default router er-3 lite



  • So I was told by Frontier I need to add a default router on my first usable lan to my gateway ip on my wan side?

    How do I do that.



  • Correction I type too quick sometimes. I need to setup a default route . on port 2 on the er3 . to forward to the default gateway on the wan side.



  • I assume this ties off your other post?

    First you need to spell out what your IP config looks like from your provider.

    It sounds to me like you are hinting at having 2 routeable IP addresses.

    This is semi common in the fiber space, uncommon in other spaces, but is completely not a rare thing.



  • If you post more information, I could probably give you a valid example.



  • From a command line

    configure
    set protocols static route "port 2 ip address/subnet" next-hop "gateway ip address" distance '1'
    commit
    save
    exit
    

    Should do it, but I'd save the config before trying because I haven't actually tried this on a device myself yet.



  • @travisdh1 While that does specifically what the OP asked for, it does not mean it is the right thing to do.

    When dealing with routed subnets things can get complicated quickly for some.



  • So here is my information for my provider
    Your IP information:
    WAN/LAN CONFIG
    WAN: 107.xxx.xxx.xx/30
    LAN: 104.xxx.xxx.xxx/27
    GATEWAY FOR WAN AND LAN : 107.xxx.xxx.xx
    SUBNET FOR WAN : 255.255.255.252
    SUBNET FOR LAN : 255.255.255.224
    FIRST USABLE ADDRESS : 104.xxx.xxx.193

    So on my switch I am using a vlan 50 to connect all the public ips on my er -3 lite.

    I have the wan on eth0- dhcp address 10.x.x.x on eth1 and eth2-public ip 104.x.x.193.

    I was told from froniter that I have to create a default router within the router to forward over to the gateway ip address over to the lan side cause both wan/lan both us the same ip.

    Now I am running VM's using linux. and I have no internet once I configure the static ip cause I cant pink to the gateway ip. i can ping to the public ip but cant ping to the gateway.



  • Thank you very much what I had to do is add a static route and add a nat from eth2 to eth0 of outbound traffics

    Thank you again this is fixed.



  • What you setup works. Obviously, but this is what I meant by complicated.
    Because you misunderstand the terms WAN and LAN here.

    These are WAN and LAN from your ISP perspective.

    Typically you have a router from your ISP that has the /30 on its WAN and the /27 on the LAN side and they tell you that your usable IP is 104.X.X.194 - 104.X.X.222 with a gateway of 104.X.X.193 and you plug those addresses in your router as the WAN.

    In your case, there is no ISP router handling the hand off.
    In this scenario, what I do is setup the ERL WAN on the 107.X.X.X/30.
    Setup the LAN on my normal internal range 10.X.X.X/23
    With the default NAT in place.

    At this point all your traffic goes out what ever IP the 107.X.X.X/30 is.

    Then I craft SNAT and DNAT rules to handle my traffic for the various IP public addresses.



  • Here is an ER4 I have with this scenario.

    AT&T WAN: 12.X.X.70/30
    AT&T Gateway: 12.X.X.69/30
    AT&T Routed Block: 12.X.X.240/29 (My IP addresses)
    My LAN: 10.1.1.0/24

    Interface setup:

    interfaces {
        ethernet eth0 {
            address 12.X.X.70/30
            description "AT&T FIber"
            duplex full
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            speed 100
        }
        ethernet eth1 {
            address 10.1.1.1/24
            address 10.204.1.1/24
            description "St Charles LAN"
            duplex auto
            firewall {
                in {
                    name LAN_IN
                }
                local {
                    name LAN_LOCAL
                }
            }
            speed auto
            vif 5 {
                address 10.204.5.1/24
                description "Guest WiFi"
                mtu 1500
            }
        }
        ethernet eth2 {
            duplex auto
            speed auto
        }
        ethernet eth3 {
            duplex auto
            speed auto
        }
    }
    

