I am using a Firewalla Gold SE with ATT Fiber + static public IPs, working to replace an ER-X.
Because of reasons I'll explain below, I want to know if it's possible to override the default gateway subnet check in a WAN connection, and add an IP address that is not actually within the defined network, ie in WAN:
IP Address: 192.168.1.66
Subnet Mask: 255.255.255.0
IP Address 1: 99.x.x.x <-- Publicly routable
IP Address 2: 99.x.x.y <-- Publicly routable
Trying to add these IPs this way will produce an error from the FW app. However, (because ATT is going to ATT), the 192.168.1.254 Gateway actually serves as the Gateway for both the cascaded router IP and also the public subnet and happily routes for both.
This is how I have the ERX setup currently. I do this so that the ERX can pick up and route traffic to different mail and webservers (with different domainnames / IP addresses) after NATing.
So, if possible, I'd rather attach the Public IPs to the Gold and then NAT (to a 10.x.x.x) and send the traffic along (instead of using the Public IPs on the servers themselves), but the FW app is complaining about the IPs not being on the defaultrouter subnet.
Is possible to override the error?
I'm setting the Gold SE up in router mode- after the ONT and a Pace 5268AC router/modem, using the "Cascaded Router" setting on the Pace, which passes all the traffic bound for the Public IPs on to the defined router (the FW) with an assigned private IP. So:
ONT --> Pace --> FW Gold SE (192.168.1.x + public IPs) --> 10.x.x.x net
Because ATT has to be difficult, the way it does this is to assign an internal IP (192.168.1.x) to the cascaded router, and then pass all the traffic bound for the public IPs to that internal IP to be routed. From there, you can manage your public subnet.
However, instead of assigning static IPs to the servers themselves, I want to assign the Public IPs to the FW Gold and the NAT and send the traffic on to the proper servers internal IP. Does that make sense?
I'm open to other setup ideas, but I like having my public IPs attached to a router (currently ERX) and then have them NATed and sent to the proper place.
Please sign in to leave a comment.