NAT different network segments out different WAN IP?

Hi really need a bit of help/advice I'm not sure if this is possible but here is what I would like to do.

I have (pretend is range) 100.0.0.1/29 block from my ISP

I have six internal network segment with a mixture of machines on each
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
10.0.5.0/24
10.0.6.0/24

Can I setup OpenWrt so that each WAN IP is NATed to a different internal network segment

For example
100.0.0.1 NATed to 10.0.1.0/24 so that all the machines on this internal network get the WAN IP of 100.0.0.1
But the all the machines in 10.0.2.0/24 get the WAN IP of 100.0.0.2?

Using your example - I would just create SNAT rules:

config nat                    
        option src 'wan'          
        option name 'SNAT_1'
        option family 'ipv4'
        option proto 'all'
        option src_ip '10.0.1.0/24'
        option target 'SNAT'            
        option snat_ip '100.0.0.1'

config nat                    
        option src 'wan'          
        option name 'SNAT_2'
        option family 'ipv4'
        option proto 'all'
        option src_ip '10.0.2.0/24'
        option target 'SNAT'            
        option snat_ip '100.0.0.2'

# and so on

Hope this helps.

1 Like

That should work, but the src option in the nat sections should be wan due to its special meaning.

1 Like

Thank you for your replys. I have been informed my block of IPs has now been issued so will be looking into this tonight :+1:

2 Likes

Yes, you're correct. Looking at my SNATs, they include an option src that references the interface that the new SRC IP is expected to egress. The OP would correct the configs above to read instead:

option src 'wan'

I have edited the post accordingly. Good catch!

1 Like

Still waiting on my iSP but was have some issues with my WAN connection.

This OpenWRT router is a VM on proxmox. When I run the WAN PPoE connection on a passed through PCIe NIC its fine I can connect and everything works.

However, being virtualised I would like to have the WAN run via a virtual bridge to the NIC provided by Promox.
However, when I try to connect via PPoE on the virtual NIC I can't get connected.

In openwrt I get these log entries

Wed May 17 13:58:42 2023 daemon.notice netifd: Interface 'wan' is enabled
Wed May 17 13:58:42 2023 kern.info kernel: [  930.152614] 8021q: adding VLAN 0 to HW filter on device eth3
Wed May 17 13:58:45 2023 kern.info kernel: [  932.951640] igb 0000:00:10.0 eth3: igb: eth3 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Wed May 17 13:58:45 2023 daemon.notice netifd: Network device 'eth3' link is up
Wed May 17 13:58:45 2023 daemon.notice netifd: Interface 'wan' has link connectivity
Wed May 17 13:58:45 2023 daemon.notice netifd: Interface 'wan' is setting up now
Wed May 17 13:58:45 2023 daemon.err insmod: module is already loaded - slhc
Wed May 17 13:58:45 2023 daemon.err insmod: module is already loaded - ppp_generic
Wed May 17 13:58:45 2023 daemon.err insmod: module is already loaded - pppox
Wed May 17 13:58:45 2023 daemon.err insmod: module is already loaded - pppoe
Wed May 17 13:58:45 2023 kern.info kernel: [  933.071225] IPv6: ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready
Wed May 17 13:58:45 2023 daemon.info pppd[10591]: Plugin pppoe.so loaded.
Wed May 17 13:58:45 2023 daemon.info pppd[10591]: PPPoE plugin from pppd 2.4.9
Wed May 17 13:58:45 2023 daemon.notice pppd[10591]: pppd 2.4.9 started by root, uid 0

In Proxmox console it just keeps printing out
adding VLAN 0 to HW filter on device eth1

I'm lost on how to fault this one. It seems I can't use a PPoE connection if the network adapter in the VM is a virtual bridge

type or paste code here
  • I'm not sure if this another issue, or you're doing this to make use of the IP's you're gonna receive on a network
  • You're creating this virtual bridge in OpenWrt, correct?
  • If not, what are you bridging on the host?

I'm not familiar with Proxmox - but with most Hypervisors, you cannot make Host configurations on a Host PHY NIC you "passed through" to the Guest. Perhaps I misunderstand your terminology, if so my apologies.

  • Did you assign the PCIe card to the Guest VM; or
  • Did you assign this ethx on your Host to a virtual NIC in the Guest VM configuration?

Was your current WAN setup working before these changes (I believe you said "its fine")?

I don't see anything in the log.

So to be clear - does eth1 on the Host == eth3 on the OpenWrt guest?

1 Like

Please ignore this I worked out what the issue was. when I created the linux bridge in proxmox the physical NIC was still assigned to a VM.
So the bridge was not created but still showed in the GUI