Results 1 to 9 of 9
  1. #1
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,204

    Default wan failover + source NAT

    Do I understand correctly that I really can't use NAT rules if I want to use WAN Failover?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,471

    Default

    NAT rules force all traffic to a specified WAN address.

    How exactly would you propose fail over handle that? I think it does, but at the same time it makes my head hurt.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,204

    Default

    Quote Originally Posted by sky-knight View Post
    NAT rules force all traffic to a specified WAN address.

    How exactly would you propose fail over handle that?
    Well, yes, that's my question. It seems like when I previously setup a site with failover and source-NAT, some years back, anything source-natted simply didn't work if I pulled the plug on the primary WAN. In that instance I decided I didn't really need it to work, so I didn't pursue it beyond saying "hmmm...", changed a couple of things around and called it done.

    Now I have a site which really pretty much does need source-NAT and fail-over to work somehow, though if I really had to I could set it up without (but I'd rather not). There are definite changes I'd have to make to the way I allocate my IP addresses if I can't have source-NAT, and since it all ties in with forward AND reverse DNS (the latter of which I have to ask the ISP to set and then wait a day or two to receive their benediction), it doesn't lend itself to 'just set it up and see if it works', production system and all.

    I don't mind if during a fail-over event all source-NAT is ignored, everything goes out via a single fail-over IP, but I want source-NAT to work under normal conditions. I don't get the impression it works that way though, based on other things I've seen.

    I think it does, but at the same time it makes my head hurt.
    I was kinda hoping for a more concrete answer (not that I blame you sky for not having one); either "no, it doesn't work at all", or "yes, it works if you do this and this, but with these caveats"...

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,471

    Default

    Once apon a time, the answer was no that doesn't work. Because the matched rule is enforced uniformly.

    But for some reason my decrepit brain is remember that's changed... so I can't really confirm the actual behavior. We need an Untangle Dev to straighten us out.

    But I *think* source nat rules that target an offline interface are ignored, essentially disabled. I think that's how it works now. I don't have any way of testing that at the moment.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,204

    Default

    Quote Originally Posted by sky-knight View Post
    We need an Untangle Dev to straighten us out.
    I wonder where we find one of those?

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,742

    Default

    Quote Originally Posted by johnsonx42 View Post
    Do I understand correctly that I really can't use NAT rules if I want to use WAN Failover?
    NAT rules will override WAN Balancer rules. That said, not all NAT rules will conflict with WAN Balancer rules.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,204

    Default

    Quote Originally Posted by jcoffin View Post
    NAT rules will override WAN Balancer rules. That said, not all NAT rules will conflict with WAN Balancer rules.
    but I'm talking about WAN Failover, not Balancer.

  8. #8
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,742

    Default

    Quote Originally Posted by johnsonx42 View Post
    but I'm talking about WAN Failover, not Balancer.
    WAN Failover will have no effect on NAT rules.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,204

    Default

    Quote Originally Posted by jcoffin View Post
    WAN Failover will have no effect on NAT rules.
    I really have no idea what to take from that answer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2