Natting with other IPs and not with WAN IP addresses


#1

Hey Guys,

I am accessing Pep link demo link and do not have a physical box with me yet. Hence wanted to NAT internal IP address with other IP from same WAN pool but not WAN Interface IP and I am not finding that Option. Here is my quick scenario

example.com IN NS ns.godaddy.com
test.example.com IN NS WAN1
test.example.com IN NS WAN2

WAN1 A 11.11.11.11
WAN2 A 12.12.12.12

test.example.com IN A 11.11.11.14
test.example.com IN A 12.12.12.14

11.11.11.14 ===> 172.16.1.30
12.12.12.14 ===> 172.16.1.30

I can nat Inbound connections behind peplink WAN interface but unable to see HOST based NAT. Can someone guide me here?


#2

As long as the public IPs are from the same IP pool, you can add those IPs to Additional Public IP Settings under Network > WAN > WAN1 or WAN2 on the Peplink GUI first.
Then use NAT Mapping to tie the public IP to a specific private IP. Please let us know if this is something you wanted to accomplish.


#3

Great!!! You da man. This is what i was looking for. So, for adding a IP from /29 do I need to select subnet mask as /29 or /32?

e.g. 2.2.2.1/29

2.2.2.2/29 ADD or 2.2.2.2/32 and then add?

Also for outbound NAT mapping I can use the same IP under outbound NAT right? This is needed in case of outbound mail server where PTR is assosciated with the IP and should go out from that IP only. What precaution I should take in that case?


#4

As for your first question, we have “Subnet Mask” function so that customers can easily add IPs instead of adding them one by one. As long as the IPs are there, you won’t have any issues. Yes, you can definitely use the same IP as the inbound one under outbound NAT for outbound NAT mapping. This is how it should be configured in your case. I don’t find any precautions at the moment.


#5

Kewl…thnks

Just quick one. What if I built BIND based server for my domain and moved entire zone inside what steps I would need to perform in that case?

lets say I have a zone exmaple.com and I set internal BIND server in stealth mode for it what do I need to do? Forward the queries to Peplink? but again how will internal users will receive internal IPs?


#6

Unfortunately you wouldn’t be able to use a DNS server inside of the Balance in order to utilize Peplink authoritative DNS.
And the zones will need to be configured on the Peplink.

Just in case, the followings are KB articles for your reference.

Understanding Inbound Load Balancing

How to set up the Integrated DNS Server for Inbound Load Balancing

Please let us know if you have any further questions.