Portforwarding Multiple WAN IP - Strange Behavior

Started by c90k, June 13, 2024, 12:30:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 13, 2024, 12:30:06 PM
Hi There,

We have an ISP Connection with multiple WAN IPs.
I Set up the Main IP years ago and everything worked as expected.
Because we having some services where the same ports need to be open, i though it would be an idea to manage that using the other WAN IPs.
So i Added the 2 Virtual IPs.

Now the Strange thing - the "old" Portforwardings (Firewall -> NAT -> Portforwarding) are set to "WAN address", but the ports are also open on the Virtual IPs.

When i Set a new Portforwarding with Destination "Virual IP1" for example, the open port is only visible on the Virual IP as expected.
What setting i have to use for the "Main WAN IP" or what im Missing here in my configuration ?
I want the Ports only open on the desired WAN IPs.

Regards, Chris
June 13, 2024, 12:43:20 PM #1
WAN IP is an automatic alias that contains all addresses on the WAN interface.

You need to create manual aliases with just a single IP address each to use different port forward rules.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 13, 2024, 01:16:12 PM #2
Hi Patrick,

Thx. That was the solution i came across in the mean time.
I thought WAN adress would be the single WAN IP, WAN net would be all IPs.

A further question, idk if its right here in the topic:
How i can make an OpenVPN Server only available on one desired IP ?
I Set up the bind address to 127.0.0.1 and the nat rule according, but its not working

Regards Chris
June 13, 2024, 06:55:14 PM #3
That's how it's supposed to work. Please post your NAT rule if you need help.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 14, 2024, 07:58:44 AM #4
Hi,
Thats my Config
1.) VPN --> OpenVPN --> Instances (new)
Bind Adress: 127.0.0.1
(First Screenshot)


2.) Firewall: NAT: Portforwarding
Interface: WAN
TCP/IP v4
UDP
Source: GeoIP_Allow (GEO Ip Filtering)
Destination: desired WAN IP
Dest. Port: 1198
Dest. IP: 127.0.0.1
(second Screenshot)

What im Missing ?
June 14, 2024, 05:42:39 PM #5
What's the associated firewall rule set to? Try "pass" if you do not already.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 19, 2024, 08:10:39 AM #6
Sorry, missed your reply.

I cannot change or view the firewall rule in detail, probably because it was generated via the nat rule
But here

Print
Go Up Pages1
User actions