07-11-2014 12:00 AM - edited 03-07-2019 08:01 PM
So i have following situation:
ISP gave me /28 public IP subnet and now i have multiple public IPs. I configured NAT overload with 1st IP from that subnet for LAN clients to gain internet access and that works. I forwarded ports 25,80 and 443 from 2nd IP to the mail server and that works also OK, but if i got to www.whatismyip.com from mail server it shows 1st IP. How can i tell router to send all traffic from mail server to internet with source of 2nd IP?
Solved! Go to Solution.
07-16-2014 12:10 AM
Hi Damir,
I understood your requirement. We should create a specific static NAT for the host 192.168.1.10 to take 1.1.1.2 as it public IP. Rest of the hosts in subnets will have the public IP as 1.1.1.1. All we need here is to create a non-overlapping rules. All static rules for NAT should be on priority then it comes for the general PAT.
can you create a static NAT rule sin priority like this
Static nat for 25,80,443
Static NAT for 192.168.1.10 to have 1.1.1.2
then configure with the generic PAT as you have it now.
Regards
Karthik
07-11-2014 01:16 AM
Insufficient of data, but in general:
You must NAT second IP, and assign it to mail server. Also allow route to Internet form mail server.
07-12-2014 08:22 AM
When you say i need to NAT second IP, you mean 1:1 NAT? In that case i need ACL to allow only some ports to that public IP right and i need to apply it on outside interface?
07-13-2014 08:18 AM
for your reqruirement for whatsmyip.com.... it is an outbound connection..... so it has to be allowed in the acl interface where the server is connected.... either dmz/inside whereever you have..... the return traffic from internet will be handled by the stateful inspection......
Regards
Karthik
07-15-2014 09:29 PM
Hi, i think you missed the point here.
So i have 1.1.1.1 and 1.1.1.2 on WAN interface. Which set of commands i need to execute so that all outgoig traffic from server on 192.168.1.10 has 1.1.1.2 as a public source IP and rest of the machines have 1.1.1.1 (last one is easy - overload on whole private subnet)?
07-16-2014 12:10 AM
Hi Damir,
I understood your requirement. We should create a specific static NAT for the host 192.168.1.10 to take 1.1.1.2 as it public IP. Rest of the hosts in subnets will have the public IP as 1.1.1.1. All we need here is to create a non-overlapping rules. All static rules for NAT should be on priority then it comes for the general PAT.
can you create a static NAT rule sin priority like this
Static nat for 25,80,443
Static NAT for 192.168.1.10 to have 1.1.1.2
then configure with the generic PAT as you have it now.
Regards
Karthik
07-16-2014 11:30 AM
Thank you.
07-11-2014 03:22 AM
Hi Damir,
Here in your scenario the port enabled for the incoming traffic towards mail server.... but when you give whatismyip.com it takes the general PAT path and gives you 1st IP. I hope you got the hint to modify the NAT priority and statements as per your requirement to get that done.
your port-forwarding rule is specific to port 25/80/443 towards specifc server IP (say mapped ip 1.1.1.1(public) real ip 172.16.0.100(private)). So when you access from inside to outside your port-forward nat rule will not match hence it takes the general path...
But you don need to worry about the situation here for you.....
if you need that to show the NAted IP address used for port forwarding. But make sure that it should nt get clash
object network server
host 172.16.1.100
nat (inside, outside) static <IP address>
Regards
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide