This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

4 external interfaces - ip passthorugh

Hi,

 

I just added 4port NIC to my Home Sophos and came up with idea to occupy all four ports on my cable modem. This worked as i have four different external IPs but i'm getting other issues.

I want to give External (WAN) #2 IP to a Plex server (192.168.0.3) that runs in Internal Network (br0). It is an ESX server so other server are sharing same cable.

First thing i configured is DynamicDNS on External (WAN) #2 but "No update has been attempted since" because of (i think) it is not a "Default IPv4 gateway"

So next thing i enabled the gate on the second interace but Sophos told me you can have only one and in this case it will enable uplink balancing. 

Then i created Masquerading rule (on the top) "from Plex to External (WAN) #2" and added DNAT rule "from Any to External (WAN) #2 change to Plex"

This didn't work either and still "no update has been attempted" on DynamicDNS for External (WAN) #2

 

Is there any other way to do this?

As this is a domestic broadband i wasn't asigned any extra IPs by ISP

 

Kind regards,

Andrzej



This thread was automatically locked due to age.
  • Hi Andrzej,

    Since you don't "own" those other public IPs, there's no point in trying to use them - even if you add the same default gateway as your public IP, your ISP's last-hop router won't route the return traffic to you.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    I will clarify this. My ISP allows to connect up to 10 devices to the cable modem/router. The device itself can operate it two modes - as a router or as a modem.

    Modem mode will assign Public IP to any connected device.  The picture above shows all interface configured to obtain an IP through DHCP.

    In this case it looks like i'm having four different ISPs connected (every WAN interface has IP on a different network) to my Sophos firewall and i want some of the hosts go through a specific IP. Creating a Multipath rule doesn't seem to work.  

    If i create uplink balancing i can see traffic is going through other interfaces. Same with DNAT. If i create a DNAT rule on the WAN2 interface and point it ot Plex server it will be acessible via Public IP and this could be the the only solution for me.

     

    What i want to achieve is to have:

    - my home network on WAN #1 interface

    - Plex server on WAN #2 interface

    - Wifi network on WAN#3 interface

    - servers network on WAN #4 interface

     

    Thanks

    Andrzej

     

     

  • I've not ever seen an ISP offer anything like that for residential use, Andrzej.  I'm suspicious that it doesn't work the way you think it does because no default gateways were defined for the other IPs.  Are you able to ping the IP on any interface other than External from your phone connected to the Internet through LTE?

    In any case, I just noticed that your ISP suffers from the infamous MTU 576 bug.  You will want to Edit each Interface definition and change that to 1500 or the value recommended by your ISP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • BAlfson said:

    I've not ever seen an ISP offer anything like that for residential use, Andrzej.

    I checked another cable modem from another provider in another country and it works the same way.

    Connected cables to modem, enabled "Modem" mode, rebooted the modem, all devices connected have external IP.

     

    BAlfson said:

    I'm suspicious that it doesn't work the way you think it does because no default gateways were defined for the other IPs

    Isn't that normal behaviour? Once i tick the "Default IPv4 gateway" box i get this:

    So i click OK and the "Uplink balancing" gets enabled. I googled whats my IP and it showed IP from the second interface.

     

    BAlfson said:

    Are you able to ping the IP on any interface other than External from your phone connected to the Internet through LTE?

    Yes, i am and as i mentioned in my previous post after creating DNAT rule "External (WAN) #2 -> any port -> plex" i can browse my plex server from my phone.

     

     

    BAlfson said:

    In any case, I just noticed that your ISP suffers from the infamous MTU 576 bug.  You will want to Edit each Interface definition and change that to 1500 or the value recommended by your ISP. 

    Thanks. Was aware of low MTU but didn't have time to google it.

  • BAlfson said:
    In any case, I just noticed that your ISP suffers from the infamous MTU 576 bug.  You will want to Edit each Interface definition and change that to 1500 or the value recommended by your ISP.

    Tried to fix it today and it doesn't seem to work. Whenever i change the MTU to 1500 it automatically falls back to 576: (eth0 is connected directly to Cable Modem)

