search

pbrah / wpa_supplicant-udmpro

110 stars 24 forks source link

Static IP Block #13

Open LR2 opened 3 years ago

LR2 commented 3 years ago

Does anyone know how to get this working with Static IP blocks? I have a /29 block provided.

I've tried the following setting on my WAN network IP Address: [available static ip in block] Subnet Mask: 255.255.255.248 Router: [Block Gateway IP]

I think it's possible I need to use a different gateway IP than the one provided in the block. Any ideas?

JoeOIVOV commented 3 years ago

No, you don't need to use a different gateway IP.

You need to edit your Chain POSTROUTING rules.

First SSH into your UDM:

Then run command: xtables-multi iptables -t nat -L -v --line-number

You will see Chain POSTROUTING in this list and it will be Numbered 1, 2 ..

Run this command to delete these objects:

iptables -t nat -D UBIOS_POSTROUTING_USER_HOOK 1 iptables -t nat -D POSTROUTING 1 iptables -t nat -D POSTROUTING 3

and then define your own Post Routing rules:

iptables -t nat -A POSTROUTING -o eth8 -s 192.168.0.2 -j SNAT --to X.X.X.X iptables -t nat -A POSTROUTING -o eth8 -j MASQUERADE

*Replace - X.X.X.X above with the static IP that you want to use,

The first line is the Static Public IP Line - its saying, anything that leaves your UDM with IP 192.168.0.2 will be changed to a different IP- so long as your ISP has provisioned you use of that IP within your block, the IP will work, is how you can utilize your static block. I set 192.168.0.2 to my mail server so that my mail comes from my public IP instead of my dynamic blacklisted IP.

The second line is the Dynamic Public IP Line - its saying that, anything else that's not 192.168.0.2 will get the dynamic IP address, which is a good way to get 6 IP address to use instead of just the block of 5. Also I don't want my mail server IP to get bad reputation for internet browsing on that static ip.

Next problem is that, these rules are defaulted on reboot and every 15 minutes so, you'll need to make use of Boostchicken's script and cron to keep the rules applied. https://github.com/boostchicken/udm-utilities/blob/master/on-boot-script/README.md

/mnt/data/on_boot.d/11-nat_config.sh

iptables -t nat -D UBIOS_POSTROUTING_USER_HOOK 1 iptables -t nat -A POSTROUTING -o eth8 -s 192.168.0.2 -j SNAT --to X.X.X.X iptables -t nat -A POSTROUTING -o eth8 -j MASQUERADE iptables -t nat -D POSTROUTING 1 echo " iptables -t nat -D POSTROUTING 3" > /etc/cron.d/delete-nat echo " iptables -t nat -D UBIOS_POSTROUTING_USER_HOOK 1" >> /etc/cron.d/delete-nat crond restart

*Replace - X.X.X.X above with the static IP that you want to use, after that, these changes will be reapplied after reboot.

For now, this is the only way I know to use a static block IP on UDM Pro. With such a flashy GUI, its just pathetic that they don't give us a spot in there to set up SNAT and DNAT rules...

alloylab commented 3 years ago

Where would you define the static block since the wan connection in the unifi has to be set to DHCP?

cfeenz commented 3 years ago

I tried the following and it worked perfectly: iptables -t nat -A POSTROUTING -o eth8 -s 192.168.0.0/24 -j SNAT --to X.X.X.X

star-bob commented 2 years ago

can someone put together a step by step instruction list for this?