Assigning static WAN IPs

Kol

8/10/24, 10:14 PM

My ISP gave me a /27 of IPs. Basically, they gave me the following information.

Network: 1.2.3.64/27
Gateway: 1.2.3.65
IP Range: 1.2.3.66-94
Netmask: 255.255.255.224

To deploy this, I want to give the router an IP address, and the devices connected to it a static IP. The devices connected will not have a LAN IP, so I believe I won't use 1:1 NAT. However, I would just like configure a static wan IP on each device.

I am confused as to the matter if I should make the router's IP the gateway IP, or if I should assign an IP from the pool (ex. 1.2.3.66). To setup the router, I just need to provide an IP address, gateway IP address, and netmask. I already have given it a .66, inputted the gateway IP as the gateway (all of which works and connects), but for some reason I am unable to configure the devices connected to it an IP address (won't connect to internet). On a client device, I give it the IP, use netmask 255.255.255.0, and tried the gateway IP and router IP as the gateway, none of which worked.

Obviously I am missing something, just not sure where to begin as I feel like I have tried everything I know (still new to this).

1 + 5

networking

mikrotik

yagmoth555

8/10/24, 10:16 PM

Get a router that support multiple IP? Else just use a switch to the ISP, but less secure as you will have not a firewall in between

Kol

8/10/24, 10:19 PM

@yagmoth555 It's a Mikrotik Cloud Router Switch. It supports multiple IPs and I would still like the firewall in between, hence this post.

yagmoth555

8/10/24, 10:43 PM

Perfect then, if all servers need to be isolated I suggest create multiple VLAN for each, and assign your NAT rule from there so each VLAN will get out on the assigned IP you define, (you could use local IP 10.0.x.y 255.255.255.0, x as your VLAN id to be easy to follow, and your firewall will have multiples zone defined for all VLAN)

vidarlo

8/10/24, 10:47 PM

If you need the firewall, and have not gotten a routed net, the best solution is probably NAT

Kol

8/10/24, 10:54 PM

@yagmoth555 would it be possible to configure the IP directly on the client without going through LAN? I don't need any isolation

Score:0

Server

Zac67

8/11/24, 6:29 AM

Your question isn't very clear. I am assuming an Ethernet handover port is used.

The IP parameters indicate your ISP expect your public IP address 'on link'. There are two ways to do that:

connect a switch and connect devices using the public IP addresses directly - this pretty much precludes the use of a routing firewall
connect a router/firewall and configure its WAN interface with all IP addresses from your ISP; use destination NAT (port forwarding) to map each public IP to a private IP in your DMZ

If you don't like either method, an additional transfer network is required between handover port and WAN router, usually /31 or /30.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Assigning static WAN IPs

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.