• February 23, 2025, 02:08:15 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DFL-800 - Second IP on wan1 with all-tcp forwarded to lan IP  (Read 5157 times)

voldemar

  • Level 1 Member
  • *
  • Posts: 3
DFL-800 - Second IP on wan1 with all-tcp forwarded to lan IP
« on: November 18, 2011, 12:11:19 PM »
Hi,

I hope I've read all the topics but with no luck.

What I've done:

ARP mode:publish interface:wan1 ip_address:wan1-ip2 mac:00-00-00-00-00-00
Route: inteface:core network:wan1-ip2/32 nogw, nolocalip metric:0

IP Rules:
SAT: src-if:wan1 src-net: all-nets dst-if: core dst-net:wan1-ip2 service:all_tcp new_ip: ip@lan_net
NAT: src-if: wan1 src-net: all-nets dst-if: core dst-net:wan1-ip2 service:all_tcp
      NAT sender address: here I'm unsure of what exactly should be there, but lan_ip e.g. the dflt gateway
      for lan_net seems to be logical

From Status logging I see that packet gets translated - both src and dst and I also see ack packet returning from the ip@lan_net and there it end's, it doesn't seem to be translated back to be able to return to
internet with the net1-ip2 src address.

Any help is appreciated.
Is it even possible to do that what I'm trying to?

--
regards,
voldemar
« Last Edit: November 18, 2011, 12:48:07 PM by voldemar »
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: DFL-800 - Second IP on wan1 with all-tcp forwarded to lan IP
« Reply #1 on: November 19, 2011, 01:53:09 PM »
First, change
Quote
Route: inteface:core network:wan1-ip2/32 nogw, nolocalip metric:0
Address should be just IP, not network (even /32)

Next, on SAT rule, you don't need to specify anything except new destination IP

If DFL shows you packed transmitted into local IP, check your internal system - maybe, it had rejected packets by something like firewall
Logged
BR, Alexandr Danilov

voldemar

  • Level 1 Member
  • *
  • Posts: 3
Re: DFL-800 - Second IP on wan1 with all-tcp forwarded to lan IP
« Reply #2 on: November 21, 2011, 03:27:03 PM »
Thx for the comment.

Checked the conf, It appears that I automatically added /32 while typing the text.
In real conf it was just an IP.

Didn't quite understand the SAT rule comment. Anything on any tab?

DFL was showing the packet going and ack packet coming, but that packet
either didn't go back out or had wrong src or dst IP.
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: DFL-800 - Second IP on wan1 with all-tcp forwarded to lan IP
« Reply #3 on: November 23, 2011, 10:34:46 AM »
From where you're trying? From inside or ourside?
Logged
BR, Alexandr Danilov

voldemar

  • Level 1 Member
  • *
  • Posts: 3
Re: DFL-800 - Second IP on wan1 with all-tcp forwarded to lan IP - solved
« Reply #4 on: November 23, 2011, 03:04:38 PM »
Issue solved. ISP had some "leftover" acl defined on outgoing traffic,
therefore packets got in, but didn't get out. And some routing issues
are still being solved, since only half of the subnet got "fixed".
And I was scratching my head off :(

Thank you for the support.
Logged