02-22-2019 06:55 AM
Sorry for the Nubie question but I can make it work after scouring the forums for the past week.... I am trying to get the subnet setup on a ER 8 Pro to allow 5 Devices public IP addresses without NAT. and Without any firewall rules. at the same time I have an internet network that I need internet access with NAT. Anyone have configuratiuon examples?
Internal Address 172.16.23.1/24
Subnet provided by the ISP :
The block 18.104.22.168/29 has been routed to 22.214.171.124
• IP address: 126.96.36.199
• Subnet: 188.8.131.52/31
• Netmask: 255.255.255.254
• Gateway: 184.108.40.206
• Routed Subnet: 220.127.116.11/29
Thanks for any help..
02-22-2019 06:58 AM
02-22-2019 07:27 AM
On top of article above, you also need a masquerade rule, that does not work for /29 source
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service nat rule 5010 protocol all
set service nat rule 5010 source address !w.x.y.z/29
02-22-2019 08:42 AM
And for keeping a basic firewall for the private network(s), the WAN_IN ruleset, should looks, more or less, as
configure set firewall name WAN_IN rule 10 action accept set firewall name WAN_IN rule 10 state established enable set firewall name WAN_IN rule 10 state related enable set firewall name WAN_IN rule 20 action accept set firewall name WAN_IN rule 20 destination address 18.104.22.168/29 commit
Wouldn't be a bad idea, have also firewall rules between the public network and the private network.