Multiple public IPs with one router using DD-WRT

Discussion in 'Guides and Tutorials' started by ChambeRFienD, Oct 31, 2007.

  1. ChambeRFienD
    Offline

    ChambeRFienD Upgraded User

    Trophy Points:
    0
    DD-WRT - Multiple public IP addresses on one router

    This was only tested on a Linksys WRT54GL running DD-WRT v23 SP2 (09/15/06) std

    This guide will show you how to have multiple public IP addresses under one router. I know my setup may not be what anyone is looking for but when I was trying to do this at work it took me forever to find a guide on doing exactly what I wanted. Once you complete this you will have one static public IP address that will handle all the PCs on your network that need internal IPs from DHCP and static IPs for any servers you may want to run. This is ideal for keeping servers and workstations all on the same network.

    You will need static IP addresses issued to you from your ISP for this to work.

    Step 1: Set up the first Static IP (This is the IP that will be shared by all your DHCP computers)

    In DD-WRT open the "Setup" tab and the "Basic Setup" subtab. Set up your first static IP address as you would normally, filling out your static IP, subnet mask, gateway and DNS servers. Also, set up your DHCP settings on this page to fit your needs.

    Step 2: Edit IP tables via commands in the admin panel

    This is where all the magic is. Open the "Administration" tab and the "Commands" subtab.

    In this menu you will have to enter commands to set up your router's IP table.

    For every static IP address you wish to use you will need to have this line:
    /usr/sbin/ip addr add xxx.xxx.xxx.xxx dev vlan1 (Replacing the xxx.xxx.xxx.xxx/29 with the static IP you wish to add)

    Example:

    /usr/sbin/ip addr add 111.111.111.111/29 dev vlan1
    /usr/sbin/ip addr add 222.222.222.222/29 dev vlan1
    /usr/sbin/ip addr add 333.333.333.333/29 dev vlan1

    Then, you need to point each of these IP addresses to a machine on your network (Which should be set up to manually aquire an internal IP address) using the following line:
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s yyy.yyy.yyy.yyy -j SNAT --to xxx.xxx.xxx.xxx (Where xxx.xxx.xxx.xxx is the public static IP and yyy.yyy.yyy.yyy is the manually assigned internal IP)

    Example:

    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.2 -j SNAT --to 111.111.111.111
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.3 -j SNAT --to 222.222.222.222
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.4 -j SNAT --to 333.333.333.333

    After this your machines you assigned above should have their own public IP address assigned to it! Now, this is all kind of useless without forwarding some ports. Let's do this now.

    To forward a port to one of your machines with a public IP you must insert the following line:

    /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to-destination yyy.yyy.yyy.yyy:80
    /usr/sbin/iptables -I FORWARD -p tcp -d yyy.yyy.yyy.yyy --dport 80 -j ACCEPT (Where xxx.xxx.xxx.xxx is the public static IP and yyy.yyy.yyy.yyy is the manually assigned internal IP, replace "80" with the port you wish to forward to that machine)

    Example:

    /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 111.111.111.111 --dport 80 -j DNAT --to-destination 192.168.1.2:80
    /usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 80 -j ACCEPT

    /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.3:22
    /usr/sbin/iptables -I FORWARD -p tcp -d 92.168.1.3 --dport 22 -j ACCEPT

    /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 333.333.333.333 --dport 3389 -j DNAT --to-destination 192.168.1.4:3389
    /usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.4 --dport 3389 -j ACCEPT

    Using the above method you can forward as many ports to an IP as you wish.

    Once you have all these lines together you should have something that looks kinda like this:

    Code:
    /usr/sbin/ip addr add 111.111.111.111/29 dev vlan1
    /usr/sbin/ip addr add 222.222.222.222/29 dev vlan1
    /usr/sbin/ip addr add 333.333.333.333/29 dev vlan1
    
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.2 -j SNAT --to 111.111.111.111
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.3 -j SNAT --to 222.222.222.222
    /usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.4 -j SNAT --to 333.333.333.333
    
    /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 111.111.111.111 --dport 80 -j DNAT --to-destination 192.168.1.2:80
    /usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 80 -j ACCEPT
    
    /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.3:22
    /usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.3 --dport 3389 -j ACCEPT
    
    /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 333.333.333.333 --dport 3389 -j DNAT --to-destination 192.168.1.4:3389
    /usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.4 --dport 80 -j ACCEPT
    Once all your commands are entered hit "Save Startup" and a reboot might help.

