Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[luizescobar]

Hello, how to configure multiple External IP on WAN interface
I have twelve public IP addresses,  I can assign to the WAN2 interface??
How to do it

WAN1 - DSL login Static IP    15Mbit-DOWN/2Mbit-UP   http other site ALG rules, and others services, dns1-google
WAN2 - Static IP   x.x.x.50 ... x.x.x.61  10Mbit-Down/10Mbit-UP  send/receive email(imap/pop) from my domain, http from my domain, send my six stream audio, dns2-google

Failover For Two ISP. If Wan1 fail to Wan2

wan2 Static IP x.x.x.50
add ARP -> 
Mode: Public
Interface: wan2
IP Address: Wan2_Public_IP2 - Static IP x.x.x.51
Mac address: 00-00-00-00-00-00

RULES -> First Folder DMZ_TO_ALL
add IP Rule -> Name: ALLOW_ALL_OUT
Action: NAT
Service: all_tcpudp
Source int.: dmz
Source netw.: ip_int_srv -> 172.17.100.51
Destination int.: wan2
Destionation netw.: all-nets

RULES -> Second Folder ALL_TO_DMZ
add IP Rule -> Name: SAT_ALL_EXT
Action: SAT
Service: all_tcpudp
Source int.: any
Source netw.: all-nets
Destination int.: wan2
Destionation netw.: WAN2_public_IP2 - Static IP x.x.x.51
SAT -> Destionation IP -> New IP Address ip _int_srv -> 172.17.100.51

RULES -> Second Folder ALL_TO_DMZ
add IP Rule -> Name: ALLOW_ALL_EXT
Action: Allow
Service: all_tcpudp
Source int.: any
Source netw.: all-nets
Destination int.: wan2
Destionation netw.: WAN2_public_IP2 - Static IP x.x.x.51


BUT DONīT WORK !!!!  HELP !? PLEASE !?


Routing -> Routing Tables
MAIN-ROUTE
1    Route    wan2    all-nets    wan2_gw       90   No   
2    Route    wan2    wan2_net           100   No   
3    Route    speedy    all-nets    speedy_ip       60   Yes   
4    Route    wan1    wan1_net           100   No   Direct route for network wan1_net over interface w...
5    Route    dmz    dmznet           100   No   Direct route for network dmznet over interface dmz...
6    Route    lan    lannet           100   No   Direct route for network lannet over interface lan...
 
PPPoE_WAN2
1    Route    wan2    all-nets    wan2_gw       40   Yes   
2    Route    lan    lannet           100   No   
 
WAN2_LB
1    Route    wan2    wan2_net           100   No   
2    Route    lan    lannet           100   No   
3    Route    wan2    all-nets    wan2_gw       70   Yes   
 
DMZ_LB
1    Route    wan2    wan2_net    wan2_gw    WAN2_public_IP2   100   No   
2    Route    dmz    dmznet           100   No   
3    Route    wan2    all-nets    wan2_gw    WAN2_public_IP2   70   No   
 

Routing -> Routing Rules
1    dmz_all    dmz    dmznet    any    all-nets    all_tcpudp   
2    web_embratel    lan    lannet    any    megasistema    all_tcpudp   manda email pela wan2
3    webnow-stream    lan    IP-Auditas-97e98    any    webnow_com_br_stream    stream-http-speedy_wan2   
4    strm-virtua    any    all-nets    any    wan2_ip    all-grp-audita-tieline   


Excuse my English.

[luizescobar]

In Log :

2015-04-09
11:06:29   Warning   RULE
6000051   Default_Access_Rule   TCP   wan2
y.y.y.152
x.x.x.51   33451
80   ruleset_drop_packet
drop
ipdatalen=40 tcphdrlen=40 syn=1
2015-04-09
11:06:28   Warning   RULE
6000051   Default_Access_Rule   TCP   wan2
y.y.y.152
x.x.x.51   33451
80   ruleset_drop_packet
drop
ipdatalen=40 tcphdrlen=40 syn=1

[Rara Avis]

OK, let's take care of he easy part first.

