Topic: 1 to 1 NAT in SME 7.4 - How do I get a second external address routed internally

[hallandy2002]

All

Any help with this would really be appreciated.

This is what I am trying to achieve:

I currently have a SME 7.4 server in gateway mode.

I am currently port forwarding from 203.212.4.7 (ppp0) port 443 to an internal web server 192.168.0.10 using the normal port forwarding functions in SME.

I have now been asked to deploy another secure web server. My ISP has given me a block of address’s 203.212.9.100/255.255.255.252 to use.

So what I am looking to do is port forward port 443 form the new external address 203.212.9.101 to 192.168.0.11.

I believe that this will require a 1-1 NAT setup and I have no idea how this is done.

Thanks
Andy

[janet]

hallandy2002

sme (by default) does not handle multiple external IPs, but will handle multiple domains.

In external DNS records point the domain for the new server at your current external IP and then configure sme to proxypass that domain to 192.168.0.11
See the FAQ for the commands to use. I believe https is now supported although ymmv.

[johnp]

First thing to ask is how is your Internet connectivity being provided? It's just a guess, but maybe they put a secondary address on your existing connection.

Did they provide you with a gateway address?

IMHO, you should have gone with a /29 subnet for any future requirements, and moved for you current to the new.

Without knowing your topology, everything is a guess.

[mmccarn]

There is no easy way to configure a second WAN IP address on a SME server.

Options discussed in the past have included:

1) Extensive customizations to SME to get the existing firewall to allow connections from a secondary WAN address

2) Put an external router that knows how to handle multiple IP addresses in front of the SME server (this is usually discussed in the context of load balancing and redundancy, but could be used in your case if the new router could forward IP_A:443 -> SME:443 (-> server_A:443) and IP_B:443 -> SME:4443 (-> server_B:443)

3) Proxypass (possibly tricky if the second internal server is running Outlook Web Access.

4) Set up a second SME server on the new IP address, with DHCP disabled.  Use the new SME's LAN address as the default gateway for the second Web server.  Optionally, use each SME as an AFFA backup of the other

5) Use a non-standard port for the second web server: https://my.smeserver.tld -> server_A:443; https://my.smeserver.tld:4443 -> server_B:443

[Pajmon]

If you want to do 1 to 1 NAT on SME 7.4 this how I do it:
http://forums.contribs.org/index.php/topic,38349.15.html
For me it works excelent.

Regards
Pajmon