Assign Public IP

zizobaddy · August 23, 2014, 9:05am

Dear All

I have been asking this question for awhile and i have not gotten any acceptable answers yet.

Please find attached the network diagram

Currently i use netmap

I wish to be able to assign public ip to some clients while others will be behind nat

Please advice!!!

dolanp · August 23, 2014, 9:19am

Hi,

Use DST NAT

chain=dstnat action=dst-nat to-addresses=10.1.1.1
dst-address=1.2.3.4

Regards
Paul

hedele · August 23, 2014, 9:23am

Well to put it plain - it simply cannot work this way. Subnetting doesn’t work this way.
The only possibility to do this is to bridge your WAN and LAN interfaces, which would put all your clients directly on your uplink.
You can still do limited traffic flow manipulation and NAT with “Use IP firewall for bridge”, but I would strongly recommend that you implement PPPoE for your clients which need official IP addresses and assign the official IP addresses that way. You will also need to enable proxy-arp on the uplink interface.

dolanp · August 23, 2014, 9:27am

He is simply looking for a simple solution to redirect a public IP to an internal address.
This will work fine for what he wants.

zizobaddy · August 23, 2014, 10:02am

Thanks hedele

I have tried the bridge before.

I will probably revert back to the my method

What i was looking for was to assign the same way the ISP assisgns too

My current method is to turn some ports on the router to switch and then monitor from there

Thanks once again

CelticComms · August 23, 2014, 7:39pm

What you can and cannot do depends on whether the /29s are presented on your WAN interface or routed to you via some other IP. If they are not routed but are presented directly on the link network you do need proxy arp. If they are routed to you then you can certainly allocate individual addresses to customers but not all customer equipment can deal with a single /32 allocation along with a (private) link network. That is why people often fall back on PPPoE to solve the problem because PPPoE is widely available on customer equipment.

When working on ISP systems we generally have plenty of IP ranges to work with so we can use a variety of allocation strategies. When a customer has a smaller allocation it can be more challenging (though by no means impossible) - especially if there is only a link net allocation available.

zizobaddy · August 23, 2014, 11:42pm

Thanks for you advice

could you pls guide me through to to go about it using pppoe