How to make routing no NAT

zotinas · July 4, 2016, 4:26pm

Hello i have 3 link of 3 ethernet card

eth1 86.150.181.252/29 GW 86.150.181.249 ISP1
eth2 219.156.107.1/25 ISP1 routed on 86.150.181.252 at provider routers

eth3 109.196.42.186/29 GW:109.196.42.185 ISP2

eth1 and eth2 is from ISP1
and eth3 ISP2
now ip calss 219.156.107.0/25 its routed on 86.150.181.252 by ISP1
i use eth1 and eth3 for NAT (192.168.0.0/16) using multi wan connection and i set to Active backup.

my problem is on ip classes 219.156.107.0/25 i want to use ip from this class on other server (mail server, hosting server, etc: example 219.156.107.2 with gw 219.156.107.1 netmask 255.255.255.128 is mail server and 219.156.107.3 netmask 255.255.255.128 in hosting server).
but my nethserver make NAT for this class on eth1 or eth3, as well as 192.168.0.0/16

single way to use the clase is behind NAT 1:1 with ip aliases added on eth1 (ex: eth1:1 219.156.107.2, eth1:2 219.156.107.3 ) forward to ip form class 192.168.0.0/16.

PLEASE HELP ME to use this class in routing mode not NAT mode.

Thanks

jgjimenezs · July 4, 2016, 11:52pm

Hello Friend,

You have your ISP hardware which has 2 network ports, and you have assigned 2 IP? and a second ISP where you assign only 1 IP, right?

You’ll use to NethServer as hosting and mail server?

zotinas · July 5, 2016, 6:34am

No, one single ports my class /25 its not opperable if not put on interface eht1 connected IP 86.150.181.252.
i can put on the some interface ip from ISP1 like that.

eth1 have 86.150.181.252 and
eth1:1 219.156.107.1 this ip i want to use at gateway for other server(mail server and hosting server).
with eth2 i connect on switch wher i have connected my server (mail server and hosting server, etc form class 219.156.107.0/25)
no i dont use nethserver for hosting and mail server.
Thanks

GG_jr · July 5, 2016, 8:01am

Hi Dan,

Can you make a sketch with your configuration (ISP router -> NethServer)?
Do you have from your ISP only a MC or a router (or MC and router)?

TIA,
Gabriel

zotinas · July 5, 2016, 8:26am

From ISP1 i have MC with 1 ethernet port

zotinas · July 5, 2016, 8:29am

at short for ip classess 219.156.107.1/25 i want to bypass firewall

jgjimenezs · July 5, 2016, 10:28am

This is a Vlan?

You have your settings like this?

jgjimenezs · July 5, 2016, 1:57pm

@zotinas If you do ping 219.156.107.1 responds to the request?

If you use 86.150.181.252:980 you access NethServer?

Something like that is your settings?

zotinas · July 5, 2016, 2:16pm

Yes 219.156.107.1 respond to ping and i made it even ip address 219.156.107.2 with gw 219.156.107.1 to respond to ping form external connection, but when I acces internet from my ip address (219.156.107.2), seems that is going to internet with NAT address (86.150.181.252 ISP1 or 109.196.42.185 ISP2). I use active backup internet connection.

yes the configuration is like the above screenshot

jgjimenezs · July 5, 2016, 3:16pm

You want to assign to a station that Alias as wan? or you want to access from the Internet via alias?

GG_jr · July 5, 2016, 3:29pm

Hi Dan,

Please see the attached picture.
Is this sketch correct?
If yes, do you want NAT 1:1 from ISP1 to SW1 and port forwarding from ISP2 to SW2?

jgjimenezs · July 5, 2016, 3:54pm

@zotinas seeing the graph of @GG_jr mail server and web server must use the ISPx (x=1 or 2) is correct?

Considering that each service is being used in different hardware

GG_jr · July 5, 2016, 4:11pm

I read again and I think this is the correct sketch (please see below).

And I think Dan want to use ISP1 and ISP2 as Active Backup for eth0 (GREEN) and for eth2 (ORANGE).
The problem is that he has his subnet routed only by ISP1 and not also by ISP2.
In this case, when ISP1 is down, the servers from eth2 will not be seen from Internet.
But can access the Internet from eth0 and from eth2
Only If I understand well.

jgjimenezs · July 5, 2016, 4:15pm

that’s right @GG_jr

multiwan should use balanced mode

GG_jr · July 5, 2016, 4:19pm

Or BGP between ISP1 and ISP2.
Dan’s subnet must be routed by ISP1 and also by ISP2.

I had the same situation and BGP is the best solution.

GG_jr · July 5, 2016, 4:39pm

My situation (the short version).

zotinas · July 5, 2016, 7:21pm

Hello, that is the correct sketch. For the mail server and web server, ISP2 give me ip from a cisco router, and on each server (mail and hosting server), i use a second network card with ip form IPS2 and my backup for this server is from DNS zone.
My problem is with isp1 which gives me ip directly connected (86.150.181.252) and ip class 219.156.107.0/25 on the same port. And i want this class (219.156.107.0/25) the server was straight forward bypass the firewall from nethserver.

zotinas · July 5, 2016, 7:50pm

http://community.nethserver.org/uploads/db8506/original/2X/2/21a730e66c59b5e428420d79bef3136d307646a0.png

for this solution requires its own AS and its own ip classes form RIPE. Now this is complicated and the costs are significantly higher.
Thanks anyway.

GG_jr · July 5, 2016, 7:54pm

Indeed, I have an AS number and the IP Public subnet is from RIPE.

You’re right!