dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
41
GogNav
join:2010-08-02

GogNav to Anav

Member

to Anav

Re: Zyxel USG 20 / Multiple public ip addresses

Thank you Anav, you put me on the right track !

You were right : there is no reason to create vlans, I just didn't see where I could create virtual interfaces :



Once created, I added 4 policy routes for my 4 public ips :



And it worked !!!!

But i don't understand one thing : why is the destination address my lan2_subset and my translation address my wan 3? For me, I would have done the opposite : anything from lan 2 goes to wan 2 (you said that the policy route is to configure the local network to be able to connect to the internet). I would appreciate your explanation .

And now I can add my NAT & Firewall rules... and I have a last big issue and I'm finally set ! Great forum !

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Awesomeness, I might even treat myself to easter bunny chocolate.
I didnt know about virtual interfaces so I am happy as well. I was trying to figure out how you applied Static IPs.

I am not convinced you need four policy routers however.
In fact I think you can get away with Two as the primary one, that includes the WANIP for the router and includes LAN1 has one automatically assigned by the router in the background.

This would match up with your wan1:1 for lan1 and your wan1:2 for dmz. Why you called them that is funny I would have named then WAN1:2, WAN1:D

Why do you have TWO DMZ policy routes and TWO LAN2 policy routers. YOu only need one of each.

user: any
schedule: none
incoming: wan1:2
source: LAN2 subnet
destination: any
dscp
service: any
source port: any
next hop: auto
dscp marking:
snat: outgoing-interface

Substitute WAN1:D and DMZ subnet, for dmz policy route.

Crossing my fingers, legs and toes.
GogNav
join:2010-08-02

GogNav

Member

Well, I have actually 5 public ips I could use.

So I created 4 virtual interfaces (1 public ip is for the firewall), and I thought I could associate 2 publics ips for lan2 and 2 for dmz.

This way, I could have a NAT rule 109.xxx.xxx.3:80 -> 192.168.2.2 and 109.xxx.xxx.4:80 -> 192.168.2.3.

Isn't this possible ? If not, how can I use more than 3 public ip (the firewall, lan2 and the dmz) ?

But now nothing is working anymore. I have a fiber modem and I wanted to configure it in bridge mode. So I had to activate the pppoe on my firewall instead of my modem... and now everything is f%รง"* up
Algis
join:2013-06-05
NA

Algis to GogNav

Member

to GogNav
I'm trying to do something very similar to your situation, but it's missing "wanX" to be selected in SNAT column... How did you get them in there?
stewsutton
join:2013-07-22
Irvine, CA

stewsutton

Member

There is a good (short) tutorial posted as a PDF file here: »www.zyxel.se/upload/doc/ ··· rver.pdf