| Change Internet Line for each Users [message #103055] |
Wed, 22 May 2013 09:01  |
PhoenixVOZ
Messages: 17
Registered: May 2013
|
|
|
|
Hi there,
I've setup Kerio with 3 NICs (1 for Internet, 1 for DMZ, 1 for Local). And I have 3 Internet router link to Kerio NIC Internet by a small switches. But just one NICs for Internet, i just can setup with one line. So, some users want to use other internet lines. How can i route that users to other internet line ?
1. Internet router have 3 IPs, 10.0.0.1, 10.0.0.2, 10.0.0.3
2. DMZ with 192.168.0.0/24
3. Local with 172.16.0.0/24
Default GW of 172.16.0.0/24 is 10.0.0.1 (NAT)
i want to route some IPs (example 172.16.0.100 to 10.0.0.3).. How ?????
PS: I've used Endian Firewall before, it's default gateway is 10.0.0.1, and it can route just like that ( 172.16.0.100 to other gateway )
[Updated on: Wed, 22 May 2013 09:05] Report message to a moderator |
|
|
|
|
|
| Re: Change Internet Line for each Users [message #103087 is a reply to message #103084] |
Thu, 23 May 2013 05:46  |
PhoenixVOZ
Messages: 17
Registered: May 2013
|
|
|
|
Hi Martin Lee,
That's case you talk about if we have many NIC for Internet line
At my case, i'm just have 1 NIC for Internet, default Internet gateway is 10.0.0.1, but some users want use other Internet line, then how can i route that users to other gateways ?
Default users still using default internet line with gateway 10.0.0.1 on Internet NIC
Some other users, same subnet with default users, want to use other Internet Line, but the gateway just 10.0.0.1, how can i route ??/
[Updated on: Thu, 23 May 2013 05:51] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Change Internet Line for each Users [message #103147 is a reply to message #103144] |
Fri, 24 May 2013 16:00 |
PhoenixVOZ
Messages: 17
Registered: May 2013
|
|
|
|
The source NAT IP is IP of NIC which have gateway 10.0.0.3, can not use directly to that gateway.
Example.
If we have 3 NIC for internet..
1. With IP 10.0.0.101 gateway 10.0.0.1. (router 1)
2. 10.0.0.102 gateway 10.0.0.2 (Router 2)
3. Same with .103 and .3
Then you can use source NAT IP but that IP is IP of NIC (101,102,103) not IP of router
If you don't believe, just try, i'm stucking at this many times...
Now with one NIC for Internet, i can't route user to other internet lines if they want...
|
|
|
|
| Re: Change Internet Line for each Users [message #103170 is a reply to message #103147] |
Sat, 25 May 2013 04:44 |
silars
Messages: 285
Registered: March 2012
|
|
|
|
Without VLANs, you'd need Policy-based Routing.
However, with VLANs, you can make it work. The VLANs should show up as additional interfaces to apply to rules. The downside is you would have to modify your 10.0.0.x masking scheme.
Does your switch handles VLANs? Can you alter your 10.0.0.x IP scheme?
|
|
|
|
| Re: Change Internet Line for each Users [message #103178 is a reply to message #103170] |
Sat, 25 May 2013 11:02 |
PhoenixVOZ
Messages: 17
Registered: May 2013
|
|
|
|
If split to vlan, then the small switches in diagram must be layer 2 or better, i tried with vlan too and it work with vlan, but require switches at least layer 2.
I don't know how endian can work with this case, but the bussiness product like kerio can't... It just simple case,
|
|
|
|
| Re: Change Internet Line for each Users [message #103185 is a reply to message #103178] |
Sat, 25 May 2013 15:42 |
silars
Messages: 285
Registered: March 2012
|
|
|
|
Endian likely includes some Policy-based Routing (using information other than Destination IP in the routing decision). There is also the idea of defining a "Next-Hop" in the traffic rule. This is essentially also Policy-based Routing.
It is hard to find modern switches that don't support VLANs, even the really cheap ones. Most businesses will only consider switches that have VLAN capabilities.
But, to be honest, this is a niche design. You can't design a product to work in all scenarios. It just isn't possible. Not to mention, there are very inexpensive solutions to your problem: buy 2 more NICs, buy another switch, enable VLANs in current switch, etc. Replacing Kerio with Endian will be a significant cost.
I'd love to see Kerio add more Policy routing capabilities, but you can easily solve your problems with simple changes.
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
