Multiple public static IP addresses not working

Forum » Discussions / General » Multiple public static IP addresses not working

Started by:

James J Dempsey
Date: 22 May 2014 22:16
Number of posts: 2

RSS: New posts

Summary:

It works for one address, and not the other.

Unfold All Fold All More Options

Fold

Multiple public static IP addresses not working

James J Dempsey 22 May 2014 22:16

I'm trying to get my tomato installation working with one address for the router (say 123.124.125.50) and two other public IP addresses for different servers on the LAN (say 123.124.125.51 and 123.124.125.52).

The problem is that ssh'ing in from outside works for one IP address (123.124.125.52) and not the other (123.124.125.51).

Details:

I have followed the instructions in the setup-multiple-static-public-ips tutorial. (It won't let me post the actual link to it.)

Here is my Firewall script: (addresses changed to protect the innocent)

/usr/sbin/ip addr add 123.124.125.51/24 dev vlan1 
/usr/sbin/ip addr add 123.124.125.52/24 dev vlan1

/usr/sbin/iptables -t nat -I PREROUTING -d 123.124.125.51 -j DNAT --to-destination 192.168.1.26
/usr/sbin/iptables -t nat -I PREROUTING -d 123.124.125.52 -j DNAT --to-destination 192.168.1.30

/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.26 --dport 22 -j ACCEPT
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.30 --dport 22 -j ACCEPT

/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.26 -j SNAT --to 123.124.125.51
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.30 -j SNAT --to 123.124.125.52

I can tell that the vlan is setup:

root@fw:/tmp/home/root# ip addr show vlan1
5: vlan1@eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500 qdisc noqueue 
    link/ether 40:16:e7:5a:e5:30 brd ff:ff:ff:ff:ff:ff
    inet 123.124.125.51/24 scope global vlan1
    inet 123.124.125.52/24 scope global secondary vlan1
root@fw:/tmp/home/root#

I can tell that the iptables rules are in place for port 22:

root@fw:/tmp/home/root# iptables -L|egrep '192.168.1.30|192.168.1.26'
ACCEPT     tcp  --  anywhere             192.168.1.30           tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             192.168.1.26           tcp dpt:ssh 
root@fw:/tmp/home/root#

The public IP addresses work fine because everything works if I swap in my old router.
Similarly, the ssh servers work because it works fine with my old router.
Nothing appears in the router log when the incoming ssh fails.
My actual configuration has more forwarded ports besides ssh(22) and they also work for the one IP and not for the other.

My hardware is an Asus RT-N66U and my tomato version is (shibby) tomato-K26USB-1.28.RT-N5x-MIPSR2-117-AIO-64K.

I sure would appreciate any insight into the problem.

Thanks,

— Jim —

Options

Unfold Multiple public static IP addresses not working by

James J Dempsey, 22 May 2014 22:16

Fold

Re: Multiple public static IP addresses not working

James J Dempsey 23 May 2014 14:27

A followup with additional information:

Sometimes this results in neither host working, not just one.

Perhaps more telling: for a host that doesn't work for incoming connections, outgoing also fail. I.e. ssh outbound just times out.

Options

Unfold Re: Multiple public static IP addresses not working by

James J Dempsey, 23 May 2014 14:27

New Post

TomatoUSB

Unleash your router