May 14, 2014 at 1:09 pm #43945
I have a stupid ISP that offers multiple IPv4 addresses in a /29 but I highly suspect their cable modem only recognizes up to two unique MAC addresses. If I try to connect a third device I randomly lose connectivity to at least one of the three.
To work around this I thought about setting up a Zeroshell bridge. My ZS installations are all virtual machines using emulated Intel E1000 NICs, so my first attempt had three NICs:
ETH00: Management interface
BRIDGE01: Comprises of ETH01 and ETH02
Disregard QoS for the moment, or at least assume defaults for it so packets can get passed between ETH01 and ETH02 unaffected.
I might be unclear on the concept, but I thought I would be able to connect a device (or another VM) to the sandbox switch at ETH02 and then be able to ping the default gateway connected to the same switch as ETH01 from it. I cannot. And if I assign BRIDGE01 one of the public IPs, I can ping it from a device on the internet-facing switch but not on the sandbox switch. I made sure I could ping any IP attached to ETH01 or ETH02 from their respective side before creating the bridge.
If bridging isn’t the answer, I could instead assign all five of my available IPv4 addresses to an internet-facing interface, and then NAT / PAT five different private networks behind them. This would assign all five IPs to a single MAC address. The question then becomes, how do I translate one specific IPv4 public address to one specific private network? I’d like to turn that into something like this:
ETH00: Management Network
ETH01: Internet (w.x.y.26-30/29) Gateway: w.x.y.25
ETH02 through 06: Private networks (192.168.xx.0/24)
This is all virtualized, so you can assume I don’t have six physical switches or such. I do have one VLAN-capable switch and my ESXi server has virtual switches mapped to each VLAN; that much works as intended.
—May 14, 2014 at 8:29 pm #53323
I believe that you could do something, eg. translate more private networks to specific public ip addresses, don’t set any NAT via gui, but, in Scripts/Cron>> NAT and Virtual Servers script , eg.
iptables -t nat -A POSTROUTING -o ETH01 -s 192.168.0.0/24 -j SNAT --to-source w.x.y.26
iptables -t nat -A POSTROUTING -o ETH01 -s 192.168.1.0/24 -j SNAT --to-source w.x.y.27
iptables -t nat -A POSTROUTING -o ETH01 -s 192.168.2.0/24 -j SNAT --to-source w.x.y.28
But maybe I’ve missed something…
RegardsMay 15, 2014 at 2:29 pm #53324
I’d have to agree redfive, as the existing NAT GUI is pretty simplistic and I already have to do this if I want to permit NAT hairpinning, that is, permit internal access to internal servers via their external IPv4 addresses.
So I could do this using routing instead of bridging that way.
You must be logged in to reply to this topic.