Public IP on LAN

Hi guys, I've on my dedicated server in datacenter a /24 that I use in my virtual enviroment.
I simply set up the public IP, subnet mask and gateway on the VM created and it works.
I have an OpenWRT router and I want to use the public IP that I have in datacenter in my private LAN like I do with the VMs.
Ex. Connect a device in the LAN of my OpenWRT router, set on the NIC the public IP with gateway and subnet and have the IP setted on the device with NAT 1:1.

If this is not possible to achieve, can I redirect all the traffic of a specific device in LAN to a public IP and do a NAT 1:1?

Thanks a lot!

https://openwrt.org/inbox/docs/wan/multiple_public_ips

I've already watched that, in this case I have that IP in a dedicated server in datacenter. How can I route them to use on my Openwrt in my house? Maybe VPN tunnels?

Yes, I don't see any other way around.

My question is how to get the public IP directly on the OpenWRT router, I don't know if exist any "trasparent" VPN. If I use normal VPN I have to NAT each time the port on OpenWRT side and VPN side to expose some service

You obviously cannot have the IP assigned in the datacenter attached to the interface of the router you have at your home.
What you can do is build a VPN tunnel between the server in the datacenter and the OpenWrt router at home, then do 1:1 NAT for one public IP to the VPN IP of the router.

True, you would need use an additional IP address that isn't assigned to the server in the datacenter. Then you would route the IP address via the VPN tunnel. You'll also need to use proxy arp if the IP address is on-link (not routed) on the server in the datacenter,

VPNs don't use NAT by default, that's something you configure for example by assigning the VPN to the WAN firewall zone.

I need to achieve something similar to this:

ip.png1011×446 31.7 KB

So I can't in any way assign directly the public IP on the device in the LAN?

The public IPs you have are routed to your data center. As a result, “putting them” anywhere else means you’ll never get return packets.

The VPN approaches effectively put your client at home in the data center as far as packet flow is concerned.

Any sane ISP would drop them for spoofed source IP, so it shouldn't make it past the first hop.

How can I router client_1 on IP_2 and client_2 on IP_3?
I need to create 2 different OpenVPN server?

I think you should describe what you want to accomplish at a high level (not the diagram, another level up) and take some time to understand basic IP routing. "NAT 1:1" is almost certainly not what you need. Answering your specific questions will not solve the mess of the diagram.

• What are you trying to achieve? ("put this IP there" is not a good answer)
• What hosts need to be located where and why?
• How do you expect these hosts to communicate
  • With the outside world
  • With your data center
  • With hosts on your lan

I need client_1, which is in my LAN with private IP, to surf with IP_2, which in datacenter, and have all port natted (ex. If I install a web server on client_1, it have to be reachable by IP_2 public IP). The same for client_2. The rest of the LAN must surf with the current ISP connection, as normal

In the DC VM create a DNAT for IP_2 to client_1 IP and an SNAT from client_1 IP to IP_2.
In OpenWrt create a rule to forward all traffic of client_1 towards the OpenVPN_VM

In this case I have to SNAT and DNAT to 10.254.255.2, but if I want to do it another time with client_2 and another IP? Have I to create another tunnel?

No, you have to DNAT/SNAT the IP you have from the public pool and the IP of client_2.

Can you make me an example please?
All the VPN traffic pass reach the OpenVPN_VM as 10.254.255.2, I don't understand how can I NAT two different IP

Remove NAT from OpenWrt exiting the VPN interface. Then you have source IPs 192.168.2.X reaching the OpenVPN_VM.

How can I remove the NAT? Can you link me some guide?