Community discussions

MUM Europe 2020
 
elvo3d
just joined
Topic Author
Posts: 2
Joined: Fri Feb 14, 2020 9:32 am

Different VLANS with different PUB IPs

Fri Feb 14, 2020 9:53 am

Hey everyone. I'm trying to set up my CCR1072. All was good until i tried to set up the following scenario.

I have a bunch of VLANs and i want to configure them so that differen VLANS "go outside" with differen public IPs.

I configured my VLAN, that goes to the ouside like this - 1.2.3.4/26 - let's call it VLAN 123
So, what i want is to vlan1, vlan2, vlan3 go outside with an address 1.2.3.4 - This is working
Now i have added an vlan 4 and i want it to go outside with an adress 1.2.3.5 - i know i own this IP and it is not used.
I configured the NAT like this :
add action=src-nat chain=srcnat comment=OUT_WITH_DIFFEREN_IP_TEST \
out-interface=sfp-sfpplus1 src-address=192.168.0.1 (vlan4)\
to-addresses=1.2.3.5
I dragged this rule to the top, but still it ignores it, so i tried to change the out-interface to my publick vlan (VLAN123), but when i do that nothing works, i can see packets in the NAT rule, but internet is no where to see :(

So what am i doing wrong?
 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: Different VLANS with different PUB IPs

Fri Feb 14, 2020 11:36 am

Hard to tell as you didn't post full config of your device.

Anyway, I'll guess: do you have the second WAN IP address set on router's WAN interface?
BR,
Metod
 
elvo3d
just joined
Topic Author
Posts: 2
Joined: Fri Feb 14, 2020 9:32 am

Re: Different VLANS with different PUB IPs

Fri Feb 14, 2020 2:02 pm

Hard to tell as you didn't post full config of your device.

Anyway, I'll guess: do you have the second WAN IP address set on router's WAN interface?
On my WAN interface i have my pub IP with the mask /26 only. And the other IP i intend to use is in the range on this mask. Do i still need to add the other IP address to my external interface. (I have all my public IPs going trough the same VLAN from the main switch)

I would like to keep all other vlan to keep going trough my default IP.

Till now it was managed only by - add action=masquerade chain=srcnat out-interface=\
WAN

I hope i make some sense. :D
 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: Different VLANS with different PUB IPs

Fri Feb 14, 2020 6:12 pm

There are two ways upstream router can send you packets for additional IP addresses: either they're routed via your router's primary IP address (usually in this case additional IP addresses are in different subnet zhan primary address) or they are all sent the same way (all IP addresses are in same subnet, upstream router's address is in the same subnet as well).

As you have a subnet on your WAN interface, it's likely the second case. So the upstream router needs MAC address for additional IP addresses ... and it gets it from your router if your router knows IP belongs to it. No, NAT config doesn't make IP addressbelong to router, setting it to router's interface does.
BR,
Metod
 
User avatar
k6ccc
Member
Member
Posts: 484
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Different VLANS with different PUB IPs

Sat Feb 15, 2020 2:14 am

Until my ISP changed things around on me, I was doing exactly what you want to do. On my DSL, I had eight static IP addresses. All were in the same subnet. Here are a couple code segments that should help.
First create the addresses on both the DSL and each LAN (two of which had a physical port and two were on a VLAN trunk).
/ip address
add address=66.51.204.111/24 interface=E1-p10_DSL_Internet network=66.51.204.0
add address=66.51.204.112/24 interface=E1-p10_DSL_Internet network=66.51.204.0
add address=66.51.204.113/24 interface=E1-p10_DSL_Internet network=66.51.204.0
add address=66.51.204.114/24 interface=E1-p10_DSL_Internet network=66.51.204.0
add address=192.168.201.252/24 interface=E2-p12_201 network=192.168.201.0
add address=192.168.202.252/24 interface=VLAN_202 network=192.168.202.0
add address=192.168.203.252/24 interface=E3-p14_203 network=192.168.203.0
add address=192.168.204.250/24 interface=VLAN_204 network=192.168.204.0
Then the outbound NAT rules.
/ip firewall nat
add action=src-nat chain=srcnat comment="Outgoing NAT from .201 LAN" \
    disabled=yes out-interface=E1-p10_DSL_Internet src-address=\
    192.168.201.0/24 to-addresses=66.51.204.111
add action=src-nat chain=srcnat comment="Outgoing NAT from .202 LAN" \
    disabled=yes out-interface=E1-p10_DSL_Internet src-address=\
    192.168.202.0/24 to-addresses=66.51.204.112
add action=src-nat chain=srcnat comment="Outgoing NAT from .203 LAN" \
    disabled=yes out-interface=E1-p10_DSL_Internet src-address=\
    192.168.203.0/24 to-addresses=66.51.204.113
add action=src-nat chain=srcnat comment="Outgoing NAT from .204 LAN" \
    disabled=yes out-interface=E1-p10_DSL_Internet src-address=\
    192.168.204.0/24 to-addresses=66.51.204.114
Yes, the NAT rules are all disabled. Remember that I said I WAS doing what you are wanting to do. When my ISP changed things up on me, I disabled these rules, not deleted them. I did delete the IP addresses on the DSL, so I had to "re-create" them for this example.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim

Who is online

Users browsing this forum: No registered users and 65 guests