Quote:
Originally Posted by qasdfdsaq
Yeah, the heading up the infrastructure team at my last workplace had his email signature as his name followed by MSc PhD CEng MBCS CITP. Those are the sorts of people I learned from :P
Nonetheless, forwarding from multiple IPs should work just fine on the Draytek (I say should as in it not working is probably not intentional) but I know for sure they work fine on Openwrt.
If you were any nearer I'd offer to install an Openwrt system for you as an externalsubcontractor
|
Aha, yes unfortunately this being a small company, we don't have anyone nearly that qualified. I was meant to be just a programmer, then one of our servers (that someone else set up years ago, nobody remembers who or when) died and I was about the only one who had an inkling as to what happened (HDD failure, on the RAID0 array - yipes). Even the outside firm they got in shrugged their shoulders at it. That's when I started looking into how things work and realised our entire infrastructure was an absolute mess. A single server failure shouldn't take down the entire domain, let alone a single HDD failure.
It's much better now, but I've learned all of this on the fly on my own terms, so no doubt things could be better still but right now I'm happy with the level of redundancy and failover we have. I still feel like I don't really know what I'm doing though, hence why I'm happy to ask for and listen to advice like this.
Quote:
Originally Posted by Matth
But if you set to forward (say for a web server) port 80 from x.x.x.2, you're telling the router you want incoming port 80 traffic to go to the .2 address.
You cannot then tell it you want the same traffic sent to x.x.x.3
Also, some routers will only forward for fixed DHCP assigned addresses, as dynamically assigned may not be the same destination.
|
Sorry, I think you're getting a little confused with forwarding from and to.
What I mean is, we have a range of public IP addresses. Let's just say the range is 80.100.200.1 to 80.100.200.15.
Internally, we're still only a little class C, so everything is on 192.168.x.x. (we actually use a subnet of 255.255.252.0 which gives us plenty of addresses to play with).
All I want to do is something like,
Forward port 80 on 80.100.200.1 to 192.168.0.20,
Forward port 80 on 80.100.200.2 to 192.168.0.21,
Forward port 80 on 80.100.200.3 to 192.168.0.50,
etc.
Does that make sense?
(there's actually a lot more forwarding going on than that, that's just an example).
The Draytek actually seems to be capable of this, it has a section called "Open Ports" which lets you assign port forwarding rules from an Aux. WAN IP to an internal LAN IP individually. And this works.
The catch is that there's another section called "Port Redirection" and this doesn't let you specify an external IP, so it seems to override the "Open Ports" section somewhat. I say override, it hasn't been massively consistent, sometimes the "Open Ports" seems to be in affect while other times the redirection seems to take effect, at least when there's an overlap of any kind.
I think all I really need to do is just not use "Port Redirection" at all and stick to just using the "Open Ports", which will work, it just requires a fair bit of reconfiguration of the network, due to domain mappings and stuff. I figured if I'm going to go to that trouble, I may as well make sure there's not a better piece of equipment we could be using (which would require similar jiggery-pokery to set up).
This is just another in a long line of "things that have always been that way and nobody knows why" that I need to sort out :P