[I have comcast business with 1 static ip, and own wndr3700v1 + wndr3700v2
+ wndr3800, each with openwrt, that said, my setup doesn't match yours...]
There are I think 3 reasonable approaches, which you want depends on what
you need...
(a) [simplest] plug the other 4 static devices straight into the comcast
modem, and not into the wndr3700, then you can just static configure ips on
them.
The comcast business SMC modem, has a builtin 4-port switch. Obviously
you're using one of these for your router, put you can plug 3 more devices
directly into it (and just configure static IPs straight on them and be
done).
At this point you've used 4 static ips (one for your router + 3 for the 3
additional ports on the modem), and there's the already used gateway IP on
the router (which can actually do DNAT/SNAT from that IP to for example
your router, for additional IP space on it). So you have the last/fifth
static IP left - and a little unusable.
So the fifth device (your last static ip) would require using another
switch plugged into the comcast modem [simplest] - alternatively you could
bridge the wndr3700 wan port to one of the so-called lan ports, and solve
it this way [harder].
This can't be done via pure VLAN, since on the WNDR3[78]00 the wan is eth1,
but lan is eth0.1 and they're not trivially vlan bridgeable.
That said moving from (/etc/config/network):
config switch_vlan
option device rtl8366s
option vlan 1
option ports "0 1 2 3 5t"
to:
config switch_vlan
option device rtl8366s
option vlan 1
option ports "0 1 2 5t"
config switch_vlan
option device rtl8366s
option vlan 2
option ports "3 5t"
Would make 3 of the LAN ports eth0.1, and the last no-longer LAN port
eth0.2.
At that point going from:
config interface wan
option ifname eth1
option proto dhcp
option dns "8.8.8.8 8.8.4.4"
to
config interface wan
option ifname eth1
option type bridge
option proto dhcp
option dns "8.8.8.8 8.8.4.4"
Should switch your 'WAN' port from being eth1 to a newly created bridge
br-wan.
There's bound to be some easy way to add eth0.2 to br-wan (brctl addif
br-wan eth0.2) via the config file.
(b) ignore the additional ports on the comcast modem, and do everything
through the router.
You already know how (from above) to bridge your WAN onto a specific LAN
port, but you could also actually use VLAN'ing to make it an overlay.
Using (something?) like the following
config switch_vlan
option device rtl8366s
option vlan 1
option ports "0 1 2 3 5t"
config switch_vlan
option device rtl8366s
option vlan 2
option ports "0t 1t 2t 3t 5t"
Causes untagged traffic on the 4 lan ports to be in eth0.1, but properly
tagged traffic to be in eth0.2
You can now bridge eth0.2 into the br-wan bridge (you created above).
Now your internal lan network is private for vlan-ignorant devices, and
using a public IP for vlan-aware devices using vlan 2.
This is actually usable not only with Linux desktops, etc, but also with
many of those voip boxes.
With some additional effort you could get this to flow over wifi as well
(although you'd need to create vlans on the wlan devices and add those to
the bridge)
(c) just ignore all this port and vlan-muckery, add the 5 static IPs as
static IPs on the router and do everything via SNAT/DNAT within
iptables/netfilter on the router.
This has the not nice property, that the devices in your network aren't
really truly aware of the fact that they have public IPs (and what these
IPs are).
Some programs will be smart enough to figure it out, others... not so much.
(d) obviously combinations of the above can also be done, for example 2
devices on the modem, 1 vlaned through the router, 1 nated through the
router...
Eh, this is long enough. Hopefully this is enough of a starter.
On Sat, Jul 28, 2012 at 12:36 PM, RParr <[email protected]> wrote:
> I am new to OpenWRT (but not to Linux).
>
> I have installed OpenWRT 10.03.1 on a Netgear WNDR3700v1
>
> I have recently installed Comcast Business Internet including a block of 5
> static IPs (xxx.xxx.xxx.232/29). Comcast configures the default gateway as
> xxx.xxx.xxx.238. I have configured the OpenWRT as xxx.xxx.xxx.237 (and
> aliased as 192.168.1.1).
>
> I have the connection working through the default gateway BUT am confused
> as to the best approach to handling/routing the other static IPs.
>
> Let me rephrase that. I have read the documentation and wiki. I have
> googled (a lot). Unfortunately, I find it the proverbial "trying to sip
> from a firehose". There is lot of reference documentation and a fair
> amount about how to handle some fancier or more obscure situations but not
> very clear recipes or examples of the simplest, most straight-forward way
> to handle this fairly common situation.
>
> I have found (1) Utilizing AT&T U-Verse Static IPs with OpenWRT <
> http://www.flexjunk.com/2010/**01/06/utilizing-att-u-verse-**
> static-ips-with-openwrt/<http://www.flexjunk.com/2010/01/06/utilizing-att-u-verse-static-ips-with-openwrt/>>
> but the article implies the extra work of configuring the vlans, etc. is
> required because of the AT&T dynamic assigns the static IPs.
>
> I also found this thread which is rather old and assumes the use of
> fwbuilder (which I use regularly). (2) http://www.broadbandreports.**
> com/forum/remark,16129034<http://www.broadbandreports.com/forum/remark,16129034>
>
> I would like to use one of the static IPs as the default through which a
> handful of internal workstations can get NAT'd access to the internet. The
> other available static IPs I would like to route to a couple internal
> servers.
>
> I am just seeking some guidance from this group as to the most
> straight-forward way of handling this. For example, yes, you have to
> create a vlan (per [1] or no, that's nice but not needed. Yes you have to
> create NAT/SNAT rules for each external IP. I primarily need an outline so
> I can avoid getting myself off on unnecessary tangents and backwaters. In
> future, I hope to expand what I am doing with the OpenWRT but, for now, I
> would like to start from a reasonable, secure base.
>
> Of course, any example configs and/or a pointers to same would be greatly
> appreciated.
>
> R.Parr, RHCE
> Temporal Arts
> Portland, OR, U.S.A.
>
> ______________________________**_________________
> openwrt-users mailing list
> [email protected].**org <[email protected]>
> https://lists.openwrt.org/**mailman/listinfo/openwrt-users<https://lists.openwrt.org/mailman/listinfo/openwrt-users>
>
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users
