• February 19, 2020, 11:10:58 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Cannot use Routed Public IPs from my ISP on DFL-1660  (Read 6698 times)

bandit69

  • Level 1 Member
  • *
  • Posts: 16
Cannot use Routed Public IPs from my ISP on DFL-1660
« on: August 12, 2012, 07:23:09 AM »

Hi Guys,
Would very much appreciate your help. This is the scenario:
I have a public IP 196.x.x.x from my ISP which has been configured as the WAN1 IP on my DFL-1660. Now we requested for more public IPs and we were given two: 41.x.x.1 and 41.x.x.2. My ISP says these two IPs have been routed to me statically. In order to use them, I configured WAN2net as a subnet for them and gave WAN2 the first IP 41.x.x.1. Now the prolem is I have configured my SAT, NAT and other rules but cannot get to this IP from outside. Am thinking I should add another route but isn't the DFL meant to know where to route requests for 41.x.x.1 since its configured on an interface? Also how do I create loopback interfaces on the DFL? Thanks
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #1 on: August 12, 2012, 08:38:37 PM »

If you need to add this IP addresses to DFL, it's possible
1) Objects > Address book > InterfaceAddresses
Add wan1_ip2=41.x.x.1, wan1_net2=41.x.x.y/z, wan1_ip3=41.x.x.1, wan1_net3=41.x.x.y/z
You can calculate networks via http://www.subnet-calculator.com/
If wan1_net2 is the same with wan1_net3, don't make duplicates
2) Interfaces > ARP
Add ARP publish wan1_ip2, wan1_ip3 on WAN1
3) Routing > Routing tables > main
Add routes
core wan1_ip2 <no gateway> 0
core wan1_ip3 <no gateway> 0
wan1 wan1_net2 <no gateway> 100
wan1 wan1_net3 <no gateway> 100

Next, make necessary IP rules

But... if you want to assign this IP addresses to some PC in local network or you have PPPoE instead of just IP - logic will be different
Logged
BR, Alexandr Danilov

bandit69

  • Level 1 Member
  • *
  • Posts: 16
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #2 on: August 13, 2012, 01:10:30 AM »

Hi Alexander,
Must say a big thank you for your response (which I am just reading). I must commend you for a good job on this forum. I have read a number of your posts. Would try this out and let you know how it went. Thanks
Logged

bandit69

  • Level 1 Member
  • *
  • Posts: 16
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #3 on: August 13, 2012, 01:19:38 AM »

But just out of curiousity, how do I assign these IPs to a server on my network?  :) (from your last paragraph). Thank you
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #4 on: August 16, 2012, 02:05:10 PM »

Haha, I'm glad to listen my replies help :)

My example was about publishing IP on DFL itself and make additional port mapping (SAT+Allow) to internal server

Do you need to have possibility to assign additional public IP to servers inside your network?
For better making of example, can you assign DMZ port for this task to separate public systems from your network?
Logged
BR, Alexandr Danilov

bandit69

  • Level 1 Member
  • *
  • Posts: 16
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #5 on: August 20, 2012, 03:27:54 AM »

Hi Alex,
Thanks for your response and so sorry am just responding. You are indeed an asset onn this forum. Yes it is possible to assign DMZ port to public systems on my network (But why only DMZ and why not WAN2?). So please how do I go about giving these public systems public IPs from my ISP? Thank you
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #6 on: August 20, 2012, 12:26:23 PM »

DMZ is because it will be internal interface. You can use any ethernet or VLAN interface as you want.

One more question before howto - does your ISP provided 41.x.x.0/30 network or more wide? If it's /30, you will lose one IP because it will be assigned to DFL.
Logged
BR, Alexandr Danilov

bandit69

  • Level 1 Member
  • *
  • Posts: 16
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #7 on: August 22, 2012, 04:51:49 AM »

Hi Alex,
Thanks for your response. My ISP is providing me with 4 more IPs (41.x.x.x/29) so I don't mind loosing one. Thank you and waiting the How-to.
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #8 on: August 22, 2012, 03:30:13 PM »

Objects > Address book > InterfaceAddresses
Set values to
dmz_ip = 41.x.x.y (for example, first IP from your pool)
dmznet = 41.x.x.x/29

Intrefaces > Ethernet > dmz
Disable option Automatically add a route for this interface using the given network

Routing > Routing tables > main
Add route dmz/dmznet/100, enable proxy ARP to wan1 (your WAN interface)

Rules > IP rules > dmz
Add necessary rules. For example, allow all traffic
Allow wan/all-nets dmz/dmznet all_services
Allow dmz/dmznet wan/all-nets all_services
If you need to give access from LAN to DMZ, add rule
Allow lan/lannet dmz/dmznet all_services
Logged
BR, Alexandr Danilov

bandit69

  • Level 1 Member
  • *
  • Posts: 16
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #9 on: September 06, 2012, 03:25:35 AM »

My man Alex,
You are a genius. Everything just works and am so grateful for all your help. Sorry am just responding. I have been away from work. Thanks and thanks again
Logged

chechito

  • Level 3 Member
  • ***
  • Posts: 193
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #10 on: September 07, 2012, 08:26:03 AM »

Hi Guys,
Would very much appreciate your help. This is the scenario:
I have a public IP 196.x.x.x from my ISP which has been configured as the WAN1 IP on my DFL-1660. Now we requested for more public IPs and we were given two: 41.x.x.1 and 41.x.x.2. My ISP says these two IPs have been routed to me statically. In order to use them, I configured WAN2net as a subnet for them and gave WAN2 the first IP 41.x.x.1. Now the prolem is I have configured my SAT, NAT and other rules but cannot get to this IP from outside. Am thinking I should add another route but isn't the DFL meant to know where to route requests for 41.x.x.1 since its configured on an interface? Also how do I create loopback interfaces on the DFL? Thanks

i think to get this wan1_ip from outside you need to configure PBR using routing rules
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #11 on: September 08, 2012, 11:13:39 AM »

bandir69, you are welcome!

chechito, it's not necessary because all IPs are present at main routing table
Additional IP is published via ARP proxy

Alternative routing tables mostly ised if you have multiple WANs
Logged
BR, Alexandr Danilov

bandit69

  • Level 1 Member
  • *
  • Posts: 16
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #12 on: September 10, 2012, 10:52:32 AM »

Chechito and Alex,
Thanks for both your replies. BTW what is PBR? From danilovav's description I know it has to do with creating alternative routing tables. Thanks
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: Cannot use Routed Public IPs from my ISP on DFL-1660
« Reply #13 on: September 10, 2012, 02:17:47 PM »

PBR is Policy Based Routing
Usually it's used to change direction (i mean, interface or gateway) of traffic by some rules

Best example is incoming connection from second WAN intreface. If PBR is not configured, DFL will try to send ICMP reply via default route (e.g. WAN1) - as result, WAN2 will be not reachable. Via PBR you can change intreface/gateway for traffic from WAN2 - thru WAN2/wan2_gw
Logged
BR, Alexandr Danilov