×

EdgeRouter - How to Distribute Public IP Addresses

Overview

Readers will learn about two methods that can be used to distribute public IP addresses to internal hosts.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Please see the Related Articles below for more information.

Devices and products used in this article:

Table of Contents

  1. Introduction
  2. Distributing Public IP Addresses Using 1:1 NAT
  3. Distributing Public IP Addresses Using a Transit Address
  4. Related Articles

Introduction

Back to Top

This article focuses on two methods that can be used to distribute an assigned block of public IP addresses to internal clients:

  • 1:1 NAT The ISP provides a public IP range to the EdgeRouter which is then distributed to clients using 1:1 NAT. The public IP address range is configured on the EdgeRouter's WAN interface and the internal clients are using private (RFC1918) IP addresses.
  • Transit Address The ISP provides a public IP address range to the EdgeRouter in addition to a transit address. The transit IP address is configured on the EdgeRouter's WAN interface and the public IP address range can be configured on a single LAN interface or divided between multiple interfaces. In this setup, the internal clients are using public IP addresses.

If limited public IP addresses are available, then it is recommended to use 1:1 NAT to optimize the address assignments.

Distributing Public IP Addresses Using 1:1 NAT

Back to Top

The example network below uses an EdgeRouter Infinity (ER-8-XG) as the router which is configured with the 203.0.113.0/29 public IP address range on the WAN interface. The internal client is an UNMS server that is using the 192.168.1.10 IP address. Using 1:1 NAT, all traffic to and from the 203.0.113.2/29 IP address will be translated to the UNMS server.

NOTE: When using 1:1 NAT,it is necessary to add all public IP addresses to the EdgeRouter's WAN interface.

topology1.png

Example network where a UNMS server (192.168.1.10) is connected to the Internet via an EdgeRouter Infinity.

Follow the steps below to configure the EdgeRouter's WAN interface and to add the Source and Destination NAT rules:

GUI: Access the EdgeRouter Web UI.

1. Navigate to the Dashboard tab and assign the IP address(es) to the WAN interface and enable the proxy ARP functionality.

Dashboard > Eth1 > Actions > Config

Address: Manually define IP address
IP: 203.0.113.1/29
Proxy ARP: Checked

+ Add IP

Address: Manually define IP address
IP: 203.0.113.2/29
NOTE: In this example, static IP addresses are used on the WAN interface. See theConfiguring Public Static IP Addresses article for information on different WAN connection types.

2. Navigate to the Firewall/NAT tab and add the Source NAT for the UNMS server, referencing the 203.0.113.2 WAN IP address.

Firewall/NAT > NAT > +Add Source NAT Rule

Description: source NAT for 192.168.1.10
Outbound Interface: eth1
Translation: Specify address and/or port
Translation Address: 203.0.113.2
Protocol: All Protocols
Src Address: 192.168.1.10

3. Add the Destination NAT rule for the UNMS server, referencing the 203.0.113.2 WAN IP address.

Firewall / NAT > NAT > +Add Destination NAT Rule

Description: destination NAT for 192.168.1.10
Inbound Interface: eth1
Translation Address: 192.168.1.10
Protocol: All Protocols
Destination Address: 203.0.113.2

The above configuration can also be set using the CLI:

CLI: Access the Command Line Interface.You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Delete the existing IP address configuration from the WAN interface.

delete interfaces ethernet eth1 address

3. Assign the public IP address(es) to the WAN interface and enable the Proxy ARP functionality.

set interfaces ethernet eth1 address 203.0.113.1/29
set interfaces ethernet eth1 address 203.0.113.2/29
set interfaces ethernet eth1 ip enable-proxy-arp

4. Add the Source NAT for the UNMS server, referencing the 203.0.113.2 WAN IP address.

set service nat rule 5000 description 'source NAT for 192.168.1.10'
set service nat rule 5000 outbound-interface eth1
set service nat rule 5000 type source
set service nat rule 5000 protocol all
set service nat rule 5000 outside-address address 203.0.113.2
set service nat rule 5000 source address 192.168.1.10

5. Add the Destination NAT rule for the UNMS server, referencing the 203.0.113.2 WAN IP address.

set service nat rule 1 description 'destination NAT for 192.168.1.10'
set service nat rule 1 destination address 203.0.113.2
set service nat rule 1 inbound-interface eth1
set service nat rule 1 inside-address address 192.168.1.10
set service nat rule 1 protocol all
set service nat rule 1 type destination

6. Commit the changes and save the configuration.

commit ; save

Distributing Public IP Addresses Using a Transit Address

Back to Top

The example network below uses an EdgeRouter Infinity (ER-8-XG) as the router which is configured with the 203.0.113.0/30 public IP address range on the WAN interface. The clients are connected to the EdgeRouter through a UFiber GPON network, consisting of an UF-OLT and a UF-Nano ONU. The UFiber GPON network is acting as a bridge between the EdgeRouter 4 (ER-4) in the Client Site and the LAN interface on the EdgeRouter. The clients are utilizing public IP addressed in the 192.0.2.0/26 range which can be distributed using DHCP for example. 

topology2.png

Example network where multiple Client Sites (192.0.2.0/26) are connected to the Internet via a UFiber GPON network and an EdgeRouter Infinity.

Follow the steps below to configure the EdgeRouter's WAN and LAN interfaces.

GUI: Access the EdgeRouter Web UI.

1. Navigate to the Dashboard tab and assign the transit IP address to the WAN interface.

Dashboard > Eth1 > Actions > Config

Address: Manually define IP address
IP: 203.0.113.1/30
NOTE: In this example, static IP addresses are used on the WAN interface. See theConfiguring Public Static IP Addresses article for information on different WAN connection types.

2. Assign the public IP address range to the LAN interface.

Dashboard > Eth2 > Actions > Config

Address: Manually define IP address
IP: 192.0.2.1/26

3.    Configure a DHCP server to assign the public IP addresses to the clients.

Services > DHCP Server > +Add DHCP Server

DHCP Name: client-sites
Subnet: 192.0.2.0/26
Range Start: 192.0.2.2
Range Stop: 192.0.2.62
Router: 192.0.2.1
DNS 1: <DNS server>
Enable: Checked

The above configuration can also be set using the CLI:

CLI: Access the Command Line Interface.You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Delete the existing IP address configuration from the WAN and LAN interface.

delete interfaces ethernet eth1 address
delete interfaces ethernet eth2 address

3. Assign the transit and public IP address to the WAN and LAN interfaces.

set interfaces ethernet eth1 address 203.0.113.1/30
set interfaces ethernet eth2 address 192.0.2.1/26

4.   Configure a DHCP server to assign the public IP addresses to the clients.

set service dhcp-server shared-network-name client-sites authoritative enable
set service dhcp-server shared-network-name client-sites subnet 192.0.2.0/26 default-router 192.0.2.1
set service dhcp-server shared-network-name client-sites subnet 192.0.2.0/26 dns-server 192.0.2.1
set service dhcp-server shared-network-name client-sites subnet 192.0.2.0/26 lease 86400
set service dhcp-server shared-network-name client-sites subnet 192.0.2.0/26 start 192.0.2.2 stop 192.0.2.62

5. Commit the changes and save the configuration.

commit ; save

Related Articles

Back to Top

EdgeRouter - Source NAT and Masquerade

EdgeRouter - Destination NAT

EdgeRouter - Hairpin NAT

EdgeRouter - Configuring Public Static IP Addresses

EdgeRouter - DHCP Server

UNMS v1 - Sites and Clients

Was this article helpful?
3 out of 6 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community