Multi-IP WAN and Port Forwarding
PlannedI have multiple static WAN IPs assigned by my ISP (e.g., x.x.x.1 thru x.x.x.50). I have 2 mail servers (each housing a different domain's MX) on the internal LAN. The public DNS addresses of each mail server are x.x.x.20 and x.x.x.21.
Using the Firewalla Gold in router mode, how do I create port-forwarding rule on the WAN interface where x.x.x.20:25 goes to one server (e.g., MX for domain_a.com on LAN IP y.y.y.100:25) and x.x.x.21:25 goes to another (e.g., MX for domain_b.com on LAN IP y.y.y.101:25)?
It seems that port-forwarding is limited to the primary interface -- or at least a single interface -- on the WAN (in this case call it x.x.x.1) and there's no ability to specify the WAN source IP for the forwarding rule.
-
So, I'm confused, I can't specify a particular device or group of devices to use a different IP address as I have multiple dedicated IP addresses; it seems like this is what I'm looking for, but I'm not sure... And, if it is, it sounds like it's kind of implemented but not on the app? When will this feature be fully rolled out?
-
see the last section of this https://help.firewalla.com/hc/en-us/articles/360046703673-Firewalla-Feature-Guide-Network-Manager
This is the multiple IP support
-
Perhaps... It looks like my router (access point/bridge) has to support VLAN tagging, which unfortunately it doesn't (Asus RT-AX88U & Asus RT-AX89X). So, do I need something like the below between the Firewalla (in router mode) and my existing equipment? Like the switch below?
NETGEAR 5-Port Gigabit Ethernet Plus Switch (GS105Ev2) - Managed, Desktop or Wall Mount, and Limited Lifetime Protection https://www.amazon.com/dp/B00HGLVZLY/ref=cm_sw_r_apan_i_0MCEZND73DTKXMQ4R26R
Sorry, this is somewhat new terrain for me, so any guidance would be appreciated!
-
see https://help.firewalla.com/hc/en-us/articles/360046703673-Firewalla-Feature-Guide-Network-Manager
there is a section on multiple IP
-
Thank you so much. I have successfully assined the public IP numbers to WAN port. Now I need to assign each LAN port to a different public IP on WAN port Could you please guide me?
I have public WAN IP numbers 1, 2, 3, on physical WAN port:
I want isolated LAN 1 port to go out to internet using WAN IP 1
LAN 2 port to go out to internet using WAN IP 2
LAN 3 port to go out to internet using WAN IP 3 -
-
I see that you need to create the source NAT for outbound traffic, but what about inbound traffic? Is there a way to set inbound traffic on a specific external IP to route to an internal IP without having to use port forwarding? Especially for some services requiring UPNP. UPNP appears to map only to the main wan interface IP address instead of the IP set by source NAT.
Please sign in to leave a comment.
Comments
23 comments