how to add multiple public ips

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
zelda4
DD-WRT Novice


Joined: 06 Mar 2020
Posts: 10

PostPosted: Wed May 20, 2020 18:32    Post subject: how to add multiple public ips Reply with quote
Hi guys am trying to add 5 public/wan/external ips to my ddwrt router so i searched through forum and got help but there is little confusion in it.


reference link : https://wiki.dd-wrt.com/wiki/index.php/One-to-one_NAT
here are the commands i prepared.

# need to be saved as startup commands.
Code:
WANIF=`get_wanface`
ifconfig $WANIF:1 206.xx.xx.110 netmask 255.255.255.0 broadcast 206.xx.xx.255
ifconfig $WANIF:2 206.xx.xx.111 netmask 255.255.255.0 broadcast 206.xx.xx.255
ifconfig $WANIF:3 206.xx.xx.112 netmask 255.255.255.0 broadcast 206.xx.xx.255
ifconfig $WANIF:4 206.xx.xx.113 netmask 255.255.255.0 broadcast 206.xx.xx.255
ifconfig $WANIF:5 206.xx.xx.114 netmask 255.255.255.0 broadcast 206.xx.xx.255



# need to be saved to firewall
Code:
# route packets from public to local
iptables -t nat -I PREROUTING -d 206.xx.xx.110 -j DNAT --to-destination 192.168.0.110
iptables -t nat -I PREROUTING -d 206.xx.xx.111 -j DNAT --to-destination 192.168.0.111
iptables -t nat -I PREROUTING -d 206.xx.xx.112 -j DNAT --to-destination 192.168.0.112
iptables -t nat -I PREROUTING -d 206.xx.xx.113 -j DNAT --to-destination 192.168.0.112
iptables -t nat -I PREROUTING -d 206.xx.xx.114 -j DNAT --to-destination 192.168.0.114
# router from local to public 
iptables -t nat -I POSTROUTING -s 192.168.0.110 -j SNAT --to-source 206.xx.xx.110
iptables -t nat -I POSTROUTING -s 192.168.0.111 -j SNAT --to-source 206.xx.xx.111
iptables -t nat -I POSTROUTING -s 192.168.0.112 -j SNAT --to-source 206.xx.xx.112
iptables -t nat -I POSTROUTING -s 192.168.0.113 -j SNAT --to-source 206.xx.xx.113
iptables -t nat -I POSTROUTING -s 192.168.0.114 -j SNAT --to-source 206.xx.xx.114


but in this post : https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=400472

Quote:
startup:

WANIF=`nvram get wan_iface`
WANMASK=`nvram get wan_netmask`
ifconfig $WANIF:1 173.xxx.xxx.xxx netmask $WANMASK
ifconfig $WANIF:2 173.xxx.xxx.xxx netmask $WANMASK
ifconfig $WANIF:3 173.xxx.xxx.xxx netmask $WANMASK
ifconfig $WANIF:4 173.xxx.xxx.xxx netmask $WANMASK
ifconfig $WANIF:5 173.xxx.xxx.xxx netmask $WANMASK

then in my custom script:

# WAN .35 -> LAN .10
iptables -t nat -I PREROUTING -d 173.xxx.xxx.xxx -j DNAT --to 192.168.1.10
iptables -t nat -I POSTROUTING -s 192.168.1.10 -j SNAT --to 173.xxx.xxx.xxx
iptables -I FORWARD -i $WANIF:3 -d 192.168.1.10 -j ACCEPT



user have used :
Code:
nvram get wan_iface
command which return eth0 it my end while when i run
Code:
get_wanface
it just return eth


so what is correct ?
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed May 20, 2020 18:45    Post subject: Reply with quote
What router, what build?

How is it setup, i.e. automatic DHCP or PPPoE?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Wed May 20, 2020 21:21    Post subject: Reply with quote
You asked this similar question back on:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1194597

what was wrong there?
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Wed May 20, 2020 23:44    Post subject: Reply with quote
Better yet, why did you not reply to *that* thread with this?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
zelda4
DD-WRT Novice


Joined: 06 Mar 2020
Posts: 10

PostPosted: Thu May 21, 2020 4:19    Post subject: Reply with quote
egc wrote:
What router, what build?

