Hello!
I am trying to add a new Virtual IP to my DMZ and stuck in configuration.
Unfortunately there are not much information about how to set it up.
I'd appreciate any advice.
I have two WAN IPs which I am allowed to use: x.x.x.114/29 and x.x.x.115/29 These both use the same Gateway.
I have two networks: 172.17.17.0/24 - LAN and 172.17.18.0/24 - DMZ
I'd like my LAN to access the Internet and be accessible (certain ports via port forward) only via x.x.x.114/29 and my DMZ to access the Internet and be accessible only via x.x.x.115/29
I bet this is the simplest possible setup with VirtulaIPs, but I have no idea how to configure it.
Thank you!
This is actually not the simplest setup.
Port forwardings incoming do that automatically, the same source is used for the answer as is used for the original request.
The outgoing communication, by default, is via one IP, so if you want to have a different source IP for some subset of internal networks, you need to have an additional NAT rule for those.
The problem was an external firewall blocking the traffic on the second IP...
Otherwise the setup quite straightforward:
1. Define a new Virtual IP.
2. Switch NAT to Hybrid mode
3. Define a new Outbound NAT rule: Source = DMZ net; NAT address - second, Virtual IP
That setup works fine so far