Any time you see a log entry for Default_Access_Rule, that means that you have received traffic which violated an access rule.  In normal circumstances, you don't need to manually create or adjust access rules, the automatic access rules allow traffic matching your interface networks, which is usually all you need.  In this case since the destination interface and network look like they make sense (but check my work, I can't see everything, you can), I have to ask does y.y.y.152 match your LAN or any of your interface IPs?  The most usual reason to see these log entries is because you are trying to use the same network on multiple interfaces, are you?

Now, for failover (which is distinct from load balancing [I assume that is what all the LBs mean]), you are going to need to manually create all your default routes (routes to all-nets), and ensure they have monitoring enabled with settings that make sense.  Assuming your IP Rules are good, monitoring is all you need to do for failover.

For load balancing, the process is very similar, but there are some gotchas to look after.  Load balancing only works on routing tables that have multiple routes with the same destination, and metric.  In other words, any routing tables which you wish to load balance need to have all their default routes on the same metric.  After that is squared away, create a load balancing instance (and trust me when I say that happy endings happen almost exclusively with the load balance method of "destination").

For simple failover or load balancing, those paragraphs are all you need on the routing side, the policy (IP Rule) side is fairly intuitive, but make sure what you have makes sense.

Get failover or balancing working before you make things more complicated by adding a routing table and routing rules for particular traffic classes, by themselves neither failover nor balancing require additional routing tables.  Once you are ready for a second routing table, try to keep it to just the one additional table, if you think about it, you only have 2 paths to route, you should only need 2 tables to hold those paths.

If we need to go any further with routing troubleshooting, you should always use the current routing table from status->routes, as it will show you what the DFL is currently using to route (including things like dynamically added routes and route monitoring).

[luizescobar]

Hi Rara Avis, letīs go...

My WAN2 use Static IP 200.x.x.50
I create ARP to WAN2 Static IP 200.x.x.51
I need create 2 ARP for WAN2 :
WAN2 use Static IP - 200.x.x.50
ARP1 -> WAN2 - 200.x.x.51  to DMZ - 172.17.100.51
ARP2 -> WAN2 - 200.x.x.52  to DMZ - 172.17.100.52

I have 12 Static IP 200.x.x.50 - 200.x.x.61

This config donīt work
wan2 Static IP 200.x.x.50
add ARP -> 
Mode: Public
Interface: wan2
IP Address: Wan2_Public_IP2 - Static IP 200.x.x.51
Mac address: 00-00-00-00-00-00

RULES -> First Folder DMZ_TO_ALL
add IP Rule -> Name: ALLOW_ALL_OUT
Action: NAT
Service: all_tcpudp
Source int.: dmz
Source netw.: ip_int_srv -> 172.17.100.51
Destination int.: wan2
Destionation netw.: all-nets

RULES -> Second Folder ALL_TO_DMZ
add IP Rule -> Name: SAT_ALL_EXT
Action: SAT
Service: all_tcpudp
Source int.: any
Source netw.: all-nets
Destination int.: wan2
Destionation netw.: WAN2_public_IP2 - Static IP 200.x.x.51
SAT -> Destionation IP -> New IP Address ip _int_srv -> 172.17.100.51

RULES -> Second Folder ALL_TO_DMZ
add IP Rule -> Name: ALLOW_ALL_EXT
Action: Allow
Service: all_tcpudp
Source int.: any
Source netw.: all-nets
Destination int.: wan2
Destionation netw.: WAN2_public_IP2 - Static IP x.x.x.51

IP y.y.y.152 ext

i have 3 ISP  :
ISP 1: DSL 1 fiber PPPoE LOGIN  10Mb/2Mb
ISP 2: DSL 2 fiber PPPoE LOGIN   5Mb/1Mb
ISP 3: fiber Static IP : 200.x.x.50 - 200.x.x.61  10Mb/10Mb

ISP 1 to DFL-800 Wan1 PPPoE
ISP 3 to DFL-800 Wan2 Static IP 200.x.x.50
ISP 2 to DI-524 other for visitors notebook, cell phones and tables

I use my ISP3-DI524-IP-EXT to test connect DFL-800 Wan1 and Wan2

Sorry my english

[PacketTracer]

Hi,

DFL-800_Howto_de_wan-failover.zip provides a description how to configure WAN failover. Unfortunately it's written in German, but every step also provides a screenshot that allows to understand it without reading the text. Hope this may help.

PT