i am implementing a new nat router for my customer network. Most of my customers use a private address, but some are using public ip addresses directly. My isp has allotted me a block of addresses that some of my customers need for servers, etc.. In the web interface on my old router (Edimax pri-684) it has something it calls Public DMZ where you can have the following:
The only way i’ve made it work is an obvious security risk, and probably poses other problems too. I have created a bridge and added my lan and wan port to it. This way public address works on my network, and private local addresses work. But i cannot keep it this way i need to figure out how to route the ip in.
I tried using src-nat and dst-nat, but the route list assumes that my customers public address is on the wan, so i added a static arp entry showing that the customer public ip is on the lan, however routing was still not working.
Any suggestions or ideas? I know it can be done because my old router could do it.
Did they give you a range where you make your router the gateway for that range, or did they just give you a specific number of publics where you have to make their router the gateway?
To answer the first question, my isp gave me a block of 5 ip addresses for me to assign to devices. My isp’s router is the gateway.
I actually have connections from 3 different isps and i have 5 ip addresses available on each, i hope to load balance the three together and distribute some of the ips to my customers. I think i have most everything worked out of except this little problem.
I think what i am trying to do is called one to one nat in some routers. i tried every different combinations of configurations of nat, under firewall. I havent yet tried anything with the nat or broute options under the bridge menu however, i probably will tomorrow.
i will post if i get it to work as one-to one nat
I had originally tried using regular src and dst nats but it did not work. It seemed like i needed special routes set up to tell the MT box that the certain public ip is on my private interface. I couldn’t set up any routes to make it work.
I ended up making a eoip tunnel between my router and a virtual ap. Then i made a mac bridge between the public interface on my router and the eoip tunnel.
This does the job nicely, but it makes it so that that particular traffic is not processed by my bandwidth management/billing server (a non MT bridge device between my router and aps). But that is OK because i do not have a lot of customers needing this type of setup, i can just turn them on and off and bandwidth control manually at the router.