• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 756
  • Last Modified:

Porting forwarding from router via layer 3 switch

Hi,

I have a netwotk setup which consists of 3 vlans, one corporate, one guest and one for the shared internet access, all on different subnets.

I'm using a netger GSM7328 as the layer 3 for the ip routing and a draytek router for the internet router.

This all works fine, but i now need to setup port forwarding on the router to route to a PC on the corporate vlan.

The trouble is the router only allows me to enter a ip on the same subnet.

So it's like i need to get the router to forward to an ip in the same subnet which would be the layer 3 switch and for that to then forward onto the PC in question.

Anyone know how to do this, i've looked at the documentation and can't see anything obvious but seeing the layer 3 is a router i would have thought i could.

Thanks in advance.

0
pskemp
Asked:
pskemp
  • 2
1 Solution
 
antarexCommented:
If you need to forward a port to a PC on the corporate lan, it means that this PC need to have an access to internet...  and thus should be present on your "shared internet access" vlan, with an IP on the corresponding subnet...  with this in mind, just forward the port to the corresponding IP

I do not see the point creating separated vlans for internet and corporate networks if you just route the trafic between the two...

For your precise question, even if it does not seems to be the right way to do, you must implement a second NAT : you configure a NAT port forward on your draytek router to the "internet valn" IP of your layer 3 router between Internet vlan and Corporate VLan, and then on this router you configure a second NAT port forward to the IP of the corporate vlan PC.
0
 
AngloCommented:
Will this pc be accessed by anyone or just  limited ip's?    Assuming limited - You could add a NIC to the PC and put this connection on the shared VLAN.  Open up the PC firewall to allow in the service you want then add a persistent route to use this interface to get back to the originating ip
0
 
pskempAuthor Commented:
Thanks for the responses.

The only reason for the vlans is to seperate the guests from the corporate but with a shared internet connection for them both. I use ACL to block the guest VLAN from talking to the Corporate VLAN.

So if i implement the second nat on the draytek router, think i know what to do there, but what CLI do i apply to the layer 3 to port forward the request on the the pc on the corporate VLAN.

Cheers Paul.
0
 
pskempAuthor Commented:
In order to get this working for now i've simply moved the required devices on the the shared internet vlan, as they can happily sit there without any problem and thus forward port normally.

I will when i get time try the second nat idea to see how that works.

Cheers Paul.





Thanks for the responses.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now