BRT-AC828 IP Alias

[Fugaxo]

Hello Everyone

I am new to the forum and not very experienced in router configuration, but i come here asking for your help.

I recently bought an AC828 for business because reviews were good and the features look good for what i needed.

However i am having a problem. i am trying to replace my isp router with the ac828 but i need to set up some ip alias which i cannot find how.

From what i understood, the isp does this to save some public ip's. I have the ip's and gateway to the the "subnet" in the range 100.xxx.xxx.xxx/30 but i need to setup an alias that will NAT to the internet with the public address in the range 62.xxx.xxx.xxx/32.

Is there a way a can setup this using the asuswrt stock firmware updated to last version? i cant find it anywhere

If not, is there an alternative firmware for the AC828 ?

Thanks in advance

 

[ColinTaylor]

Have a look at the WAN configuration on your ISP router and try to copy that. Usually the WAN connection type is set to Automatic (i.e, DHCP), but sometimes you have to use Static and type in the values provided by your ISP.

Your public IP address (62.xxx.xxx.xxx) and the CGNAT address (100.64.0.0/10) are not normally something that you can change as that is taken care of by your ISP's equipment.

If in doubt contact your ISP.

 

[Fugaxo]

Exactly. I contacted the ISP. They gave me both the CGNAT and the public IP. The CGNAT does not use DHCP. it is a Static.
To my understanding, the CGNAT ip and gateway should be enough for it to work, however, it doesen't! Somehow i have to create this ip alias. They even gave me an example of how to do it in a DryTek router. See pic

The one thing i find strange is that i cannot find anything related to that in the Asus stock firmware of the BRT. Can i somehow solve this using static routes?

 

[ColinTaylor]

Your picture is too small to read. Can you post a bigger one.

 

[Fugaxo]

Your picture is too small to read. Can you post a bigger one.

First of all, thanks for your help. Actually the picture sent by the tech guy is not great. Here is a link to Drytek web where they do something similar.
https://www.draytek.com/en/faq/faq-...ias-and-do-address-mapping-on-vigor2960/3900/

 

[ColinTaylor]

Thanks for the link. There appears to be a typo on the last line of that page. AFAICT it should read "192.168.1.10 will always use the WAN IP 10.0.0.3".

I've not personally used the BRT-AC828, only Asus' consumer routers. But looking at the manual it seems more or less the same.

In the Draytek example the user has been given 254 IP addresses (10.0.0.2/24). So he sets his WAN IP address to 10.0.0.2 and then creates aliases for the other IP addresses. He now has up to 254 WAN IP addresses which he can NAT to specific devices on his LAN. As far as I know this is not a supported feature on the Asus. The Asus assumes that each physical WAN interface (because you can define 2) can only have one IP address.

So the question at this point is, do you need multiple WAN IP addresses? You said your ISP gives you 100.xxx.xxx.xxx/30, which in theory would be 2 addresses, or 4 if you include the network and broadcast addresses.

EDIT: Would you mind telling us what that actual address is for 100.xxx.xxx.xxx. It's not a public address so there's no security implications. Also, is the gateway address a similar 100. address or is it something completely different?

 

[Fugaxo]

Still no luck. The CGNAT address they gave me is 100.64.232.40/30

i set it up as follows:

Ip:100.64.232.42
gateway:100.64.232.41
netmask:255.255.255.252

802.1q enabled with vlan tag 20 (as in draytek)

then they gave me the 62.xxx.xxx.xxx/32 public ip which i should configure as an alias. In the web interface of the BRT there is nothing similar to the draytek so i accessed it via telnet and tried to mess with ip route and iptables but still no luck.

i need to somehow create a rule that translates all outgoing traffic through WAN interface comming from my subnet 192.168.2.0 to the 62.xxx.xxx.xxx/32 public ip.

Any chance i can do this via telnet and busybox on stock firmware? is there an alternative firmware for the BRT?


Thank you

 

[ColinTaylor]

802.1q enabled with vlan tag 20 (as in draytek)

This is the first time you have mentioned VLANs. Why do you need to tag it?

What ISP equipment are you plugging the Asus' WAN connection into?

Ip:100.64.232.42
gateway:100.64.232.41
netmask:255.255.255.252

Try configuring the Ethernet network adaptor on your PC statically with these values. Then plug the PC directly into the ISP-supplied equipment. Can you ping 8.8.8.8?

