Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
inbox:wan:multiple_public_ips [2019/08/03 17:16] – created trendydocs:guide-user:network:wan:multiple_public_ips [2023/05/17 15:30] – [2. Firewall] typo vgaetera
Line 1: Line 1:
-====== Using multiple public IPs on wan interface ======+====== Using multiple WAN IPs ====== 
 +{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}}
  
-===== Use case ===== +===== Introduction ===== 
-Some users get from their ISP more than one routable public IP address.\\  +  Some users get from their ISP more than one routable public IP address.
-In this case you need to assign these IPs to new wan interfaces and then add a DNAT and SNAT rule in firewall.\\  +
-In our example we assume that our ISP assigned us 100.64.0.0/29 (or 255.255.255.248) with gateway 100.64.0.1 +
-wan interface already has the first available IP, 100.64.0.2, so we'll add .3, till .6 and they will be assigned to internal hosts on IPs 192.168.1.x+
  
-===== Configuration examples ===== +===== Goals ===== 
-Add a new wan interface in **/etc/config/network**: +  Utilize multiple WAN IPs on the same interface. 
-<file> +  * Use a specific WAN IP for a specific LAN host.
-config interface 'wan_3' +
-        option proto 'static' +
-        option ifname 'eth1' +
-        option ipaddr '100.64.0.3' +
-        option netmask '255.255.255.248' +
-        option gateway '100.64.0.1' +
-</file>+
  
-Add DNAT (for incoming) and SNAT (for outgoing) connections in **/etc/config/firewall** +===== Command-line instructions ===== 
-<file> +==== 1. Network ==== 
-config redirect +Create an alias for WAN interface assuming that: 
-        option enabled '1' +  ''100.64.0.3/29'' - IP address/netmask of the WAN interface. 
-        option target 'DNAT' +  * ''192.168.1.3'' - IP address of the LAN host.
-        option src 'wan' +
-        option dest 'lan' +
-        option name 'dnat3' +
-        option src_dip '100.64.0.3' +
-        option dest_ip '192.168.1.3' +
-        option proto 'all'+
  
-config redirect +<code bash> 
-        option enabled '1' +uci -q delete network.wan3 
-        option target 'SNAT' +uci set network.wan3="interface" 
-        option src 'lan' +uci set network.wan3.proto="static" 
-        option dest 'wan' +uci set network.wan3.device="@wan" 
-        option proto 'all' +uci set network.wan3.ipaddr="100.64.0.3/29" 
-        option src_dip '100.64.0.3' +uci commit network 
-        option name 'snat3' +/etc/init.d/network restart 
-        option src_ip '192.168.1.3' +</code> 
-</file>+ 
 +==== 2. Firewall ==== 
 +Configure destination and source NAT firewall rules. 
 + 
 +<code bash> 
 +uci -q delete firewall.dnat3 
 +uci set firewall.dnat3="redirect" 
 +uci set firewall.dnat3.name="DNAT3" 
 +uci set firewall.dnat3.src="wan" 
 +uci set firewall.dnat3.src_dip="100.64.0.3" 
 +uci set firewall.dnat3.dest="lan" 
 +uci set firewall.dnat3.dest_ip="192.168.1.3" 
 +uci set firewall.dnat3.proto="all" 
 +uci set firewall.dnat3.target="DNAT" 
 +uci -q delete firewall.snat3 
 +uci set firewall.snat3="nat" 
 +uci set firewall.snat3.name="SNAT3" 
 +uci set firewall.snat3.src="wan" 
 +uci set firewall.snat3.src_ip="192.168.1.3
 +uci set firewall.snat3.snat_ip="100.64.0.3" 
 +uci set firewall.snat3.proto="all" 
 +uci set firewall.snat3.target="SNAT" 
 +uci commit firewall 
 +/etc/init.d/firewall restart 
 +</code>
  
-Restart network and firewall services. 
-<file> 
-service network restart 
-service firewall restart 
-</file> 
  • Last modified: 2023/10/14 06:10
  • by vgaetera