Answered Public IP device....

Discussion in 'Networking & NAS' started by FaxFan2002, Jan 17, 2019.

  1. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    So brains of Avforums I have an interesting situation here where I need a device to have a public IP address. No port forwarding.

    Setup is - Draytek 130 modem -> Unifi USG Pro -> Cisco 3560CX

    The connection is fibre to the home and I requested some extra IP's from my provider. So now my firewall (USG-PRO) get's an IP in that range, the provide says that is my default gateway for everything else on that public IP range.

    So I tried to put a switch between the Draytek and USG, connected a PC, allocated a public IP with the default gateway of the WAN interface of the USG - effectively bouncing off the outside interface of the USG. This didn't work...

    So I'm really looking to have a firewall / router with the public ip address but with additional ports allocated in that range. Or some kind of NAT-T going on.

    Ideas / suggestions?
     
  2. Best Answer:
    Post #18 by Chester, Jan 18, 2019 (1 points)
  3. Chester

    Chester
    Well-known Member

    Joined:
    Aug 18, 2003
    Messages:
    3,662
    Products Owned:
    3
    Products Wanted:
    0
    Trophy Points:
    137
    Location:
    Peterborough, Cambs, UK
    Ratings:
    +689
    If you've got FTTP, what's the Vigor 130 doing? Or do you mean you have FTTC (Fibre to the Cabinet) in which case the 130 is connecting to a VDSL service?

    In your PC, set the gateway address to the one the ISP provided you, not the router's public IP address (should be the same gateway address the router uses though).

    Hope that helps...
     
  4. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    FTTC with the draytek connecting to VSDL. The ISP has said the gateway is PPPoE connection IP address - in the case the router public IP address.
     
  5. Chester

    Chester
    Well-known Member

    Joined:
    Aug 18, 2003
    Messages:
    3,662
    Products Owned:
    3
    Products Wanted:
    0
    Trophy Points:
    137
    Location:
    Peterborough, Cambs, UK
    Ratings:
    +689
    Ah OK, the USG uses PPPoE, therefore has all of the IP addresses allocated to it. Setup a LAN2 with another private subnet, say use 192.168.255.254/24 in the router, 192.168.255.1 in your PC. This will become a DMZ, but still behind the USG. There should be an option to forward all traffic to the additional IP address on to your PC in the DMZ. Consult the manual to find out how to perform this, but it should be relatively straight forward. I don't use a Ubiquiti USG, but if you get really stuck, I'll check it out.

    If you must have the public IP address in your server/PC, let us know.
     
  6. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    Yes, must have public IP address.

    I've tried the DMZ and port forwarding and got lots of sucking of teeth from the supplier after it didn't work.
     
  7. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    I'm going to try -

    -> VDSL -> Draytek 130 (non bridge) -> switch / vlan -> USG

    I *think* the Draytek will get the PPPOE address, devices on the switch / vlan can have a public IP address with a gateway IP of PPPOE - including the USG.
     
  8. Chester

    Chester
    Well-known Member

    Joined:
    Aug 18, 2003
    Messages:
    3,662
    Products Owned:
    3
    Products Wanted:
    0
    Trophy Points:
    137
    Location:
    Peterborough, Cambs, UK
    Ratings:
    +689
    Mmm. I've tried to find a way of doing that before. When Draytek launched the Vigor 130, all the screenshots showed it as a sort of mini router than just a 'modem', and this included PPPoE. Since then I've deployed 2 or 3 and haven't seen the same functions, so I'm guessing they fundamentally changed the firmware and decided not to allow this. Shame. However, there's a possibility they'll put it back of course; slim possibility.

    In terms of IP addresses, how have the ISP presented them to you? A separate router address, and an IP subnet (x.x.x.x/29 for example)? If so, you may be able to present an address in that range (usually the first or the last) as a routed address in your USG, and put one of the other addresses in your PC/server. I used to do this all of the time with Vigor 28xx routers for use with firewalls and voice border gateways. You may be able to achieve this with the USG, but again I'd need to read the manual. And that way there's no need to reconfigure the Vigor 130 or put the switch in the middle.

    Let us know how you get on...
     
  9. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    I'll be honest the USG's are pretty rubbish when it comes to multiple IP addresses - nowhere near the functionality of the 2800's (I had a 2800 previously). It's well documented that the ability to control anything more than a /32 is sadly lacking.

    It is a /29 and I don't want for a voice border gateway (Session Border Controller).

    The real issue is when delivering /29 via PPPOE the ISP makes one of those IP's the gateway which is a pain really. Ideally I'd like keep a /32 and have a /29 routed via that /32.

    I'll give the switch in the middle a whirl when I get take the internet down i.e. never in this house!
     
  10. Mister_Tad

    Mister_Tad
    Active Member

    Joined:
    Jan 16, 2008
    Messages:
    422
    Products Owned:
    3
    Products Wanted:
    1
    Trophy Points:
    66
    Location:
    Nottingham
    Ratings:
    +273
    Something like this? Ubiquiti Networks Community

    JSON config only at this point so not ideal. In 2016 UBNT stated it was coming "sooner rather than later", which translated from UBNT to English means "later rather than much later".
     
