RT-AC5300 - Multiple Static IPs?

[boxst]

Hello

I have received a block of 8 IP's from my ISP and can't figure out how to configure the router to use them.

There are in the range x.x.x.32 - x.x.x.39. From what I understand, the .39 is the broadcast address, the .38 is the router and .32 is the network address, leaving 5 usable. I've left the router to say PPOE and it automatically gets the .38 and everything works happily as before (when I had a single IP) via NAT.

Now, if i want an external server on x.x.x.33 for example, I thought I just had to set it up as a static IP the correct subnet (255.255.255.248) and off it went. But, no. I had a Draytek many years ago, I seem to having a screen where I could configure all this stuff, but on the ASUS, no ...

Any help really appreciated.

Thanks,

Steve

 

[sfx2000]

There are in the range x.x.x.32 - x.x.x.39

What's more helpful in giving advice perhaps is the first three octets... and the CIDR from there...

As an example they give you 100.64.221.208 - 100.64.221.215 - so your netmask would be 255.255.255.248, and another way to express this, and this is meaningful - 100.64.221.208/29

So - don't worry about hiding IP ranges - we'll find you anyways - no security in obscurity...

showing AAA:BBB:CCC:032 doesn't mean anything...

 

[sfx2000]

Anyways - this is really odd -as this is the second post today from someone that was given a /29 block of addresses from their ISP (the other poster's ISP was Zen) - if one truly has a /29 block of routable public IP's, this somewhat precious, as IPv4 addresses are getting hard to come by...

In any event, with a consumer grade router/AP - they're designed for a single WAN facing IP - so to answer the question - pick one within that block, and that's what you get without getting into 3rd party firmware or something more capable than a consumer grade router...

 

[boxst]

Surprise Surprise .... this is Zen

So it's x.x.x.32 - x.x.x.39 / 29

This means that the ASUS can't do it? That's disappointing.

 

[sfx2000]

Well - unless it's a business account, they're being wasteful on the /29 blocks...

I'm assuming it's these guys -- https://www.zen.co.uk

It'll impact them in the long run, burning off IPv4 addresses like this...

It's not that Asus couldn't do it - it's just perhaps outside of the product specification for a consumer grade device on factory firmware... most folks on consumer broadband just get a single WAN IP...

 

[boxst]

Correct, that is the isp.

Is there a different firmware you can recommend? I used to use Merlin a long while ago on an old Asus.

Thanks.

 

[sfx2000]

Correct, that is the isp.

Is there a different firmware you can recommend? I used to use Merlin a long while ago on an old Asus.

Thanks.

I was thinking maybe RMerlin's build, but then saw this...

https://github.com/RMerl/asuswrt-merlin/issues/150

So there's nothing stopping one from swapping IP's (and in that bug thread there is a script on how to do this), but it still seems that as a gateway device, it's intended use is for a single IP..

One could always put a switch between the modem and multiple end-points... but I don't think that's what you're looking for..

 

[Nicknoxx]

I was 'the other guy' with a block of IP addresses from Zen and I'm also trying to use two of them. So far I've determined that it's not possible on the stock firmware but it has been done with iptables on the Merlin firmware, however it's currently beyond my skills to do this. The two most useful link I've found so far are:-
http://www.snbforums.com/threads/1-1-nat-accessing-hosts-by-public-ip-via-lan.18605/
http://www.dd-wrt.com/wiki/index.php/One-to-one_NAT

Edit I can tell you that the first address in your block is the network address, the penultimate is the router address and the last in the broadcast address. Also that your subnet will be 255.255.255.248 in case that helps.

Edit 2 This is what I'm trying to achieve.

 

[sfx2000]

Most factory builds on consumer oriented routers are not intended for this use case - one can go under the hood and 'adjust' things there, but this is outside of the typical use case for BHR's...

OpenWRT might be able to handle this straight up on supported HW, and of course pfSense, and MicroTik can deal with it - I suspect UBNT could also support something like this fairly easily...

(/29 blocks are handy for business use - and BHR's are typically intended for home use)

 

[boxst]

Nick, that is more or less exactly what I'm trying to do. And have done previously with a Draytek router. My conclusion is that it isn't possible on most consumer routers I've looked at sadly.

 

[Nicknoxx]

Turns out it was quite simple. I installed Asuswrt merlin on my router and then stuck the following rules in
/jffs/scripts/services-start

#!/bin/sh
iptables -t nat -I PREROUTING -d 82.xxx.xxx.12 -j DNAT --to 192.168.1.65
iptables -t nat -I POSTROUTING -s 192.168.1.65 -j SNAT --to 82.xxx.xxx.12

for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i ; done
iptables -I FORWARD -d 192.168.1.65 -j ACCEPT

 

[boxst]

That's cool, I will give it a go when I get home. Any (major) performance issues in doing the routing tables?

 

[Nicknoxx]

That's cool, I will give it a go when I get home. Any (major) performance issues in doing the routing tables?

No, none, I was getting over 60Mb/s at the routed machine. The only thing to note is that the routing is done before the Asus firewall so the target machine is exposed directly to the internet. Not a problem if it's a Linux box because you can just set up a local firewall but may be a problem if it's Windows machine.