default router er-3 lite
-
So I was told by Frontier I need to add a default router on my first usable lan to my gateway ip on my wan side?
How do I do that.
-
Correction I type too quick sometimes. I need to setup a default route . on port 2 on the er3 . to forward to the default gateway on the wan side.
-
I assume this ties off your other post?
First you need to spell out what your IP config looks like from your provider.
It sounds to me like you are hinting at having 2 routeable IP addresses.
This is semi common in the fiber space, uncommon in other spaces, but is completely not a rare thing.
-
If you post more information, I could probably give you a valid example.
-
From a command line
configure set protocols static route "port 2 ip address/subnet" next-hop "gateway ip address" distance '1' commit save exitShould do it, but I'd save the config before trying because I haven't actually tried this on a device myself yet.
-
@travisdh1 While that does specifically what the OP asked for, it does not mean it is the right thing to do.
When dealing with routed subnets things can get complicated quickly for some.
-
So here is my information for my provider
Your IP information:
WAN/LAN CONFIG
WAN: 107.xxx.xxx.xx/30
LAN: 104.xxx.xxx.xxx/27
GATEWAY FOR WAN AND LAN : 107.xxx.xxx.xx
SUBNET FOR WAN : 255.255.255.252
SUBNET FOR LAN : 255.255.255.224
FIRST USABLE ADDRESS : 104.xxx.xxx.193So on my switch I am using a vlan 50 to connect all the public ips on my er -3 lite.
I have the wan on eth0- dhcp address 10.x.x.x on eth1 and eth2-public ip 104.x.x.193.
I was told from froniter that I have to create a default router within the router to forward over to the gateway ip address over to the lan side cause both wan/lan both us the same ip.
Now I am running VM's using linux. and I have no internet once I configure the static ip cause I cant pink to the gateway ip. i can ping to the public ip but cant ping to the gateway.
-
Thank you very much what I had to do is add a static route and add a nat from eth2 to eth0 of outbound traffics
Thank you again this is fixed.
-
What you setup works. Obviously, but this is what I meant by complicated.
Because you misunderstand the terms WAN and LAN here.These are WAN and LAN from your ISP perspective.
Typically you have a router from your ISP that has the /30 on its WAN and the /27 on the LAN side and they tell you that your usable IP is 104.X.X.194 - 104.X.X.222 with a gateway of 104.X.X.193 and you plug those addresses in your router as the WAN.
In your case, there is no ISP router handling the hand off.
In this scenario, what I do is setup the ERL WAN on the 107.X.X.X/30.
Setup the LAN on my normal internal range 10.X.X.X/23
With the default NAT in place.At this point all your traffic goes out what ever IP the 107.X.X.X/30 is.
Then I craft SNAT and DNAT rules to handle my traffic for the various IP public addresses.
-
Here is an ER4 I have with this scenario.
AT&T WAN: 12.X.X.70/30
AT&T Gateway: 12.X.X.69/30
AT&T Routed Block: 12.X.X.240/29 (My IP addresses)
My LAN: 10.1.1.0/24Interface setup:
interfaces { ethernet eth0 { address 12.X.X.70/30 description "AT&T FIber" duplex full firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed 100 } ethernet eth1 { address 10.1.1.1/24 address 10.204.1.1/24 description "St Charles LAN" duplex auto firewall { in { name LAN_IN } local { name LAN_LOCAL } } speed auto vif 5 { address 10.204.5.1/24 description "Guest WiFi" mtu 1500 } } ethernet eth2 { duplex auto speed auto } ethernet eth3 { duplex auto speed auto } }System:
system { gateway-address 12.X.X.69 }Service-> Nat:
nat { rule 1 { description "Forward Telnet from Epicor" destination { group { address-group ATT242 } port 23 } inbound-interface eth0 inside-address { address 10.1.1.250 port 23 } log enable protocol tcp source { group { address-group EpicorIPAddr } } type destination } rule 2 { description "Forward RDP from Epicor" destination { group { address-group ATT242 } port 3389 } inbound-interface eth0 inside-address { address 10.1.1.12 port 3389 } log enable protocol tcp source { group { address-group EpicorIPAddr } } type destination } rule 3 { description "Allow SMTP from Google" destination { group { address-group ATT242 } port 25 } inbound-interface eth0 inside-address { address 10.1.1.5 port 25 } log disable protocol tcp source { group { network-group Google_SMTP_Networks } } type destination } rule 4 { description "Allow SMTP from Google" destination { group { address-group ATT242 } port 587 } inbound-interface eth0 inside-address { address 10.1.1.5 port 587 } log disable protocol tcp source { group { network-group Google_SMTP_Networks } } type destination } rule 5 { description "Inboud PBX traffic" destination { group { address-group PBX_Outside } } inbound-interface eth0 inside-address { address 10.1.1.30 } log disable protocol all source { group { } } type destination } rule 6 { description "Inbound Web Traffic" destination { group { address-group ATT242 port-group Web_Ports } } inbound-interface eth0 inside-address { address 10.1.1.22 } log disable protocol tcp source { group { } } type destination } rule 5900 { description "PBX Traffic" log disable outbound-interface eth0 outside-address { address 12.X.X.244 } protocol all source { group { address-group PBX_Inside } } type source } rule 5997 { description LAN log disable outbound-interface eth0 outside-address { address 12.X.X.242 } protocol all source { address 10.1.1.0/24 group { } } type source } rule 5998 { description "Public WiFI" log disable outbound-interface eth0 outside-address { address 12.X.X.243 } protocol all source { address 10.204.5.0/24 group { } } type source } rule 5999 { description "Default NAT Masquerade" log disable outbound-interface eth0 protocol all type masquerade } }Firewall Groups:
firewall { group { address-group ATT242 { address 12.X.X.242 description "AT&T IP 242" } address-group ATT243 { address 12.X.X.243 description "AT&T IP 243" } address-group EpicorIPAddr { address 159.66.236.224 address 159.66.234.224 description "Epicor IP Addresses" } address-group Exchange_Servers { address 10.1.1.5 description "Internal Exchange Servers" } address-group Internal_Web { address 10.1.1.22 description "Internal Webservers" } address-group PBX_Inside { address 10.1.1.30 description "Phone System Internal IP" } address-group PBX_Outside { address 12.X.X.244 description "Phone System External IP" } network-group Google_SMTP_Networks { description "Networks used by Google to send SMTP" network 216.239.32.0/19 network 209.85.128.0/17 network 173.194.0.0/16 network 74.125.0.0/16 network 72.14.192.0/18 network 66.249.80.0/20 network 66.102.0.0/20 network 64.233.160.0/19 network 64.18.0.0/20 network 207.126.144.0/20 } network-group Private_LAN { description "Private LAN Networks" network 10.204.0.0/16 } port-group SMTP_Ports { description "Ports used for SMTP" port 25 port 587 } port-group Web_Ports { description "Inbound Web Ports" port 80 port 443 } }
