Utilising 2 Dynamic Public IPs

Continuing the discussion from Utilising 8 Public IP's:

Related to the above topic, my ISP is also giving me two DHCP Dynamic IPs.

Currently, I use VLAN trunking, so that my Virtual Machines are connecting to VLAN2 directly (same as my OpenWrt Router) and using DHCP to get the IP address. In this way, all traffic to my VM is not protected by the firewall running at my Router.

Seeing the above topic, I wanted to learn how to use my second set of DHCP Dynamic IP so that my Router's firewall will be protecting the machine using it to access Internet?

I need:

  • Dynamic Public IP1 used by Router, to provide NAT to default VLAN1, and bridge to Wifi Networks.
  • Dynamic Public IP2, used solely by one Machine, connecting to Port 4 of my Router being protected by Router
  • Router is connecting to ISP switch using 1 physical connection only. (It is in default VLAN2 of the Router currently.)

Are these static from the ISP...I'm, not sure why you call them "dynamic"...?


  • What IPs/CIDR subnet do they say were assigned for use?
  • Did they assign another IP and gateway other than the subnet?

They are not static - they are offered to me by DHCP.

I configured DDNS, so public access from outside will be using DDNS hostnames.

On every reboot, the IP will change.

Then you are not "assigned" 2 IPs...your wording is probably causing the confusion.

Unless....Are they issued via DHCP as a /31??????

1 Like


...you cannot utilize IPs that change [for services usually considered "static"]...without DDNS...

Maybe you can bridge WAN and get 2 IPs via DHCP (most ISP agreements don't allow this, but you say you were assigned 2...?

Basically, make a second OpenWrt interface @wan for IPv4 DHCP.

Topic edited, please see if it is more clear now.

The DHCP IPs I got are /24, and they are always in different IP network.



BTW, your edit did not note a /24 (or 256 IPs).

Sorry about the confusions due to my bad wordings.

1 Like

No problem; but you still need to clarify:

  • Are these the same 2 IPs they issued; or another?
  • Did your ISP actually issue you a second IP?

2 != 256

EDIT: The /24 assignment on the WAN DHCP interface is merely an IP in the subnet that had the ISP as its gateway, you cannot use more IPs unless you were told by contract.

Each dhcp client needs its own mac address, which means you either need multiple physical interfaces or you need to use macvlan.

BTW I got 5 dynamic IP addresses from my isp but I don't use multiple addresses on the same router but instead multiple virtual routers.


...or assign a 2nd IP to the router...or SNAT it...or use it for INPUT to the OpenWrt...(if the OP was assigned it our a route)...I missed that point my friend.

(it doesn't need a MAC...if it's the router doing the routing for the IP...it uses its MAC...a router is that smart) :wink:

Let me explain here, when it is clear enough, then I will edit my topic post again.

I am given this Setup:

ISP Switch - Router, PC1
Both Router and PC1 can got Public IP via DHCP.
(Let's say Router got DHCP-IP0, and PC1 got DHCP-IP1)

I tried to add PC2 to the Switch, but DHCP will timeout for PC2. So I conclude I only have two DHCP connections.

My current setup is:


  • Wan port is untagged VLAN2, Interface IP from DHCP
  • LAN Port1 is in VLAN1, with IP. DHCPserver, NAT and Wifi.
  • LAN Port 4 is in VLAN2 untagged, PC1 is now connected here instead of directly connecting to ISP switch.

New setup wanted:

  • PC1 protected by Router Firewall
  • Router always using DHCP IP0 for NAT, etc.
  • Incoming traffic to DHCP-IP1 will be used by PC1 only, and PC1's outgoing traffic will use DHCP-IP1 only.

Lemme just ask:

  • Are you trying to use multiple IPs from the ISP...and;
  • did they actually authorize them for you use?

Because a /24 via DHCP is normal for IPs who DO NOT give multiple IPs. The previous thread I used an example - is an ISP who gives me 256 IPs (a /24) [via routing, not via DHCP].

1 Like

Bad wording from me again.

It is a one DHCP IP from a /24 network for each connection. I have two connections.

router# ip -4 -o address show eth0.2

12: eth0.2 inet a.b.c.d/24 brd a.b.c.255 scope global eth0.2\ valid_lft forever preferred_lft forever

pc1# ip -4 -o address show eth0.2
2: enp5s0 inet v.x.y.z/24 brd v.x.y.255 scope global dynamic noprefixroute enp5s0 valid_lft 1000sec preferred_lft 1000sec

1 != 2

1 != 256

2!= 256

Feel free to mark this as the solution. :smiley: (I assume there's more detail.)

Yes, I am authorized to use two DHCP connections.

1 Like

OK!!! Cool!!!


1 Like

Is this better?

I've answered twice:

...unless you haven't detailed a "second connection " yet???


I got it.

I just want to see if my edits are more clear. So that I can adjust accordingly.

I will try it out and see how far I can go.

Thank you very much for your patience with me.

1 Like