Results 1 to 3 of 3
  1. #1
    Untangler thecomputerdude's Avatar
    Join Date
    Dec 2014
    Location
    Baton Rouge, LA
    Posts
    61

    Default Twist on the 1:1 NAT implementation

    So what I'm dealing with is a setup I've never attempted with Untangle and I'm not sure it's possible either.

    Hyper-V environment.

    Untangle (in HyperV) is running at top of vSwitch arrangement, taking external traffic and routing it to the internal vSwitch to provide access to all HyperV clients.


    • One Windows HyperV IIS, needs 2 public IPs
    • One CloudLinux/WHM HyperV server, needs 4 public IPs
    • One Pepwave Speedfusion HyperV server, needs 1 public IP
    • (Possible) additional HyperV hosts and a network connected via a separate NIC


    I want to keep Untangle if possible because I need spam/phish filtering for the WHM instance. Hundreds of mailboxes that SpamAssassin alone isn't keeping up with. Additionally, the external network is using 2 Exchange servers with Sophos mail filtering that has been abysmal.

    I don't see any documentation on how to perform something like a 4:1 NAT, maybe I'm going the wrong way and need to assign multiple HyperV network adapters to each instance?

    EDIT: self solving question, requires one virtual NIC per desired IP per instance.
    Last edited by thecomputerdude; 01-27-2022 at 01:50 PM.
    Jason Russell
    Xtremission LLC

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    There are multiple ways to do this, the quick ones off the top of my head are as follows.

    1.) Put all IPs on Untangle, and use port forwarding to get them to their respective internal hosts.
    2.) Create a new vSwitch that's intended for public IP use, connect a new Interface to the virtual Untangle to this vSwitch, configure this interface in Untangle to be bridged to External. Now you can connect guests to that "public" vSwitch and have them using the public addresses directly.

    Beware... position two requires powershell shenanigans to enable promiscuous mode. Help on this topic is beyond the scope of these forums.

    P.S. 4:1 NAT is confusing you... heck 1:1 is confusing you... throw that thinking away. There are port forwards, and NAT policies. The former handles ingress traffic, the latter handles egress. Understand this, and the port forward rules you need will become obvious, fail to do so and you'll have a very hard time managing the configuration. So I dare not get more specific, you NEED to understand this for your own good.
    thecomputerdude likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler thecomputerdude's Avatar
    Join Date
    Dec 2014
    Location
    Baton Rouge, LA
    Posts
    61

    Default

    Quote Originally Posted by sky-knight View Post
    There are multiple ways to do this, the quick ones off the top of my head are as follows.

    1.) Put all IPs on Untangle, and use port forwarding to get them to their respective internal hosts.
    2.) Create a new vSwitch that's intended for public IP use, connect a new Interface to the virtual Untangle to this vSwitch, configure this interface in Untangle to be bridged to External. Now you can connect guests to that "public" vSwitch and have them using the public addresses directly.

    Beware... position two requires powershell shenanigans to enable promiscuous mode. Help on this topic is beyond the scope of these forums.

    P.S. 4:1 NAT is confusing you... heck 1:1 is confusing you... throw that thinking away. There are port forwards, and NAT policies. The former handles ingress traffic, the latter handles egress. Understand this, and the port forward rules you need will become obvious, fail to do so and you'll have a very hard time managing the configuration. So I dare not get more specific, you NEED to understand this for your own good.
    Yep, I was overthinking/misunderstanding the implementation based on instructions in WHM's install guide that wanted 1:1 NAT. Making 4 separate interfaces to have 4 internal IPs, then forwarding traffic from each public IP to each internal IP. NAT rules to get them back out the same way. Option 1 is way less of a headache.
    dashpuppy likes this.
    Jason Russell
    Xtremission LLC

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2