Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 2315 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

4 external interfaces - ip passthorugh

stn

Hi,

 

I just added 4port NIC to my Home Sophos and came up with idea to occupy all four ports on my cable modem. This worked as i have four different external IPs but i'm getting other issues.

I want to give External (WAN) #2 IP to a Plex server (192.168.0.3) that runs in Internal Network (br0). It is an ESX server so other server are sharing same cable.

First thing i configured is DynamicDNS on External (WAN) #2 but "No update has been attempted since" because of (i think) it is not a "Default IPv4 gateway"

So next thing i enabled the gate on the second interace but Sophos told me you can have only one and in this case it will enable uplink balancing. 

Then i created Masquerading rule (on the top) "from Plex to External (WAN) #2" and added DNAT rule "from Any to External (WAN) #2 change to Plex"

This didn't work either and still "no update has been attempted" on DynamicDNS for External (WAN) #2

 

Is there any other way to do this?

As this is a domestic broadband i wasn't asigned any extra IPs by ISP

 

Kind regards,

Andrzej



This thread was automatically locked due to age.
Parents
  • 0

    Hi Andrzej,

    Since you don't "own" those other public IPs, there's no point in trying to use them - even if you add the same default gateway as your public IP, your ISP's last-hop router won't route the return traffic to you.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

     

    I will clarify this. My ISP allows to connect up to 10 devices to the cable modem/router. The device itself can operate it two modes - as a router or as a modem.

    Modem mode will assign Public IP to any connected device.  The picture above shows all interface configured to obtain an IP through DHCP.

    In this case it looks like i'm having four different ISPs connected (every WAN interface has IP on a different network) to my Sophos firewall and i want some of the hosts go through a specific IP. Creating a Multipath rule doesn't seem to work.  

    If i create uplink balancing i can see traffic is going through other interfaces. Same with DNAT. If i create a DNAT rule on the WAN2 interface and point it ot Plex server it will be acessible via Public IP and this could be the the only solution for me.

     

    What i want to achieve is to have:

    - my home network on WAN #1 interface

    - Plex server on WAN #2 interface

    - Wifi network on WAN#3 interface

    - servers network on WAN #4 interface

     

    Thanks

    Andrzej

     

     

  • 0 in reply to stn

    I've not ever seen an ISP offer anything like that for residential use, Andrzej.  I'm suspicious that it doesn't work the way you think it does because no default gateways were defined for the other IPs.  Are you able to ping the IP on any interface other than External from your phone connected to the Internet through LTE?

    In any case, I just noticed that your ISP suffers from the infamous MTU 576 bug.  You will want to Edit each Interface definition and change that to 1500 or the value recommended by your ISP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:

    I've not ever seen an ISP offer anything like that for residential use, Andrzej.

    I checked another cable modem from another provider in another country and it works the same way.

    Connected cables to modem, enabled "Modem" mode, rebooted the modem, all devices connected have external IP.

     

    BAlfson said:

    I'm suspicious that it doesn't work the way you think it does because no default gateways were defined for the other IPs

    Isn't that normal behaviour? Once i tick the "Default IPv4 gateway" box i get this:

    So i click OK and the "Uplink balancing" gets enabled. I googled whats my IP and it showed IP from the second interface.

     

    BAlfson said:

    Are you able to ping the IP on any interface other than External from your phone connected to the Internet through LTE?

    Yes, i am and as i mentioned in my previous post after creating DNAT rule "External (WAN) #2 -> any port -> plex" i can browse my plex server from my phone.

     

     

    BAlfson said:

    In any case, I just noticed that your ISP suffers from the infamous MTU 576 bug.  You will want to Edit each Interface definition and change that to 1500 or the value recommended by your ISP. 

    Thanks. Was aware of low MTU but didn't have time to google it.

Reply
  • 0 in reply to BAlfson

    BAlfson said:

    I've not ever seen an ISP offer anything like that for residential use, Andrzej.

    I checked another cable modem from another provider in another country and it works the same way.

    Connected cables to modem, enabled "Modem" mode, rebooted the modem, all devices connected have external IP.

     

    BAlfson said:

    I'm suspicious that it doesn't work the way you think it does because no default gateways were defined for the other IPs

    Isn't that normal behaviour? Once i tick the "Default IPv4 gateway" box i get this:

    So i click OK and the "Uplink balancing" gets enabled. I googled whats my IP and it showed IP from the second interface.

     

    BAlfson said:

    Are you able to ping the IP on any interface other than External from your phone connected to the Internet through LTE?

    Yes, i am and as i mentioned in my previous post after creating DNAT rule "External (WAN) #2 -> any port -> plex" i can browse my plex server from my phone.

     

     

    BAlfson said:

    In any case, I just noticed that your ISP suffers from the infamous MTU 576 bug.  You will want to Edit each Interface definition and change that to 1500 or the value recommended by your ISP. 

    Thanks. Was aware of low MTU but didn't have time to google it.

Children
  • 0 in reply to stn

    "So i click OK and the "Uplink balancing" gets enabled. I googled whats my IP and it showed IP from the second interface."

    Yes, Uplink Balancing, by default, will send traffic out balanced over the active interfaces.

    It's still not clear to me what you gain by doing what you're doing.  In any case, I know my home ISP would notice if I leased more than one public IP at a time and would insist on billing me for the additional IPs.  Good luck with this Andrzej!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML