ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

HOWTO: Configure Multiple Static Public IP using Tomato by shibby

Updated on January 25, 2015

There are a lot of resources regarding multiple public IPs using tomato firmware in the internet but they do not provide detailed steps on how to do them or that most people just copy and paste then hope that it will work out for them.

So I have written another one of those guide to simplify them. The objective is help understand the concept so that the settings can be adjusted depending on your setup.

THE SETUP

Device and Firmware

Router: Linksys E2500

Router Firmware: Tomato by shibby ( Tomato Firmware 1.28.0000 MIPSR2-123 K26 USB Max )

Network

ISP Static IPs

xxx.xxx.xxx.10 - Router WAN Port

xxx.xxx.xxx.11 - Public IP for Mail Server

xxx.xxx.xxx.12 - Public IP for Web Server

xxx.xxx.xxx.13

xxx.xxx.xxx.14


Internal IP

192.168.10.11 - Mail Server

192.168.10.12 - Web Server

Below is a simple graphical illustration on how the network devices are connected. The setup can get complicated as you add more network devices but the concept on how they should be connected remains the same.

THE STEPS

Step 1: Verify VLAN ID

Check the VLAN ID (VID) of your WAN port. This can be done in

Advanced -> VLAN

In the picture below, the VID of my WAN port is VLAN2

It is very important to know the VLAN ID because we will be creating additional virtual interfaces in the WAN port in order to use the extra IPs provided by the ISP.

This way, we can have multiple IPs in a single interface.

Step 2: Create Virtual Interface and NAT

To create additional virtual interface and set the IP Address,we will be using the ifconfig command.

This will be placed in

Administration -> Scripts -> Firewall

#Create additional IPs
ifconfig vlan2:0 xxx.xxx.xxx.11 broadcast xxx.xxx.xxx.15 netmask 255.255.255.248
ifconfig vlan2:1 xxx.xxx.xxx.12 broadcast xxx.xxx.xxx.15 netmask 255.255.255.248

Our network is /29 therefore there are 6 usable IPs. In this example our network is xxx.xxx.xxx.8 and xxx.xxx.xxx.9 would most probably be used by the modem as a gateway IP. The remaining 5 IPs are usable as outlined in our setup at the beginning of this tutorial.

Take note that our virtual interfaces are tagged as vlan2:(number). If you plan to use the remaining IPs in this setup, it should be assigned to vlan2:2 and vlan2:3.

Create Public to Local NAT

#NAT Public to Local
/usr/sbin/iptables -t nat -I PREROUTING -d xxx.xxx.xxx.11 -j DNAT --to-destination 192.168.10.11
/usr/sbin/iptables -t nat -I PREROUTING -d xxx.xxx.xxx.12 -j DNAT --to-destination 192.168.10.12

Create Local to Public NAT

#NAT Local to Public
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.10.11 -j SNAT --to xxx.xxx.xxx.11
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.10.12 -j SNAT --to xxx.xxx.xxx.12

Below is the actual screen shot

The ifconfig command can also be placed in

Administration -> Scripts -> WAN Up

I have tried and tested it. But the iptables should remain in Firewall.

Reboot the router to apply the changes.

Note: Every time that you make changes in the scripts section, the router needs to be rebooted to effectively apply these changes.

Step 3: Forward Ports

Now that everything has been created, the last step is to forward the ports that are going to be used. Without this, no service in your internal network can be access from the outside.

The example below will be able to provide SMTP, POP3 and IMAP service from your Mail Server. HTTP and HTTPS from the Web Server.

Aside from the added Forwarding Rules, the rest are default rules and is meant to serve as an example.

After the rules are defined, just press the Save button to apply the changes. No need to reboot the router.

The last forwarding rule in this screen shot is an example wherein you can forward any other port to the actual ports that your server uses. Define a different port in the Ext Ports field and define the actual server port in the Int Port field.

With this, the setup is done. Anyone from the internet will be able to access services that you provide inside your private network.

Hopefully I have provided a simplified version of this tutorial to what is already out there. If you have any questions or comment/s, please provide them on the comment section below.

Comments

    0 of 8192 characters used
    Post Comment

    • Richard Demalata profile imageAUTHOR

      Richard Demalata 

      3 years ago from Santa Rosa, Laguna

      For troubleshooting:

      1. Make sure both internal Computer(X and Y) are Powered ON. Steps 2 and 3 will fail if they are not On.

      2. Ping WAN IP X. You should get a ping reply.

      3. Ping WAN IP Y. You should get a ping reply.

      4. As a testing I used WAMP on both Computer X and Y.

      5. I then edited the index file and added "I am Internal IP X or Y" just so see if it is forwarding correctly.

      6. The test was successful.

    • Richard Demalata profile imageAUTHOR

      Richard Demalata 

      3 years ago from Santa Rosa, Laguna

      Hi Shane,

      I have not really tested the running the same services then mapping them to different Public IPs like you wanted to do in this case.

      Might want to try doing the forwarding via firewall script if the GUI is not working.

    • profile image

      Shane Lewis 

      3 years ago

      Richard, thanks for this: This doesn't seem to address when I want to do the following:

      How I can have WAN IP X port 25 to internal IP X and WAN IP Y on port 25 to internal IP Y

      Does this only work if port forwards are unique?

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)