How is it setup, i.e. automatic DHCP or PPPoE?


sorry i forgot to add router info , well its Netgear R7800

firmware

Code:
Firmware: DD-WRT v3.0-r40270M kongat (07/11/19)
zelda4
DD-WRT Novice


Joined: 06 Mar 2020
Posts: 10

PostPosted: Thu May 21, 2020 4:21    Post subject: Reply with quote
Wildlion wrote:
You asked this similar question back on:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1194597

what was wrong there?


ya right but i was not able to find it as i have asked it months ago , and in ddwrt forums there is no account button , normally when u login to forum there is account button where there is button of something like My Post / My threads . so as there is no my account/myprofile button i was not able to find even my own post Sad . so i request ddwrt to add this button to forum somewhere on top right because all forum have my account button there.

screenshot : https://i.imgur.com/Y8Y91cZ.png
i hardly know that am even login Sad no account info button from where i should have checked my posts

thanks
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Thu May 21, 2020 22:35    Post subject: Reply with quote
a couple tips:

if you know you posted it, click the "Quick Links" and then "View your posts"

do a google search with:

(topic) site:https://forum.dd-wrt.com/phpBB2/


(topic) -- being the topic that you are looking for
zelda4
DD-WRT Novice


Joined: 06 Mar 2020
Posts: 10

PostPosted: Sat May 23, 2020 9:00    Post subject: Reply with quote
Wildlion wrote:
a couple tips:

if you know you posted it, click the "Quick Links" and then "View your posts"

do a google search with:

(topic) site:https://forum.dd-wrt.com/phpBB2/


(topic) -- being the topic that you are looking for


thanks Smile i was not aware of that Quick links section


also here is working solution and correct format am using it and its test

# Save as startup script

# aa.bb.cc.dd is public/external ip
# pp.qq.rr.ss is local ip assigned by router

Code:
WANIF=`nvram get wan_iface`
WANMASK=`nvram get wan_netmask`
ifconfig $WANIF:1 aa.bb.cc.dd netmask $WANMASK 
ifconfig $WANIF:2 aa.bb.cc.dd netmask $WANMASK 



reboot router with reboot command
Code:
reboot



Save to firewall

Code:
# accept everything
iptables -I FORWARD -d pp.qq.rr.ss -j ACCEPT
iptables -I FORWARD -d pp.qq.rr.ss -j ACCEPT
# route packets from public to local
iptables -t nat -I PREROUTING -d aa.bb.cc.dd -j DNAT --to-destination pp.qq.rr.ss
iptables -t nat -I PREROUTING -d aa.bb.cc.dd -j DNAT --to-destination pp.qq.rr.ss
# router from local to public 
iptables -t nat -I POSTROUTING -s pp.qq.rr.ss -j SNAT --to-source aa.bb.cc.dd
iptables -t nat -I POSTROUTING -s pp.qq.rr.ss -j SNAT --to-source aa.bb.cc.dd
gozippy
DD-WRT Novice


Joined: 19 Sep 2020
Posts: 25

PostPosted: Tue Oct 12, 2021 23:41    Post subject: dnat snat internal vs pub Reply with quote
Can we not run some firewall rule to simply pass the Public IP through the router to a lan side?

I had it working once and cannot recall how I did it.. but going back over all these threads has me confused again lol.


I have 5 public ip

for startup I have

WANIF=`nvram get wan_iface`
WANMASK=`nvram get wan_netmask`
ifconfig $WANIF:1 [PUBLIC_IP1] netmask $WANMASK broadcast [BROADCAST]
ifconfig $WANIF:2 [PUBLIC_IP2] netmask $WANMASK broadcast [BROADCAST]
ifconfig $WANIF:3 [PUBLIC_IP3] netmask $WANMASK broadcast [BROADCAST]

but nothing behind ddwrt can pull the public ip...

so on to firewall?
Firewall
# WAN .106 -> LAN .6
iptables -t nat -I PREROUTING -d 104.X.X.106 -j DNAT --to 10.0.1.6
iptables -t nat -I POSTROUTING -s 10.0.1.6 -j SNAT --to 104.X.X.106
iptables -I FORWARD -d 10.0.1.6 -j ACCEPT

# WAN .107 -> LAN .7
iptables -t nat -I PREROUTING -d 104.X.X.107 -j DNAT --to 10.0.1.7
iptables -t nat -I POSTROUTING -s 10.0.1.7 -j SNAT --to 104.X.X.107
iptables -I FORWARD -d 10.0.1.7 -j ACCEPT

