Reply To: Fixed external IP setup

Home Page Forums Network Management Networking Fixed external IP setup Reply To: Fixed external IP setup

#49140

atheling
Member

@ppalias wrote:

ppp0 and ETH01 must have NAT enabled. Otherwise if you don’t masquerade the ETH01 interface you will have to add the internal prefixes in the cable modem routing table.

I do have NAT enabled on ppp0 and ETH01. And also, for that matter on ETH00.

I don’t see how to put an attachment on this forum, so please forgive me for posting the following in the body of this post. The routing, network interface and firewall rules below are from the console interface. The NAT listing is from the web UI (I’ve edited the IP addresses to aa.bb.cc.NN and xx.yy.zz.NN):

====================

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
aa.bb.cc.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
xx.yy.zz.180 0.0.0.0 255.255.255.252 U 0 0 0 ETH01
10.7.52.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH04
10.7.53.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH03
192.168.250.0 0.0.0.0 255.255.255.0 U 0 0 0 VPN99
10.7.54.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH02
10.4.27.0 0.0.0.0 255.255.255.0 U 0 0 0 ETH00
0.0.0.0 xx.yy.zz.182 0.0.0.0 UG 0 0 0 ETH01

====================

********* VIA Technologies, Inc. VT6105M [Rhine-III] (rev 96)
Status: 100Mb/s Full Duplex
ETH00 Link encap:Ethernet HWaddr 00:00:24:CC:59:6C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4215 errors:0 dropped:0 overruns:0 frame:0
TX packets:4269 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3200564 (3.0 Mb) TX bytes:1153881 (1.1 Mb)
Interrupt:11 Base address:0x6000
IP 10.4.27.25/24 brd 10.4.27.255
********* VIA Technologies, Inc. VT6105M [Rhine-III] (rev 96)
Status: 100Mb/s Full Duplex
ETH01 Link encap:Ethernet HWaddr 00:00:24:CC:59:6D
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:602 errors:0 dropped:0 overruns:0 frame:0
TX packets:3520 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:366852 (358.2 Kb) TX bytes:566241 (552.9 Kb)
Interrupt:5 Base address:0x8100
IP xx.yy.zz.181/30 brd xx.yy.zz.183
********* VIA Technologies, Inc. VT6105M [Rhine-III] (rev 96)
Status: 100Mb/s Full Duplex
ETH02 Link encap:Ethernet HWaddr 00:00:24:CC:59:6E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1750 (1.7 Kb) TX bytes:1046 (1.0 Kb)
Interrupt:9 Base address:0x6200
IP 10.7.54.1/24 brd 10.7.54.255
********* VIA Technologies, Inc. VT6105M [Rhine-III] (rev 96)
Status: 100Mb/s Full Duplex
ETH03 Link encap:Ethernet HWaddr 00:00:24:CC:59:6F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1837 errors:0 dropped:0 overruns:0 frame:0
TX packets:911 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:382707 (373.7 Kb) TX bytes:291868 (285.0 Kb)
Interrupt:12 Base address:0x8300
IP 10.7.53.1/24 brd 10.7.53.255
********* Realtek Semiconductor Co., Ltd. RTL-8169 Gigabit Ethernet (rev 10)
Status: 1000Mb/s Full Duplex
ETH04 Link encap:Ethernet HWaddr 00:14:D1:1A:A8:D2
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14211 errors:0 dropped:0 overruns:0 frame:0
TX packets:9927 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2480487 (2.3 Mb) TX bytes:5446520 (5.1 Mb)
Interrupt:10 Base address:0xc400
IP 10.7.52.1/24 brd 10.7.52.255
********* Host-to-LAN OpenVPN Interface
Status: Connections from Road Warrior clients not accepted
VPN99 Link encap:Ethernet HWaddr 00:FF:5F:B5:D8:BB
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
IP 192.168.250.254/24 brd 192.168.250.255
********* Covad
Status: Connected
ppp0 Link encap:Point-to-Point Protocol
inet addr:aa.bb.cc.55 P-t-P:aa.bb.cc.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:4013 errors:0 dropped:0 overruns:0 frame:0
TX packets:4062 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:3100062 (2.9 Mb) TX bytes:1058190 (1.0 Mb)
IP aa.bb.cc.55 peer aa.bb.cc.1/32

