Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:network:wan:multiple_public_ips [2021/07/23 16:47] – [Using multiple public IPs on WAN interface] someothertimedocs:guide-user:network:wan:multiple_public_ips [2023/05/17 12:05] – [Command-line instructions] vgaetera
Line 1: Line 1:
-====== Using multiple public IPs on WAN interface ======+====== Using multiple WAN IPs ====== 
 +{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}}
  
-{{section>meta:infobox:howto_links#config-network-device&noheader&nofooter&noeditbutton}} +===== Introduction ===== 
-===== Use case ===== +  Some users get from their ISP more than one routable public IP address.
-Some users get from their ISP more than one routable public IP address.\\  +
-In this case you need to assign these IPs to new WAN interfaces and then add a DNAT and SNAT rule in firewall.\\  +
-In our example we assume that our ISP assigned us 100.64.0.0/29 (or 255.255.255.248) with gateway 100.64.0.1. +
-WAN interface already has the first available IP, 100.64.0.2, so we'll add .3, till .6 and they will be assigned to internal hosts on IPs 192.168.1.x.+
  
-===== Configuration examples ===== +===== Goals ===== 
-Add a new WAN interface:+  * Utilize multiple WAN IPs on the same interface
 +  * Use a specific WAN IP for a specific LAN host.
  
-<code bash> +===== Command-line instructions ===== 
-# /etc/config/network +==== 1. Network ==== 
- +Create an alias for WAN interface assuming that: 
-config interface 'wan3' +  ''100.64.0.3/29'' - IP address/netmask of the WAN interface. 
-        option proto 'static' +  * ''192.168.1.3'' - IP address of the LAN host.
-        option ifname 'eth1' +
-        option ipaddr '100.64.0.3' +
-        option netmask '255.255.255.248' +
-        option gateway '100.64.0.1' +
-</code> +
- +
-Add DNAT (for incoming) and SNAT (for outgoing) connections:+
  
 <code bash> <code bash>
-# /etc/config/firewall +uci -q delete network.wan3 
- +uci set network.wan3="interface" 
-config redirect +uci set network.wan3.proto="static" 
-        option name 'dnat3' +uci set network.wan3.device="@wan" 
-        option src 'wan' +uci set network.wan3.ipaddr="100.64.0.3/29" 
-        option src_dip '100.64.0.3' +uci commit network 
-        option dest 'lan' +/etc/init.d/network restart
-        option dest_ip '192.168.1.3' +
-        option proto 'all' +
-        option target 'DNAT' +
- +
-config redirect +
-        option name 'snat3' +
-        option src 'lan' +
-        option src_ip '192.168.1.3' +
-        option src_dip '100.64.0.3' +
-        option dest 'wan' +
-        option proto 'all' +
-        option target 'SNAT'+
 </code> </code>
  
-Restart network and firewall services.+==== 2. Firewall ==== 
 +Configure destination and source NAT firewall rules.
  
 <code bash> <code bash>
-/etc/init.d/network restart+uci -q delete firewall.dnat3 
 +uci set firewall.dnat3="redirect" 
 +uci set firewall.dnat3.name="DNAT3" 
 +uci set firewall.dnat3.src="wan" 
 +uci set firewall.dnat3.src_dip="100.64.0.3" 
 +uci set firewall.dnat3.dest="lan" 
 +uci set firewall.dnat3.dest_ip="192.168.1.3" 
 +uci set firewall.dnat3.proto="all" 
 +uci set firewall.dnat3.target="DNAT" 
 +uci -q delete firewall.snat3 
 +uci set firewall.snat3="redirect" 
 +uci set firewall.snat3.name="SNAT3" 
 +uci set firewall.snat3.src="wan" 
 +uci set firewall.snat3.src_ip="192.168.1.3" 
 +uci set firewall.snat3.snat_ip="100.64.0.3" 
 +uci set firewall.snat3.proto="all" 
 +uci set firewall.snat3.target="SNAT" 
 +uci commit firewall
 /etc/init.d/firewall restart /etc/init.d/firewall restart
 </code> </code>
  
  • Last modified: 2023/10/14 06:10
  • by vgaetera