Two LAN zoned interfaces - ipv4 and ipv6 configuration

Thickness0448 · April 28, 2023, 2:44pm

So I have 2 interfaces, one for my server and one for the rest of my LAN. I had to split it this way because my ISP only assigns /64 ipv6 prefixes, and I wanted to assign one to my LAN and one to my server interface. This worked successfully, however, for ipv4, I want to have both interfaces under the same subnet (192.168.1.x) so that my LAN devices an easily reach my server and vice versa. Is this possible and if so, how would I go about doing this while still keeping the ipv6 configuration?

lleachii · April 28, 2023, 3:15pm

You're basically saying:

I want separate interfaces for IPv6, but the same interface for IPv4

?

That's not possible.

They don't have to be the same subnet to be "easily reached"
You could create a port forward so you can use it to NAT to an IP/port in the other subnet

You can use an non-existant RFC1918 [Private] IP that !=192.168.1.0/24 and that doesn't match the other range. When traffic destined for this his the router/firewall, it will NAT. You can use the router's 192.168.1.1 LAN IP, but that gets confusing.

Thickness0448 · April 28, 2023, 3:18pm

Sorry I don't get it. Can you explain this part a bit more please? Perhaps with an example?

krazeh · April 28, 2023, 3:27pm

Just put both LAN interfaces in the same firewall zone. Devices will be able to reach each other just fine. The only difficulty comes if you're using any sort of zero config discovery as that requires extra packages/config to be routed between subnets.

lleachii · April 28, 2023, 3:27pm

Assuming the server is HTTP (i.e. 80/tcp):

This uses http://192.168.1.1:8080 to NAT to 192.168.x.y:80 (assuming 192.168.1.1 is the IP of your router):

config redirect
        option target 'DNAT'
        option src 'lan'
        option proto 'tcp'
        option name 'HTTP'
        option dest 'lan2'
        option dest_ip '192.168.x.y' #<--IP of server
        option dest_port '80'
        option src_dport '8080'

That works too - assuming you want them to have the same traffic rules, etc (i.e. why they're likely in a different zone).

krazeh · April 28, 2023, 3:36pm

If the OP did want to keep them in different firewall zones then traffic rules for the appropriate ports, rather than NAT, would be the simpler solution.

lleachii · April 28, 2023, 3:48pm

Agreed, the need to use the same IP and NAT is unnecessary.

A traffic rule allowing the ports would suffice.

The rule was merely suggested to satisfy OP's desire.

Thickness0448 · April 28, 2023, 3:49pm

Thank you guys. My server is not only a webserver so I didn't want to deal with port configuration. Decided to just go with same firewall zone, different subnet. I thought it might be a problem because I thought some services on my clients were linked directly to the server IP, but it seems it's far less than I thought and should only be a few quick changes.

system · May 8, 2023, 3:50pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.