PPPoE and multiple static public ip

My provider is giving internet connection with 8 public ip over PPPOE

the info he told me are something like:
public ip: (netmask
(broadcast: available public ip: to
dns: (and/or others like )
pppoe user: user@provider.it
password: password
vlan: 835

At present I am cascading 2 routers:
-the first router makes the pppoe connection
(and dynamically gets settings like that on wan:
pppoe wan ip
dns: ,
checking with a browser my public ip gets something like:
its lan is configured as a network
and goes to the second router wan.
-the second router has multiple static ip on the wan:,,,,,
and routes to my lan (

with such configuration everything works fine,
I can set selective firewall rules that allow my servers in the lan to exit and
accept connection from the public ip of my choice

Now the question: How can I get rid of the first router?

I tried to mix the pppoe config and multi static ip in /etc/config/network
in this way unsuccessfully:

config interface 'wan'
	option force_link '0'
	option ipv6 '0'
	option delegate '0'
	option device 'eth0.835'
	option proto 'pppoe'
	option username 'user@provider.it'
	option password 'password'
	option vlanid '835'
	option disabled '0'
	option peerdns '0'
	list dns ''
	list dns ''
	list dns ''
	option gateway ''
	list ipaddr ''
	list ipaddr ''
	list ipaddr ''
	list ipaddr ''
	list ipaddr ''

You can easily run pppoe on the second router and setup the additional wan aliases.

1 Like


Kindly help me with ISP that sells IP Address through PPPOE ?

I need it urgently now.

Thank you,

configure wan PPPoE connection (username, password, vlan) as usual and verify it connects.
You will get a wan ip and be able to browse internet using it.
If your provider gives you multiple public addresses then from luci go to
network->interfaces add new interface
name: wan_multi_ip
static address
device: eth0 (or the device of your wan)

add the provided public IPs for ex. if you have 8 IP starting from then add:

firewall tab: assign the created interface to wan zone

when you configure Port forwards in firewall you can specify where the external wan ip should be directed in the lan.

Then in NAT rules set the outbound zone: wan. Action: SNAT rewrite
and which public ip to use to exit to internet (for specific lan ip or any)
otherwise you will exit using the PPPoE tunneling IP

While this seem to work, I can't get the port-forwards to work properly. Now the port forwards from my 'primary' connection are applied to the new ip ranges as well, landing the new ip's to the wrong internal host.
I tried to create a new firewall zone for the wan_multi_ip interface but still all requests to 443/80 are forwarded to the primary interface forwards.
How to differentiate port-forwards/firewall rules on destination address?

Use the filter for the original destination IP in the port forwarding rule.

If you're using the additional public IPs on a 1:1 basis for web servers etc, they should only be forwarded in the router. The router would not hold the public IP on any interface. Ultimately the server holds the public IP. A packet from the Internet is forwarded all the way to it with the original source and destination addresses intact.

You will also need to make NAT conditional so that the server replies are forwarded directly to the Internet without NAT.

thanks! this worked. I had to add the option src_dip 'x.x.x.x' to all port forwards where x.x.x.x is the specific public IP

Can you shortly describe how I would do this with OpenWRT? Do you mean I should not NAT at all and 'just' route?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.