IX. NAT Related Features
ExpiredHow to use multiple public IP addresses for clients and servers on the LAN
This article describes how to setup Multi NAT address mapping on a vigor router. Multi-NAT can be used where you have been allocated multiple public IP addresses by your ISP. Instead of a many-to-one relationship, you can have a one-to-one relationship between a public IP address and an internal/private IP address.
This means that the LAN clients or server can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for a web server). In the scenario below, the router has 3 WAN IP addresses and 2 web server on the LAN. This guide will demonstrate how to set up Multi NAT to allow internet access to these LAN servers.
Step 1: Configure the WAN IP addresses.
This can be configured on either WAN1 or WAN2, therefore select the WAN interface and access mode (PPPOE/Static Static or Dynamic IP) that applies to your senario. Go to WAN >> Internet Access, select "Static or Dynamic IP" or "PPPoE" for Access Mode, and click Details Page.
Select “Specify an IP address” under IP Network Settings, and input one of the WAN IP Address, subnet mask and gateway IP address that your ISP has provided. Then, click “WAN IP Alias” to add the other IP addresses provided by the ISP to WAN IP Alias. And now, we have multiple IP addresses associated with this WAN interface.
Step 2: Configure open ports.
Go to NAT >> Open Ports, and click on an available index to create a new profile for the first server.
On the profile setup page
- Check Enable Open Ports
- Enter a descriptive Service Name to identify the profile at Comments
- Select the WAN Interface to which the WAN IP Alias were set up.
- WAN IP: choose the alias IP through which Internet clients will access this server
- Private IP: the server’s local IP address
- Protocol: the required protocol (TCP or UDP) for accessing the service
Start Port and End Port: the service port that Internet client should connect through (for example, 80 for web services) - Click OK to save the settings
Similarly, create another profile for another server. Select another WAN Alias IP this time.
Now, these two servers behind the router and NAT are accessible from the Internet by their specified WAN IP addresses.
NOTE - Address Mapping - Outbound WAN IP Alias:
The configurations above are for inbound connections. To force servers’ outbound traffic to send through a specific WAN Alias IP address, use the Route Policy feature instead. A guide on how to setup Policy Route can be found Here.
Troubleshooting
If the port forwarding rule is configured correctly, but the server does not respond, verify that it is listening for the traffic on the correct port and is online.
Please check the following:
- To ensure the server on LAN is alive, we can check
- If there are firewall rules on the server itself blocking the access.
- If the LAN server is accessible to other PC on the same network, or we can dial-in VPN to the Vigor router's LAN and try connecting to the server.
- Try telnet to the server on the specific port to check the connectivity. For example, telnet to 192.168.1.10:80
- The server's gateway must point to the Vigor router's IP address.
- There are no static route or route policy rules on the router that will route the server to the wrong gateway.
- There are no firewall rules on the router that will block the connection between the Internet client and the server.
Lastly if you have gone through all the checklists above and the problem still persists, capture the router’s LAN/WAN packets to find out which host does not respond.
How do you rate this article?
- First Published: 03/10/2019
- Last Updated: 22/04/2021