    2019:06:17-18:28:39 utm [daemon:info] dhcp_updown[1003]: eth0 - reason:STOP
    2019:06:17-18:28:39 utm [daemon:info] irqd[6236]: eth0 ether 74:4b:e9:00:e0:25 <broadcast,multicast> group 0
    2019:06:17-18:28:39 utm [daemon:info] irqd[6236]: eth0: down
    2019:06:17-18:28:39 utm [daemon:info] irqd[6236]: eth0 ether 74:4b:e9:00:e0:25 <broadcast,multicast> group 0
    2019:06:17-18:28:40 utm [daemon:info] irqd[6236]: eth0 ether 74:4b:e9:00:e0:25 <broadcast,multicast,up> group 0
    2019:06:17-18:28:40 utm [daemon:info] irqd[6236]: eth0: detected 1 queue(s), 'network' cpuset
    2019:06:17-18:28:40 utm [daemon:info] irqd[6236]: eth0:0: affinity irq=0xc rps/xps=0xc
    2019:06:17-18:28:40 utm [daemon:info] irqd[6236]: eth0: up
    2019:06:17-18:28:42 utm [daemon:info] irqd[6236]: eth0 ether 74:4b:e9:00:e0:25 <broadcast,multicast,up,running,lowerup> group 0
    2019:06:17-18:28:47 utm [daemon:info] nwd[5295]: Reloading Config
    2019:06:17-18:28:47 utm [daemon:info] nwd[5295]: Waiting for MDW cycle to end
    2019:06:17-18:28:50 utm [daemon:info] dhcp_updown[1135]: eth0 - reason:PREINIT
    2019:06:17-18:28:50 utm [daemon:info] dhcp_updown[1140]: eth0 - reason:REBOOT
    2019:06:17-18:28:50 utm [daemon:info] dhcp_updown[1140]: eth0 - Installing IPv4 address: xx.xxx.xxx.xx/255.255.254.0
    2019:06:17-18:28:50 utm [daemon:info] dhcp_updown[1140]: eth0 - new MTU is 576, current MTU is 1500)
    2019:06:17-18:28:50 utm [daemon:info] irqd[6236]: eth0 ether 74:4b:e9:00:e0:25 <broadcast,multicast,up,running> group 0
    2019:06:17-18:28:50 utm [daemon:info] irqd[6236]: eth0 ether 74:4b:e9:00:e0:25 <broadcast,multicast,up> group 0
    2019:06:17-18:28:50 utm [daemon:info] dhcp_updown[1140]: MTU for interface eth0 changed to 576
    2019:06:17-18:28:54 utm [daemon:info] irqd[6236]: eth0 ether 74:4b:e9:00:e0:25 <broadcast,multicast,up,running,lowerup> group 0
    2019:06:17-18:28:57 utm [daemon:info] nwd[5295]: Reloading Config
    2019:06:17-18:28:57 utm [daemon:info] nwd[5295]: Interface eth0 is up but link is down
    2019:06:17-18:28:57 utm [daemon:info] nwd[5295]: Interface eth0 has link down
    2019:06:17-18:28:58 utm [daemon:info] dhcp_updown[1288]: eth0 - reason:STOP
    2019:06:17-18:28:59 utm [daemon:info] dhcp_updown[1301]: eth0 - reason:PREINIT
    2019:06:17-18:28:59 utm [daemon:info] dhcp_updown[1320]: eth0 - reason:REBOOT
    2019:06:17-18:28:59 utm [daemon:info] dhcp_updown[1320]: eth0 - Installing IPv4 address: xx.xxx.xxx.xx/255.255.254.0
    2019:06:17-18:28:59 utm [daemon:info] nwd[5295]: Reloading Config
    2019:06:17-18:28:59 utm [daemon:info] nwd[5295]: Waiting for MDW cycle to end
    2019:06:17-18:29:09 utm [daemon:info] nwd[5295]: Interface eth0 is up and link is back up
    2019:06:17-18:29:09 utm [daemon:info] nwd[5295]: Interface eth0 is up and link is back up
    2019:06:17-18:29:09 utm [daemon:info] nwd[5295]: Interface eth0 is up but link is down
    2019:06:17-18:29:09 utm [daemon:info] nwd[5295]: Interface eth0 has link down
    2019:06:17-18:29:10 utm [daemon:info] dhcp_updown[1561]: eth0 - reason:STOP
    2019:06:17-18:29:11 utm [daemon:info] dhcp_updown[1573]: eth0 - reason:PREINIT
    2019:06:17-18:29:11 utm [daemon:info] dhcp_updown[1592]: eth0 - reason:REBOOT
    2019:06:17-18:29:11 utm [daemon:info] dhcp_updown[1592]: eth0 - Installing IPv4 address: xx.xxx.xxx.xx/255.255.254.0
    2019:06:17-18:29:11 utm [daemon:info] nwd[5295]: Reloading Config
    2019:06:17-18:29:11 utm [daemon:info] nwd[5295]: Waiting for MDW cycle to end
    2019:06:17-18:29:21 utm [daemon:info] nwd[5295]: Interface eth0 is up and link is back up

     

    This doesn't happen on Ubuntu 16.04 and openSUSE: (eth1 is vSwitch connected directly to cable modem)

     

     

    Kind regards,

    Andrzej

  • "So i click OK and the "Uplink balancing" gets enabled. I googled whats my IP and it showed IP from the second interface."

    Yes, Uplink Balancing, by default, will send traffic out balanced over the active interfaces.

    It's still not clear to me what you gain by doing what you're doing.  In any case, I know my home ISP would notice if I leased more than one public IP at a time and would insist on billing me for the additional IPs.  Good luck with this Andrzej!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA