Additional External Ip Addresses

[Joel]

Is there any way to assign my additional IP addresses to devices behind the router? I have a block of 5 IP addresses and need to set up some business application servers in a virtual environment. I would like the virtual machines to use the external IP addresses.

 

[cariocap]

You can use DMZ to expose one IP address.

http://support.asus.com/Search/KDetail.aspx?SLanguage=en&no=BE57CBBF-1090-5780-BB97-1EDD99F29C9F&t=2

 

[coxhaus]

You can add more routers to use more outside static IP addresses. Just add a switch before the router and plug in more routers to the switch. I would setup which IP addresses go to which routers so a router always has the same static IP address.

 

[wiz]

I don't think that's what Joel wants. Ideally you would set another ip address on the Wan interface and bind that to a host internally, I think that's what he's after.

whether it is possible I don't know, you should be able to add more ip addresses to an interface, but if that would work with the ip tables set up in the asus I have no idea.

 

[coxhaus]

Yea I agree. It is probably more than just binding the multiple IP addresses to an interface in that they would need to flow through to the DMZ so he can actually use them and address them.

 

[Pericynthion]

would like the virtual machines to use the external IP addresses.

I think Joel is trying to use the router as a reverse proxy here - so not that the addresses are bound to the router, but it acts as a gateway for those addresses. coxhaus has probably the simplest idea, but I think what you're trying to do is create a separate VLAN for those external addresses, attach the VM's to that VLAN internally (that way the external addresses run through the same physical router, but are discrete from the normal LAN traffic).

I don't know how you would do that with either the ASUS or the Merlin software though - I think you will need to take a look at DD-WRT for this kind of functionality.

 

[Ixel]

This is also what I'm trying to achieve with the RT-N66U. Normally I would get the last IP in the block to be the LAN IP on the router, disable DHCP and NAT, then manually assign the other public IP's in the block to devices on my network, finally followed by configuring static routing for each IP in the block. However, even though I've achieved this on other routers, I can't get this to completely work on the RT-N66U .

My block: 1.1.1.209-214
LAN IP: 1.1.1.214
Subnet Mask: 255.255.255.248

Now, .214 pings fine and is accessible no problem, however .209 to .213 won't ping and won't receive incoming traffic. For surfing and such it's fine though, even sites such as whatismyip.com actually see me coming from the IP in the block. I've tried disabling the firewall on the router too, with no luck. I'm at a loss currently, other than changing firmware to DD-WRT or Tomato, but doing that will likely void warranty I imagine (plus it's a tad risky). On one other note, the Merlin firmware is brilliant, well done on that .

 

[coxhaus]

I guess you need the WAN interface to route on IP and mask, not just IP. Can you assign a network to the WAN interface?

 

[Ixel]

I guess you need the WAN interface to route on IP and mask, not just IP. Can you assign a network to the WAN interface?

I'm not sure if you were asking me that question or the OP, apologies if you was asking the OP.

If you were asking me then I'm not entirely sure what you're asking. Do you mean have I tried assigning the static IP to the WAN interface? If so, then no, mainly because the ISP I'm using has setup in a way that the WAN interface always gets a dynamic IP and the other static IP's assigned are routed with the last IP in the block typically being the gateway IP (the router's IP on the LAN). On my ISP supplied router they have static routing configured on interface 'br0', however I can't find such an interface (bridge?) on the RT-N66U, only WAN, LAN and MAN. When I try using WAN the connection to the internet is lost, if I use LAN or MAN I can use the internet but I can't receive incoming requests to the IP addresses. Perhaps it might be worth me reading up about iptables and trying to configure this manually via SSH?

 

[Pericynthion]

I dont think IP tables will help you here and you've also got to watch those subnet masks.

If your WAN interface has 255.255.255.248 then 1.1.1.208 is your network, 1.1.1.215 is your broadcast, and 209-214 are hosts expected to be on the same interface.
When the traffic comes in the ARP request (trying to find the physical adapter for that destination IP address) will only happen on that same interface - it wont propogate to the other switch / LAN ports, unless you are creating a bridge (as you say) to the other ports, on a different VLAN.

I've done this before on OpenWRT, but I can't see an easy way to do it with the stock/Merlin firmware.

 

[Ixel]

I dont think IP tables will help you here and you've also got to watch those subnet masks.

If your WAN interface has 255.255.255.248 then 1.1.1.208 is your network, 1.1.1.215 is your broadcast, and 209-214 are hosts expected to be on the same interface.
When the traffic comes in the ARP request (trying to find the physical adapter for that destination IP address) will only happen on that same interface - it wont propogate to the other switch / LAN ports, unless you are creating a bridge (as you say) to the other ports, on a different VLAN.

I've done this before on OpenWRT, but I can't see an easy way to do it with the stock/Merlin firmware.

I see. I was afraid that would be the case. Am I right in believing that if I flash to something like DD-WRT or w/e that I would be voiding my warranty with ASUS? If so that's a bummer, being held back by the lack of a bridge :x. Thanks for the replies so far though, as I'm pretty new to using ASUS routers anyway.