Block of Static IP addresses configuration in OpenWrt?

Hi,

I have a block of static public IP addresses assigned by my ISP and I wish to assign specific machines on my LAN to specific public IPs. My modem is set up so as to pass all traffic to the router so it does not do NAT or anything.

My question is what do I need to do in OpenWRT to map specific open IP addresses to particular machines in such a way that OpenWRT performs port forwarding on the accesses? Eg, I have a webserver on machine A on the LAN so I need all HTTP and HTTPS request traffic to the corresponding WAN public IP addresse a.a.a.a to be routed to machine A but all other traffic to a.a.a.a to be dropped as it would be for a NAT setup with port forwarding.

Does OpenWRT do this (I'm sure it does) and if so, how ?

Thanks,

This looks like a standard port forwarding task.

1 Like

You need a combination of DNAT for the incoming traffic and SNAT for the outgoing traffic.

3 Likes

Thanks for your reply Pilot6, does that mean that port forwarding on OpenWRT can be qualified by public IP address ?

Yes, it can.

4 Likes

Shouldn't it be possible to use proxy-ARP in this case instead of forwarding ports? But how would you configure it in OpenWrt which seems to lack settings for proxy-ARP? If the OpenWrt answers ARP requests using proxy ARP then it would be able to route the IP address directly to the server. In this case the server must be configured with the public IP address as a secondary IP address (with netmask /32) on the external interface or on the loopback interface.

A routed setup is described behind the second link above ("Add public subnet"). Proxy ARP should not be necessary because your ISP likely has a route for the static IP subnet via your OpenWrt gateway.

Are these solutions documented on the OpenWrt wiki somewhere?

I started a draft
https://openwrt.org/inbox/wan/multiple_public_ips

1 Like

This link is dead, the new location seems to be:
https://openwrt.org/inbox/docs/wan/multiple_public_ips

Yeah, sorry, my fault. I'm currently cleaning up the inbox a bit...