PC (lan) --> OpenWrt router --> Spectrum modem / multiple IP assignment

Hi,
Hoping someone can point me in the right direction with some actual example settings. I used to be on Spectrum business cable internet (120/15 plan) here in the US. They gave me a static /29 block. They also gave me a modem/router combo, it was the Arris DG1670A. I had a setup that I was comfortable with for years: LAN --> cisco 1941 -->Spectrum router/modem --> Internet. It was easy enough to assigned the cisco 1941 public static ip addresses and enable routing and port forwarding to my internal servers/services.

Fast-forward to December 2020, I upgraded to their "ultra" speed, 600/30, but they gave TWO pieces of hardware: modem (E31N2V1) + router (RAC2V1K). I had this configuration: lan --> cisco 1941 --> spectrum router --> spectrum modem --> internet. Easy enough, but then I found out the cisco 1941 is maxing out at 200mbps. In comes OpenWRT: lan -->openwrt x64 --> spectrum router --> spectrum modem --> internet. I would have been OK if they gave me a combo modem/router or I didn't have to switch out my router. The two piece hardware aren't exactly small either, and it's just an ugly setup. They locked up the router so I couldn't see 'root' settings like static routes. They actually can log into my network - not something I am comfortable with.

I would like to "replace" the spectrum router with the OpenWRT router as well as my crusty cisco 1941. My understanding is that the docsis 3.1 modem hands off a dhcp public address to whatever is connected to its 1 ethernet port. This address becomes the next hop for my /29 block. I have proven this thru mucking around with the setup. For clearer presentation, let's call this fictitious dhcp address: 66.74.180.220 and my fictitious ip block 10.0.0.1/29. 10.0.0.1 is the gateway, 10.0.0.7 is the broadcast.

I was able to get as far as spoofing the mac and configured OpenWRT to pickup the correct dhcp ip address from the modem port, but I was unable to get my ip block up and running. I know that the openwrt box has to become the router with ip 10.0.0.1, because that is how the Spectrum router is configured - if I shutdown the spectrum router, this address doesn't ping from the internet.

How can I setup OpenWRT so that it is the gateway (10.0.0.1) for my /29 block and also holds ip address (10.0.0.2 - 10.0.0.6), and of course be the default gateway for my LAN. Is there something i'm missing? I spoke to one of the 1st level supports - after destroying the setup - taking down internet access for a day, she stated "some people were able to use their own routers by setting it up with 'bgp transport' ". So is this what I need to do? Enable BGP?

@DiddyB, welcome to the community!

:confused:

  • did your ISP explicitly state your connection is routed via BGP?
  • did they provide their peering information to you?
  • reading deeper, this worked on another device without BGP, so that's highly unlikely

I assume the real block is Public, correct?

  • you don't have to, they're already forwarded to your WAN interface...or
  • you could add all the IPs to your WAN Interface (EDIT from your post, it seems like you may need to assign at least 1 for Internet access and configure WAN to use it - or set it up as an SNAT IP for general outbound traffic :wink: )...or
  • you could make a VLAN with that subnet and the IPs are all routed there

Maybe you should clearly state what you want one of the additional IPs to do - examples include:

  • Use as a SRC IP for a specific device
  • Use as a SRC IP for a specific VLAN/IP subnet
  • Use as SRC for traffic to DST to x

EDIT: From your description, it seems like you need to configure at least one of the assigned IPs as an SNAT for traffic leaving out of WAN. :bulb:

config nat 
	option src 'wan'
	option src_ip '192.168.1.0/24'
	option name 'SNAT_WAN'
	option target 'SNAT'
	option snat_ip '10.0.0.x'
1 Like

hi IIeachii, thanks for replying.

  1. No, Spectrum didn't explicitly state connection is routed via BGP. No peering information provided. Of course the isp would want me to use their router. So my request here is to go against that, for an elegance solution.

  2. Yes my block is public.

  3. Remember, when the WAN interface is the interface that I set any of the "useable" address in this fashion (openwrt --> spectrum router ---> spectrum modem) - it works. I can dnat/snat no problem. BUT, when the setup is like this (openwrt --> spectrum modem) where the spectrum router is removed in place of the openwrt box; the wan interface now is a "dhcp client" and picks up 66.74.180.220. Routing setup now becomes tricky to start using the 5 ip block. I don't know how to set that up.

  4. Having additional addresses has no "business" use case. I've always had extra ip to learn really. Host my own email servers, web, vpn, automation, security etc...

  5. I tried your configuration already. That setup works when I connect the openwrt box behind Spectrum router in this sequence: openwrt --> spectrum router --> spectrum modem. It is when I removed the spectrum router, that this configuration no longer routes. If I were to remove the Spectrum provided router, some how i have to deal with my openwrt wan port's address (66.74.180.220). It is assigned by MAC, so i know it is static too. I believe it is the gateway for /29 block.

Did you see:

Hummm....I'm really confused why your Spectrum router is still in the picture...and I'm not sure if you're making this config on the OpenWrt.

If this config works behind another router, I misunderstand something - aside that the Spectrum router is just forwarding random IPs.

If you monitor the WAN port of the OpenWrt in DHCP on the ISP connection (no Spectrum router - which is what I assume is your final desire)- do you see traffic for the IP space you reference???

Thanks for the quick reply.

If I connect the devices like this: openwrt -->spectrum router --> spectrum modem, then this configuration gets me out to the internet. Firewall rule has default to let me out (LAN --> WAN1). I didn't need to put in an SNAT rule like you stated:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd75:9da0:e31d::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface 'wan1'
        option ifname 'eth1'
        option proto 'static'
        option netmask '255.255.255.248'
        list dns '209.18.47.61'
        list dns '8.8.8.8'
        option ipaddr '10.0.0.2'
        option gateway '10.0.0.1'

If I connect the devices like this: openwrt --> spectrum modem, then this configuration doesn't get me out. No firewall rule change. no custom SNAT. Default SNAT (LAN:WAN2). No traffic for the ip space.

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd75:9da0:e31d::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'

config interface 'wan1'
        option ifname 'eth1'
        option proto 'dhcp'

config interface 'wan2'
        option ifname 'eth1'
        option proto 'static'
        option netmask '255.255.255.248'
        list dns '209.18.47.61'
        list dns '8.8.8.8'
        option ipaddr '10.0.0.2'
        option gateway '10.0.0.1'

I think i'm missing a static route somewhere...or firewall configs.

  1. Do you know if openwrt auto route from 10.0.0.2 to my uplink wan1 interface?
  2. I will create an SNAT rule for wan2 interface to allow outbound from 192.168.1.0/24 as you have listed.

It's work hours in Southern California. Can't take down internet anymore. I will report back on my findings later in the day.

1 Like

Yes, it should simply route the packet with that source IP, when properly configured - or when you setup an SNAT properly.