Business Community > Gateways > ER811 WAN Configuration with Multiple Static IP Addresses and Virtual Server Port Forwarding
< Gateways

ER811 WAN Configuration with Multiple Static IP Addresses and Virtual Server Port Forwarding

12

ER811 WAN Configuration with Multiple Static IP Addresses and Virtual Server Port Forwarding

15 Reply
Re:ER811 WAN Configuration with Multiple Static IP Addresses and Virtual Server Port Forwarding
a week ago

  @Uzair11 

 

I didnt recommend One:One NAT for his use since to enable bidirectional traffic both in and out, using that function would totally expose the internal IP to the internet in its entirety, since for the response to come from that IP you would have to enable DMZ for each mapping.

 

I still recommend the multiple WAN with policy routing for the internal IPs, and simple port forwarding for inbound access through the firewall, and letting the firewall use its stateful rules for return traffic through the policy routed WAN

  0  
  0  
#12
Options
Re:ER811 WAN Configuration with Multiple Static IP Addresses and Virtual Server Port Forwarding
18 hours ago - last edited 18 hours ago

I finally had a chance to install my router yesterday. I had some success, and some challenges. The challenges:

 

WAN ports SFP+ WAN1 and SFP+ WAN/LAN2 are showing "Link Down" connection status. I'm using TP-Link Omada SM5310-T adapters. My FIOS connection only provides 1GB Ethernet, so I have both ports configured for 1000000 upstream and downstream bandwidth. I can configure the ports for a static IP address, but plugging in a cable doesn't change the link status. Did I miss something here?

 

I tried creating an IP Group for each of my servers and using policy routing to do incoming and outgoing NAT. I couldn't reach either server. To get things working, I deleted my IP Groups and policy routing rules and created NAT virtual servers. As @GRL noted above, this gets traffic forwarded to the right server, but outbound NAT isn't bound to the same public IP address. I then tried creating a single IP Group and policy routing rule for one of the servers. Outbound NAT still isn't working properly. Here are some images showing my configuration.

 

IP Group

IP Address

Policy Rule

WAN/LAN5 is configured to use a static IP address that ends with .36. When I ssh from 192.168.0.9 to another server on the public internet, the IP address shown for the incoming connection isn't using .36. It varies, using one of my other configured static IP addresses.

 

Sorry for the long update. Can anyone help me figure out what I've done incorrectly?

  0  
  0  
#13
Options
Re:ER811 WAN Configuration with Multiple Static IP Addresses and Virtual Server Port Forwarding
7 hours ago

I think I have the policy routing situation addressed. I needed to change the destination settings to IPGROUP_ANY. Things seems to be working with that change.

 

Does anyone have any thoughts about the SFP+ WAN ports? I've tried swapping transceivers to make sure that isn't the problem (it isn't).

  0  
  0  
#14
Options
Re:ER811 WAN Configuration with Multiple Static IP Addresses and Virtual Server Port Forwarding
7 hours ago

  @SAH62 

 

for the modules you need to leave the SFP+ ports in full 10gbit mode, the module does the conversion, and they wont work if you configure the port on the gateway to 1gig

  0  
  0  
#15
Options
Re:ER811 WAN Configuration with Multiple Static IP Addresses and Virtual Server Port Forwarding
6 hours ago

  @GRL I originally had them configured for 10GB bandwidth. They weren't working with that configuration, either.

  0  
  0  
#16
Options
12

Tags

WAN Setup NAT
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.