D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: luizescobar on April 09, 2015, 06:53:21 AM
-
Hello, how to configure multiple External IP on WAN interface
I have twelve public IP addresses, I can assign to the WAN2 interface??
How to do it
WAN1 - DSL login Static IP 15Mbit-DOWN/2Mbit-UP http other site ALG rules, and others services, dns1-google
WAN2 - Static IP x.x.x.50 ... x.x.x.61 10Mbit-Down/10Mbit-UP send/receive email(imap/pop) from my domain, http from my domain, send my six stream audio, dns2-google
Failover For Two ISP. If Wan1 fail to Wan2
wan2 Static IP x.x.x.50
add ARP ->
Mode: Public
Interface: wan2
IP Address: Wan2_Public_IP2 - Static IP x.x.x.51
Mac address: 00-00-00-00-00-00
RULES -> First Folder DMZ_TO_ALL
add IP Rule -> Name: ALLOW_ALL_OUT
Action: NAT
Service: all_tcpudp
Source int.: dmz
Source netw.: ip_int_srv -> 172.17.100.51
Destination int.: wan2
Destionation netw.: all-nets
RULES -> Second Folder ALL_TO_DMZ
add IP Rule -> Name: SAT_ALL_EXT
Action: SAT
Service: all_tcpudp
Source int.: any
Source netw.: all-nets
Destination int.: wan2
Destionation netw.: WAN2_public_IP2 - Static IP x.x.x.51
SAT -> Destionation IP -> New IP Address ip _int_srv -> 172.17.100.51
RULES -> Second Folder ALL_TO_DMZ
add IP Rule -> Name: ALLOW_ALL_EXT
Action: Allow
Service: all_tcpudp
Source int.: any
Source netw.: all-nets
Destination int.: wan2
Destionation netw.: WAN2_public_IP2 - Static IP x.x.x.51
BUT DONīT WORK !!!! HELP !? PLEASE !?
Routing -> Routing Tables
MAIN-ROUTE
1 Route wan2 all-nets wan2_gw 90 No
2 Route wan2 wan2_net 100 No
3 Route speedy all-nets speedy_ip 60 Yes
4 Route wan1 wan1_net 100 No Direct route for network wan1_net over interface w...
5 Route dmz dmznet 100 No Direct route for network dmznet over interface dmz...
6 Route lan lannet 100 No Direct route for network lannet over interface lan...
PPPoE_WAN2
1 Route wan2 all-nets wan2_gw 40 Yes
2 Route lan lannet 100 No
WAN2_LB
1 Route wan2 wan2_net 100 No
2 Route lan lannet 100 No
3 Route wan2 all-nets wan2_gw 70 Yes
DMZ_LB
1 Route wan2 wan2_net wan2_gw WAN2_public_IP2 100 No
2 Route dmz dmznet 100 No
3 Route wan2 all-nets wan2_gw WAN2_public_IP2 70 No
Routing -> Routing Rules
1 dmz_all dmz dmznet any all-nets all_tcpudp
2 web_embratel lan lannet any megasistema all_tcpudp manda email pela wan2
3 webnow-stream lan IP-Auditas-97e98 any webnow_com_br_stream stream-http-speedy_wan2
4 strm-virtua any all-nets any wan2_ip all-grp-audita-tieline
Excuse my English.
-
In Log :
2015-04-09
11:06:29 Warning RULE
6000051 Default_Access_Rule TCP wan2
y.y.y.152
x.x.x.51 33451
80 ruleset_drop_packet
drop
ipdatalen=40 tcphdrlen=40 syn=1
2015-04-09
11:06:28 Warning RULE
6000051 Default_Access_Rule TCP wan2
y.y.y.152
x.x.x.51 33451
80 ruleset_drop_packet
drop
ipdatalen=40 tcphdrlen=40 syn=1
-
OK, let's take care of he easy part first.
Any time you see a log entry for Default_Access_Rule, that means that you have received traffic which violated an access rule. In normal circumstances, you don't need to manually create or adjust access rules, the automatic access rules allow traffic matching your interface networks, which is usually all you need. In this case since the destination interface and network look like they make sense (but check my work, I can't see everything, you can), I have to ask does y.y.y.152 match your LAN or any of your interface IPs? The most usual reason to see these log entries is because you are trying to use the same network on multiple interfaces, are you?
