.jpg

 

Firewall Server Ruleset

http://snag.gy/oPPn5.jpg

 

I had this setup and working in about 5 seconds on the Ub Gateway Lite but getting this to work on the ERPro-8 has been a bear.  Thanks in advance

New Member
Posts: 9
Registered: ‎06-08-2014

Re: Multiple IP on WAN with two LAN - NAT

[ Edited ]

Can you please tell how to make server 172.168.3.61 accessable from LAN in this example? (I don't want to use local IP address 192.168.1.10, since there is domain name that always resolves to 172.168.3.61).

 

Anyone can help with this? Maybe I need to configure some loopback for NAT?

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: Multiple IP on WAN with two LAN - NAT

@AndrewDryga this is an old thread.  I'd suggest you start your own thread.  Post your config file, software version and the question.

EdgeMAX Router Software Development
New Member
Posts: 29
Registered: ‎04-20-2015
Kudos: 1

Re: Multiple IP on WAN with two LAN - NAT

Old question not answered for a too long time. Same problem here and no answer until now ......

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: Multiple IP on WAN with two LAN - NAT


@atvirtual wrote:

Old question not answered for a too long time. Same problem here and no answer until now ......


The answer was in post #3.

EdgeMAX Router Software Development
New Member
Posts: 2
Registered: ‎06-14-2015
Kudos: 1

Re: Multiple IP on WAN with two LAN - NAT

I'm just replying to this post because I can't find a post related to it. The answer for me isn't made in post 3. I have one LAN (192.168.1.x) and 16 public addresses. I just want to forward ports from different WAN addresses to diffirent LAN addresses. So e.g. address 190.x.x.2 needs to be forwarded to 192.168.1.10 on port 25. Also address 190.x.x.3 needs to be forwarded to 192.168.1.20 also port 25. I have made these configurations on many firewalls (Cisco, TMG, Netgear) and this works without any problems. On the EdgeRouter Pro 8 only the primairy address is working. I've configured several routers now (EdgeRouter) without any problem when it handles only 1 public address. The need is for replacing several TMG firewalls. Anyway I've made configs with DNAT as discribed, nothing works, only the primairy address. I'm getting a bit frustrated, as specialy with the solution of the support team saying to join the forums and find the answer there. Until now I didn't find any answer or suggestions. So this will be my last try otherwise I will replace the EdgeRouters with Netgear or Cisco. This isn't ment to be a treath but I have to go for a solution. Question: Am I the only one with this problem, is there a solution (config example and not the one above because this didn't work for me). If there is more info needed please let me know.

 

Regards

 

Cees

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: Multiple IP on WAN with two LAN - NAT

@CVelt We'd prefer you start a new thread, but here's a quick example:

 

ubnt@ubnt:~$ cat /config/config.boot
interfaces {
    ethernet eth0 {
        address 190.0.0.1/29
        address 190.0.0.2/29
        address 190.0.0.3/29
        address 190.0.0.4/29
        address 190.0.0.5/29
        description WAN
        duplex auto
        speed auto
    }
    ethernet eth1 {
        address 192.168.1.1/24
        description LAN
        duplex auto
        speed auto
    }
    ethernet eth2 {
        duplex auto
        speed auto
    }
}
service {
    gui {
        https-port 443
    }
    nat {
        rule 10 {
            destination {
                address 190.0.0.2
                port 25
            }
            inbound-interface eth0
            inside-address {
                address 192.168.1.10
            }
            protocol tcp_udp
            type destination
        }
        rule 20 {
            destination {
                address 190.0.0.3
                port 25
            }
            inbound-interface eth0
            inside-address {
                address 192.168.1.20
            }
            protocol tcp_udp
            type destination
        }
        rule 5000 {
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    host-name ubnt
    login {
        user ubnt {
            authentication {
                encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.7.0rc1.4778563.150605.2242 */

 

ubnt@ubnt:~$ show nat translations 
Pre-NAT              Post-NAT             Type  Prot  Timeout 
190.0.0.3            192.168.1.20         dnat  tcp   119     
190.0.0.2            192.168.1.10         dnat  tcp   103     
EdgeMAX Router Software Development
New Member
Posts: 2
Registered: ‎07-23-2015

Re: Multiple IP on WAN with two LAN - NAT

[ Edited ]

hello @CVelt I'm having the same issue, were you able to resolve it?

New Member
Posts: 2
Registered: ‎06-14-2015
Kudos: 1

Re: Multiple IP on WAN with two LAN - NAT

No untill now I didn't sove it. The config is exactly as disscibed. I also didn't spent much time to it. Going back to the old firewalls with no problems.

New Member
Posts: 2
Registered: ‎07-23-2015

Re: Multiple IP on WAN with two LAN - NAT

I just did it, update to the latest version add all my Static adress to the interface that connect to my ISP, and create DNATs for each one!




New Member
Posts: 8
Registered: ‎06-08-2014
Kudos: 2

Re: Multiple IP on WAN with two LAN - NAT

You and I are trying to do exactly the same thing, and we are at exactly the same frustration level. These people have no idea how poor their documentation level is. They do not utilize thorough  examples within the users guide that pertain to the product at hand, many of the examples on the forums only work on the lite version of the product and not on the pro... Most of the posts I have read are only pertinant to specific configurations that are used in ISP and Hospitality environments and If you want to do anything else like the situation you described you are in dark territory.

 

I simply want to take my block of 16 addresses and assign them on my WAN port with the router HTTP interface only coming up on the first one in that block, and only then on a designated management port that I choose.

 

Then I want to be able to add the rest in a list (which I know how to do already) and be able to build port forwards to have the packets that come to those addresses forward to other subnets on other interfaces on the router where I will feed switches with staticly addressed devices on them. DHCP will not be in play.

 

I have built out all of the firewall config and port forwarding rules, just every time I access any of the addresses from outside all I get is the management interface. If I try any other port nothing gets through. 

 

I can follow directions, but they don't put out clear directions for anything... they want you to ask/answer...ask/answer If you want that then have a private email support que, I don't want to publish my router configurations to a public forum!

 

--Disgruntled