Mutiple public ip and routing to multiple vlans



  • I am trying to setup the following network but failing at routing the public ip's to the vlan's.

    public ip 1 | Wan        |–->  Vlan 1 ---> (webserver 1- 10.10.100.10  |  ftp server 1- 10.10.100.11)
    public ip 2 | Wan        |--->  vlan 2 --->  (webserver 2- 10.10.222.20  |  ftp server 2- 10.10.222.21)
    public ip 3 | Wan        |--->  vlan 3 --->  (webserver 3- 10.10.55.44    |  ftp server 3- 10.10.55.33)

    goal is to route pub ip 1 to vlan 1, public ip 2 to vlan 2 and pub ip 3 to vlan 3. Also i want to reach the webserver1 from the internet on pub ip 1. And the same for the other web servers and ip servers on their respective ip addresses.
    sofar I have looked at VIPs and 1:1 Nat. but I am not sure how to configure it correctly. Some help would be appreciated. :)



  • Can't you just nat port 80 to the webserver, and 20-21 to the ftp?



  • miloman is correct just setup a nat rule for each public IP that you have. The corresponding rule should be generated automatically on the LAN.



  • But how do you make the distinction between publi ip's ?

    e.g. when you are remote and put in http://ip1 how does the WAN interface know which NAT rule to take? hence which webserver to go to?
    all public ip's are registered on the WAN interface as virtual IP's. Or should I make more WAN interfaces and assign ip's to several interfaces?



  • You change the 'destination' in the port forward to the correct virtual IP.
    e.g.
    INT WAN
    PROT TCP
    Dest public IP 2
    Dest port range http
    redirect target ip 10.10.220.20
    redirect target port http



  • Thanks  :) That seems to work.

    I have created several virtual ip's and made a NAT rule as you described. For the virtual IP's I selected 'IP alias'. Or is it better to use CARP for this?



  • I generally use proxy arp on simple setups. When I'm running services on the VIP, or a failover cluster, I use CARP. I don't use alias IPs unless I'm running a secondary subnet on the interface. YMMV. If it's working now, I wouldn't change it.



  • ok thanks for the help.


Log in to reply