 

[Fugaxo]

Hi there. Still no luck.

i used vlan 20 tag because the isp told me too (first image i posted that is not clear)

The WAN1 on the BRT is connected to the fiber ONT

I've tried to mimic the config on draytek router via telnet running the following commands:

Create an alias to eth0 vlan:

 ifconfig eth0.20:0 62.XXX.XXX.XXX netmask 255.255.255.255  up

Create a postrouting snat translation for the outgoing packets comming from subnet 192.168.2.0/24

itptables -t nat -I POSTROUTING -s 192.168.2.0/24 -o eth0+ -j SNAT --to 62.XXX.XXX.XXX

This somehow made sense for me when looking at draytek config...Does it make any sense to you?

I can ping 100.64.232.41, however, still no luck pinging 8.8.8.8 or other outside addresses...

Output of ifconfig:

admin@BRT-AC828:/tmp/home/root# ifconfig
ath0       Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST RUNNING  MTU:1500  Metric:1
           RX packets:1845 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2759 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:212490 (207.5 KiB)  TX bytes:430795 (420.6 KiB)

ath1       Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST RUNNING  MTU:1500  Metric:1
           RX packets:5367 errors:0 dropped:0 overruns:0 frame:0
           TX packets:5227 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:621659 (607.0 KiB)  TX bytes:1756305 (1.6 MiB)

bond0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST RUNNING ALLMULTI MASTER MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2088 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:227398 (222.0 KiB)

br0        Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:7825 errors:0 dropped:0 overruns:0 frame:0
           TX packets:4810 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:724643 (707.6 KiB)  TX bytes:1696899 (1.6 MiB)

eth0       Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:374 errors:0 dropped:0 overruns:0 frame:0
           TX packets:5702 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:38851 (37.9 KiB)  TX bytes:492492 (480.9 KiB)
           Interrupt:252

eth0.20    Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           inet addr:100.64.232.42  Bcast:100.64.232.43  Mask:255.255.255.252
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:374 errors:0 dropped:0 overruns:0 frame:0
           TX packets:5702 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:32063 (31.3 KiB)  TX bytes:469852 (458.8 KiB)

eth0.20:0  Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           inet addr:62.xxx.xxx.xxx  Bcast:62.255.255.255  Mask:255.255.255.255
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1       Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST RUNNING SLAVE  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:828 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:0 (0.0 B)  TX bytes:88016 (85.9 KiB)
           Interrupt:255

eth2       Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST RUNNING SLAVE  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1260 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:0 (0.0 B)  TX bytes:139382 (136.1 KiB)
           Interrupt:2

eth3       Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
           Interrupt:5

lo         Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:253 errors:0 dropped:0 overruns:0 frame:0
           TX packets:253 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:67153 (65.5 KiB)  TX bytes:67153 (65.5 KiB)

wifi0      Link encap:UNSPEC  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:2699
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
           Interrupt:68 Memory:e0000000-e0200000

wifi1      Link encap:UNSPEC  HWaddr XX:XX:XX:XX:XX:XX
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:2699
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
           Interrupt:90 Memory:e0400000-e0600000

Output of iptables -t nat -L POSTROUTING

admin@BRT-AC828:/tmp/home/root# iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  192.168.2.0/24       anywhere             to:62.xxx.xxx.xxx
ACCEPT     all  --  192.168.2.0/24       anywhere             policy match dir out pol ipsec
MASQUERADE  all  -- !100.64.232.42        anywhere
MASQUERADE  all  --  192.168.2.0/24       192.168.2.0/24

Output of route

admin@BRT-AC828:/tmp/home/root# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         100.64.232.41   0.0.0.0         UG    0      0        0 eth0.20
100.64.232.40   *               255.255.255.252 U     0      0        0 eth0.20
100.64.232.41   *               255.255.255.255 UH    0      0        0 eth0.20
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
192.168.2.0     *               255.255.255.0   U     0      0        0 br0
239.0.0.0       *               255.0.0.0       U     0      0        0 br0

 

[ColinTaylor]

Sorry, I don't know enough about this kind of setup to offer any more suggestions. Hopefully someone else can help.

 

[Fugaxo]

Thank you anyway. Maybe someone will run into the same problem and find this info useful!