Now, for failover (which is distinct from load balancing [I assume that is what all the LBs mean]), you are going to need to manually create all your default routes (routes to all-nets), and ensure they have monitoring enabled with settings that make sense. Assuming your IP Rules are good, monitoring is all you need to do for failover.
For load balancing, the process is very similar, but there are some gotchas to look after. Load balancing only works on routing tables that have multiple routes with the same destination, and metric. In other words, any routing tables which you wish to load balance need to have all their default routes on the same metric. After that is squared away, create a load balancing instance (and trust me when I say that happy endings happen almost exclusively with the load balance method of "destination").
For simple failover or load balancing, those paragraphs are all you need on the routing side, the policy (IP Rule) side is fairly intuitive, but make sure what you have makes sense.
Get failover or balancing working before you make things more complicated by adding a routing table and routing rules for particular traffic classes, by themselves neither failover nor balancing require additional routing tables. Once you are ready for a second routing table, try to keep it to just the one additional table, if you think about it, you only have 2 paths to route, you should only need 2 tables to hold those paths.
If we need to go any further with routing troubleshooting, you should always use the current routing table from status->routes, as it will show you what the DFL is currently using to route (including things like dynamically added routes and route monitoring).
-
Hi Rara Avis, letīs go...
My WAN2 use Static IP 200.x.x.50
I create ARP to WAN2 Static IP 200.x.x.51
I need create 2 ARP for WAN2 :
WAN2 use Static IP - 200.x.x.50
ARP1 -> WAN2 - 200.x.x.51 to DMZ - 172.17.100.51
ARP2 -> WAN2 - 200.x.x.52 to DMZ - 172.17.100.52
I have 12 Static IP 200.x.x.50 - 200.x.x.61
This config donīt work
wan2 Static IP 200.x.x.50
add ARP ->
Mode: Public
Interface: wan2
IP Address: Wan2_Public_IP2 - Static IP 200.x.x.51
Mac address: 00-00-00-00-00-00
RULES -> First Folder DMZ_TO_ALL
add IP Rule -> Name: ALLOW_ALL_OUT
Action: NAT
Service: all_tcpudp
Source int.: dmz
Source netw.: ip_int_srv -> 172.17.100.51
Destination int.: wan2
Destionation netw.: all-nets
RULES -> Second Folder ALL_TO_DMZ
add IP Rule -> Name: SAT_ALL_EXT
Action: SAT
Service: all_tcpudp
Source int.: any
Source netw.: all-nets
Destination int.: wan2
Destionation netw.: WAN2_public_IP2 - Static IP 200.x.x.51
SAT -> Destionation IP -> New IP Address ip _int_srv -> 172.17.100.51
RULES -> Second Folder ALL_TO_DMZ
add IP Rule -> Name: ALLOW_ALL_EXT
Action: Allow
Service: all_tcpudp
Source int.: any
Source netw.: all-nets
Destination int.: wan2
Destionation netw.: WAN2_public_IP2 - Static IP x.x.x.51
IP y.y.y.152 ext
i have 3 ISP :
ISP 1: DSL 1 fiber PPPoE LOGIN 10Mb/2Mb
ISP 2: DSL 2 fiber PPPoE LOGIN 5Mb/1Mb
ISP 3: fiber Static IP : 200.x.x.50 - 200.x.x.61 10Mb/10Mb
ISP 1 to DFL-800 Wan1 PPPoE
ISP 3 to DFL-800 Wan2 Static IP 200.x.x.50
ISP 2 to DI-524 other for visitors notebook, cell phones and tables
I use my ISP3-DI524-IP-EXT to test connect DFL-800 Wan1 and Wan2
Sorry my english
-
Hi,
DFL-800_Howto_de_wan-failover.zip (ftp://ftp.dlink.eu/Products/dfl/dfl-800/documentation/DFL-800_Howto_de_wan-failover.zip) provides a description how to configure WAN failover. Unfortunately it's written in German, but every step also provides a screenshot that allows to understand it without reading the text. Hope this may help.
PT