This article will describe methods to distribute Public IPs on an EdgeRouter with steps to implement each method.
Table of Contents
- Distribute Using 1:1 NAT (recommended method)
- Distribute Using a Transit Address
- Distribute Using a Switch
- Related Articles
There are a few different methods to distribute an assigned block of Public IPs to multiple devices. The preferred method is to use 1:1 NAT where each host on the network has a private IP and it translates to a specified Public IP created on the WAN interface.
Depending on the size of the network a smaller range of the Public subnet can be assigned to an interface, and a DHCP server can be created with the transit address as the gateway. If just a few devices are needed, 1:1 NAT can be used and a static DHCP mapping created for the device in order for it to have a Private IP. Following that, a SNAT and DNAT rule would be created for that device. This way the Private IP range 10.1.10.0/24 is NATed to the IP on the WAN interface and the other devices are 1:1 NATed to the specific IP. When using 1:1 NAT, those IPs will need to be added on the WAN interface as well.
Distribute Using 1:1 NAT (recommended method)
One advantage of this method is that it does not require the loss of use of some public IPs in the range to distribute to other devices. In this example, if using: a Wizard in the EdgeOS GUI for the initial setup, a static address of 192.0.2.193/29 with a gateway of 192.0.2.198 as the gateway; then a Source NAT Masquerade rule will automatically be created so all traffic from the LAN will translate to 192.0.2.193. With the steps below we will specify that the FileServer at 10.0.9.10 will use the Public 192.0.2.194 address in the 192.0.2.193/29 block.
For reference: Using a subnet calculator we know that a /29 block has 6 usable addresses. 192.0.2.193/29
Usable Addresses: 192.0.2.193-192.0.2.197
Subnet Mask: 255.255.255.248
1. Add all WAN addresses on eth0. You can do this on the dashboard page by clicking Action > Config for eth0 and clicking Add IP. You will need to add each usable IP in your public range that you plan to distribute.
2. Create any DHCP static-mappings for Local hosts or assign the host a static Private IP address in your LAN network. In the EdgeOS GUI go to Services > DHCP Server > Actions for your LAN DHCP Server > Static-Mapping> Create New Mapping.
In this example we have 10.0.9.1/24 on our LAN port eth5 and have a FileServer receiving an IP of 10.0.9.10 using DHCP static-mapping.
3. Create 1:1 NAT rules:
a. Configure Source NAT Rule
This step will send all traffic from the fileserver at 10.0.9.10 outbound using 192.0.2.194.
Source NAT Rule
Outbound Interface: eth0
Source Address: <PrivateIPofHost>
Translation *Specify address and/or port*: Address: <publicIP>
Check All Protocols
b. Configure Destination NAT
This step will send all traffic destined to 192.0.2.194 to the FileServer at 10.0.9.10.
Destination NAT Rule
Inbound Interface: eth0
Check All Protocols
Distribute Using a Transit Address
With a /29 network, having only 6 usable Public IP addresses, it is unlikely that this method will be used as there would only be the option to use two /30 addresses which would require a transit address for each host unless the ISP has provided a transit address to use for the full /29 block. Without a transit address it would “waste” usable Public IP addresses.
In this example we will assume an /26 block with 62 usable addresses is given and the upstream provider has provided WAN access using a Peer-to-Peer connection as well as providing the /26 using a transit.
In this case the transit address will be used as the gateway for the devices in the /26 being distributed. A DHCP server will be able to be set up for the /26 or distribute to devices as needed.
Distribute Using a Switch
A simple method of distributing a public IP block would be to use a network switch connected to the ISP supplied Modem/Router. This would require one IP to be used on the switch and it is highly suggested to enable a firewall to protect the switch.