Basic NAT / 1:1 Setup Question

dfriestedt

I have 5 static IPs.  I want to assign one to the router and the other 4 via 1:1 to computers that sit in the network.

When I try to force a static address 74.XX.XX.XX9/29 to the WAN interface I cannot browse out on port 80.  When I assign a dynamic address to the WAN interface I can browse out no problem.  What else do I need to setup to assign a static IP to the WAN interface?

I think that issue is impacing my second issue, and that is that I can't 1:1 the other IPs.  Under 1:1 I set Interface to WAN, External Subnet to 74.XX.XX.X10/32 and the Internal Subnet to 192.168.1.100/32.  I'm not adding a Virtual IP or adding any firewall rules.  What else do I need to do to 1:1 these addresses and be able to use port 80 to browse?

Thx

cmb

When you assign a static IP, you need to assign a gateway as well on the WAN page, and statically assign DNS servers on the General page. I'm guessing you missed one of those two.

dfriestedt

@cmb:

When you assign a static IP, you need to assign a gateway as well on the WAN page, and statically assign DNS servers on the General page. I'm guessing you missed one of those two.

Yep - forgot to set the static DNS servers.  That fixed the static IP issue on the router.  However, I still cannot figure out the 1:1 on the other IPs.

Under NAT -> 1:1 I have the external as 74.XX.XX.210/32 and the internal as 192.168.1.100/32.  Under NAT -> Outbound I have Manual Outbound NAT selected, Source 192.168.1.100/32, Source Port *, Destination 74.XX.XX.210/32, Destination Port *, NAT Address *, NAT port *, Static port NO.  With this setup my external IP on the 192.168.1.100 computer is showing the router IP (74.XX.XX.209), not 74.XX.XX.210.

EDIT ADD - I've tried it with and without a virtual IP on 74.XX.XX.210/32. Disable NAT reflection does not have a check (but it does not work with or without a check).

from log file…

binat on rl4 from 192.168.1.100/32 to any -> 74.XX.XX.210/32

binat on rl4 from 192.168.1.100/32 to any -> 74.XX.XX.210/32

(for some reason this appears twice - not sure why...)

Outbound NAT rules

nat on $wan from 192.168.1.100/32 to 74.XX.XX.210/32 -> (rl4)
nat on $wan from 192.168.1.0/24 to any -> (rl4)
nat on $wan from 192.168.2.0/24 to any -> (rl4)
nat on $wan from 192.168.168.0/24 to any -> (rl4)

What am I doing wrong?

dfriestedt

OK - that was fun figuring out….  It's a squid issue.  I reinstalled everything and started from scratch w/out any packages installed.  I got everything working great and then when I installed squid all 1:1 NAT reverted back to the router IP.

So, now that I have that fgured out, is it possible to run 1:1 NAT with squid, meaning, can I 1:1 NAT public IPs to private network IPs and proxy port 80 requests through squid (and still retain the public IPs)?  I hope that question makes sense...

thx