So I requested a new service from my ISP and they supplied me with a network diagram that is very weird and unorthodox in my opinion.
They are asking for me to apply a private address to my router which is connected to their Ethernet hand-off then on my LAN side, apply my public IP addresses. Additionally, a route statement must be applied to set the default gateway as their equipment’s private IP.
*** Note that all addressed used are fake.***
I can get this to work if I have two routers on my end:
One router to hold the 1.1.1.2/30 on it’s WAN interface and 43.54.32.201 on it’s LAN interface.
Then the second router to hold 43.53.32.202/29 with a default gateway of 43.53.32.201/29
Is there any way I can accomplish this all with one router? I would like to NAT traffic behind 43.53.32.201/29
So assign your 43.x network on loopbacks, use whatever you want on your LAN, and nat it?
There’s nothing strange and/or complicated about this. With the shortage of IPv4 space, I’m not surprised at the “private” /30 they allocated. It won’t break anything and everything will work fine.
I don’t understand what is supposed to be the problem. The only slighly unusual thing might be private adddress space on WAN, but it does not influence anything (you’ll just use srcnat with specific address instead of usual masquerade). Other than that, you get a nice routed subnet and you can do anything you want with it:
a) Put all addresses on router and with help of NAT enjoy all eight of them.
b) Put /29 on internal interface, use one for router, waste two for network address and broadcast and give the remaining five to other machines.
c) Route individual /32 addresses inside your internal network to any machines that might need them, no matter how far from router they are.
d) Invent some more or less crazy setup. E.g. take b) and then instead of just wasting two addresses, use them with NAT. You don’t need to directly assign them anywhere, but you can still use them, so even if internally they are network address and broadcast, they are perfectly usable from outside. And this example is not even crazy at all.
In other words, you have routed subnet, your options are endless. Ok, with just /29, endless is probably an overstatement.
I’m guessing by ‘loopbacks’ you mean a bridge interface. So go ahead and give 43.54.32.201 and 43.54.32.202 to two bridge interfaces. Immediately I can access these addresses from outside; I can even ssh in from the public so I know there is a route in (from the ISP equipment).
My next step is I setup a nat masquerade rule for the all traffic going out the interface that holds 43.54.32.202. I then mangle a connection from a particular host inside the network and give them a routing mark. I then set a route 0.0.0.0/0 out the interface that holds 43.54.32.202 with the routing mark created previously.
When I got to the host and do a trace out to 8.8.8.8, my last hop looks like this: 43.54.32.202 (43.54.32.202) 3007.467 ms !H 3007.394 ms !H 3007.349 ms !H
Note that this is not my primary link, the routes I am creating have distance of 5 manually set. I’m relying on the routing marks to route traffic out.
