DD-WRT - Multiple public IP addresses on one router
This was only tested on a Linksys WRT54GL running DD-WRT v23 SP2 (09/15/06) std
This guide will show you how to have multiple public IP addresses under one router. I know my setup may not be what anyone is looking for but when I was trying to do this at work it took me forever to find a guide on doing exactly what I wanted. Once you complete this you will have one static public IP address that will handle all the PCs on your network that need internal IPs from DHCP and static IPs for any servers you may want to run. This is ideal for keeping servers and workstations all on the same network.
You will need static IP addresses issued to you from your ISP for this to work.
Step 1: Set up the first Static IP (This is the IP that will be shared by all your DHCP computers)
In DD-WRT open the "Setup" tab and the "Basic Setup" subtab. Set up your first static IP address as you would normally, filling out your static IP, subnet mask, gateway and DNS servers. Also, set up your DHCP settings on this page to fit your needs.
Step 2: Edit IP tables via commands in the admin panel
This is where all the magic is. Open the "Administration" tab and the "Commands" subtab.
In this menu you will have to enter commands to set up your router's IP table.
For every static IP address you wish to use you will need to have this line:
/usr/sbin/ip addr add xxx.xxx.xxx.xxx dev vlan1 (Replacing the xxx.xxx.xxx.xxx/29 with the static IP you wish to add)
Example:
/usr/sbin/ip addr add 111.111.111.111/29 dev vlan1
/usr/sbin/ip addr add 222.222.222.222/29 dev vlan1
/usr/sbin/ip addr add 333.333.333.333/29 dev vlan1
Then, you need to point each of these IP addresses to a machine on your network (Which should be set up to manually aquire an internal IP address) using the following line:
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s yyy.yyy.yyy.yyy -j SNAT --to xxx.xxx.xxx.xxx (Where xxx.xxx.xxx.xxx is the public static IP and yyy.yyy.yyy.yyy is the manually assigned internal IP)
Example:
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.2 -j SNAT --to 111.111.111.111
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.3 -j SNAT --to 222.222.222.222
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.4 -j SNAT --to 333.333.333.333
After this your machines you assigned above should have their own public IP address assigned to it! Now, this is all kind of useless without forwarding some ports. Let's do this now.
To forward a port to one of your machines with a public IP you must insert the following line:
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to-destination yyy.yyy.yyy.yyy:80
/usr/sbin/iptables -I FORWARD -p tcp -d yyy.yyy.yyy.yyy --dport 80 -j ACCEPT (Where xxx.xxx.xxx.xxx is the public static IP and yyy.yyy.yyy.yyy is the manually assigned internal IP, replace "80" with the port you wish to forward to that machine)
Example:
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 111.111.111.111 --dport 80 -j DNAT --to-destination 192.168.1.2:80
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 80 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.3:22
/usr/sbin/iptables -I FORWARD -p tcp -d 92.168.1.3 --dport 22 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 333.333.333.333 --dport 3389 -j DNAT --to-destination 192.168.1.4:3389
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.4 --dport 3389 -j ACCEPT
Using the above method you can forward as many ports to an IP as you wish.
Once you have all these lines together you should have something that looks kinda like this:
Once all your commands are entered hit "Save Startup" and a reboot might help.
Hopefully this helps someone.. Have any questions? Feel free to ask!
This was only tested on a Linksys WRT54GL running DD-WRT v23 SP2 (09/15/06) std
This guide will show you how to have multiple public IP addresses under one router. I know my setup may not be what anyone is looking for but when I was trying to do this at work it took me forever to find a guide on doing exactly what I wanted. Once you complete this you will have one static public IP address that will handle all the PCs on your network that need internal IPs from DHCP and static IPs for any servers you may want to run. This is ideal for keeping servers and workstations all on the same network.
You will need static IP addresses issued to you from your ISP for this to work.
Step 1: Set up the first Static IP (This is the IP that will be shared by all your DHCP computers)
In DD-WRT open the "Setup" tab and the "Basic Setup" subtab. Set up your first static IP address as you would normally, filling out your static IP, subnet mask, gateway and DNS servers. Also, set up your DHCP settings on this page to fit your needs.
Step 2: Edit IP tables via commands in the admin panel
This is where all the magic is. Open the "Administration" tab and the "Commands" subtab.
In this menu you will have to enter commands to set up your router's IP table.
For every static IP address you wish to use you will need to have this line:
/usr/sbin/ip addr add xxx.xxx.xxx.xxx dev vlan1 (Replacing the xxx.xxx.xxx.xxx/29 with the static IP you wish to add)
Example:
/usr/sbin/ip addr add 111.111.111.111/29 dev vlan1
/usr/sbin/ip addr add 222.222.222.222/29 dev vlan1
/usr/sbin/ip addr add 333.333.333.333/29 dev vlan1
Then, you need to point each of these IP addresses to a machine on your network (Which should be set up to manually aquire an internal IP address) using the following line:
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s yyy.yyy.yyy.yyy -j SNAT --to xxx.xxx.xxx.xxx (Where xxx.xxx.xxx.xxx is the public static IP and yyy.yyy.yyy.yyy is the manually assigned internal IP)
Example:
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.2 -j SNAT --to 111.111.111.111
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.3 -j SNAT --to 222.222.222.222
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.4 -j SNAT --to 333.333.333.333
After this your machines you assigned above should have their own public IP address assigned to it! Now, this is all kind of useless without forwarding some ports. Let's do this now.
To forward a port to one of your machines with a public IP you must insert the following line:
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to-destination yyy.yyy.yyy.yyy:80
/usr/sbin/iptables -I FORWARD -p tcp -d yyy.yyy.yyy.yyy --dport 80 -j ACCEPT (Where xxx.xxx.xxx.xxx is the public static IP and yyy.yyy.yyy.yyy is the manually assigned internal IP, replace "80" with the port you wish to forward to that machine)
Example:
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 111.111.111.111 --dport 80 -j DNAT --to-destination 192.168.1.2:80
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 80 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.3:22
/usr/sbin/iptables -I FORWARD -p tcp -d 92.168.1.3 --dport 22 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 333.333.333.333 --dport 3389 -j DNAT --to-destination 192.168.1.4:3389
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.4 --dport 3389 -j ACCEPT
Using the above method you can forward as many ports to an IP as you wish.
Once you have all these lines together you should have something that looks kinda like this:
Code:
/usr/sbin/ip addr add 111.111.111.111/29 dev vlan1
/usr/sbin/ip addr add 222.222.222.222/29 dev vlan1
/usr/sbin/ip addr add 333.333.333.333/29 dev vlan1
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.2 -j SNAT --to 111.111.111.111
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.3 -j SNAT --to 222.222.222.222
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.4 -j SNAT --to 333.333.333.333
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 111.111.111.111 --dport 80 -j DNAT --to-destination 192.168.1.2:80
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 80 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 222.222.222.222 --dport 22 -j DNAT --to-destination 192.168.1.3:22
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.3 --dport 3389 -j ACCEPT
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 333.333.333.333 --dport 3389 -j DNAT --to-destination 192.168.1.4:3389
/usr/sbin/iptables -I FORWARD -p tcp -d 192.168.1.4 --dport 80 -j ACCEPT
Hopefully this helps someone.. Have any questions? Feel free to ask!