Posted: Thu Jul 31, 2008 11:58 Post subject: one router (WRT54GL), mutiple WAN IP, one server
Hello!
I am having a problem here. My setup currently looks like this:
DSL modem is directly connected to WAN port on WRT54GL v1.1 router (DD-WRT v24 SP1, but can be downgraded to v23 SP2), then one server machine and two workstations are directly attached on the router over the 3 of 4 LAN ports.
The goal on the workstation is to enable basic functionality of the internet (browsing, p2p, email...) and this currently works excelent and no problems whatsoever.
Now i am trying to connect a new server machine which will host multiple web sites (two for start) that will have totaly different domains attached to it (with SSL support <- that's the trouble).
My ISP granted me two static IP addresses (for now, mybe more in the future). One one static IP are both the workstations (because of the p2p). On the second IP will be only the web server. What i am trying to do is to have besides one WAN IP for the workstations also more WAN IP's for the webserver (one physical machine, one NIC) over one router and one DSL modem (one wire).
I was experimenting a bit with ifconfig (from the other tutorials) but the result was only that the IP was pingable only local, but not from the internet. There is also one possibility that my ISP allows only one IP per one MAC address. Is that a problem? I am trying to avoid buying another router for every additional WAN IP address.
God i wish DD-WRT would support somehing like this over the web interface (radio buttons and input fields). :)
I also experimented with this script i found here on the forum
Joined: 08 Jun 2006 Posts: 81 Location: Salamanca, Spain, Europe.
Posted: Thu Jul 31, 2008 13:45 Post subject:
A WRT54GL seems a little shallow for routing for a server... I guess you intend to do just light use, right?
Anyway... it sure would be nice to have a "multiple WAN IP" web interface version of DD-WRT or something like that, but I'm sure that there isn't enough demand, so I guess you'll have to do it manually.
Oh, and does anyone know if IPv6 is fixed in v24 SP1? _________________ WRT54GL now using Tomato
Well WRT54GL will be handling all the connections for now. Lightweight... Well, yes. I think the traffic that the webserver will have will be from 10 to 30 connections per minute. I think it can handle that much, can it?
It defenetly can. However I'm not sure if you can use multi-WAN scripts with web servers. Remember that the way DD-WRT handles traffic differently than your average router. It might be more challenging to do what you want (and you'll probably loose the normal functionality - NAT for the LAn - in the process). _________________ Q: How do I do ...? A: Read the tutorials or Search forums
There is also the possibility to attach the server nic directly on the modem over the separate switch. I know that i then lose the QOS and the firewall.
First i must build the server, then i'l see and maybe refer back to this thread.
Actualy i found some code that seems to do the trick...
Code:
ip addr add <server wan ip>
iptables -t nat -I POSTROUTING 1 -p all -s <server lan ip> -j SNAT --to <server wan ip>
iptables -t nat -A PREROUTING -p tcp -d <server wan ip> --dport 80 -j DNAT --to-destination <server lan ip>:<server port>
iptables -I FORWARD -p tcp -d <server lan ip> --dport <server port> -j ACCEPT
Posted: Thu Aug 14, 2008 6:14 Post subject: correct
I have a similar setup and have figured out a configuration that works.
I have 4 static IP addresses, 1 modem, 1 5 port switch and 2 routers.
What I did, was hook the modem ethernet wire to the switch and then plugged one server directly into the switch also(which gives my server direct static IP address assigning and access to the internet), both routers are plugged into the switch with each assigned a seperate static IP address to it's WAN port. I then have 1 server (two total) plugged into each router, with NAT forwarding for port 80 and other ports to each server depending on the servers purpose. The IPs I have assigned to the servers is a private 192.168.x.x or 10.10.x.x .
The reason for this setup is, the two internal servers I need to have as hidden as possible from drive by internet port scanners.
The server that's plugged into the switch, has the capability of having multiple IP addresses assigned to it, but it doesn't have the extra protection of a dd-wrt router.
So far it works great.
I would eventually like to replace my modem with one that can monitor bandwidth for all DSL traffic. I'm not even sure this is possible though.