• March 30, 2020, 08:19:12 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Help - IpAlias  (Read 4719 times)

cariparo

  • Level 1 Member
  • *
  • Posts: 2
Help - IpAlias
« on: October 30, 2009, 10:03:45 AM »

Hi All,
I'm in trouble when adding an IP Alias to DFL-800 LAN interface. Here the procedure:

Current LAN: 10.10.3.1/24
New LAN: 10.0.0.1/23

Create New IP Address for 10.0.0.1        (lan_new_ip)
Create New IP Address for 10.0.0.0/23   (lan_new_net)

Interfaces -> ARP -> Add
Mode: Publish
Interface: Lan
IP Address: lan_new_ip
MAC: 00-00-00-00-00-00

Rules -> IP Rules -> Add (on top of the list)
Action: Allow
Service: Ping Inbound

Source
Interface: Lan
Network: lan_new_net
Destination
Interface: core
Network: lan_new_ip

Save&Activate

But I can't ping 10.0.0.1 from 10.0.0.55 (10.10 and 10.0 are both on same cable in the phisical lan port 1)

Does anyone please tell ma what is wrong?


Thanks
-Carip
« Last Edit: October 30, 2009, 10:10:51 AM by cariparo »
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Help - IpAlias
« Reply #1 on: October 30, 2009, 10:14:46 AM »

Did you add a route for lan_new_net on the LAN interface, metric 100, no gw?
Did you add a route for lan_new_ip on the core interface, metric 0, no gw?
Logged
non progredi est regredi

cariparo

  • Level 1 Member
  • *
  • Posts: 2
Re: Help - IpAlias
« Reply #2 on: October 30, 2009, 12:15:27 PM »

Perfect, it works fine!

  ;)

Keep up your great work,
-Carip.
Logged

enriquev

  • Level 1 Member
  • *
  • Posts: 7
Re: Help - IpAlias
« Reply #3 on: February 11, 2010, 08:47:33 AM »

Hello, I am in almost the same situation;

I have the same setup as the OP, after adding routes I can ping 10.0.0.1 from 10.0.0.55 but contrarly to my other lan, 10.0.0.0/23 cannot access the web, I am missing any other routes?

I have added the needed rules for the connections as the firewall doesnt pick anything up anymore...
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Help - IpAlias
« Reply #4 on: February 11, 2010, 10:39:35 AM »

If both your firewall and your network(s) have routes for all valid endpoints then routes are not the problem, rules are.  I strongly suspect rules are going to be the issue here, double and triple check them.

For cases like this I like to group all valid LAN networks together in one object and use that instead of LAN_Net for all my IP Rules.
Logged
non progredi est regredi

enriquev

  • Level 1 Member
  • *
  • Posts: 7
Re: Help - IpAlias
« Reply #5 on: February 11, 2010, 11:21:33 AM »

There doesnt seem to be anything on my syslog server...

Here is my full setup:
wan1 ip (207.XXX.XXX.108)
wan1 net (207.XXX.XXX.64/26)
wan1 gw (207.XXX.XXX.65)

lan1 ip (207.XXX.XXX.108)
lan1 net (207.XXX.XXX.64/26)
wan1 gw (207.XXX.XXX.65)

Most of my clients get following addresses:
IP: 207.XXX.XXX.91
maks : 255.255.255.192
Gateway: 207.XXX.XXX.65

Now I want to Nat some of these but not all of them.
I added,
ARP:
Publish - lan -  NAT-FW-2(192.168.66.1) - (00:00:12:12:12:AA)

Routes:
core - NAT-FW-2(192.168.66.1)  - (Metric 0) - No GateWay - No IP
lan  - nat-lan-2(192.168.66.0/24) - (Metric 100) - No GateWay - No IP

On a pc I set:
IP : 192.168.66.66
mask : 255.255.255.0
Gateway : 192.168.66.1

Ping to 192.168.66.1 works.

Now I try and ping 4.2.2.2
In syslog I see:

Local0.Warning   207.XX.XX.108   [2010-02-11 14:12:36] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=lan srcip=192.168.66.66 destip=4.2.2.2 ipproto=ICMP ipdatalen=40 icmptype=ECHO_REQUEST echoid=512 echoseq=4413

Then I go to my rules, and I add this as my top most:
Action - Allow
SourceIF - lan
Sourcenetwork - nat-lan-2(192.168.66.0/24)
DestinationIF - wan1
DestinationNetwork - all-nets
Service - all_icmp

Now nothing shows up in my syslog, but ping doesnt work.
I also tried the rule with Action - NAT and Action FastForward, but no difference...

Now im stuck...
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Help - IpAlias
« Reply #6 on: February 11, 2010, 01:12:23 PM »

You are routing the same network to multiple interfaces, that is not going to work.
Logged
non progredi est regredi

enriquev

  • Level 1 Member
  • *
  • Posts: 7
Re: Help - IpAlias
« Reply #7 on: February 12, 2010, 09:22:14 AM »

Hello,

I have changed to the following:
lan1 ip (192.168.55.1)
lan1 net (192.168.55.0/24)

Then on a client pc i do:
ip: 192.168.55.55
msk: 255.255.255.0
gw: 192.168.55.1

ping 4.2.2.2 works :-)

but from the same pc I do :
ip: 192.168.66.66
msk: 255.255.255.0
gw: 192.168.66.1

ping 4.2.2.2 doesnt work :-( nothing on syslog...

please help...  :'(
Logged

enriquev

  • Level 1 Member
  • *
  • Posts: 7
Re: Help - IpAlias
« Reply #8 on: February 12, 2010, 03:23:08 PM »

Ok I have found my problem,

it was my ARP entry, it doesn't work if I specify a MAC.

It really took me alot of time to find out  :(

hope it help someone.
Logged