User Guides Multiple public IPs with one router using DD-WRT

DD-WRT - Multiple public IP addresses on one router

This was only tested on a Linksys WRT54GL running DD-WRT v23 SP2 (09/15/06) std

This guide will show you how to have multiple public IP addresses under one router. I know my setup may not be what anyone is looking for but when I was trying to do this at work it took me forever to find a guide on doing exactly what I wanted. Once you complete this you will have one static public IP address that will handle all the PCs on your network that need internal IPs from DHCP and static IPs for any servers you may want to run. This is ideal for keeping servers and workstations all on the same network.

You will need static IP addresses issued to you from your ISP for this to work.

Step 1: Set up the first Static IP (This is the IP that will be shared by all your DHCP computers)

In DD-WRT open the "Setup" tab and the "Basic Setup" subtab. Set up your first static IP address as you would normally, filling out your static IP, subnet mask, gateway and DNS servers. Also, set up your DHCP settings on this page to fit your needs.

Step 2: Edit IP tables via commands in the admin panel

This is where all the magic is. Open the "Administration" tab and the "Commands" subtab.

In this menu you will have to enter commands to set up your router's IP table.

For every static IP address you wish to use you will need to have this line:
/usr/sbin/ip addr add xxx.xxx.xxx.xxx dev vlan1 (Replacing the xxx.xxx.xxx.xxx/29 with the static IP you wish to add)

Example:

/usr/sbin/ip addr add 111.111.111.111/29 dev vlan1
/usr/sbin/ip addr add 222.222.222.222/29 dev vlan1
/usr/sbin/ip addr add 333.333.333.333/29 dev vlan1

Then, you need to point each of these IP addresses to a machine on your network (Which should be set up to manually aquire an internal IP address) using the following line:
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s yyy.yyy.yyy.yyy -j SNAT --to xxx.xxx.xxx.xxx (Where xxx.xxx.xxx.xxx is the public static IP and yyy.yyy.yyy.yyy is the manually assigned internal IP)

Example:

/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.2 -j SNAT --to 111.111.111.111
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.3 -j SNAT --to 222.222.222.222
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.4 -j SNAT --to 333.333.333.333

After this your machines you assigned above should have their own public IP address assigned to it! Now, this is all kind of useless without forwarding some ports. Let's do this now.

To forward a port to one of your machines with a public IP you must insert the following line:

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to-destination yyy.yyy.yyy.yyy:80
/usr/sbin/iptables -I FORWARD -p tcp -d yyy.yyy.yyy.yyy --dport 80 -j ACCEPT (Where xxx.xxx.xxx.xxx is the public static IP and yyy.yyy.yyy.yyy is the manually assigned internal IP, replace "80" with the port you wish to forward to that machine)

Example:

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 111.111.111.111 --dport 80 -j DNAT --to-destination 192.168.1.2:80
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 80 -j ACCEPT

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.3:22
/usr/sbin/iptables -I FORWARD -p tcp -d 92.168.1.3 --dport 22 -j ACCEPT

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 333.333.333.333 --dport 3389 -j DNAT --to-destination 192.168.1.4:3389
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.4 --dport 3389 -j ACCEPT

Using the above method you can forward as many ports to an IP as you wish.

Once you have all these lines together you should have something that looks kinda like this:

Code:
/usr/sbin/ip addr add 111.111.111.111/29 dev vlan1
/usr/sbin/ip addr add 222.222.222.222/29 dev vlan1
/usr/sbin/ip addr add 333.333.333.333/29 dev vlan1

/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.2 -j SNAT --to 111.111.111.111
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.3 -j SNAT --to 222.222.222.222
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.4 -j SNAT --to 333.333.333.333

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 111.111.111.111 --dport 80 -j DNAT --to-destination 192.168.1.2:80
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 80 -j ACCEPT

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.3:22
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.3 --dport 3389 -j ACCEPT

/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 333.333.333.333 --dport 3389 -j DNAT --to-destination 192.168.1.4:3389
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.4 --dport 80 -j ACCEPT
Once all your commands are entered hit "Save Startup" and a reboot might help.

Hopefully this helps someone.. Have any questions? Feel free to ask!
 
I just wanted to let you know that I struggled for 3 days to get my static IP routing working. I found your FAQ via Google and it got me up and running in 15 minutes :)

Thank you so very much for your great guide!
 
^ hopefully not ... maybe due to entirely different nas/radius srvrs:S .... u can use wireshark to see the details of the trace msgs as though with wht ur local RAS srvr replies ... when u try to use the other NIB binded id ... ( user not found ) ...
 
This is an excellent guide, got it working in 15 minutes after searching for like a week and a half for a solution.

Got an issue though, the place I did this for had 1 modem with 5 static IPs. Their provider would not offer them more static IP's with the same modem so they just bought another block of 5 IP's with another modem.

How would you go about this installation for the 10 IP's (preferably having all the computers still networked)

Is this even possible to have them all networked or would I just need to do this twice on two different routers and they will not be networked?

Thanks,

Danny
 
thank you very much thsi is exactly what i need for my 5 static IP's, i was about to go buy 4 more routers and add DDWRT to them too..

there is only one question i have.

can a DMZ be applied to more then one of these static IP's?

if so how?
 
I need to do something similar with a Sonicwall TZ-210. Anyone know how.

I have 5 public IPs from my ISP. I have a TZ-170 but when I programmed my new TZ-210, 2 client site-to-site VPNs do not work.

Is there a way I can have both the TZ-170 and new TZ-210 connected with the same existing public IP, or how do I forward data between 2 different public IPs on the TZ-210?

Thanks in advance
 
This looks to be exactly what I am needing for one of my clients using a Buffalo router. If, that is, I can configure 2 different VPN's for my clients...one for each of the 2 servers in the office. 2 Divisions in the office and each has their own domain, email, and file server access. One of the divisions now has a second office that I need to connect with VPN for file access on the server (mapped drives). They already have 5 public IP addresses.
 
Hi,
Thanks for the guide :)

I have one question. I have 2 static IP's that have different gateways like:

IP adresse 1: xxx.xxx.xxx.46
Default gateway: xxx.xxx.xxx.45
Subnet mask: 255.255.255.252

IP adresse 2: xxx.xxx.xxx.50
Default gateway: xxx.xxx.xxx.49
Subnet mask: 255.255.255.252

Does the gateway really matter for this? I guess the first IP which i just configure as static IP (or DHCP) will work as gateway for all clients on the LAN. So do i need the gateway for the other IP's?

How do I get it to work in the above?
 
Hi

I have a block of 32 ip addresses and i want to configure them on the ddwrt router. I want to configure them such that we provide a list of available IPs to the WAN interface and it rotates the IPs after a fixed interval. We do not want to create the VLAN. We know that this is possible but do not have any idea how. Could you please help us?

Reagrds
 
Back
Top