  11. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    Yeah, I've seen the JSON configuration and I'm not sure it will do what I want either, as I need a direct physical connection with a public IP.

    A bit more digging suggest that a linux based router / fw maybe the way forward as you can bridge ethernet ports aka PPPOE with a /29 ip range? - MikroTik

    My idea about the draytek didn't work as it is just a modem and won't authenticate using PPPOE.
     
  12. Chester

    Chester
    Well-known Member

    Joined:
    Aug 18, 2003
    Messages:
    3,662
    Products Owned:
    3
    Products Wanted:
    0
    Trophy Points:
    137
    Location:
    Peterborough, Cambs, UK
    Ratings:
    +689
    OK, swap out for a Vigor 2862, that will work.
     
  13. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    Will it though? I know WAN alias work on the draytek - but I need a physical connection for a server to for the IP address.
     
  14. Mister_Tad

    Mister_Tad
    Active Member

    Joined:
    Jan 16, 2008
    Messages:
    422
    Products Owned:
    3
    Products Wanted:
    1
    Trophy Points:
    66
    Location:
    Nottingham
    Ratings:
    +273
    Ah sorry, I misunderstood.

    What on earth are you using that's so picky?
     
  15. Chester

    Chester
    Well-known Member

    Joined:
    Aug 18, 2003
    Messages:
    3,662
    Products Owned:
    3
    Products Wanted:
    0
    Trophy Points:
    137
    Location:
    Peterborough, Cambs, UK
    Ratings:
    +689
    Have a read of page 152 of the manual.
     
  16. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    It's about ip routed subnet - remember part of the /29 is the actually WAN interface. I have a 2800 somewhere so I'll dig it out and have a look but I'm not sure that will work....
     
  17. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    That worked, so I need to bridge the WAN the port with selected LAN ports in the setup. So bridging is the way forward.

    Edit - the bridge option doesn't appear with PPPOE only the MPOA option.
     
    Last edited: Jan 18, 2019
  18. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    Missed that, it's the Audiocode Mediant VE Session Border Controller. It *should* support NAT but apparently there issues with it in the virtualised edition...
     
  19. Chester

    Chester
    Well-known Member

    Joined:
    Aug 18, 2003
    Messages:
    3,662
    Products Owned:
    3
    Products Wanted:
    0
    Trophy Points:
    137
    Location:
    Peterborough, Cambs, UK
    Ratings:
    +689
    Best Answer
    You don’t need to bridge, you need to route.
     
  20. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    I can't route it if it's the same subnet as the pppoe interface?

    Example subnet 10.10.10.0/29
    PPPOE interface is 10.10.10.1 (assigned by ISP)
    I want to connect devices to a port and give them the ip address 10.10.10.2,3,4 etc.
     
  21. maf1970

    maf1970
    Well-known Member

    Joined:
    May 2, 2006
    Messages:
    2,101
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    Aberdeen
    Ratings:
    +301
    10.10.10.0/29 gives you

    a max of 6 ip addresses(1-6)
    Broadcast 7
    subnet mask of 255.255.255.248

    However the 10 addresses are all part of Private networking.

    Second, what could you be doing that requires the use of Audiocode's Mediant VE Session Border Controller ?? This is aimed at large Enterprise and Service Providers.
     
  22. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175

    I know the subnet, just not how to have a physical host connection to those IP's with a PPPOE connection on the same subnet.

    The audiocodes is for a LAB, I work at very large enterprises deploying SfB 2015 where obviously PPPOE isn't really in the mix!
     
  23. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    RIGHT! many thanks chaps (or indeed chapesess). We have a working configuration using Draytek @Chester thank you for pointing me in the right direction.

    Draytek 2860 - ZEN Internet - IP range xxx.xxx.xxx.16/29

    PPPOE interface gets xxx.xxx.xxx.22 (controlled by ZEN)
    LAN2 on the Draytek (LAN -> General Setup) is enabled and configured "For Routing Usage" with the IP address of xxx.xxx.xxx.17 mask /29
    Ports on the Draytek assigned to LAN2

    Point of interest the Draytek doesn't seem to mind the overlap between the PPPOE and LAN2 interface though I would say the xxx.xxx.xxx.22 shouldn't be used in LAN2 as it will clash with the PPPOE.

    Let's see if the SBC now works!!
     
  24. Chester

    Chester
    Well-known Member

    Joined:
    Aug 18, 2003
    Messages:
    3,662
    Products Owned:
    3
    Products Wanted:
    0
    Trophy Points:
    137
    Location:
    Peterborough, Cambs, UK
    Ratings:
    +689
    Feel free to use the rating icons ;)

    Have a look at the router status page. You should see the IP address RADIUS assigns (after PPPoE authentication) will be different to your /29.
     
  25. FaxFan2002

    FaxFan2002
    Well-known Member

    Joined:
    Jan 25, 2003
    Messages:
    2,516
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    83
    Location:
    Andover
    Ratings:
    +175
    It's an IP within the same subnet, but hey it's working :)
     

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice