Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 1531 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bypass / Bind public ip to physical Port

Fabrizio Cocco

Hi

We have to archive a little bit a special config. 

We do have multiple IP on WAN interface, we defined this with alias. As far as good. But now we have to bypass the traffic from one of these ip's direct to another physical port. No Filtering on this IP and correct natting. Best would be if the device on the other port has to set the public ip as the own ip. 

What is the ways to do this?

PS: In General, does anyone have a good tutorial how to set the masq for different subnets using different ip addresses when web surfing...



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    First of all, what is the current firmware version on your firewall? 

    If you have multiple internal networks, you could configure firewall rules with different source networks and required web filtering policies. 

    If your firewall is on SFOS v18, you need to create the MASQ rule separately and use a different alias IP address for each internal network. 

    For example, In the following screenshots, I have created an internal network 172.16.16.16.0/24 and MASQ rule to use 1.1.1.1 as an outbound IP address. 

    However, you can configure different web filtering policies for each internal network and use them with the firewall rules.  

    Thanks,

  • 0 in reply to FormerMember

    Hi, thanks the second pictures was the resolution. It was not clearly to me before to translate the outgoinh with the SNAT.

    Half of the way is done ;-)

    Yes i'm using SFOS 18, newest release. 

    We do have multiple IP with Aliases on our WAN Port. I do have on Port 5 another Router from another subcompany. Is it possible to give the router one of the public ip adresses, so the router from the subcompany has the real public ip on theire device as WAN ip?

  • FormerMember
    +1 FormerMember in reply to Fabrizio Cocco

    Hi ,

    It is not good to configure two interfaces with an IP address from the same network; it will cause routing issues. 

    Thanks,

  • 0 in reply to Fabrizio Cocco

    Just an idea, but you might be able to bridge the current WAN interface with a free interface and configure all but one of the public IP's on the bridge interface as you now have on the WAN interface, so 1 default public IP and all (but 1) alias.

    Then configure the public IP who's alias is not configured as an alias on the other router and connect it to the second port of the bridge.

    I haven't tried it, but it might just work

Reply
  • 0 in reply to Fabrizio Cocco

    Just an idea, but you might be able to bridge the current WAN interface with a free interface and configure all but one of the public IP's on the bridge interface as you now have on the WAN interface, so 1 default public IP and all (but 1) alias.

    Then configure the public IP who's alias is not configured as an alias on the other router and connect it to the second port of the bridge.

    I haven't tried it, but it might just work

Children
  • 0 in reply to apijnappels

    Sounds great, i tried it, but then it's not possible anymore to connect with pppoe, so this isn't an option. 

  • 0 in reply to Fabrizio Cocco

    Sorry to hear that. In that case I think the only option is to have all IP's on the only WAN interface. DNAT one of the IP's to a free interface where you put the other router. You must however give that router a private IP that's not yet existing in your network to prevent routing issues.

    With a firewall rule you can NAT all traffic from that interface to the specified public IP. See above for H_Patel's post and screenshot on how to configure the NAT.