1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRT54G - configuring dedicated ip's for web server

Discussion in 'Cisco/Linksys Wireless Routers' started by markoshust, Aug 8, 2007.

  1. markoshust

    markoshust LI Guru Member

    hello,

    i have a cox business acccount with 8 dedicated ip addresses assigned to me.

    68.99.155.26
    68.99.155.27
    68.99.155.28
    68.99.155.4
    68.99.155.5
    68.99.155.6
    68.99.155.7
    68.99.155.8

    68.99.155.26 is listed as "device ip", with netmask 255.255.255.224 and gateway ip (my WRT54G) 68.99.155.1. i used the "static ip" option for setting up the router with the following info:
    Login Type: Static
    IP Address: 68.99.155.26
    Subnet Mask: 255.255.255.224
    Default Gateway: 68.99.155.1
    DNS 1: 68.9.16.245
    DNS 2: 68.9.16.30
    DNS 3: 68.100.16.30
    MTU: 1500


    i need to know how to assign the ip addresses to go to my computer for web server needs. the only ip that i can ping internally is 68.99.155.26 but i cannot ping it from an external source. i can also of course ping 68.99.155.1.

    i need the 27 and 28 addresses for nameserver ip's and the rest for sites on dedicated ip's (ssl certs).

    i have setup the 68.99.155.26 as a nameserver ip and was able to successfully setup virtual domains on this ip (as a shared ip) with setting up the "applications and gaming" tab by opening port 80 going to 192.168.1.200 (my server computer). but i was still unable to ping this ip externally or setup any of the additional ip addresses above.

    i tried going under setup>advanced routing and entering in values but got different error messages or warnings every time. my current routing table is this:

    Destination LAN IP Subnet Mask Gateway Interface
    0.0.0.0 0.0.0.0 68.99.155.1 WAN (Internet)
    68.99.155.0 255.255.255.224 68.99.155.26 WAN (Internet)
    192.168.1.0 255.255.255.0 192.168.1.1 LAN & Wireless


    i also tried binding ip addresses to my nic but that did not work. can any of you help me?

    thank you,
    mark
     
  2. ifican

    ifican Network Guru Member

    There are lots of ways to go about using multiple ip's assigned to you but depending on if you want the ip's behind a hardware firewall (your router) you will need multiple routers or a router with multiple wan interfaces. Or you wan simple use a switch connected to your cable modem.

    As far as pinging goes your going to have a hard time getting that to work all the way to the host computer but you can portforward lots of stuff. Now there should be a setting somewhere in the router gui that says "block anonymous internet requests" or something like that. If that option is enabled the router will not respond to pings from the outside. Uncheck it and it should answer ping requests for you. I wont go to deep into this at the moment, but just know using the router as a gateway as you are now you are not going to beable to use any of your other static ip's behind it. Please ask whatever questions you have and we can proceed from there.
     
  3. markoshust

    markoshust LI Guru Member

    ok thanks for the info. i unchecked that anonymous ip request blocking and am now able to ping .26.

    can you please elaborate on setting up the dedicated ip's? is it possible to do what i am talking about with a WRT54G?

    fyi: i want ALL of these ip's to go to the same computer (at least for now). there's going to be one computer serving everything up. i do have other computers that need the wireless access though for accessing the internet.
     
  4. ifican

    ifican Network Guru Member

    The problem with the way you want to set it up is that you are trying to use the same ip space on both sides of the router (which you cannot do). Now depending on what services you want to run you can port forward many ports but not sure all you want to do. So you will need a switch and potentially more then one router. Lots of ways to go about it but none that involve just one router when keeping all hosts behind it.
     
  5. markoshust

    markoshust LI Guru Member

    thank you. can someone supply a sufficient wiring solution for my needs?

    i can always link the wireless router off an uplink of another switch. the server(s) will not be running on wireless, they are running directly into the hub cat5.

    can i set something up like cable modem > switch/hub > wireless router, and plug the server(s) into the switch? would binding an ip directly on a network card then work? im pretty lost here as i can't find info on this anywhere.

    thanks,
    mark
     
  6. markoshust

    markoshust LI Guru Member

  7. ifican

    ifican Network Guru Member

    The write up is good, a few incorrect points but will help most folks in your situation. Giver a try and if you have any question just post.
     
  8. markoshust

    markoshust LI Guru Member

    can someone please check this out and see if i have everything correct? it will still be a couple days until some equipment comes in but i would like to verify that my thoughts are correct.

    http://www.insiderhost.com/NetworkDiagram.pdf

    thank you,
    mark
     
  9. ifican

    ifican Network Guru Member

    Overall its fine, but where is the internal address on the servers comming from?
     
  10. markoshust

    markoshust LI Guru Member

    they will be automatically assigned by me (static) in tcp/ip or network config files.
     
  11. ifican

    ifican Network Guru Member

    I guess my questions was you list 2 ips on each server and misc computer, you list your ex ip which is what they should be and you also list a 192.168.2.x address. Its that second address that concerns me, not only from a network security point of view but as overall as i am trying to figure out what you have planned.
     
  12. HennieM

    HennieM Network Guru Member

    Basic Theory

    Your WRT is a Linux box, so here's the theory for (i) using all your public IPs, and (ii) handling incoming requests on the public IP addresses individually:

    I'll assume your current WAN interface on your WRT is eth1. (It may be eth0 or something else, I'm not sure).

