How to pass public ipv4 (from ISP DHCP) to computers and still use SQM?

I have a single 30/3Mbps VDSL, and ISP gives me 5 public ipv4 addresses. Modem is bridged and attached to wan / eth0.2. How can I obtain these ipv4 addresses and point them at computers on my LAN, in a way that lets SQM still work.

I tried creating an additional interface (wan2) on the same port (eth0.2) as DHCP client, but it got the same ip-address as the default wan interface. OpenWRT basically treated them as one interface just duplicated on LUCI. Should that have actually worked? Then I would have done DNAT/SNAT for each public ip/computer pair.

Would it be better to make the wan interface a br-wan, and bridge together eth0.2 - eth0.6? In that case, should I leave the interfaces unmanaged, or make them dhcp-clients and do dnat/snat? Would SQM work that way?

Is there still a better and more standard way of doing this? There's the wiki page on how to get multiple ip's from ISP, but it didn't work for me - maybe because I don't get static addresses which I could configure, but must use DHCP.

Could it be, that you have DSLite /Carrier grade NAT and a proprietary mandatory provider router?

Such provider CGN routers can use a different public IPv4 address for each LAN connected device in their internal NAT rules.

But if you can switch that provider router to bridge mode and attach your own router, you end up getting a single non-NATted public IP v4 address assigned to your router and end up having classic NAT to private address ranges on the LAN side of your router.

But there is no way to stretch such Carrier grade NAT further towards the LAN side of you own cascade router.

If your provider would offer additional public addresses, which you could assign as you like, they would be static.

I don’t think I have cgnat. I use my own modem and own router. I can also ping my public ip from outside. ISP also explicitly states that I get 5 public ip’s. The address is /24 and from a non-private range. Could it still be cgnat?

Identified a possibly related problem: mac-override isn't applied for some reason, so the ISP probably sees several dhcp requests from the same mac-address and same wire. That's why all new interfaces get the same ipv4 address. I have to figure out how to fix that, and then continue with the original question.

There is an "Override MAC address" option in the advanced settings tab of the interface to differentiate the other wan interfaces.

Yes, I'm using that, but it doesn't seem to work.

Here are the relevant parts of /etc/config/network:

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr 'xx:xx:xx:xx:xx::b5'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 6t'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '3 4 6t'
        option vid '2'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '3'
        option ports '0t 6t'

config interface 'wan1'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option metric '30'
        option delegate '0'
        option macaddr 'xx:xx:xx:xx:xx::B6'
        option auto '0'

config interface 'wan2'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option metric '40'
        option macaddr 'xx:xx:xx:xx:xx:B7'
        option auto '0'

This is created by LUCI. xx:xx:xx:xx:xx:B5 is applied on all interfaces.

Use the macvlans, also here.

1 Like

I managed to get additional public ip addresses with macvlan, but I can't get a ping response. I tried putting all wan interfaces in the wan firewall zone. I tried putting them in separate zones and allowing ping. I tried dnat. I tried forwarding pings and ports to a LAN device. Nothing works. So I haven't yet got to the point where I can see whether SQM works simultaneously on multiple virtual interfaces. Once I get there, I will mark this thread as solved.