Adding a Public IP pool

abdulgig · February 17, 2019, 7:43am

Hi there,

I would need some help. I have a Linksys WRT1900ACS with OpenWRT (ARMv7 Processor rev 1 (v7l)) on it.

I ran the default setup, configured a public IP from which I can have access to the internet.

However, I have more 4 more public IPs from the same ISP that I need to use. How can I add another public IP and point it to a HOST on my network ? It has to be a 1-1 NAT. So whatever comes on that public Interface it should be forwarded as it is to a HOST on my network (like a DMZ) and vice versa.

Please help !

Thanks,

trendy · February 17, 2019, 7:56am

Have you checked the SNAT in Network-Firewall-Traffic Rules?
I have never tried it so maybe you would also need to add a port forward too for all protocols, for external address the public IP and internal address of the LAN host.

vgaetera · February 17, 2019, 8:03am

abdulgig · February 17, 2019, 9:02am

AH ! Thanks, this was a bit helpful !

abdulgig · February 17, 2019, 11:44am

One more question please, With adding a new public IP, how can I DMZ all traffic from a public IP to a LAN IP and vice versa?

vgaetera · February 17, 2019, 12:15pm

Use SNAT+DNAT rules and apply to both rules:

uci set firewall.@redirect[-1].proto="all"
uci set firewall.@redirect[-2].proto="all"
uci commit firewall
service firewall restart

abdulgig · February 17, 2019, 12:30pm

Hey Thank you so much, I actually tried that, but never worked !

For Inbound traffic,

uci add firewall redirect
uci set firewall.@redirect[-2].name=webgw1-ingress
uci set firewall.@redirect[-2].target=DNAT
uci set firewall.@redirect[-2].src=wan
uci set firewall.@redirect[-2].dest=lan
uci set firewall.@redirect[-2].src_ip=MY PUBIC IP
uci set firewall.@redirect[-2].dest_ip=MY PRIVATE IP
uci set firewall.@redirect[-2].proto=all
uci commit firewall

FOR SNAT,

uci set firewall.@redirect[-1].name=webgw1-egress
uci set firewall.@redirect[-1].target=SNAT
uci set firewall.@redirect[-1].src=lan
uci set firewall.@redirect[-1].dest=wan
uci set firewall.@redirect[-1].src_dip=MY PUBLIC IP
uci set firewall.@redirect[-1].src_ip=MY PRIVATE IP
uci set firewall.@redirect[-1].proto=all

It still doesn't redirect everything to my HOST. The firewall rules for MAIN IP seem to work only. Not the additional Public IPs I added.

vgaetera · February 17, 2019, 12:33pm

Verify your network interface alias settings:
https://openwrt.org/docs/guide-user/network/network_interface_alias

abdulgig · February 17, 2019, 1:12pm

That should be fine because I created the configuration with LUCI. No CLI edits.

Do I need to create a separate VLAN also ?

vgaetera · February 17, 2019, 1:29pm

uci show network; uci show firewall

No need.

abdulgig · February 18, 2019, 8:53am

Hey Thanks, So here is it,

vi /etc/config/network

config interface 'wan'
        option ifname 'eth1.2'
        option proto 'static'
        option ipaddr 'MY PUBLIC IP 1'
        option netmask 'NET MASK'
        option gateway 'MY GW'
        option dns '8.8.8.8 1.1.1.1'

config interface 'PB1'
        option proto 'static'
        option ifname 'eth1.2'
        option ipaddr 'MY PUBLIC IP 2'
        option netmask 'NET MASK'
        option gateway 'MY GW'
        option dns '8.8.8.8'


//FIREWALL RULES (SNAT + DNAT)

config redirect
        option enabled '1'
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option dest_ip 'MY LAN HOST'
        option src_dip 'MY PUBLIC IP 2'
        option proto 'tcp udp'

config redirect
        option enabled '1'
        option target 'SNAT'
        option src 'lan'
        option dst 'wan'
        option proto 'all'
        option src_dip 'MY PUBLIC IP 2'
        option src_ip 'MY LAN HOST'

abdulgig · February 18, 2019, 8:56am

Do I need to create a separate ifname ? Because both of them share the same eth1.2. The is the default VLAN created when I assigned the static IP (Public IP 1) to the router.

Not sure why DNAT / SNAT rules don't work as we are specifying From / To correctly

trendy · February 18, 2019, 1:55pm

Do you have assigned the interface PB1 under WAN firewall zone?
Post the whole configurations better, rather than those snippets.

abdulgig · February 19, 2019, 12:44am

Hey Guys,

Thank you so much , I was able to get it working. No special configuration, the same as pointed in the post above.

Thanks

trendy · February 19, 2019, 8:51am

So what was the problem and it was not working before?

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

tmomas · January 28, 2021, 12:27am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.