EdgeRouter - How to Distribute Public IP Addresses
Overview
Readers will learn about two methods that can be used to distribute public IP addresses to internal hosts.
Devices and products used in this article:
Table of Contents
- Introduction
- Distributing Public IP Addresses Using 1:1 NAT
- Distributing Public IP Addresses Using a Transit Address
- Related Articles
Introduction
This article focuses on two methods that can be used to distribute an assigned block of public IP addresses to internal clients:
-
1:1 NAT
The ISP provides a public IP range to the EdgeRouter which is then distributed to clients using 1:1 NAT. The public IP address range is configured on the EdgeRouter's WAN interface and the internal clients are using private (RFC1918) IP addresses. -
Transit Address
The ISP provides a public IP address range to the EdgeRouter in addition to a transit address. The transit IP address is configured on the EdgeRouter's WAN interface and the public IP address range can be configured on a single LAN interface or divided between multiple interfaces. In this setup, the internal clients are using public IP addresses.
If limited public IP addresses are available, then it is recommended to use 1:1 NAT to optimize the address assignments.
Distributing Public IP Addresses Using 1:1 NAT
The example network below uses an EdgeRouter Infinity (ER-8-XG) as the router which is configured with the 203.0.113.0/29 public IP address range on the WAN interface. The internal client is an UNMS server that is using the 192.168.1.10 IP address. Using 1:1 NAT, all traffic to and from the 203.0.113.2/29 IP address will be translated to the UNMS server.
Example network where a UNMS server (192.168.1.10) is connected to the Internet via an EdgeRouter Infinity.
Follow the steps below to configure the EdgeRouter's WAN interface and to add the Source and Destination NAT rules:
1. Navigate to the Dashboard tab and assign the IP address(es) to the WAN interface and enable the proxy ARP functionality.
Dashboard > Eth1 > Actions > Config
Address: Manually define IP address
IP: 203.0.113.1/29
Proxy ARP: Checked
+ Add IP
Address: Manually define IP address
IP: 203.0.113.2/29
2. Navigate to the Firewall/NAT tab and add the Source NAT for the UNMS server, referencing the 203.0.113.2 WAN IP address.
Firewall/NAT > NAT > +Add Source NAT Rule
Description: source NAT for 192.168.1.10
Outbound Interface: eth1
Translation: Specify address and/or port
Translation Address: 203.0.113.2
Protocol: All Protocols
Src Address: 192.168.1.10
3. Add the Destination NAT rule for the UNMS server, referencing the 203.0.113.2 WAN IP address.
Firewall / NAT > NAT > +Add Destination NAT Rule
Description: destination NAT for 192.168.1.10
Inbound Interface: eth1
Translation Address: 192.168.1.10
Protocol: All Protocols
Destination Address: 203.0.113.2
The above configuration can also be set using the CLI:
1. Enter configuration mode.
configure
2. Delete the existing IP address configuration from the WAN interface.
delete interfaces ethernet eth1 address
3. Assign the public IP address(es) to the WAN interface and enable the Proxy ARP functionality.
set interfaces ethernet eth1 address 203.0.113.1/29
set interfaces ethernet eth1 address 203.0.113.2/29
set interfaces ethernet eth1 ip enable-proxy-arp
4. Add the Source NAT for the UNMS server, referencing the 203.0.113.2 WAN IP address.
set service nat rule 5000 description 'source NAT for 192.168.1.10'
set service nat rule 5000 outbound-interface eth1
set service nat rule 5000 type source
set service nat rule 5000 protocol all
set service nat rule 5000 outside-address address 203.0.113.2
set service nat rule 5000 source address 192.168.1.10
5. Add the Destination NAT rule for the UNMS server, referencing the 203.0.113.2 WAN IP address.
set service nat rule 1 description 'destination NAT for 192.168.1.10'
set service nat rule 1 destination address 203.0.113.2
set service nat rule 1 inbound-interface eth1
set service nat rule 1 inside-address address 192.168.1.10
set service nat rule 1 protocol all
set service nat rule 1 type destination
6. Commit the changes and save the configuration.
commit ; save
Distributing Public IP Addresses Using a Transit Address
The example network below uses an EdgeRouter Infinity (ER-8-XG) as the router which is configured with the 203.0.113.0/30 public IP address range on the WAN interface. The clients are connected to the EdgeRouter through a UFiber GPON network, consisting of an UF-OLT and a UF-Nano ONU. The UFiber GPON network is acting as a bridge between the EdgeRouter 4 (ER-4) in the Client Site and the LAN interface on the EdgeRouter. The clients are utilizing public IP addressed in the 192.0.2.0/26 range which can be distributed using DHCP for example.
Example network where multiple Client Sites (192.0.2.0/26) are connected to the Internet via a UFiber GPON network and an EdgeRouter Infinity.
Follow the steps below to configure the EdgeRouter's WAN and LAN interfaces.
1. Navigate to the Dashboard tab and assign the transit IP address to the WAN interface.
Dashboard > Eth1 > Actions > Config
Address: Manually define IP address
IP: 203.0.113.1/30
2. Assign the public IP address range to the LAN interface.
Dashboard > Eth2 > Actions > Config
Address: Manually define IP address
IP: 192.0.2.1/26
3. Configure a DHCP server to assign the public IP addresses to the clients.
Services > DHCP Server > +Add DHCP Server
DHCP Name: client-sites
Subnet: 192.0.2.0/26
Range Start: 192.0.2.2
Range Stop: 192.0.2.62
Router: 192.0.2.1
DNS 1: <DNS server>
Enable: Checked
The above configuration can also be set using the CLI:
1. Enter configuration mode.
configure
2. Delete the existing IP address configuration from the WAN and LAN interface.
delete interfaces ethernet eth1 address
delete interfaces ethernet eth2 address
3. Assign the transit and public IP address to the WAN and LAN interfaces.
set interfaces ethernet eth1 address 203.0.113.1/30
set interfaces ethernet eth2 address 192.0.2.1/26
4. Configure a DHCP server to assign the public IP addresses to the clients.
set service dhcp-server shared-network-name client-sites authoritative enable
set service dhcp-server shared-network-name client-sites subnet 192.0.2.0/26 default-router 192.0.2.1
set service dhcp-server shared-network-name client-sites subnet 192.0.2.0/26 dns-server 192.0.2.1
set service dhcp-server shared-network-name client-sites subnet 192.0.2.0/26 lease 86400
set service dhcp-server shared-network-name client-sites subnet 192.0.2.0/26 start 192.0.2.2 stop 192.0.2.62
5. Commit the changes and save the configuration.
commit ; save
Related Articles
EdgeRouter - Source NAT and Masquerade