I've recently moved to a new location and was told my previous AT&T router would not work in this new location, so I was "upgraded" to a NVG589 router. This NVG589 router has significantly less capabilities and lots of flaws.
After being down for 3 weeks and escalating to many levels within AT&T/Frontier Communications, I finally have my DSL fixed without blocked ports. It turns out I was provisioned as "Dynamic" despite having a static IP and 16 additional statics on my account.
Now to the real problem:
I have about 200 VMs that run on my network, as well as running a number of public-facing services for Open Source developers. Many of these VMs are directly mapped to individual static IP addresses, which are Internet-facing. This has been working for the last 10 or so years without any issues.
What I'd like to do now is expose more of these VMs directly to the outside via Remote Desktop, VNC and their standard http/smtp/etc. interfaces. The previous AT&T router could do this without any issues. The NVG589 cannot. I also have a 24-port HP ProCurve switch on the LAN side of the network.
Since the NVG589 can't do port-mapping to any of those static IPs, I need to bypass the NVG589 entirely, and handle my own routing and port mapping with my own router. I did some research and bought an Asus RT-AC87U from flashrouters.com. It runs the latest-and-greatest version of dd-wrt, which I'm very familiar with.
It's unclear to me how I should configure the NVG589 to forward the requests destined for my static block, to my internal router. I've seen examples describing using "IP Passthrough" and other posts suggesting I should use the "Cascaded router" section.
Both of those didn't seem to result in any success for me when I configured them. I can get the Asus to get assigned the Broadband IPv4 address that the NVG589 previously had, but I can't seem to find any way to get the static block mapped through the NVG589 to the RT-AC87U.
It looks like this:
[bonded RJ11] => NVG589 {WAN port} => Cisco PowerLineAV PLS400 => RT-AC87U {WAN port} => HP ProCurve {LAN port}
The RT-AC87U currently gets its IP via DHCP from the NVG589 on the WAN side. On the LAN side, it hands out 10.0.1.x IPs to clients (wired and wireless). I can see and talk to all of the internal 192.168.x.x hosts on the LAN (all statically assigned IPs).
The NVG589 is configured to hand out DHCP in a tight range of 192.168.1.1 -> 192.168.1.20. I may cut that down to 2 IPs later since the RT-AC87U does most of the DHCP heavy lifting.
My block of statics is configured in the NVG589 under the "Home Networks" -> "Subnets & DHCP" section as follows:
Public Subnet
================
Public Subnet: Enable
Public IPv4 Address: x.194.4.78
Public Subnet Mask: 255.255.255.240
DHCPv4 Start Address: x.194.4.65
DHCPv4 End Address: x.194.4.77
Allow Inbound Traffic: Yes
Primary DHCP Pool: Private
With this configured like this, I cannot enable the "Cascaded Router" section below it on the same page.
When I set "IP Passthrough" to the RT-AC87U, it does properly get the same broadband IP that the NVG589 gets, but there is no traffic inbound from those static IPs.
How should I configure the NVG589 so that this static block is managed by my RT-AC87U and further, how would I then configure dd-wrt on the RT-AC87U to properly NAT + route these IPs to the clients on my ESXi server on the LAN side?
Has anyone done anything like this before?
Thanks in advance for any help you can provide.
↧