EdgeRouter - Routing: How to Distribute Public IPs


This article will describe methods to distribute Public IPs on an EdgeRouter with steps to implement each method.

Table of Contents

  1. Introduction
  2. Distribute Using 1:1 NAT (recommended method)
  3. Distribute Using a Transit Address
  4. Distribute Using a Switch
  5. Related Articles


Back to Top

There are a few different methods to distribute an assigned block of Public IPs to multiple devices. The preferred method is to use 1:1 NAT where each host on the network has a private IP and it translates to a specified Public IP created on the WAN interface.  

Depending on the size of the network a smaller range of the Public subnet can be assigned to an interface, and a DHCP server can be created with the transit address as the gateway. If just a few devices are needed, 1:1 NAT can be used and a static DHCP mapping created for the device in order for it to have a Private IP. Following that, a SNAT and DNAT rule would be created for that device. This way the Private IP range is NATed to the IP on the WAN interface and the other devices are 1:1 NATed to the specific IP. When using 1:1 NAT, those IPs will need to be added on the WAN interface as well.

Distribute Using 1:1 NAT (recommended method)

Back to Top

One advantage of this method is that it does not require the loss of use of some public IPs in the range to distribute to other devices. In this example, if using: a Wizard in the EdgeOS GUI for the initial setup, a static address of with a gateway of as the gateway; then a Source NAT Masquerade rule will automatically be created so all traffic from the LAN will translate to With the steps below we will specify that the FileServer at will use the Public address in the block.

 book_25x25.png   NOTES:

For reference: Using a subnet calculator we know that a /29 block has 6 usable addresses.

Usable Addresses:

Subnet Mask:




Back to Top

1. Add all WAN addresses on eth0. You can do this on the dashboard page by clicking Action > Config for eth0 and clicking Add IP. You will need to add each usable IP in your public range that you plan to distribute.


2. Create any DHCP static-mappings for Local hosts or assign the host a static Private IP address in your LAN network. In the EdgeOS GUI go to Services > DHCP Server > Actions for your LAN DHCP Server > Static-Mapping> Create New Mapping.

In this example we have on our LAN port eth5 and have a FileServer receiving an IP of using DHCP static-mapping.


3. Create 1:1 NAT rules:

a. Configure Source NAT Rule

This step will send all traffic from the fileserver at outbound using

Source NAT Rule

Outbound Interface: eth0

Source Address:  <PrivateIPofHost>

Translation *Specify address and/or port*:  Address:  <publicIP>

Check All Protocols 


b. Configure Destination NAT

This step will send all traffic destined to to the FileServer at 

Destination NAT Rule

Inbound Interface: eth0

Translation: <PrivateIP>

Destination: <PublicIP>

Check All Protocols



Distribute Using a Transit Address

Back to Top

With a /29 network, having only 6 usable Public IP addresses, it is unlikely that this method will be used as there would only be the option to use two /30 addresses which would require a transit address for each host unless the ISP has provided a transit address to use for the full /29 block. Without a transit address it would “waste” usable Public IP addresses.

In this example we will assume an /26 block with 62 usable addresses is given and the upstream provider has provided WAN access using a Peer-to-Peer connection as well as providing the /26 using a transit.

In this case the transit address will be used as the gateway for the devices in the /26 being distributed. A DHCP server will be able to be set up for the /26 or distribute to devices as needed.


Distribute Using a Switch

Back to Top

A simple method of distributing a public IP block would be to use a network switch connected to the ISP supplied Modem/Router. This would require one IP to be used on the switch and it is highly suggested to enable a firewall to protect the switch.


Related Articles

Back to Top

EdgeRouter - NAT Hairpin (Nat Inside-to-Inside / Loopback / Reflection)

Intro to Networking - Network Address Translation (NAT) and the Internet

EdgeRouter - Add source NAT rules

EdgeRouter - Destination NAT rules

We're sorry to hear that!