Hello,
I am having trouble with getting an individual public IP address of each device under my home network. I am running a TP-Link Archer C7 v5, running OpenWRT Snapshot r13499-7b4877c204 (Quite new, timestamp is a few days old).
I am located in Ireland, and my ISP is Eir. I have the WAN setup as a PPPoE using the credentials provided by Eir for the config. I have a VLAN ID set to 10 as the WAN interface, as Eir required this specific VLAN ID to get internet access.
Here is my network config (cat /etc/config/network):
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc6:ef52:4fa3::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.10.1'
config interface 'wan'
option ifname 'eth0.10'
option proto 'pppoe'
option password 'broadband1'
option username 'eir@eir.ie'
option ipv6 '1'
list dns '1.1.1.1'
list dns '1.0.0.1'
option peerdns '0'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'b0:be:76:23:60:25'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
option vid '1'
config switch_vlan
option device 'switch0'
option vlan '10'
option ports '0t 5t 1t'
option vid '10'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'
option reqprefix 'auto'
option reqaddress 'try'
option peerdns '0'
And my firewall config (cat /etc/config/firewall):
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
I am getting a similar outcome to a Carrier-Grade NAT, in which there is one public IP for every device inside my network, instead of there being an individual public IP for each device. I don't think this is an ISP CG-NAT issue, as only a few months ago I was able to get a separate public IP for each device.
I will have to ring up my ISP tomorrow and ask them about this issue, more specifically if they implemented a CG-NAT on my network. But in the meantime, let's say that my ISP isn't implementing a CG-NAT, what would rectify my problem?
If anyone has any ideas on what I can do to solve this, that would be great.
Thanks.