Siteexperts
New Around Here
I am migrating from a very old DLINK DFN-300 router b/c of port-forwarding issues. I want to use my Asus AC66U as a replacement. From what I have read, configuring multiple static IPs and port forwarding should not be that difficult but unfortunately I have not seen any step-by-step guide and am a little at a loss. In the DLINK, this was all managed via the GUI.
Below is an explanation of our setup (pseudo-code which hopefully summarizes follows)
I have DHCP disabled and have a static IP on the router (no issue configuring this)
I have 5 static IPs. On the DLINK Router; I have 2 isolated zones (a DMZ for public-facing servers and the internal zone; DMZ zone was still firewalled with only port 80, 443 and a few other ports open). In the DMZ zone, 4 of the IP addresses were mapped to 4 internal IP addresses. In the DLINK UI for the DMZ zone, I created a "Virtual Server" for each public IP that had routed the opened port to an internal server virtual IP. In the DMZ zone, the router has a static IP address (e.g., 192.168.1.1).
For the internal zone, the router has a different static IP address (e.g., 10.0.1.1). All machines behind the internal zone are services via another DHCP/ DNS server (all that is configured fine). We have one VPN server that we need to map to the last IP address. In DLINK, we merely mapped the external static IP to the fixed static IP of the VPN machine (e.g., 10.0.1.5) and then opened up the necessary ports.
So when looking at the ports on the router; we have the WAN port being used to connect to our service provider, and one LAN port being used to service the firewalled public (DMZ) zone, and another LAN port being used to server our firewalled internal zone. We connect each of the LAN ports to a switch that connects to each computer/server.
I am assuming I need to create a boot script that sets all this up. In pusedo-code I believe I am trying to accomplish this:
create zone 1 and attach to port 1
define static IP address for router (gateway) in zone 1
map static IP 1 xxx.xxx.xxx.xxx to internal IP 192.xxx.xxx.xxx
map static IP 2 xxx.xxx.xxx.xxx to internal IP 192.xxx.xxx.xxx
map static IP 3 xxx.xxx.xxx.xxx to internal IP 192.xxx.xxx.xxx
map static IP 4 xxx.xxx.xxx.xxx to internal IP 192.xxx.xxx.xxx
forward IP 1 port 80 to mapped IP 1
forward IP 2 TCP 80 to mapped IP 2
forward IP 3 TCP 80 to mapped IP 3
forward IP 4 TCP 80 to mapped IP4
forward IP 1 UDP 3389 to mapped IP 1
create zone 2 and attach to port 2
define static IP address for router (gateway) in zone 2
map static IP 5 xxx.xxx.xxx.xxx to internal IP 10.xxx.xxx.xxx
/* All other machines will get DHCP addresses with the router IP as the gateway- assume this requires no extra config */
forward IP 5 UDP 500 to internal IP
forward IP 5 UDP 4500 to internal IP
/* Anything else for L2TP? */
forward IP 5 UDP 3389 to internal IP // temporary for term server
Any help with the above would be greatly appreciated.
Thanks!
Below is an explanation of our setup (pseudo-code which hopefully summarizes follows)
I have DHCP disabled and have a static IP on the router (no issue configuring this)
I have 5 static IPs. On the DLINK Router; I have 2 isolated zones (a DMZ for public-facing servers and the internal zone; DMZ zone was still firewalled with only port 80, 443 and a few other ports open). In the DMZ zone, 4 of the IP addresses were mapped to 4 internal IP addresses. In the DLINK UI for the DMZ zone, I created a "Virtual Server" for each public IP that had routed the opened port to an internal server virtual IP. In the DMZ zone, the router has a static IP address (e.g., 192.168.1.1).
For the internal zone, the router has a different static IP address (e.g., 10.0.1.1). All machines behind the internal zone are services via another DHCP/ DNS server (all that is configured fine). We have one VPN server that we need to map to the last IP address. In DLINK, we merely mapped the external static IP to the fixed static IP of the VPN machine (e.g., 10.0.1.5) and then opened up the necessary ports.
So when looking at the ports on the router; we have the WAN port being used to connect to our service provider, and one LAN port being used to service the firewalled public (DMZ) zone, and another LAN port being used to server our firewalled internal zone. We connect each of the LAN ports to a switch that connects to each computer/server.
I am assuming I need to create a boot script that sets all this up. In pusedo-code I believe I am trying to accomplish this:
create zone 1 and attach to port 1
define static IP address for router (gateway) in zone 1
map static IP 1 xxx.xxx.xxx.xxx to internal IP 192.xxx.xxx.xxx
map static IP 2 xxx.xxx.xxx.xxx to internal IP 192.xxx.xxx.xxx
map static IP 3 xxx.xxx.xxx.xxx to internal IP 192.xxx.xxx.xxx
map static IP 4 xxx.xxx.xxx.xxx to internal IP 192.xxx.xxx.xxx
forward IP 1 port 80 to mapped IP 1
forward IP 2 TCP 80 to mapped IP 2
forward IP 3 TCP 80 to mapped IP 3
forward IP 4 TCP 80 to mapped IP4
forward IP 1 UDP 3389 to mapped IP 1
create zone 2 and attach to port 2
define static IP address for router (gateway) in zone 2
map static IP 5 xxx.xxx.xxx.xxx to internal IP 10.xxx.xxx.xxx
/* All other machines will get DHCP addresses with the router IP as the gateway- assume this requires no extra config */
forward IP 5 UDP 500 to internal IP
forward IP 5 UDP 4500 to internal IP
/* Anything else for L2TP? */
forward IP 5 UDP 3389 to internal IP // temporary for term server
Any help with the above would be greatly appreciated.
Thanks!
