Providing a service from both WAN adresses (i.e., either addr. reaches the svr)



  • I'm failing to get a dual-WAN setup to allow a service to be reached from both WANs. I shall explain:

    Background:
    –----------------
    -2 static IP WAN links from different providers
    -2 Services to provide externally

    Goal:

    -Make both services externally addressable from both providers, so that
      + Traffic that comes in on WAN interface port-forwards to the internal server, and is correctly routed back out WAN1
      + Traffic that comes in on WAN2 interface port-forwards to the internal server, and is correctly routed back out WAN2

    Method attempted

    Set up proxy arp Virtual IPs for each service on their respective WAN interfaces

    For each service:

    -Configured WAN FW rule

    Proto    Src    Port    Dest                                  Port      GW

    TCP        *        *        Internal Server Private IP    SvcPort    *

    -Configured WAN2 FW Rule

    Proto    Src    Port    Dest                                  Port      GW

    TCP        *        *        Internal Server Private IP    SvcPort    WAN2 Gateway IP

    -Configured Port Forwarding Rules

    If  Proto    Ext. port range  NAT IP      Int. port range

    WAN      TCP        ExtSvcPort  Internal Server Private IP          SvcPort
    WAN2        TCP        ExtSvcPort  Internal Server Private IP          SvcPort

    Issue Data

    -Services are reachable on WAN if but not on WAN2
    -Traffic bound for the WAN2 address of the services does not connect to the service it is bound for
    -Both links are demonstrably up; i am using policy routing to ping WAN2's external address from behind WAN (although the reverse doesn't work)

    What I am hoping for

    Validation of my methods or advice on how to correct them, before I start breaking out span ports and sniffers.

    I'll add more data here when I have it. Your kind advices welcomed.



  • Switch your WAN2 firewallrule to gateway default (you have WAN2 there). You only use dedicated gateway/loadbalancerpools in rules for outgoing traffic.


Locked