Complicates Setup with Public and private IP Addresses

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
flakie
DD-WRT User


Joined: 23 Sep 2017
Posts: 201
Location: Swindon, UK

PostPosted: Sat Jun 15, 2019 12:30    Post subject: Complicates Setup with Public and private IP Addresses Reply with quote
After some advice on the best way to setup my R8000 with public IP addresses.

I am getting a /28 of public IP addresses with my business cable connection (in a week or so).
After the network gets a couple and the router one, I have 13 available for servers/clients.
I cannot have more than these 13 public IPs.

I did intend just to assign these to all my devices (manually or via DHCP) but have since realised it is not enough addresses for all the devices (what with guests visiting using the WIFI and devices I initially forgot about such as kindles and my own phones).
I have also been nagged/advised by all and sundry that this is unsafe and a waste of public IP addresses to assign them to say mobile phones and kindles etc.

I cannot afford another router or firewall appliance at this time (to try and secure the LAN) so want to do as best I can with the R8000.

I will be getting a router from the ISP, configured in modem mode. My R8000 will connect to it with its WAN/Internet port.
For now, I will just have one server (a NAS running web, email, media servers etc) connected to the R8000. This will connect with Ethernet to one of the R8000s ports.
All other devices will connect over WIFI.
This NAS will need to be accessible from the WAN and LAN for all services.

Five of the devices on the LAN will need to be assigned public IP addresses too (I have my reasons). But some will also need to connect to devices on private IP addresses (a printer etc).
So, I need the WIFI to be used for private and public addresses.

I do not have the funds for an additional router or firewall appliance currently. I could afford to go to a WAP at a push, if this would even be of any use.

So, I have 7 spare public IP addresses and obviously can use as many private ones as needed, but 15-20 would be a good figure.

Maybe this is too much for dd-wrt to do without additional hardware?
If it is possible what would be the best way to go about it?

If not, I guess I will go with my original idea, of just assigning as many of my devices public IPs as I can, and guests will just have do make to with their 3G/4G connections, and some devices will just have to borrow a public IP some times.

Many thanks for any thoughts on *configuring this*.
Sponsor
flakie
DD-WRT User


Joined: 23 Sep 2017
Posts: 201
Location: Swindon, UK

PostPosted: Sat Jun 15, 2019 16:40    Post subject: Reply with quote
Coming from a Windows background this is confusing but I think this page is what I need to do?

https://wiki.dd-wrt.com/wiki/index.php/One-to-one_NAT

Could anyone advise if I am on the right track.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5129
Location: Akershus, Norway

PostPosted: Sat Jun 15, 2019 21:14    Post subject: Reply with quote
Yes, this is what you need. For security, you should only forward the ports for the services you need public.
flakie
DD-WRT User


Joined: 23 Sep 2017
Posts: 201
Location: Swindon, UK

PostPosted: Sat Jun 15, 2019 21:23    Post subject: Reply with quote
Per Yngve Berg wrote:
Yes, this is what you need. For security, you should only forward the ports for the services you need public.


Cheers, will study it and try to produce some scripts with dummy IP addresses for now. Still waiting for my ISP to tell me the range I will be using
flakie
DD-WRT User


Joined: 23 Sep 2017
Posts: 201
Location: Swindon, UK

PostPosted: Mon Jun 17, 2019 14:21    Post subject: Reply with quote
Just a quickie.
Is this the correct way to forward a range of ports (21-22)?

iptables -I FORWARD -d 192.168.0.100 -p tcp --dport 21-22 -j ACCEPT

Cheers.
<edit>got it now I think?

iptables -I FORWARD -d 192.168.0.100 -p tcp --dport 21:22 -j ACCEPT</edit>

_________________
Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r40270M kongac (07/11/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps

Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum