Announcement

Collapse
No announcement yet.

Use Dedicated WAN IP For Multiple Web Servers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Use Dedicated WAN IP For Multiple Web Servers

    Hello everyone,

    I have multiple web servers on my network, and I would like use a dedicated WAN IP for each. I have 5 public IPs.

    The WAN interface IP for example is 1.2.3.90/29

    I have added the following IPv4 Aliases to the WAN Interface:

    1.2.3.91/29
    1.2.3.92/29
    1.2.3.93/29
    1.2.3.94/29

    I would like to point web server 1 to 1.2.3.91 ad webserver2 to 1.2.3.92

    I am testing with webserver2 and I have the following port forwarding rules:

    Source Address: 1.2.3.92
    Source Interface: Any WAN
    Destined Local: True
    Destination Address: Webserver2 IP
    Destination Port: 80,443

    Any guidance is appreciated.

    I have also set up a NAT rule that goes from webserver2 IP to go out through 24.176.206.92

    Thank you​
    Last edited by jsandoval; 12-08-2022, 11:22 AM.

  • #2
    Resolved with the following:

    https://wiki.untangle.com/index.php/1:1_NAT

    Comment


    • #3
      Thanks for using a search! And yes that article is a great place to start.

      I'd further add some wisdom here to help you wrap your brain around this. NGFW doesn't do 1:1 NAT.

      Let me say that again... NGFW doesn't do 1:1 NAT! And this is a wonderful thing!

      You have TWO features to worry about.

      Port Forwards, and NAT Policy.

      The former determines how ingress traffic is handled. So if you slap aliases on your External interface, and then setup port forward rules as such:

      Destination Address
      Protocol
      Destination Port

      You'll be able to direct traffic by inputting the correct public address in the destination address field. DO NOT USE Destined Local, as that's a place holder for all IP addresses on the server. Source address and source interface could be used too, but generally these are used incorrectly. If you're trying to limit what devices can use the forward, knock yourself out. But typically speaking the above 3 flags are what you use on any port forward rule for a public service.

      The latter feature NAT Policy configures what IP address Untangle will use for a device leaving the network. Web servers won't need this or care, and use of it has impact on multi-wan scenarios. So generally speaking you want to avoid configuring NAT policy where possible. Mail server operators however, will need this feature as the egress traffic must be on a specific IP address or bad things happen in SPAM land.
      Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
      NexgenAppliances.com
      Phone: 866-794-8879 x201
      Email: [email protected]

      Comment

      Working...
      X