Basic NAT / 1:1 Setup Question
-
I have 5 static IPs. I want to assign one to the router and the other 4 via 1:1 to computers that sit in the network.
When I try to force a static address 74.XX.XX.XX9/29 to the WAN interface I cannot browse out on port 80. When I assign a dynamic address to the WAN interface I can browse out no problem. What else do I need to setup to assign a static IP to the WAN interface?
I think that issue is impacing my second issue, and that is that I can't 1:1 the other IPs. Under 1:1 I set Interface to WAN, External Subnet to 74.XX.XX.X10/32 and the Internal Subnet to 192.168.1.100/32. I'm not adding a Virtual IP or adding any firewall rules. What else do I need to do to 1:1 these addresses and be able to use port 80 to browse?
Thx
-
When you assign a static IP, you need to assign a gateway as well on the WAN page, and statically assign DNS servers on the General page. I'm guessing you missed one of those two.
-
@cmb:
When you assign a static IP, you need to assign a gateway as well on the WAN page, and statically assign DNS servers on the General page. I'm guessing you missed one of those two.
Yep - forgot to set the static DNS servers. That fixed the static IP issue on the router. However, I still cannot figure out the 1:1 on the other IPs.
Under NAT -> 1:1 I have the external as 74.XX.XX.210/32 and the internal as 192.168.1.100/32. Under NAT -> Outbound I have Manual Outbound NAT selected, Source 192.168.1.100/32, Source Port *, Destination 74.XX.XX.210/32, Destination Port *, NAT Address *, NAT port *, Static port NO. With this setup my external IP on the 192.168.1.100 computer is showing the router IP (74.XX.XX.209), not 74.XX.XX.210.
EDIT ADD - I've tried it with and without a virtual IP on 74.XX.XX.210/32. Disable NAT reflection does not have a check (but it does not work with or without a check).
from log file…
binat on rl4 from 192.168.1.100/32 to any -> 74.XX.XX.210/32
binat on rl4 from 192.168.1.100/32 to any -> 74.XX.XX.210/32
(for some reason this appears twice - not sure why...)
Outbound NAT rules
nat on $wan from 192.168.1.100/32 to 74.XX.XX.210/32 -> (rl4)
nat on $wan from 192.168.1.0/24 to any -> (rl4)
nat on $wan from 192.168.2.0/24 to any -> (rl4)
nat on $wan from 192.168.168.0/24 to any -> (rl4)What am I doing wrong?
-
OK - that was fun figuring out…. It's a squid issue. I reinstalled everything and started from scratch w/out any packages installed. I got everything working great and then when I installed squid all 1:1 NAT reverted back to the router IP.
So, now that I have that fgured out, is it possible to run 1:1 NAT with squid, meaning, can I 1:1 NAT public IPs to private network IPs and proxy port 80 requests through squid (and still retain the public IPs)? I hope that question makes sense...
thx