[SOLVED] How to configure static block / multiple static IPs on WAN?


I tried the following (without binding the .70 IP, just the first usable IP), does not appear to work though. I may have rather goofed it though since I couldn't find an example trying to do what I was doing. Comparing it to what I ended up with below, perhaps I just didn't know what I was doing. It's possible that I didn't need to add the extra WAN interfaces as I did below, but at least that way I could pick those IPs when setting the DNAT/SNAT rules.

config redirect
         option src wan
         option name test
         option src_dip 12.x.y.67
         option src_dport 22
         option proto tcp
         option dest lan
         option dest_ip

@shm0 @jeff @mpa Thanks everyone for helping to look into this

I have figured out how to get the desired behavior, and I was able to even do it from LuCI

In Network > Interfaces, add a new interface for each additional external IP, and check the corresponding box to 'cover' the same ethernet adapter as the original WAN interface. Then, in Network > Firewall > Port Forwards, add a port forward to the internal IP. During the initial setup of the forward, won't be able to pick the intended external IP, but after creating it, edit it, and then set the external IP in 'External IP Address'.

That at least covers inbound traffic. Adding the SNAT is easy enough in Network > Firewall > Traffic Rules > Source NAT, but again can't actually pick the Source IP address until after hitting 'add and edit'.

For reference, the config added by LuCI to /etc/config/network for the additional WAN interfaces will look like :

config interface 'wan_67'
        option proto 'static'
        option ifname 'eth1'
        option ipaddr '12.x.x.67'
        option netmask ''
        option gateway '12.x.x.65'
        option broadcast '12.x.x.95'

And the /etc/config/firewall entries :

config redirect
        option enabled '1'
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option dest_ip ''
        option src_dip '12.x.x.67'
        option proto 'tcp udp'

config redirect
        option enabled '1'
        option target 'SNAT'
        option src 'lan'
        option dst 'wan'
        option proto 'all'
        option src_dip '12.x.x.67'
        option src_ip ''