need secondary IP address on WAN port

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
DGMacLean
DD-WRT Novice


Joined: 24 Jan 2013
Posts: 2

PostPosted: Mon Jul 18, 2022 23:55    Post subject: need secondary IP address on WAN port Reply with quote
I do not think this is device-specific, but I have:
Asus RT-N66U (Broadcom BCM5300 chip rev 1)
DD-WRT v3.0-r49418 big (07/04/22)

My ISP router gives me 192.168.0.1/24 and provides IP addresses via DHCP (some static) for my routers and switches and bridges and other backbone devices. The Asus router (operating in Gateway mode) gets .0.166 as its WAN (vlan2) address and I have configured various other private addresses for its LAN and WLAN subnets. As expected on a Gateway device, LAN devices get NATed when communicating via WAN port so any traffic to my backbone devices appears to come from .0.166 which is what one would expect. Of course if the traffic continues out to the Internet then my ISP router does NAT again to my assigned public IP address.

One miserable bridge device on my .0.1 backbone has a hard-coded address 192.168.144.30 with no mask or gateway settings, so is unreachable from the .0.1/24 backbone subnet. I want to place a secondary address of 192.168.144.166/24 on the Asus WAN port so that it can talk to the offensive bridge, so that traffic from LAN devices will be NATed through the .144.166 address when destined for the .144.30 bridge.

(Q1) How do I add a secondary address to the WAN (vlan2) port?

(Q2) Once I have that secondary address, will the traffic on the WAN port get NATed to the selected WAN address (.0.166 or .144.166) naturally based on the matching entry in the Routing Table, or will I require some additional Firewall or other code to force traffic destined for .144.n to NAT appropriately?
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Tue Jul 19, 2022 0:24    Post subject: Reply with quote
For the time being, I'm NOT passing judgment on whether what you're trying to do makes sense, or will meet your expectations. I'm merely answering the questions directly.

1) ifconfig vlan2:1 192.168.144.1 netmask 255.255.255.0

BTW, 192.68.144.166/24 is NOT valid CIDR notation, that's why I corrected it.

2) The router automatically NATs the default private IP network over the WAN (192.168.1.0/24). Any additional IP networks you add/define require YOU to NAT them using the firewall script.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)


Last edited by eibgrad on Tue Jul 19, 2022 1:12; edited 1 time in total
DGMacLean
DD-WRT Novice


Joined: 24 Jan 2013
Posts: 2

PostPosted: Tue Jul 19, 2022 1:00    Post subject: Reply with quote
Thank you for correcting my typo.

I executed the following command and it added the secondary address that I wanted:
ifconfig vlan2:1 192.168.144.166 netmask 255.255.255.0

I assume that should be put into Startup in order to be there after the router reboots, yes?

I will do some experimentation tomorrow and see if I can figure out how to make the NAT use the .144.166 address to communicate with .144.30 device.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Tue Jul 19, 2022 1:11    Post subject: Reply with quote
Actually, I made a type of my own. You obviously have to specify the assigned IP for the new network on the router (which I did NOT do, I defined the network as whole).

Code:
ifconfig vlan2:1 192.168.144.1 netmask 255.255.255.0


I corrected in my prior post as well.

Of course, it can be any IP you want within that class C network.

You can try the startup script, but sometimes there are timing issues, since not all the subsystems are necessarily up and ready for modification when that script is called. You might want to monitor the router for internet access before attempting to add the IP network.

Code:
(
until ping -qc1 -W3 8.8.8.8 &>/dev/null; do sleep 10; done
ifconfig vlan2:1 192.168.144.1 netmask 255.255.255.0
) &

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Jul 19, 2022 6:49    Post subject: Reply with quote
I am not sure but it might be possible to do this with the GUI see Port forwarding one-to-one NAT

But I am just awake so it could be total rubbish Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum