Wan Masq and Vlans

Home Page Forums Network Management ZeroShell Wan Masq and Vlans

This topic contains 0 replies, has 0 voices, and was last updated by  gordon 9 years, 9 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #42101

    gordon
    Member

    Hi Having real problems with passing static IP’s

    here’s the basic set up

    ETH02 & PPOE1 – Internet side with 16 static IP’s
    ETH00 – Lan side with sever vlans

    VLAN 12:
    on ETH00 add an external IP (78.xxx.xxx.xx2) to the vlan 12 to act as that gw address along with lan ip of 10.10.12.1
    in Post Script add the following code:
    route add -net 78.xxx.xxx.xx3 netmask 255.255.255.255 gw 10.10.12.1
    Manually set the device with the static ip of 78.xxx.xxx.xx2

    VLAN 13:
    follow above but use next 2 WAN ip’s

    Vlan 14 :
    again as above but use next 2 WAN IP’s

    Now the problem is that traffic from VLAN 12 should now see a what is my IP as 78.xxx.xxx.xx3, vlan 13 as 78.xxx.xxx.xx5, and vlan 14 as 78.xxx.xxx.xx7

    However they all see what is my IP as 78.xxx.xxx.1 – the First WAN IP in the range.

    I’ve tried using some of the scripts in the forum but failing miserable with masquerading.

    this would look to me to be the most promising:
    iptables -t nat -I POSTROUTING –source 78.xxx.xxx.xx3 -j SNAT –to-source 78.xxx.xxx.xx3

    tried playnig around with the source to be the lan gateway ip of that vlan, the wan gateway ip of that vlan and the wan ip of the device on the end of that vlan.

    Nothing works – all traffic sees what is my ip as the very First WAN IP.

    this useually wouldn’t be problem other than i have a few remote backup servers that software checks its wan ip and then transfers data on this – and therefore getting lost and not working.

    Cheers

    G

    #49277

    ppalias
    Member

    I think you should do the following:

    1) Assign private IP’s on all the servers (192.168.1.2, 192.168.1.3 …).
    2) use the public IP’s in masquerade destination nat

    iptables -t nat -A PREROUTING -p tcp -d 78.0.0.2 -j DNAT --to-destination 192.168.1.2

    Should be ok now.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.