Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:network:wan:multiple_public_ips [2019/12/09 09:14] – ↷ Page moved from inbox:docs:wan:multiple_public_ips to docs:guide-user:network:wan:multiple_public_ips bobafetthotmail | docs:guide-user:network:wan:multiple_public_ips [2023/05/17 12:05] – [Command-line instructions] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Using multiple | + | ====== Using multiple |
| + | {{section> | ||
| - | ===== Use case ===== | + | ===== Introduction |
| - | Some users get from their ISP more than one routable public IP address.\\ | + | |
| - | In this case you need to assign these IPs to new wan interfaces and then add a DNAT and SNAT rule in firewall.\\ | + | |
| - | In our example we assume that our ISP assigned us 100.64.0.0/ | + | |
| - | wan interface already has the first available IP, 100.64.0.2, so we'll add .3, till .6 and they will be assigned to internal hosts on IPs 192.168.1.x | + | |
| - | ===== Configuration examples | + | ===== Goals ===== |
| - | Add a new wan interface | + | * Utilize multiple WAN IPs on the same interface. |
| + | * Use a specific WAN IP for a specific LAN host. | ||
| + | |||
| + | ===== Command-line instructions ===== | ||
| + | ==== 1. Network ==== | ||
| + | Create an alias for WAN interface | ||
| + | * '' | ||
| + | * '' | ||
| <code bash> | <code bash> | ||
| - | config | + | uci -q delete network.wan3 |
| - | | + | uci set network.wan3=" |
| - | | + | uci set network.wan3.proto="static" |
| - | | + | uci set network.wan3.device=" |
| - | | + | uci set network.wan3.ipaddr="100.64.0.3/29" |
| - | | + | uci commit network |
| + | /etc/init.d/network restart | ||
| </ | </ | ||
| - | Add DNAT (for incoming) | + | ==== 2. Firewall ==== |
| + | Configure destination | ||
| <code bash> | <code bash> | ||
| - | config | + | uci -q delete firewall.dnat3 |
| - | | + | uci set firewall.dnat3=" |
| - | | + | uci set firewall.dnat3.name=" |
| - | | + | uci set firewall.dnat3.src="wan" |
| - | | + | uci set firewall.dnat3.src_dip="100.64.0.3" |
| - | | + | uci set firewall.dnat3.dest="lan" |
| - | | + | uci set firewall.dnat3.dest_ip="192.168.1.3" |
| - | | + | uci set firewall.dnat3.proto="all" |
| - | + | uci set firewall.dnat3.target="DNAT" | |
| - | config | + | uci -q delete firewall.snat3 |
| - | | + | uci set firewall.snat3=" |
| - | | + | uci set firewall.snat3.name=" |
| - | | + | uci set firewall.snat3.src=" |
| - | | + | uci set firewall.snat3.src_ip="192.168.1.3" |
| - | | + | uci set firewall.snat3.snat_ip=" |
| - | option | + | uci set firewall.snat3.proto="all" |
| - | | + | uci set firewall.snat3.target="SNAT" |
| + | uci commit firewall | ||
| + | / | ||
| </ | </ | ||
| - | Restart network and firewall services. | ||
| - | |||
| - | <code bash> | ||
| - | service network restart | ||
| - | service firewall restart | ||
| - | </ | ||