LEDE BT Infinity static IPs


I'm looking to flash a BT Hub 5 with LEDE and use it as my router going forward.

With my current BT infinity package, I have a small static IP range. Is it possible to configure these IPs on LEDE? I've tried doing a quick google search to find the answer but sadly I’ve not managed to find a definitive response.

Apologies if this is in the incorrect section.


Yes and no. You have to understand how IP addressing works.

You only assign one IP to the WAN. Options for the other IPs incude:

  • Creating a VLAN for them and bridging to WAN
  • Simply routing downstream
  • Using them for your NATing

I would first try creating the second Interface that's bridged untagged to the same WAN port or the dummy interfaces (e.g. eth0.2:2).

It all depends on what you want to do. You can bridge all but one of your IPs to specific hosts within your domain. You can assign the entire block to aliases on your WAN, then manage multiple NATs and associated routing for your "inside" clients to distribute them across the IPs. It all depends on what you want to do.

Knowing your goals would help on describing an approach.

1 Like

Esstentially I'd like to have the router in front to act as the static IPs gateway and the remaining range assigned to my ASA behind that.

My understanding is the standard BT home hub connects using PPPOE which then assigns a dynamic IP to the outside interface.

The static IP gateway is then assigned to a sub-interface on the outside interface. The remaining IPs can then be assigne to firewalls or servers behind that. I could be wrong on that so bare with!

Is this similar setup possible using LEDE?


If you use DHCP...how do you know the addresses of the Static IPs then?
I surmise they always issue the same block to your interface?

Yes, absolutely, this would be the option noted here:

...but you need static IPs to:

  • configure on the downstream Cisco device; and
  • to make a static route on the OpenWrt to the Cisco

Also, you need to be clear on how your ISP delivers the IP block to you. If your ISP assigns 1+x IPs to your Interface, they're already configured on WAN, you simply have to route them. You may have to trunk the WAN interface (VLAN 2) to the Cisco, so the IPs remain on the same subnet (and have a gateway; but some ISPs don't permit connecting to their border with multiple MACs).

BT assign you a block of IPs which you then configure on the device, it then appears as a sub interface on the outside interface. The outside interfaces DHCP address changes frequently but that's not a problem since BT have already provided you with your static range.

Below is a snippet from BTs website which might explain it a little better than me.

For system administrators

If you have a range of No NAT IP addresses please note that the router will pick up a dynamic peer address and the routing for the No NAT range will be bundled to that dynamic peer address. This means that the routers WAN IP address will be dynamic and will possibly change when the router is re-booted. Once configured in the BT Business Hub the No NAT IP addresses can be assigned to individual devices and they will then be Static Public No NAT IP addresses, each being a fixed IP with its own port stack.

If you are using a 3rd party router there are several ways you can implement our No NAT range. If the router has WAN IP aliasing then just specify the alias and setup port redirects as required. If the router can disable NAT then the static range can sometimes be assigned as the LAN IP range. You can also use our No NAT range by adding static routes with one to define the gateway address (this would be the router address of the range) and another to point each usable IP to the router/gateway address.

You can also create additional interfaces, also attached to eth0.2:


The modem being integrated in the Hub 5 makes our set-ups somewhat different, and I'm afraid I've no experience of Infinity product or Hub 5 hardware; but for what it's worth, I've got a similar setup working with BT-flavour fibre from Zen.

I have an Openreach modem (provided by Zen) plugged into the wall, and it's down to me to sort out my own PPPoE router. At the moment, it's a Linksys E4200v1 running LEDE 17.01.4; but for two or three years before that it was a Netgear WNDR3700v4 running OpenWrt 14.07 (the Linksys has taken its place while I upgrade).

Switch configuration was a bit more fiddly on the Netgear due to peculiarities of its design (there's a pseudo fifth/second CPU port, and they're numbered back-to-front), but on the Linksys it was a breeze. I disabled a port (4) on the 'standard' NAT VLAN, and added a new one, in which the CPU was tagged and port 4 was untagged. I added an interface and firewall zone for the new VLAN, configured according to stuff I read on the OpenWrt Wiki/Forum - looking at it now, I'm a bit rusty on a couple of points, but it's pretty simple firewall zone/inter-zone configuration, and limiting masquerading only to the NAT range (if you intend to retain a NAT segment). I dare say there will be expert contributors who can help, or that we could find the info I managed to suss-it-out from, but if all else fails I can offer screenies and pointers.

In effect, my setup works like this...

Wall -> Modem -> PPPoE WAN in LEDE ... uses ___.___.___.166 public IP on its NAT/LAN interface which covers three of the four ports on the switch, and the wireless radios; it also uses ___.___.___.165 public IP for the public zone interface mapped to one port on the switch. In that port, I have a GigE switch, with two servers connected, one running .161, and the other .162

The machines on .161 and .162 are very much out in the wild, all ports dangling in the breeze. My LAN LAN runs just as it would with any old router behind NAT on .166 from all the other ports on the switch (and a few others). Port forwarding via .166 works fine (NB: be careful to specifiy which external IP to forward ports for, or you could have local machines 'pinching' traffic from your public ones); and with the firewall set-up 'correctly', machines inside the NAT can reach the public ones even if the WAN goes down (but the external machines can't 'see' the local ones without going through the NAT - i.e. pinging the external machines from 192.168.x.x always works, but never the other way around).

As I say, achieved pretty painlessly on both E4200v1 and WNDR3700v4 - I can't see the modem being integrated at/ahead of the WAN interface making a huge amount of difference (but again, I can't talk from experience on that point).

All the best,



My solution:

Add in file /etc/config/network

config alias
        option interface 'wan'
        option proto 'static'
        option ipaddr '81.xxx.xxx.xxx'
        option netmask ''

then add in /etc/config/firewall

config redirect
        option src 'wan'
        option src_dip '81.xxx.xxx.xxx'
        option dest 'lan'
        option dest_ip '192.168.1.xxx'
        option target 'DNAT'

config redirect
        option src 'lan'
        option src_ip '192.168.1.xxx'
        option dest 'wan'
        option src_dip '81.xxx.xxx.xxx'
        option target 'SNAT'

You need repeat this for each static IP.


Thanks! thats what I'd been searching for!!!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.