1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Routing public IPs using Tomato

Discussion in 'Tomato Firmware' started by likudio, Dec 1, 2009.

  1. likudio

    likudio Addicted to LI Member

    Hello. I have a little problem.
    Let me begin with the main problem details:

    1 ISP
    1 IP to ISP (the IP that actually I see at: http://ipid.shat.net )
    8 public IPs, but from a different class from the one that goes to ISP

    eg. IP to ISP: XXX.XXX.213.246
    Allocated public IPs: XXX.XXX.216.8/29 (range XXX.XXX.216.8 - XXX.XXX.216.15);

    1 Router Linksys WRT54GL, with Linux/Tomato firmware

    ------------------------------------------------------------

    What I'm trying to do, is to configure the router/firmware, in order to can access from the Internet, a public IP from the ones that I currently have allocated by ISP, which must be going to one of my computers from my internal network.

    Actually, I have a HTTP Server (which needs a public IP), a Mail Server (which also needs a public IP) and an internal network which needs access to the internet (but doesn't need external IP, I need to have IPs from the class 192.168.X.X - because the internal network it's configured like that).

    I read somewhere that this thing can be done with Tomato, so I'm just wondering... how (?) , 'cause I couldn't do it.

    So the final configuration, must be like this:

    IP to ISP: (remains the same): XXX.XXX.213.246 (public, of course)
    Mail server: XXX.XXX.216.M (public)
    HTTP server: XXX.XXX.216.N (public)
    Internal Network: 192.168.X.X (doesn't need public IPs).

    I have some networking knowledge, but it seems that isn't enough in order to make a configuration like this, work with this firmware.

    Please help, 'cause I need to make this configuration work. Thank you a lot.
     
  2. mstombs

    mstombs Network Guru Member

    I don't see what use those public IPs are if not allocated by your ISP, they need to allow outgoing from them and route incoming.
     
  3. likudio

    likudio Addicted to LI Member

    Well, they said that I have to use the main's router IP (XXX.XXX.213.246) to transport the other ones, from that different class. And something like this was done before, but using a Linux Server, not a router. So, the IPs are allowed to go outside, but they say I need to route them somehow, from the firmware.
     
  4. mstombs

    mstombs Network Guru Member

    OK, it is more common to have a continuous block of IPs, then you give one to the router and you give the router IP as Gateway to your other machines. Many setups will not like the gateway outside the local LAN so you may need to set explicit routes on your machines.

    With Tomato you will have to run the router in "router" mode not "nat gateway", and then add an extra firewall command to "nat" just your local IP addresses - of the form

    Code:
    EXTERNAL="vlan1"
    INTERNAL_NET="192.168.100.0/24"
    iptables -t nat -A POSTROUTING -o $EXTERNAL -s $INTERNAL_NET -j MASQUERADE
    or as your IP is static, there is a more efficient "snat --to" form that also allows you to specify which external IP is used (when router has many).

    Note that may tomato router functions and built-in security of the "netfilter packet filtering" firewall will be broken in "router" mode, so the config will end up pretty similar to that of the Linux Server!
     

Share This Page