# WAN .108 -> LAN .8
iptables -t nat -I PREROUTING -d 104.X.X.108 -j DNAT --to 10.0.1.8
iptables -t nat -I POSTROUTING -s 10.0.1.8 -j SNAT --to 104.X.X.108
iptables -I FORWARD -d 10.0.1.8 -j ACCEPT

# WAN .109 -> LAN .9
iptables -t nat -I PREROUTING -d 104.X.X9 -j DNAT --to 10.0.1.9
iptables -t nat -I POSTROUTING -s 10.0.1.9 -j SNAT --to 104.X.X.109
iptables -I FORWARD -d 10.0.1.9 -j ACCEPT


which will probably work fine but what I want is to do is have a virtual machine on a physical server that has multiple nics use one interface for local 10.0.x.x net and have another nic on that VM actually pull the public IP directly... not just forward to lan 10.0.x.x net

anyhow - not sure how...

The reason is I have many physical servers behind the DDWRT router in a cluster and I have VM's on the cluster I move from physical machine to machine and I want to make sure the VM keeps the IP but also keeps a management lan ip...

make sense?

DDwRT --- Server (Hypervisor hosting Virtual Machine like Ubuntu) --- Ubuntu setting nic1 10.0.x.x static works fine but nic2 104.x.x.108 does not route in or out...

what do I need to add for setup? Or do you recommend just going with a physical OPNsense or pFsense box or something?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed Oct 13, 2021 7:25    Post subject: Reply with quote
As you are not stating you router and build number ( Sad ) I am not sure if you have this feature but look at IP forwarding (1:1 NAT) on the Nat/Qos if that fits your needs
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Wed Oct 13, 2021 18:52    Post subject: Reply with quote
You can set a sub-net with public IP addresses on a VLAN and turn off NAT, but it needs a public sub-net that is different from the public IP on the WAN.
gozippy
DD-WRT Novice


Joined: 19 Sep 2020
Posts: 25

PostPosted: Thu Apr 21, 2022 19:37    Post subject: still having issues Reply with quote
thinking its NAT related...

Netgear R8000
with DD-WRT v3.0-r44715 std (11/03/20)
Linux 4.4.241 #1327 SMP Tue Nov 3 09:06:16 +03 2020 armv7l

for those who were asking a year ago lol...

anyhow I am seeing a lot of lag and NAT issues from time to time and now my office PC - has GoTo/Jive softphone on it - is laggy as all get out. Not sure where to even start at this point.

I do not see any option for 1:1 on QOS page - but I have QOS disabled now ...

commands:

startup:
WANIF=`nvram get wan_iface`
WANMASK=`nvram get wan_netmask`
ifconfig $WANIF:1 [PUBLIC_IP1] netmask $WANMASK broadcast [BROADCAST]
ifconfig $WANIF:2 [PUBLIC_IP2] netmask $WANMASK broadcast [BROADCAST]
ifconfig $WANIF:3 [PUBLIC_IP3] netmask $WANMASK broadcast [BROADCAST]
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Fri Apr 22, 2022 5:24    Post subject: Re: still having issues Reply with quote
gozippy wrote:
thinking its NAT related...

Netgear R8000
with DD-WRT v3.0-r44715 std (11/03/20)
Linux 4.4.241 #1327 SMP Tue Nov 3 09:06:16 +03 2020 armv7l

I do not see any option for 1:1 on QOS page - but I have QOS disabled now ...



That is because you are using an old and outdated build.

Current build is 48646.

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
gozippy
DD-WRT Novice


Joined: 19 Sep 2020
Posts: 25

PostPosted: Mon Oct 03, 2022 2:02    Post subject: Re: still having issues Reply with quote
I do not see any other option for R8000 builds... anyone working on update release or should I try to build from scratch?


egc wrote:
gozippy wrote:
thinking its NAT related...

Netgear R8000
with DD-WRT v3.0-r44715 std (11/03/20)
Linux 4.4.241 #1327 SMP Tue Nov 3 09:06:16 +03 2020 armv7l

I do not see any option for 1:1 on QOS page - but I have QOS disabled now ...



That is because you are using an old and outdated build.

Current build is 48646.

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Mon Oct 03, 2022 2:12    Post subject: Reply with quote
Check the download server, not the router database...

https://ftp.dd-wrt.com/dd-wrtv2/downloads/betas/2022/

https://ftp.dd-wrt.com/dd-wrtv2/downloads/betas/2022/10-01-2022-r50308/netgear-r8000/

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum