Page 1 of 1
NAT and Switch on a Single Device
Posted: Tue Mar 18, 2025 7:21 am
by kspr
I recently discovered that I can get more than one IP address from my provider.
Because of this, I wanted to expose one of my devices directly to the internet.
What do I need to do on my hAP ax3 router (with the default configuration for simplicity) is to keep ports ether2, ether3, ether4 and WiFi behind NAT, allowing the device connected to ether5 to get an IP address directly from my provider?
The solution I started testing was to add ether1 (WAN) and ether5 to the same bridge. However, I noticed that after adding ether1 to bridge, other devices lost internet access, and I stopped working on this solution
Re: NAT and Switch on a Single Device
Posted: Tue Mar 18, 2025 4:50 pm
by anav
Netmap maybe?
Take an etherport off the bridge that is attached to the device..............
Etherport not part of LAN interface
Separate firewall rules if required for etherport
Re: NAT and Switch on a Single Device
Posted: Tue Mar 18, 2025 5:06 pm
by rextended
Ignoring why you want to expose a device to the internet with an IP, instead of opening only the necessary ports via NAT,
you have not explained how the provider delivers you internet and how they should deliver the second IP to you.
Paste this on terminal for join ether1 and ether5 on one bridge,
starting from default config is required.
{
/interface bridge
add admin-mac=4A:A9:8A:00:00:01 auto-mac=no comment="rexconf undo: delete this" name="bridge-WAN"
/ip dhcp-client
set [find where interface=ether1] comment="rexconf undo: set interface=ether1" interface="bridge-WAN"
/interface bridge port
add interface=ether1 bridge="bridge-WAN" comment="rexconf undo: delete this"
set [find where interface=ether5 and bridge=bridge] bridge="bridge-WAN" comment="rexconf undo: set bridge=bridge"
}
And about firewall, since on bridges the firewall is not used, for default, is all allowed between ether2~4 and wifi1~2 and separately also between ether1 and ether5.
Re: NAT and Switch on a Single Device
Posted: Wed Mar 19, 2025 12:02 am
by cstarritt
I recently discovered that I can get more than one IP address from my provider.
Because of this, I wanted to expose one of my devices directly to the internet.
What do I need to do on my hAP ax3 router (with the default configuration for simplicity) is to keep ports ether2, ether3, ether4 and WiFi behind NAT, allowing the device connected to ether5 to get an IP address directly from my provider?
The solution I started testing was to add ether1 (WAN) and ether5 to the same bridge. However, I noticed that after adding ether1 to bridge, other devices lost internet access, and I stopped working on this solution
Most other lines of configuration in the device that previously pointed to ether1 will need to be rewritten to point at the new wan-bridge interface instead. I don't have an ax3, so I don't know what all they have setup in the default config, but I would start with the DHCP Client, the src-nat/masquerade rule, any firewall filter rules, and any interface lists.
Re: NAT and Switch on a Single Device
Posted: Wed Mar 19, 2025 12:21 am
by rextended
It's like writing "I don't know how to do it, click here, click there"...
What you wrote is completely useless, just read my previous post and you can clearly see what needs to be changed.
Re: NAT and Switch on a Single Device
Posted: Mon Mar 24, 2025 8:03 pm
by kspr
Ignoring why you want to expose a device to the internet with an IP, instead of opening only the necessary ports via NAT,
you have not explained how the provider delivers you internet and how they should deliver the second IP to you.
Thank you for the response and for moderating this thread. For now, I’ll hold off on making any changes.
However, I’d like to explain why I wanted to do this—maybe someone else will have a similar idea and come across this thread.
The device I wanted to make accessible externally is a PlayStation. It has a Remote Play feature, and I was hoping that exposing it directly to the internet would help reduce latency, even if only slightly.