Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:network:wan:multiple_public_ips [2021/01/30 18:31] – [Using multiple public IPs on WAN interface] formatting vgaetera | docs:guide-user:network:wan:multiple_public_ips [2023/05/17 12:05] – [Command-line instructions] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Using multiple | + | ====== Using multiple |
| - | ===== Use case ===== | + | {{section> |
| - | Some users get from their ISP more than one routable public IP address.\\ | + | |
| - | In this case you need to assign these IPs to new WAN interfaces and then add a DNAT and SNAT rule in firewall.\\ | + | |
| - | In our example we assume that our ISP assigned us 100.64.0.0/ | + | |
| - | WAN interface already has the first available IP, 100.64.0.2, so we'll add .3, till .6 and they will be assigned to internal hosts on IPs 192.168.1.x. | + | |
| - | ===== Configuration examples | + | ===== Introduction |
| - | Add a new WAN interface: | + | * Some users get from their ISP more than one routable public IP address. |
| - | <code bash> | + | ===== Goals ===== |
| - | # / | + | * Utilize multiple WAN IPs on the same interface. |
| + | * Use a specific WAN IP for a specific LAN host. | ||
| - | config | + | ===== Command-line instructions ===== |
| - | | + | ==== 1. Network ==== |
| - | option ifname ' | + | Create an alias for WAN interface |
| - | option ipaddr | + | |
| - | | + | * ''192.168.1.3'' |
| - | option gateway | + | |
| - | </ | + | |
| - | + | ||
| - | Add DNAT (for incoming) and SNAT (for outgoing) connections: | + | |
| <code bash> | <code bash> | ||
| - | # / | + | uci -q delete network.wan3 |
| - | + | uci set network.wan3=" | |
| - | config redirect | + | uci set network.wan3.proto=" |
| - | option name ' | + | uci set network.wan3.device=" |
| - | option src ' | + | uci set network.wan3.ipaddr=" |
| - | option src_dip '100.64.0.3' | + | uci commit network |
| - | | + | / |
| - | option dest_ip '192.168.1.3' | + | |
| - | | + | |
| - | option target ' | + | |
| - | + | ||
| - | config redirect | + | |
| - | option name ' | + | |
| - | option src ' | + | |
| - | option src_ip '192.168.1.3' | + | |
| - | option src_dip '100.64.0.3' | + | |
| - | | + | |
| - | | + | |
| - | option target ' | + | |
| </ | </ | ||
| - | Restart network | + | ==== 2. Firewall ==== |
| + | Configure destination | ||
| <code bash> | <code bash> | ||
| - | /etc/init.d/network restart | + | uci -q delete firewall.dnat3 |
| + | uci set firewall.dnat3=" | ||
| + | uci set firewall.dnat3.name=" | ||
| + | uci set firewall.dnat3.src=" | ||
| + | uci set firewall.dnat3.src_dip=" | ||
| + | uci set firewall.dnat3.dest=" | ||
| + | uci set firewall.dnat3.dest_ip=" | ||
| + | uci set firewall.dnat3.proto=" | ||
| + | uci set firewall.dnat3.target=" | ||
| + | uci -q delete firewall.snat3 | ||
| + | uci set firewall.snat3=" | ||
| + | uci set firewall.snat3.name=" | ||
| + | uci set firewall.snat3.src=" | ||
| + | uci set firewall.snat3.src_ip=" | ||
| + | uci set firewall.snat3.snat_ip=" | ||
| + | uci set firewall.snat3.proto=" | ||
| + | uci set firewall.snat3.target=" | ||
| + | uci commit firewall | ||
| / | / | ||
| </ | </ | ||