Multiple public IPs on WAN

weceh14251 · June 18, 2020, 11:48am

The IP address that was issued by WAN2 still applies to all connected devices.

config redirect                                           
        option name 'Rewrite secondary WAN IP to LAN host'
        option proto 'all'                                
        option src 'wan'                                  
        option src_dip '**.***.**.223'  # WAN2 ip
        option dest_ip '192.168.1.229'  #  LAN ip
        option target 'DNAT'                              
                                                          
config nat                                                
        option name 'Rewrite LAN host to secondary WAN IP'
        option src 'wan'              
        option src_ip '192.168.1.229'     # LAN ip
        option snat_ip '**.***.**.223'   # WAN2 ip
        option target 'SNAT'   
        list proto 'all'

jow · June 18, 2020, 11:52am

I am not sure what you mean with "applies to all connected devices". Do you mean it is used as source IP for outgoing traffic?

In your "wan2" interface, advanced settings uncheck both "Use default gateway" and "Use DNS servers advertised by peer". See if it solves it.

You can also replace '**.***.**.223' with a literal wan2 in the firewall rules. This way the IP should be automatically derived from the interface so you do not need to update the config in case it ever changes.

weceh14251 · June 18, 2020, 12:00pm

I mean, the IP address applies to all devices (including PCs, phones), but I only need to apply it to one device connected to the router.

When I uncheck "Use default gateway" the Internet connection is lost.

jow · June 18, 2020, 12:02pm

Yeah, likely because the WAN2 default route overwrote the WAN one and now after disabling it you have none. Either try reconnecting WAN after disabling the default gateway on WAN2 or reboot the entire router.

weceh14251 · June 18, 2020, 12:10pm

Yeah, it helped. Thank you very much!

weceh14251 · June 18, 2020, 12:24pm

For some reason, open port 80 stopped working.

config redirect             
        option target 'DNAT'     
        option name 'HTTP'
        option src_dport '80'
        option dest 'lan'
        option dest_ip '192.168.1.229'
        option dest_port '80'
        option src 'wan'

jow · June 18, 2020, 12:29pm

Yeah... that is likely caused by the other SNAT rule rewriting all outgoing traffic from 192.168.1.229 to your other *.*.*.223 WAN IP, due to that all ports forwards from the primary WAN IP to this LAN host will likely fail.

There is no good clean solution to this I can think of. If you don't care whether your 192.168.1.229 LAN host uses the primary or secondary WAN IP for internet browsing you could try disabling/removing the SNAT rule.

weceh14251 · June 18, 2020, 4:23pm

As a final result, all ports became active after an additional restart of firewall and network services. Everything's working steadily now.

Thanks to everyone who helped!

system · July 1, 2020, 5:50pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.