Hi,
A simple question. I have ten public ip addresses. I define them all on the WAN INTERFACE. When I ping to each of them I get a reply. Evertyhing works great.
If I remove all of them but ONE, pinging the ‘removed’ ones, I get reply, but with a “destination host unrecheable” message. The only with working ok is the IP declared.
Bottom line, the question here is: Am I setting up correctly the wan interface? Or should I have only 1 IP and some sort of NAT rule…
Regards,
Hernán.
Adding multiple IPs you have on a subnet to an interface is fine. You need to ensure that other hosts in the subnet can map the IP to a MAC address. Adding them to an interface achieves that.
If you have ALL IPs on a subnet other than the gateway you can also enable proxy ARP on the interface, but I prefer still adding all the IPs for smaller subnets.
If there is even one other router that has an IP on the subnet other than the upstream gateway router you must not use proxy ARP.
Given that you have ten and there isn’t a subnet size that fits that number of host IPs I am guessing the proxy ARP case does not apply.
Thank you. This is a very small deployment. 10 consecutive IP addresses.
201.216.198.128 - Network IP
201.216.198.129 to 141 - public IP
201.216.198.142 - Gateway
201.216.198.143 - Broadcast
I individually added IP from 129 to 141.
.129 to .141 is 13 IP addresses. You say you have 10, who has the other 3? If there isn’t anyone but you and your ISP on that network you can probably use proxy ARP instead. Check with the ISP to verify if you want to go that route and don’t like assigning multiple IPs on a shared network to an interface.
Though, again, I prefer just putting all IPs on small subnets like yours right on the interface, so - personal preference - I would leave it as is.
Sorry, my mistake. I have the complete range. Do you recommend using proxy ARP instead?
How that works? I just defined only 1 IP on the WAN interface and selected ARP PROXY from the options?
Regards
Hernán
Yes. That will cause the router to answer ARP requests for all IP addresses on networks connected to the interface set to proxy ARP with its own MAC address, which is the prerequisite to receive traffic from the other router.
You can do that, I prefer adding all the IPs manually.
guys
i wanted to ask you on something following, of this discussion.
can we set rules to manage different server services (lan IP), to exactly IP from wan int. ??
i mean :
i need to ask & be replied to my webserver in port i.e :192.168.100.2:50 using ip 4.2.2.3:50
and so on with other few different services.
i would appreciate your help
Of course. Just set up source and destination rules accordingly. Read the NAT manal on the wiki. It has a specific section for this question.
i tried masquerade, than src.nat for requests and dest. nat for the replies but :
all services are redirected via the first public ip, and not in the appripriate way i expected !!!
anything else, i might forget !!!
tx
Your rules aren’t in the right order. If the masquerade comes first then it is executed and traffic never goes to the more specific rules. Always order NAT rules from more specific to less specific. If you’re still unsure, post your ruleset.