Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
inbox:docs:wan:multiple_public_ips [2019/08/04 10:02] – ↷ Page moved from inbox:wan:multiple_public_ips to inbox:docs:wan:multiple_public_ips tmomasdocs:guide-user:network:wan:multiple_public_ips [2023/05/17 12:05] – [Command-line instructions] vgaetera
Line 1: Line 1:
-====== Using multiple public IPs on wan interface ======+====== Using multiple WAN IPs ====== 
 +{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}}
  
-===== Use case ===== +===== Introduction ===== 
-Some users get from their ISP more than one routable public IP address.\\  +  Some users get from their ISP more than one routable public IP address.
-In this case you need to assign these IPs to new wan interfaces and then add a DNAT and SNAT rule in firewall.\\  +
-In our example we assume that our ISP assigned us 100.64.0.0/29 (or 255.255.255.248) with gateway 100.64.0.1 +
-wan interface already has the first available IP, 100.64.0.2, so we'll add .3, till .6 and they will be assigned to internal hosts on IPs 192.168.1.x+
  
-===== Configuration examples ===== +===== Goals ===== 
-Add new wan interface in ''/etc/config/network'':+  * Utilize multiple WAN IPs on the same interface. 
 +  * Use specific WAN IP for a specific LAN host. 
 + 
 +===== Command-line instructions ===== 
 +==== 1. Network ==== 
 +Create an alias for WAN interface assuming that: 
 +  * ''100.64.0.3/29'' - IP address/netmask of the WAN interface. 
 +  * ''192.168.1.3'' - IP address of the LAN host.
  
 <code bash> <code bash>
-config interface 'wan_3' +uci -q delete network.wan3 
-        option proto 'static' +uci set network.wan3="interface" 
-        option ifname 'eth1' +uci set network.wan3.proto="static" 
-        option ipaddr '100.64.0.3' +uci set network.wan3.device="@wan" 
-        option netmask '255.255.255.248' +uci set network.wan3.ipaddr="100.64.0.3/29" 
-        option gateway '100.64.0.1'+uci commit network 
 +/etc/init.d/network restart
 </code> </code>
  
-Add DNAT (for incoming) and SNAT (for outgoing) connections in ''/etc/config/firewall'':+==== 2. Firewall ==== 
 +Configure destination and source NAT firewall rules.
  
 <code bash> <code bash>
-config redirect +uci -q delete firewall.dnat3 
-        option name 'dnat3' +uci set firewall.dnat3="redirect" 
-        option src 'wan' +uci set firewall.dnat3.name="DNAT3" 
-        option src_dip '100.64.0.3' +uci set firewall.dnat3.src="wan" 
-        option dest 'lan' +uci set firewall.dnat3.src_dip="100.64.0.3" 
-        option dest_ip '192.168.1.3' +uci set firewall.dnat3.dest="lan" 
-        option proto 'all' +uci set firewall.dnat3.dest_ip="192.168.1.3" 
-        option target 'DNAT' +uci set firewall.dnat3.proto="all" 
- +uci set firewall.dnat3.target="DNAT" 
-config redirect +uci -q delete firewall.snat3 
-        option name 'snat3' +uci set firewall.snat3="redirect" 
-        option src 'lan' +uci set firewall.snat3.name="SNAT3" 
-        option src_ip '192.168.1.3' +uci set firewall.snat3.src="wan" 
-        option src_dip '100.64.0.3' +uci set firewall.snat3.src_ip="192.168.1.3" 
-        option dest 'wan' +uci set firewall.snat3.snat_ip="100.64.0.3" 
-        option proto 'all' +uci set firewall.snat3.proto="all" 
-        option target 'SNAT'+uci set firewall.snat3.target="SNAT
 +uci commit firewall 
 +/etc/init.d/firewall restart
 </code> </code>
  
-Restart network and firewall services. 
- 
-<code bash> 
-service network restart 
-service firewall restart 
-</code> 
  • Last modified: 2023/10/14 06:10
  • by vgaetera