That rule already exists error when creating new rule

[cleeve]

I have BiPAC 8900AX2400 with a fibre connection and 8 x IP addresses.

I have configured a virtual server for one address on port 80, but I get the error "That rule already exists", when I try to create a similar rule for another IP address.
Interestingly, if I create one with TCP, and the other with TCP/UDP, they both work ok.

Any ideas ?

Andrew

[billion_fan]

I have BiPAC 8900AX2400 with a fibre connection and 8 x IP addresses.

I have configured a virtual server for one address on port 80, but I get the error "That rule already exists", when I try to create a similar rule for another IP address.
Interestingly, if I create one with TCP, and the other with TCP/UDP, they both work ok.

Any ideas ?

Andrew

As you have 8 IP addresses have you setup the device in no NAT mode, or one to one NAT??

Also can you post a screen shot of your virtual server rules and which rule you are trying to add

[cleeve]

NAT enabled:

Untitled.png

Relevant VS rules:

Capture.PNG

Trying to add www-62, port 80 different external IP address.

Andrew

[billion_fan]

NAT enabled:

Untitled.png

Relevant VS rules:

Capture.PNG

Trying to add www-62, port 80 different external IP address.

Andrew

When using a static IP range, you will either have a No NAT setup or one to one NAT setup,

See attached thread for static IP setup in no nat mode viewtopic.php?f=19&t=9583

Anyhow, when using No NAT mode there is no need to port forward, also when using one to one NAT, all ports should be open, so again no need to use the virtual server for one to one NAT devices, if devices are behind the routers WAN IP (not added to the one to one NAT rule) then you need to port forward.

[cleeve]

OK, I've had a go at this, however it appears to turn off the firewall, and let all ports through, as soon as I enable one to one NAT.

Andrew

[billion_fan]

OK, I've had a go at this, however it appears to turn off the firewall, and let all ports through, as soon as I enable one to one NAT.

Andrew

That's right, that's the only way to get one of the public IP's on your device. (both setup methods will give you the same result, all ports open, but that's the only way to use public IP's with the Billion) so its best to firewall inbetween the billion and device or a software firewall on the device

[cleeve]

In my first post, I stated that it was possible to use Virtual servers to enable servers on multiple IP addresses, if you fiddled it, using the TCP/UDP setting.

Is there a reason why this facility is disabled ?

I appears to be much better than disabling the firewall for your servers.

Andrew

[billion_fan]

In my first post, I stated that it was possible to use Virtual servers to enable servers on multiple IP addresses, if you fiddled it, using the TCP/UDP setting.

Is there a reason why this facility is disabled ?

I appears to be much better than disabling the firewall for your servers.

Andrew

So how did you setup your multiple WAN IP addresses then???

Did you check whatsmyip.org to see if one of your external IP's were mapped correctly (eg on a server that you want to use one of your public IP's on, it should show your external address as one of your public IP's)

When running behind NAT, the routers WAN IP will be used for all devices, so only 1 WAN IP will be used. (unless you use 1 to 1 NAT)

The reason you get this error is because two devices can't use the same incoming port at the same time, behind one IP address

[cleeve]

I use the WAN IP box to specify the IP address I want to use.

Capture.PNG

I've checked they work by connecting to the IP address.

This is for incoming IP traffic, so whatsmyip.org isn't going to help.

Andrew

[billion_fan]

I use the WAN IP box to specify the IP address I want to use.

Capture.PNG

I've checked they work by connecting to the IP address.

This is for incoming IP traffic, so whatsmyip.org isn't going to help.

Andrew

Oh no wonder, so outgoing connections will not use the one of your public IP's hence why we recommend for a proper multiple WAN IP setup to use the other two methods mentioned