    System:

    system {
        gateway-address 12.X.X.69
    }
    

    Service-> Nat:

       nat {
            rule 1 {
                description "Forward Telnet from Epicor"
                destination {
                    group {
                        address-group ATT242
                    }
                    port 23
                }
                inbound-interface eth0
                inside-address {
                    address 10.1.1.250
                    port 23
                }
                log enable
                protocol tcp
                source {
                    group {
                        address-group EpicorIPAddr
                    }
                }
                type destination
            }
            rule 2 {
                description "Forward RDP from Epicor"
                destination {
                    group {
                        address-group ATT242
                    }
                    port 3389
                }
                inbound-interface eth0
                inside-address {
                    address 10.1.1.12
                    port 3389
                }
                log enable
                protocol tcp
                source {
                    group {
                        address-group EpicorIPAddr
                    }
                }
                type destination
            }
            rule 3 {
                description "Allow SMTP from Google"
                destination {
                    group {
                        address-group ATT242
                    }
                    port 25
                }
                inbound-interface eth0
                inside-address {
                    address 10.1.1.5
                    port 25
                }
                log disable
                protocol tcp
                source {
                    group {
                        network-group Google_SMTP_Networks
                    }
                }
                type destination
            }
            rule 4 {
                description "Allow SMTP from Google"
                destination {
                    group {
                        address-group ATT242
                    }
                    port 587
                }
                inbound-interface eth0
                inside-address {
                    address 10.1.1.5
                    port 587
                }
                log disable
                protocol tcp
                source {
                    group {
                        network-group Google_SMTP_Networks
                    }
                }
                type destination
            }
            rule 5 {
                description "Inboud PBX traffic"
                destination {
                    group {
                        address-group PBX_Outside
                    }
                }
                inbound-interface eth0
                inside-address {
                    address 10.1.1.30
                }
                log disable
                protocol all
                source {
                    group {
                    }
                }
                type destination
            }
            rule 6 {
                description "Inbound Web Traffic"
                destination {
                    group {
                        address-group ATT242
                        port-group Web_Ports
                    }
                }
                inbound-interface eth0
                inside-address {
                    address 10.1.1.22
                }
                log disable
                protocol tcp
                source {
                    group {
                    }
                }
                type destination
            }
            rule 5900 {
                description "PBX Traffic"
                log disable
                outbound-interface eth0
                outside-address {
                    address 12.X.X.244
                }
                protocol all
                source {
                    group {
                        address-group PBX_Inside
                    }
                }
                type source
            }
            rule 5997 {
                description LAN
                log disable
                outbound-interface eth0
                outside-address {
                    address 12.X.X.242
                }
                protocol all
                source {
                    address 10.1.1.0/24
                    group {
                    }
                }
                type source
            }
            rule 5998 {
                description "Public WiFI"
                log disable
                outbound-interface eth0
                outside-address {
                    address 12.X.X.243
                }
                protocol all
                source {
                    address 10.204.5.0/24
                    group {
                    }
                }
                type source
            }
            rule 5999 {
                description "Default NAT Masquerade"
                log disable
                outbound-interface eth0
                protocol all
                type masquerade
            }
        }
    

    Firewall Groups:

    firewall {
        group {
            address-group ATT242 {
                address 12.X.X.242
                description "AT&T IP 242"
            }
            address-group ATT243 {
                address 12.X.X.243
                description "AT&T IP 243"
            }
            address-group EpicorIPAddr {
                address 159.66.236.224
                address 159.66.234.224
                description "Epicor IP Addresses"
            }
            address-group Exchange_Servers {
                address 10.1.1.5
                description "Internal Exchange Servers"
            }
            address-group Internal_Web {
                address 10.1.1.22
                description "Internal Webservers"
            }
            address-group PBX_Inside {
                address 10.1.1.30
                description "Phone System Internal IP"
            }
            address-group PBX_Outside {
                address 12.X.X.244
                description "Phone System External IP"
            }
            network-group Google_SMTP_Networks {
                description "Networks used by Google to send SMTP"
                network 216.239.32.0/19
                network 209.85.128.0/17
                network 173.194.0.0/16
                network 74.125.0.0/16
                network 72.14.192.0/18
                network 66.249.80.0/20
                network 66.102.0.0/20
                network 64.233.160.0/19
                network 64.18.0.0/20
                network 207.126.144.0/20
            }
            network-group Private_LAN {
                description "Private LAN Networks"
                network 10.204.0.0/16
            }
            port-group SMTP_Ports {
                description "Ports used for SMTP"
                port 25
                port 587
            }
            port-group Web_Ports {
                description "Inbound Web Ports"
                port 80
                port 443
            }
        }
    

Log in to reply