    So you have eth1 set to IP 68.99.155.26, netmask 255.255.255.224, and the gateway set to the "next hop" on the internet side, which is 68.99.155.1

    Now do, on your WRT
    ifconfig eth1:0 68.99.155.4 netmask 255.255.255.224
    ifconfig eth1:1 68.99.155.5 netmask 255.255.255.224
    ifconfig eth1:2 68.99.155.6 netmask 255.255.255.224
    ......
    ifconfig eth1:7 68.99.155.28 netmask 255.255.255.224

    You may also need to add "... broadcast 68.99.155.xxx" to the ifconfig lines, but Im too lazy now to work that out....
    Don't assign 68.99.155.26 to a virtual interface [eth1:x], as it's already assigned to the non-virtual interface [eth1].

    You have now bound all the public IP addresses to your WRT's WAN interface. So, if the WAN port is set to respond to pings, you should be able to ping all your public IP addresses from the internet.

    Now we assume that you have 7 different machines on the WRT's LAN side, with (private) IP addresses
    192.168.1.4
    192.168.1.5
    .....
    192.168.1.28

    and, for example, that:

    If an internet DNS request comes in for 68.99.155.4, you want to port forward this to 192.168.1.4 (which is your DNS server), so you add something like this to your WRT's port forwarding rules:

    iptables -A PREROUTING -i eth1:0 -p udp --dport domain -j DNAT --to 192.168.1.4

    Say, for IP 68.99.155.6, you want to handle web access on "inside machine" 192.168.1.6. So you add the rule

    iptables -A PREROUTING -i eth1:2 -p tcp --dport www -j DNAT --to 192.168.1.6

    You can host e.g. a web server and a DNS server on the same internal machine, and thus forward ext IP x to the same internal IP y for port domain and port www, etc. You can further refine and play with the iptables rules to use IP addresses instead of the interfaces like in the examples (ethx:y), or change the private destination port, etc. In fact, I'm not sure my syntax for the "iptables ..." is correct, so read up about iptables.

    You'll most likely have to do this manipulation manually (not via the web interface) and with 3rd party firmware (I forget if you have tomato or something), and get it stored somehow on your WRT, so you don't have to do this whole story again if the power goes off or the WAN drops. I'll leave that part for somebody else....
     
  13. markoshust

    markoshust LI Guru Member

    does anyone know of any 3rd party software that works on v6 of the WRT54G?

    this is EXACTLY what i want to do
    http://www.dd-wrt.com/phpBB2/viewtopic.php?t=7062

    either that, or some other solution. i do have a spare 500mhz linux box laying around if i have to resort to that (if anyone has any info on making a router out of a computer?).

    thanks,
    mark
     
  14. HennieM

    HennieM Network Guru Member

    Yes, DumphluM on the dd-wrt forum has the real thing right there! Also, his use of "ip addr add [public_ip1]/[netmask] dev vlan1" is correct, as your WAN interface is vlan'd to vlan1, and not eth0 or eth1 as I indicated above.

    There is a sticky somewhere on this site which lists the capabilities of the different routers - search for "autopsy" or "WRT serial number" or something like that.
    If memory serves, your WRT v6 can run dd-wrt micro as it is the same as a v5.x that comes with VxWare. To install that, search for "bitsum" or "3rd party firmware v5 WRT54G". The upgrade to 3rd party fw is a bit tricky, so make sure you follow the bitsum instructions to the letter.
     
  15. markoshust

    markoshust LI Guru Member

    hi again,

    thanks for the writeup, i got real busy with my place and this project was put on hold for another week or so.

    i managed to get dd-wrt on my v6, it wasn't too hard. i will go through the steps listed above and let you know if i have any problems.

    thanks!!!
    mark
     
  16. markoshust

    markoshust LI Guru Member

    ok, it looks like that is working great. i haven't tested it out yet 100% but when adding ip's i'm able to ping from outside source, and computers internally are pulling up correct data.

    now i tried rebooting the router to see if settings would save, and it looks like the lines
    /usr/sbin/ip addr add [public_ip1]/29 dev vlan1

    did not save (were not there upon reboot). is there anywhere i can have these automatically load upon start?

    thanks,
    mark
     
  17. HennieM

    HennieM Network Guru Member

    On dd-wrt v24 you can save scripts under
    Administration > Commands
    in the web interface.
     
  18. lamb212

    lamb212 Guest

    Internet Cafe

    I'm using a WRT54G (ver 7) for an internet cafe with 40 clients. I also need to use static WAN ips and unable to get the external IPs to ping. I've been thinking of chasing up an older version of the router so I can put a new firmware on it. The standard firmware only allows 10 portforwarding rules, if I use the DD-WRT firmware as detailed above, can I setup 40 rules? Am I nuts trying to run the cafe through this router?
     
  19. HennieM

    HennieM Network Guru Member

    I'm not sure if dd-wrt (micro) supports the V7 - I think it does, but check the dd-wrt website.
    I'm not sure how many port forwarding rules you can set up in the GUI (web interface), but I'm pretty sure it would be more than 10. Anyway, you can always set up more rules manually, via script, telnetting in, etc. if the GUI don't allow for enough.
     
  20. markoshust

    markoshust LI Guru Member

    thanks so much. fyi: it was administration>diagnostics>command shell under my setup


    thanks a lot to everyone who has helped. everything is running GREAT under dd-wrt and the setup mentioned.


    also, with port forwards you can setup as many as you wish with dd-wrt. its running great here, i love this router :smile:
     

Share This Page