Hi. We have a block of eight static IPs from CenturyLink (a /29 CIDR), and we're attempting to put the CenturyLink ActionTec C1000A VDSL modem into transparent bridge mode: one public IP would be assigned to an EdgeRouter Lite, and we'd like it to route for the remaining five usable public IP addresses to eth1. I suppose eth2 can be a backup DHCP network for testing: we don't need to bridge the ports.
I got eth0 handling PPPoE and eth2 set up as a typical 192.168.1.1/24 network to configure the ERL using the WAN-2LAN2 wizard, no problem. However, I have not been able to get eth1 handling the public static IP addresses. I have tried adding them to the eth1 interface as a block (/29), individually (as /32s), tried to fully disable the firewall, tried to set up static routes, etc., but no traffic gets through upstream or downstream. I've tried to follow several other threads in this forum (and looked through YouTube videos, etc.) but no joy yet. We just want the addresses routed. Thanks for any pointers.
(I've tweaked this config to remove our PPPoE credentials; 192.168.111.22/29 represents our public IP range.)
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action accept
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action accept
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.111.22/32 #address centurylink mandates be the gateway
description "Internet (PPPoE)"
duplex auto
ip {
enable-proxy-arp
}
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password blahblahblah
user-id foobar@example.net
}
speed auto
}
ethernet eth1 {
description "Public IP Network"
duplex auto
ip {
enable-proxy-arp
}
speed auto
}
ethernet eth2 {
address 192.168.1.1/24
description "Local Net"
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth1
lan-interface eth2
wan-interface pppoe0
}
protocols {
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN2 {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on eth2
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface pppoe0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address 01.02.03.04 ## gateway address redacted
host-name ubnt
login {
user foobar {
authentication {
encrypted-password blahblahblah
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipv4 {
forwarding enable
pppoe enable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}