We have 3 Public IP’s on our WAN, and 2 LAN networks.
LAN 1 : 10.0.0.0 [DHCP: 10.0.0.2-10.0.0.254]
LAN 2 : 11.0.0.0 [DHCP: 10.0.0.2-11.0.0.254]
We have been attempting to configure sNAT so that traffic from each LAN routes follows the route of a specific Public IP. We cannot see IP Ranges in the Local Host dropdown.
How can we configure our sNAT for a Range per IP Alias.
See Image: http://puu.sh/o0N2n/1ffb9792ab.png
HOw many NICs have your NethServer instance? This one is your gateway?
Your WAN has three public ip adress… But it’s 3 phisycal links, or these 3 ip are on 1 link only?
All 3 are on a single NIC. I have the 2 other IPs added as Aliases
Can anyone assist me with this?
EDIT: if you could share more details I’d offer a better solution.
I think you could find all the information you need in the shorewall manual:
http://shorewall.net/manpages/shorewall-masq.html
Something like:
ethX 10.0.0.0/24 pu.bl.li.c1
ethX 11.0.0.0/24 pu.bl.li.c2
where ethX is your wan interface.
When you have a working configuration, I can assist developing a custom template if needed.
P.S. 11.0.0.0. is not a valid rfc1918 address.
Our network is setup as follows:
We would like our traffic from eth1 to be via eth0:0, and traffic from eth2 to be via eth0:1.
Ah, you’re right, I should really change that.
I appreciate your help!
I think you can add the two following lines at the top of /etc/shorewall/masq:
eth0 10.0.0.0/24 198.179.110.179
eth0 11.0.0.0/24 198.179.110.180
Maybe there’s a better syntax, but, please, confirm it’s what you need, then we’ll fix it later.
@filippo_carletti that is exactly what I need, I have added it to the configuration and reloaded/restarted the shorewall service, however when checking my public IP it is still returning the .178. Any ideas?
Thanks again!
Have you put those lines at the top?
Could you post the output of
shorewall show nat
Nevermind! It just started working (oddly), i refreshed the public ip check page a few hundred times and it randomly popped up.
You’re the best! Thanks so much!
Great. But wait a minute, we have to “fix” the customization with a custom template (the e-smith way):
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/masq/
echo -e "eth0 10.0.0.0/24 198.179.110.179\neth0 11.0.0.0/24 198.179.110.180" >/etc/e-smith/templates-custom/etc/shorewall/masq/18alias
Then:
expand-template /etc/shorewall/masq
and check that the masq file has the same content.
Complete! =D
Is there any way to send DNS requests only over .178?
I see the Spec shows for PORT, but I don’t see how to wildcard for address.
dnsmasq supports sending queries with a custom source ip, but nethserver doesn’t allow that particular option.
Again, I’d try the syntax to see if it does what you need, then we can develop an enhancement.
You have to search /etc/dnsmasq.conf for the line:
server=8.8.8.8 (or your dns server)
and modify it to
server=8.8.8.8@198.179.110.178
Then restart the service:
service dnsmasq restart
Great @Adam_Reed please mark this topic as solved.
Again @filippo_carletti, you are the best! I believe these would be definite feature to add to NethServer.
This was specifically useful for us, as we use OpenDNS for content filtering on our network, and it binds per IP, instead of having to have two accounts now, we were able to send DNS Requests out via that IP and keep a single account for OpenDNS.
Thanks!
Creating a custom template to “fix” the source-ip is not as easy as the masq template.
I’m thinking about supporting this feature by default.
Please give me some time to work on this issue.