Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revisionLast revisionBoth sides next revision | ||
| inbox:wan:multiple_public_ips [2019/08/03 17:16] – created trendy | docs:guide-user:network:wan:multiple_public_ips [2023/05/17 15:57] – reorganize content vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Using multiple | + | ====== Using multiple |
| + | {{section> | ||
| - | ===== Use case ===== | + | ===== Introduction |
| - | Some users get from their ISP more than one routable public IP address.\\ | + | |
| - | In this case you need to assign these IPs to new wan interfaces and then add a DNAT and SNAT rule in firewall.\\ | + | * Assume that the WAN IPs are '' |
| - | In our example we assume that our ISP assigned us 100.64.0.0/29 (or 255.255.255.248) with gateway 100.64.0.1 | + | |
| - | wan interface already has the first available IP, 100.64.0.2, so we'll add .3, till .6 and they will be assigned to internal hosts on IPs 192.168.1.x | + | |
| - | ===== Configuration examples | + | ===== Goals ===== |
| - | Add a new wan interface in **/ | + | * Utilize multiple WAN IPs on the same interface. |
| - | < | + | * Use a specific WAN IP for a specific LAN host. |
| - | config | + | |
| - | option proto ' | + | |
| - | option ifname ' | + | |
| - | option ipaddr '100.64.0.3' | + | |
| - | | + | |
| - | option gateway ' | + | |
| - | </ | + | |
| - | Add DNAT (for incoming) and SNAT (for outgoing) connections in **/ | + | ===== Command-line instructions ===== |
| - | < | + | ==== 1. Network ==== |
| - | config redirect | + | Create an alias for the WAN interface. |
| - | option enabled '1' | + | |
| - | option target ' | + | |
| - | option src ' | + | |
| - | option dest ' | + | |
| - | option name ' | + | |
| - | option src_dip '100.64.0.3' | + | |
| - | | + | |
| - | option proto ' | + | |
| - | config redirect | + | <code bash> |
| - | | + | uci -q delete network.wan3 |
| - | | + | uci set network.wan3=" |
| - | | + | uci set network.wan3.proto=" |
| - | | + | uci set network.wan3.device=" |
| - | | + | uci set network.wan3.ipaddr=" |
| - | | + | uci commit network |
| - | | + | / |
| - | | + | </ |
| - | </file> | + | |
| + | ==== 2. Firewall ==== | ||
| + | Configure destination and source NAT firewall rules. | ||
| + | |||
| + | <code bash> | ||
| + | uci -q delete firewall.dnat3 | ||
| + | uci set firewall.dnat3=" | ||
| + | uci set firewall.dnat3.name=" | ||
| + | uci set firewall.dnat3.src=" | ||
| + | uci set firewall.dnat3.src_dip="100.64.0.3" | ||
| + | uci set firewall.dnat3.dest=" | ||
| + | uci set firewall.dnat3.dest_ip=" | ||
| + | uci set firewall.dnat3.proto=" | ||
| + | uci set firewall.dnat3.target=" | ||
| + | uci -q delete firewall.snat3 | ||
| + | uci set firewall.snat3=" | ||
| + | uci set firewall.snat3.name=" | ||
| + | uci set firewall.snat3.src=" | ||
| + | uci set firewall.snat3.src_ip="192.168.1.3" | ||
| + | uci set firewall.snat3.snat_ip=" | ||
| + | uci set firewall.snat3.proto=" | ||
| + | uci set firewall.snat3.target=" | ||
| + | uci commit firewall | ||
| + | / | ||
| + | </code> | ||
| - | Restart network and firewall services. | ||
| - | < | ||
| - | service network restart | ||
| - | service firewall restart | ||
| - | </ | ||