Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Static IP Address
  •  
drbig

Messages: 10
Karma: 0
Send a private message to this user
I have the following

6 Satic ip address supplied from my ISP

eg

82.1.1.1
82.1.1.2
82.1.1.3
82.1.1.4
82.1.1.5
82.1.1.6

How would I handle the following in Winroute


82.1.1.1 only port 25 and going to 192.168.0.3

82.1.1.2 only port 1723 and GRE going to 192.168.0.2

82.1.1.6 only outbound for internal traffic

mail out on port 25 only via 82.1.1.1

I am looking at replacing and ICOP firewall

Many thanks
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Good question.

I've experimented on this by adding a second IP address to the Internet NIC and creating a Traffic Policy based on destination IP address being the second IP, but this did not work.

Is a reboot of KWF needed to pickup on new/extra IP addresses bound to a NIC? I couldn't reboot KWF at the time...
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Add the six ip addresses to the NIC in WIndows.
Create traffic rules like this:

name: SMTP service
source: network connected to internet NIC
dest: 81.1.1.1
service: SMTP
map: 192.168.0.3

name: SMTP NAT
source: network connected to LAN NIC - or - ip address of mail server (192.168.0.3 ? )
dest: network connected to internet NIC
service: SMTP
nat: translate to ip address 82.1.1.1

name: VPN service
source: network connected to internet NIC
dest: 81.1.1.2
service: PPTP and GRE
map: 192.168.0.2

name: internet NAT
source: network connected to LAN NIC
dest: network connected to internet NIC
service: <specify>
nat: translate to ip address 82.1.1.6
  •  
drbig

Messages: 10
Karma: 0
Send a private message to this user
Thanks for the reply

I will give it a try


Tim
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Hi Tim,
Could you please keep us informed of your findings here? Thanks!
  •  
drbig

Messages: 10
Karma: 0
Send a private message to this user
no prolem

Just building a test box

will report findings


Tim
  •  
drbig

Messages: 10
Karma: 0
Send a private message to this user
I can confirm it works

Just built a test box with a USB ADSL modem

The configured the following

Source: Speedtouch Connection (USB ADSL MODEM)
Destination: 82.1.1.4
Service: SMTP
Action: Permit
Traslation: MAP: 192.168.0.3


Then used http://www.zoneedit.com/smtp.html to send a test email and it worked changed that back to deny and it fails

Tim
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
So your testbox actually has several external IP addresses and is routing incoming traffic based on the destination IP address?
  •  
drbig

Messages: 10
Karma: 0
Send a private message to this user
I have tested inbound connections only with 6 IP address with an ADSL usb modem.

I can route the 6 external address and the ports that I wanted to my internal ones if needed.


I have done some port scanning from out side (www.grc.com) and could only see the port that I had open on that ip address.


So that part of it works ok.


The one problem so far I have yet to solve is that on some of the ports I only want to allow connections from a particular static address.

Ran out of time will do some more testing during this week


So to sum up so far

Kerio with USB ADSL modem with 6 Static ip address

Route those 6 address and the ports that I have opened to an internal ip address on my network works ok.


  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
I use this for some years now (in and out traffic) without any problems
Previous Topic: KWF 6.2.3 - error measage, pls help me
Next Topic: ftp active data connection
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 15:10:48 CET 2017

Total time taken to generate the page: 0.00441 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.