ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    default router er-3 lite

    IT Discussion
    3
    10
    562
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mroth911
      mroth911 last edited by

      So I was told by Frontier I need to add a default router on my first usable lan to my gateway ip on my wan side?

      How do I do that.

      1 Reply Last reply Reply Quote 0
      • mroth911
        mroth911 last edited by

        Correction I type too quick sometimes. I need to setup a default route . on port 2 on the er3 . to forward to the default gateway on the wan side.

        1 Reply Last reply Reply Quote 0
        • JaredBusch
          JaredBusch last edited by

          I assume this ties off your other post?

          First you need to spell out what your IP config looks like from your provider.

          It sounds to me like you are hinting at having 2 routeable IP addresses.

          This is semi common in the fiber space, uncommon in other spaces, but is completely not a rare thing.

          1 Reply Last reply Reply Quote 1
          • JaredBusch
            JaredBusch last edited by

            If you post more information, I could probably give you a valid example.

            1 Reply Last reply Reply Quote 0
            • travisdh1
              travisdh1 last edited by

              From a command line

              configure
              set protocols static route "port 2 ip address/subnet" next-hop "gateway ip address" distance '1'
              commit
              save
              exit
              

              Should do it, but I'd save the config before trying because I haven't actually tried this on a device myself yet.

              JaredBusch 1 Reply Last reply Reply Quote 0
              • JaredBusch
                JaredBusch @travisdh1 last edited by

                @travisdh1 While that does specifically what the OP asked for, it does not mean it is the right thing to do.

                When dealing with routed subnets things can get complicated quickly for some.

                1 Reply Last reply Reply Quote 1
                • mroth911
                  mroth911 last edited by

                  So here is my information for my provider
                  Your IP information:
                  WAN/LAN CONFIG
                  WAN: 107.xxx.xxx.xx/30
                  LAN: 104.xxx.xxx.xxx/27
                  GATEWAY FOR WAN AND LAN : 107.xxx.xxx.xx
                  SUBNET FOR WAN : 255.255.255.252
                  SUBNET FOR LAN : 255.255.255.224
                  FIRST USABLE ADDRESS : 104.xxx.xxx.193

                  So on my switch I am using a vlan 50 to connect all the public ips on my er -3 lite.

                  I have the wan on eth0- dhcp address 10.x.x.x on eth1 and eth2-public ip 104.x.x.193.

                  I was told from froniter that I have to create a default router within the router to forward over to the gateway ip address over to the lan side cause both wan/lan both us the same ip.

                  Now I am running VM's using linux. and I have no internet once I configure the static ip cause I cant pink to the gateway ip. i can ping to the public ip but cant ping to the gateway.

                  1 Reply Last reply Reply Quote 0
                  • mroth911
                    mroth911 last edited by

                    Thank you very much what I had to do is add a static route and add a nat from eth2 to eth0 of outbound traffics

                    Thank you again this is fixed.

                    1 Reply Last reply Reply Quote 1
                    • JaredBusch
                      JaredBusch last edited by JaredBusch

                      What you setup works. Obviously, but this is what I meant by complicated.
                      Because you misunderstand the terms WAN and LAN here.

                      These are WAN and LAN from your ISP perspective.

                      Typically you have a router from your ISP that has the /30 on its WAN and the /27 on the LAN side and they tell you that your usable IP is 104.X.X.194 - 104.X.X.222 with a gateway of 104.X.X.193 and you plug those addresses in your router as the WAN.

                      In your case, there is no ISP router handling the hand off.
                      In this scenario, what I do is setup the ERL WAN on the 107.X.X.X/30.
                      Setup the LAN on my normal internal range 10.X.X.X/23
                      With the default NAT in place.

                      At this point all your traffic goes out what ever IP the 107.X.X.X/30 is.

                      Then I craft SNAT and DNAT rules to handle my traffic for the various IP public addresses.

                      1 Reply Last reply Reply Quote 0
                      • JaredBusch
                        JaredBusch last edited by JaredBusch

                        Here is an ER4 I have with this scenario.

                        AT&T WAN: 12.X.X.70/30
                        AT&T Gateway: 12.X.X.69/30
                        AT&T Routed Block: 12.X.X.240/29 (My IP addresses)
                        My LAN: 10.1.1.0/24

                        Interface setup:

                        interfaces {
                            ethernet eth0 {
                                address 12.X.X.70/30
                                description "AT&T FIber"
                                duplex full
                                firewall {
                                    in {
                                        name WAN_IN
                                    }
                                    local {
                                        name WAN_LOCAL
                                    }
                                }
                                speed 100
                            }
                            ethernet eth1 {
                                address 10.1.1.1/24
                                address 10.204.1.1/24
                                description "St Charles LAN"
                                duplex auto
                                firewall {
                                    in {
                                        name LAN_IN
                                    }
                                    local {
                                        name LAN_LOCAL
                                    }
                                }
                                speed auto
                                vif 5 {
                                    address 10.204.5.1/24
                                    description "Guest WiFi"
                                    mtu 1500
                                }
                            }
                            ethernet eth2 {
                                duplex auto
                                speed auto
                            }
                            ethernet eth3 {
                                duplex auto
                                speed auto
                            }
                        }
                        

                        System:

                        system {
                            gateway-address 12.X.X.69
                        }
                        

                        Service-> Nat:

                           nat {
                                rule 1 {
                                    description "Forward Telnet from Epicor"
                                    destination {
                                        group {
                                            address-group ATT242
                                        }
                                        port 23
                                    }
                                    inbound-interface eth0
                                    inside-address {
                                        address 10.1.1.250
                                        port 23
                                    }
                                    log enable
                                    protocol tcp
                                    source {
                                        group {
                                            address-group EpicorIPAddr
                                        }
                                    }
                                    type destination
                                }
                                rule 2 {
                                    description "Forward RDP from Epicor"
                                    destination {
                                        group {
                                            address-group ATT242
                                        }
                                        port 3389
                                    }
                                    inbound-interface eth0
                                    inside-address {
                                        address 10.1.1.12
                                        port 3389
                                    }
                                    log enable
                                    protocol tcp
                                    source {
                                        group {
                                            address-group EpicorIPAddr
                                        }
                                    }
                                    type destination
                                }
                                rule 3 {
                                    description "Allow SMTP from Google"
                                    destination {
                                        group {
                                            address-group ATT242
                                        }
                                        port 25
                                    }
                                    inbound-interface eth0
                                    inside-address {
                                        address 10.1.1.5
                                        port 25
                                    }
                                    log disable
                                    protocol tcp
                                    source {
                                        group {
                                            network-group Google_SMTP_Networks
                                        }
                                    }
                                    type destination
                                }
                                rule 4 {
                                    description "Allow SMTP from Google"
                                    destination {
                                        group {
                                            address-group ATT242
                                        }
                                        port 587
                                    }
                                    inbound-interface eth0
                                    inside-address {
                                        address 10.1.1.5
                                        port 587
                                    }
                                    log disable
                                    protocol tcp
                                    source {
                                        group {
                                            network-group Google_SMTP_Networks
                                        }
                                    }
                                    type destination
                                }
                                rule 5 {
                                    description "Inboud PBX traffic"
                                    destination {
                                        group {
                                            address-group PBX_Outside
                                        }
                                    }
                                    inbound-interface eth0
                                    inside-address {
                                        address 10.1.1.30
                                    }
                                    log disable
                                    protocol all
                                    source {
                                        group {
                                        }
                                    }
                                    type destination
                                }
                                rule 6 {
                                    description "Inbound Web Traffic"
                                    destination {
                                        group {
                                            address-group ATT242
                                            port-group Web_Ports
                                        }
                                    }
                                    inbound-interface eth0
                                    inside-address {
                                        address 10.1.1.22
                                    }
                                    log disable
                                    protocol tcp
                                    source {
                                        group {
                                        }
                                    }
                                    type destination
                                }
                                rule 5900 {
                                    description "PBX Traffic"
                                    log disable
                                    outbound-interface eth0
                                    outside-address {
                                        address 12.X.X.244
                                    }
                                    protocol all
                                    source {
                                        group {
                                            address-group PBX_Inside
                                        }
                                    }
                                    type source
                                }
                                rule 5997 {
                                    description LAN
                                    log disable
                                    outbound-interface eth0
                                    outside-address {
                                        address 12.X.X.242
                                    }
                                    protocol all
                                    source {
                                        address 10.1.1.0/24
                                        group {
                                        }
                                    }
                                    type source
                                }
                                rule 5998 {
                                    description "Public WiFI"
                                    log disable
                                    outbound-interface eth0
                                    outside-address {
                                        address 12.X.X.243
                                    }
                                    protocol all
                                    source {
                                        address 10.204.5.0/24
                                        group {
                                        }
                                    }
                                    type source
                                }
                                rule 5999 {
                                    description "Default NAT Masquerade"
                                    log disable
                                    outbound-interface eth0
                                    protocol all
                                    type masquerade
                                }
                            }
                        

                        Firewall Groups:

                        firewall {
                            group {
                                address-group ATT242 {
                                    address 12.X.X.242
                                    description "AT&T IP 242"
                                }
                                address-group ATT243 {
                                    address 12.X.X.243
                                    description "AT&T IP 243"
                                }
                                address-group EpicorIPAddr {
                                    address 159.66.236.224
                                    address 159.66.234.224
                                    description "Epicor IP Addresses"
                                }
                                address-group Exchange_Servers {
                                    address 10.1.1.5
                                    description "Internal Exchange Servers"
                                }
                                address-group Internal_Web {
                                    address 10.1.1.22
                                    description "Internal Webservers"
                                }
                                address-group PBX_Inside {
                                    address 10.1.1.30
                                    description "Phone System Internal IP"
                                }
                                address-group PBX_Outside {
                                    address 12.X.X.244
                                    description "Phone System External IP"
                                }
                                network-group Google_SMTP_Networks {
                                    description "Networks used by Google to send SMTP"
                                    network 216.239.32.0/19
                                    network 209.85.128.0/17
                                    network 173.194.0.0/16
                                    network 74.125.0.0/16
                                    network 72.14.192.0/18
                                    network 66.249.80.0/20
                                    network 66.102.0.0/20
                                    network 64.233.160.0/19
                                    network 64.18.0.0/20
                                    network 207.126.144.0/20
                                }
                                network-group Private_LAN {
                                    description "Private LAN Networks"
                                    network 10.204.0.0/16
                                }
                                port-group SMTP_Ports {
                                    description "Ports used for SMTP"
                                    port 25
                                    port 587
                                }
                                port-group Web_Ports {
                                    description "Inbound Web Ports"
                                    port 80
                                    port 443
                                }
                            }
                        
                        1 Reply Last reply Reply Quote 3
                        • First post
                          Last post