Hi,
I am a bit confused why I do not have internet access to the hosts behind my peplink balance 380 setup with IP forwarding. Diagram is below:
Note: ISP’s router does not have any IPV4 static forwarding available.
Am I missing any configuration?
I have read this setup from Martin: Router (no NAT) behind Peplink router - #2 by MartinLangmaid and thought it would just work. I am probably missing few config. Let me know if you need any other info.
Unless you can add a static route to the ISP router so that it knows that to reply and send traffic back to the PCs on the 10.1.1.0/24 network it needs to forward that traffic via 192.168.1.254 - any request for internet access by those PCs will fail as they will never get a response.
If your ISP router really doesn’t support static routes your B380 WAN will need to be NAT mode.
Yes, I’ve been using it that way but seems to be having issues with some ports forwarded not being seen and I was thinking I could eliminate NAT. Ik this is a different topic but is Custom Service Forwarding the same with the Inbound Access Services forwarding?
What about replacing the ISP router ? Or setting it into bridge mode? That’s what I would typically do.
Custom Service forwarding is outbound, port forwarding under Inbound Access is (of course) inbound.
The ISP router is the difficult part, they don’t let us tinker it so a “hack” has to be made. In any case, I’ve managed to do the static IP routing through it’s shell and I can now ping the ISP LAN Gateway but I still don’t have internet connection. Any other settings I’ve missed?
edited: from the ISP router(shell), I can ping the balance gateway 10.1.1.1 but can’t ping any of the devices under the said network.
From where?
Can you ping a web address (like www.bbc.co.uk) from the balance web interface?
So long as the LAN devices of the balance are all using it as the gateway and all have DNS servers set that work then no, a static route to the balance wan ip on the ISP router should be all that’s needed.
Yes I can ping that address from the balance interface but not from the hosts behind it.
and can the devices behind the balance ping the ISP router @ 192.168.1.1?
Yes they can which is weird why I don’t have internet access on them…
Then I would suspect that either your ISP router isn’t NAT’ing traffic from the 10.1.1.0/24 network or there is a firewall rule blocking LAN>WAN or WAN>LAN traversal on it.
Ok that I do not know how to enter in the shell but you are probably right that it isn’t NAT’ing the traffic.
What ISP router is it?
It’s a Huawei ONU AN5506-04-FA. It’s using a linux shell or at least that’s how I entered in the static route as the web interface of this thing is very limited and ISP is not really helpful with what I need to which I understand.
I’ve added a POSTROUTING iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -j MASQUERADE but that doesn’t seem to do anything. Sorry, my shell network understanding is very limited.
Is there any way we can setup a static route through CLI for peplink? I think my config in the ISP router is already good but Peplink does not allow me to setup static route to an outside network.
Outbound policy is what you use for adding additional routes for WAN side networks. But of course your Peplink already has a default route (and gateway) set on its WAN port for the ISP routers LAN.
Consider this closed. Resolved by disabling the ap isolation in the ISP router. Thanks for the help Martin.