====================

Chain INPUT (policy ACCEPT 1210 packets, 163K bytes)
pkts bytes target prot opt in out source destination
7457 855K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
1 40 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
4018 427K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
1148 67569 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT icmp — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp — ETH00 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp — ETH01 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp — ETH01 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
40 1964 DROP all — ETH01 * 0.0.0.0/0 0.0.0.0/0
199 17958 ACCEPT icmp — ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
29 1420 DROP all — ppp0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 9800 packets, 5134K bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 6784 packets, 1909K bytes)
pkts bytes target prot opt in out source destination
8607 2086K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

Chain NetBalancer (0 references)
pkts bytes target prot opt in out source destination

Chain SYS_HTTPS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
4018 427K ACCEPT all — * * 10.7.52.0/24 0.0.0.0/0
1 40 DROP all — * * 0.0.0.0/0 0.0.0.0/0

Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
496 71749 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
248 66911 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED
30 34554 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:8245 state ESTABLISHED
38 2888 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED
6645 679K RETURN all — * * 0.0.0.0/0 0.0.0.0/0

Chain SYS_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
501 72161 ACCEPT all — * lo 0.0.0.0/0 0.0.0.0/0
1053 85314 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
66 3976 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8245
203 15428 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
6784 1909K RETURN all — * * 0.0.0.0/0 0.0.0.0/0

Chain SYS_SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
1148 67569 ACCEPT all — * * 10.7.52.0/24 0.0.0.0/0
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0

====================

Port Forwarding and Source NAT (NAT):
Chain PREROUTING (policy ACCEPT 1058 packets, 84005 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:22 to:10.7.52.130:22
0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:25 to:10.7.52.130:25
1 64 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:80 to:10.7.52.130:80
0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:110 to:10.7.52.130:110
0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:443 to:10.7.52.130:443
0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:587 to:10.7.52.130:587
2 128 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:995 to:10.7.52.130:995
0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:2401 to:10.7.52.130:2401
0 0 DNAT tcp — * * 0.0.0.0/0 xx.yy.zz.181 tcp dpt:5060 to:10.7.52.131:5060
0 0 DNAT udp — * * 0.0.0.0/0 xx.yy.zz.181 udp dpt:5060 to:10.7.52.131:5060
0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:22 to:10.7.52.130:22
63 3164 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:25 to:10.7.52.130:25
3 188 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:80 to:10.7.52.130:80
0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:110 to:10.7.52.130:110
1 64 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:443 to:10.7.52.130:443
0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:587 to:10.7.52.130:587
0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:995 to:10.7.52.130:995
0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:2401 to:10.7.52.130:2401
0 0 DNAT tcp — * * 0.0.0.0/0 aa.bb.cc.55 tcp dpt:5060 to:10.7.52.131:5060
3 1719 DNAT udp — * * 0.0.0.0/0 aa.bb.cc.55 udp dpt:5060 to:10.7.52.131:5060

Chain POSTROUTING (policy ACCEPT 160 packets, 16708 bytes)
pkts bytes target prot opt in out source destination
2552 211K SNATVS all — * * 0.0.0.0/0 0.0.0.0/0
1 64 MASQUERADE all — * ETH00 0.0.0.0/0 0.0.0.0/0
1247 101K MASQUERADE all — * ETH01 0.0.0.0/0 0.0.0.0/0
1146 93107 MASQUERADE all — * ppp0 0.0.0.0/0 0.0.0.0/0

Chain SNATVS (1 references)
pkts bytes target prot opt in out source destination