Thanks. That should definitely get me started on the right path.
R.Parr
On 07/28/2012 02:20 PM, Maciej Żenczykowski wrote:
[I have comcast business with 1 static ip, and own wndr3700v1 + wndr3700v2 +
wndr3800, each with openwrt, that said, my setup doesn't match yours...]
There are I think 3 reasonable approaches, which you want depends on what you
need...
(a) [simplest] plug the other 4 static devices straight into the comcast
modem, and not into the wndr3700, then you can just static configure ips on them.
The comcast business SMC modem, has a builtin 4-port switch. Obviously you're
using one of these for your router, put you can plug 3 more devices directly
into it (and just configure static IPs straight on them and be done).
At this point you've used 4 static ips (one for your router + 3 for the 3
additional ports on the modem), and there's the already used gateway IP on the
router (which can actually do DNAT/SNAT from that IP to for example your
router, for additional IP space on it). So you have the last/fifth static IP
left - and a little unusable.
So the fifth device (your last static ip) would require using another switch
plugged into the comcast modem [simplest] - alternatively you could bridge the
wndr3700 wan port to one of the so-called lan ports, and solve it this way
[harder].
This can't be done via pure VLAN, since on the WNDR3[78]00 the wan is eth1,
but lan is eth0.1 and they're not trivially vlan bridgeable.
That said moving from (/etc/config/network):
config switch_vlan
option devicertl8366s
option vlan 1
option ports"0 1 2 3 5t"
to:
config switch_vlan
option devicertl8366s
option vlan 1
option ports"0 1 2 5t"
config switch_vlan
option devicertl8366s
option vlan 2
option ports"3 5t"
Would make 3 of the LAN ports eth0.1, and the last no-longer LAN port eth0.2.
At that point going from:
config interface wan
option ifnameeth1
option protodhcp
option dns"8.8.8.8 8.8.4.4"
to
config interface wan
option ifnameeth1
option type bridge
option protodhcp
option dns"8.8.8.8 8.8.4.4"
Should switch your 'WAN' port from being eth1 to a newly created bridge br-wan.
There's bound to be some easy way to add eth0.2 to br-wan (brctl addif br-wan
eth0.2) via the config file.
(b) ignore the additional ports on the comcast modem, and do everything
through the router.
You already know how (from above) to bridge your WAN onto a specific LAN port,
but you could also actually use VLAN'ing to make it an overlay.
Using (something?) like the following
config switch_vlan
option devicertl8366s
option vlan 1
option ports"0 1 2 3 5t"
config switch_vlan
option devicertl8366s
option vlan 2
option ports"0t 1t 2t 3t 5t"
Causes untagged traffic on the 4 lan ports to be in eth0.1, but properly
tagged traffic to be in eth0.2
You can now bridge eth0.2 into the br-wan bridge (you created above).
Now your internal lan network is private for vlan-ignorant devices, and using
a public IP for vlan-aware devices using vlan 2.
This is actually usable not only with Linux desktops, etc, but also with many
of those voip boxes.
With some additional effort you could get this to flow over wifi as well
(although you'd need to create vlans on the wlan devices and add those to the
bridge)
(c) just ignore all this port and vlan-muckery, add the 5 static IPs as static
IPs on the router and do everything via SNAT/DNAT within iptables/netfilter on
the router.
This has the not nice property, that the devices in your network aren't really
truly aware of the fact that they have public IPs (and what these IPs are).
Some programs will be smart enough to figure it out, others... not so much.
(d) obviously combinations of the above can also be done, for example 2
devices on the modem, 1 vlaned through the router, 1 nated through the router...
Eh, this is long enough. Hopefully this is enough of a starter.
On Sat, Jul 28, 2012 at 12:36 PM, RParr <[email protected]
<mailto:[email protected]>> wrote:
I am new to OpenWRT (but not to Linux).
I have installed OpenWRT 10.03.1 on a Netgear WNDR3700v1
I have recently installed Comcast Business Internet including a block of 5
static IPs (xxx.xxx.xxx.232/29). Comcast configures the default gateway as
xxx.xxx.xxx.238. I have configured the OpenWRT as xxx.xxx.xxx.237 (and
aliased as 192.168.1.1).
I have the connection working through the default gateway BUT am confused
as to the best approach to handling/routing the other static IPs.
Let me rephrase that. I have read the documentation and wiki. I have
googled (a lot). Unfortunately, I find it the proverbial "trying to sip
from a firehose". There is lot of reference documentation and a fair
amount about how to handle some fancier or more obscure situations but not
very clear recipes or examples of the simplest, most straight-forward way
to handle this fairly common situation.
I have found (1) Utilizing AT&T U-Verse Static IPs with OpenWRT
<http://www.flexjunk.com/2010/01/06/utilizing-att-u-verse-static-ips-with-openwrt/>
but the article implies the extra work of configuring the vlans, etc. is
required because of the AT&T dynamic assigns the static IPs.
I also found this thread which is rather old and assumes the use of
fwbuilder (which I use regularly). (2)
http://www.broadbandreports.com/forum/remark,16129034
I would like to use one of the static IPs as the default through which a
handful of internal workstations can get NAT'd access to the internet. The
other available static IPs I would like to route to a couple internal
servers.
I am just seeking some guidance from this group as to the most
straight-forward way of handling this. For example, yes, you have to
create a vlan (per [1] or no, that's nice but not needed. Yes you have to
create NAT/SNAT rules for each external IP. I primarily need an outline so
I can avoid getting myself off on unnecessary tangents and backwaters. In
future, I hope to expand what I am doing with the OpenWRT but, for now, I
would like to start from a reasonable, secure base.
Of course, any example configs and/or a pointers to same would be greatly
appreciated.
R.Parr, RHCE
Temporal Arts
Portland, OR, U.S.A.
_______________________________________________
openwrt-users mailing list
[email protected] <mailto:[email protected]>
https://lists.openwrt.org/mailman/listinfo/openwrt-users
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-users
