Description:
This article describes how to operate multiple public IPv4 addresses on a Unified Firewall.
Requirements:
- LANCOM R&S®Unified Firewall with LCOS FX as of version 10.4
- A configured and functional Internet connection with several public IPv4 addresses on the Unified Firewall
- Web browser for configuring the Unified Firewall.
The following browsers are supported:- Google Chrome
- Chromium
- Mozilla Firefox
Scenario:
The Unified Firewall operates an SDSL connection with the public IP address range 81.81.81.1/29. This provides a total of 8 IP addresses. Five of these IP addresses can be used.
- 81.81.81.0: This is the network address. This therefore cannot be used.
- 81.81.81.1: In this example, this IP address is used by the gateway (provider router) and therefore cannot be used.
- 81.81.81.2 - 81.81.81.6: These IP addresses are not otherwise reserved and can therefore be specified and used in the Unified Firewall.
- 81.81.81.7: This is the broadcast address.This therefore cannot be used.
Procedure:
Checking the public IPv4 addresses stored for the active Internet connection:
1) Go to the menu Network → Connections → Network Connections and, for the Internet connection (in this example SDSL), click the pencil icon and check the settings.
2) Make sure that the IP addresses section contains all of the IPv4 addresses from the public IP address range. If necessary, add any that are missing.
The first IP address is always used for general communication. If necessary, adjust the order of the IP addresses using the arrow symbols.
Using a specific public IPv4 address for port forwarding:
Port forwarding, which is set up already, should only take effect when the public IPv4 address 81.81.81.3 is addressed.
1) On the desktop, click the forwarding destination (in this example the Web Server), select the connection tool from the context menu and click the Internet object (in this case the WAN).
2) Under the Options for the required protocol, click on DMZ to access the advanced settings.
4) Set the External IP address to the public IPv4 address for which the Unified Firewall should implement port forwarding. Then click OK and store the connection.
5) Click Save to accept the change.
6) Finally, implement the changes by clicking Activate.
Using a specific public IPv4 address as a reverse proxy:
A previously configured reverse proxy should only take effect when the public IPv4 address 81.81.81.5 is addressed.
The IP address here only needs to be adjusted manually if a public IPv4 address is used instead of a DNS name. Otherwise, the IP address should simply be communicated to the responsible DNS server.
1) Switch to the menu UTM → Reverse Proxy → Frontends and, for the Frontend to be adjusted, click the pencil icon to view the settings.
2) Under Domain or IP Address, enter the public IPv4 address of the Unified Firewall that is to act as the reverse proxy. Then click on Save.
Using a specific public IPv4 address for an IPsec connection:
A previously configured IPsec connection (instructions under Configuration of IPSEC-VPN connections) should establish the VPN connection via the public IPv4 address 81.81.81.6.
1) Switch to the menu VPN → IPsec → Connections and, for the connection to be adjusted, click the pencil icon to view the settings.
2) Under Listening IP Addresses, enter the public IPv4 address to be used to establish the IPsec connection (in this example 81.81.81.6).
The Listening IP Addresses apply both for incoming and outgoing IPsec connections.
Redirecting communications to a certain destination to a specific public IPv4 address:
An Internet service with the public IPv4 address 99.99.99.1 should be addressed from the public IPv4 address 81.81.81.4 of the Unified Firewall.
1) Click the icon to create a host.
2) Modify the following parameters and then click Create:
- Name: Enter a descriptive name.
- Interface: From the drop-down menu, select the option internet.
- IP address: Enter the public IPv4 address where the desired destination can be reached (in this example the IP address 99.99.99.1).
3) On the desktop, click the network object (in this example INTRANET), select the connection tool from the context menu and click the host object created in step 2 (in this case Internet-Service).
4) Add the required protocols from the selection using the “+” icons.
5) Under Action, click each arrow once to allow only outgoing communication.
6) Under Options, click each None entry to view the advanced options.
7) For each of these, modify the following parameters and then click OK:
- Set the NAT / Masquerading to the option left-to-right, so activating NAT.
- Under New source IP, enter the desired public IPv4 address of the Unified Firewall to be used for accessing the destination.
8) Click on Create.
9) Finally, implement the changes by clicking Activate.