    Hopefully this helps someone.. Have any questions? Feel free to ask!
  2. odders
    Offline

    odders New Member

    Trophy Points:
    0
    Oh, this is EXACTLY what I was looking for :hap2: Thanks so much for the guide :)
  3. Kuantum
    Offline

    Kuantum Privileged Users

    Trophy Points:
    32
  4. msiegel
    Offline

    msiegel New Member

    Trophy Points:
    0
    Thank you so much, it worked perfectly! That was extremely helpful :D
  5. pilotbob3
    Offline

    pilotbob3 New Member

    Trophy Points:
    0
    I just wanted to let you know that I struggled for 3 days to get my static IP routing working. I found your FAQ via Google and it got me up and running in 15 minutes :)

    Thank you so very much for your great guide!
  6. numenorean_b
    Offline

    numenorean_b New Member

    Trophy Points:
    0
    Thats a great Guide, easy to understand and implement!
  7. Nacho71
    Offline

    Nacho71 New Member

    Trophy Points:
    0
    Brilliantl and simple. Thank you!
  8. DanDroiD
    Offline

    DanDroiD Upgraded User

    Trophy Points:
    0
    very nice guide
  9. rajatgarewal
    Offline

    rajatgarewal Upgraded User

    Trophy Points:
    0
    can this make me use NIB 1 ids on NIB 2 binded id???
  10. harmandeep
    Offline

    harmandeep VirTuaLiZaTioN Freak

    Trophy Points:
    37
    ^ hopefully not ... maybe due to entirely different nas/radius srvrs:S .... u can use wireshark to see the details of the trace msgs as though with wht ur local RAS srvr replies ... when u try to use the other NIB binded id ... ( user not found ) ...
  11. ɱɑɖɖÊ
    Offline

    É±É‘É–É–Ê Upgraded User

    Trophy Points:
    0
    Excellent and Lucid:)
  12. dannyelectron
    Offline

    dannyelectron New Member

    Trophy Points:
    0
    This is an excellent guide, got it working in 15 minutes after searching for like a week and a half for a solution.

    Got an issue though, the place I did this for had 1 modem with 5 static IPs. Their provider would not offer them more static IP's with the same modem so they just bought another block of 5 IP's with another modem.

    How would you go about this installation for the 10 IP's (preferably having all the computers still networked)

    Is this even possible to have them all networked or would I just need to do this twice on two different routers and they will not be networked?

    Thanks,

    Danny
  13. divagara
    Offline

    divagara Upgraded User

    Trophy Points:
    16
    nice one.............thanx....:hap2:
  14. sirussofts
    Offline

    sirussofts New Member

    Trophy Points:
    0
    thank you very much thsi is exactly what i need for my 5 static IP's, i was about to go buy 4 more routers and add DDWRT to them too..

    there is only one question i have.

    can a DMZ be applied to more then one of these static IP's?

    if so how?
  15. jasonemmg
    Offline

    jasonemmg Upgraded User

    Trophy Points:
    0
    I need to do something similar with a Sonicwall TZ-210. Anyone know how.

    I have 5 public IPs from my ISP. I have a TZ-170 but when I programmed my new TZ-210, 2 client site-to-site VPNs do not work.

    Is there a way I can have both the TZ-170 and new TZ-210 connected with the same existing public IP, or how do I forward data between 2 different public IPs on the TZ-210?

    Thanks in advance
  16. Daniel Reagan
    Offline

    Daniel Reagan New Member

    Trophy Points:
    1
    This looks to be exactly what I am needing for one of my clients using a Buffalo router. If, that is, I can configure 2 different VPN's for my clients...one for each of the 2 servers in the office. 2 Divisions in the office and each has their own domain, email, and file server access. One of the divisions now has a second office that I need to connect with VPN for file access on the server (mapped drives). They already have 5 public IP addresses.
  17. Sune Brodersen
    Offline

    Sune Brodersen New Member

    Trophy Points:
    1
    Hi,
    Thanks for the guide :)

    I have one question. I have 2 static IP's that have different gateways like:

    IP adresse 1: xxx.xxx.xxx.46
    Default gateway: xxx.xxx.xxx.45
    Subnet mask: 255.255.255.252

    IP adresse 2: xxx.xxx.xxx.50
    Default gateway: xxx.xxx.xxx.49
    Subnet mask: 255.255.255.252

    Does the gateway really matter for this? I guess the first IP which i just configure as static IP (or DHCP) will work as gateway for all clients on the LAN. So do i need the gateway for the other IP's?

    How do I get it to work in the above?
Similar Threads
Forum Title Date
Guides and Tutorials Running Multiple copies of Media Player on Windows Jan 8, 2005

Share This Page