Day 3: I don't know what to even try anymore. I have searched half the internet and still haven't found anything. Well actually I have but nothing seems to work regardless.
If it isn't obvious from the paragraph above, I have been tinkering with networking. In my opinion networking is one of those things that seems to be easy when looked from afar, but get really hard when you try to do anything even remotely custom. Want to get two IPs from ISP over DHCP? Sounds simple? That's the problem I've been fighting for three days. The sole reason why I even created a blog folder on my server is to warn those who come after me.
So here is a nutshell version of what I have learned:
My router is running OpenWRT, so everything listed above should be possible to perform. HOWEVER when I did try to do this I only managed to get one interface work at a time, even if I changed all my interfaces into promiscuous mode. This is really giving me a headache. Even Stack Overflow hasn't answered me.
Apparently there's this thing called "client id". Contrary to my previous update, it seems that DHCP assigns IPs based on client ids, not MACs. This client id is usually the MAC but it can be made different from MAC by manual configuration. And today I nearly coomed when I learned that you can run multiple DHCP-clients on one interface with different client ids. Just imagine: No need for that virtual interface hazzle-hell-shitstorm.
HOWEVER (2 and counting...) my ISP didn't provide my other DHCP-client process with a different IP. They gave me the same IP again! Like how??? The only conclusion I can draw from here is that my ISP isn't complying with the standards. That's quite absurd considering I live in Finland where Nokia, SSH and nation-wide fiber happened in the last century. Well I put a post (in Finnish) to their forum asking if my thesis about this heresy is true. I also integrated my problem to the post hoping that some IT-guru will save me one day.
I've got it working! After thanking all the Gods and Goddesses of tech I decided that I must document this revolutionary feat immediately. Before I explain the solution step by step I want to point out that the journey was challenging to the bitter end. When I was literally configuring the last setting I forgot to type CIDR notation to the end of an IP, which naturally heh, you know: BRICKED MY ENTIRE GRID. Luckily I managed to utilize OpenWrt's failsafe function to fix that error. Now, without further ado:
A way to get two public IPs for an OpenWrt router and configuring it so that you can have two servers behind NAT with overlapping ports.
srv2_IP be the IPs of the servers running in your LAN. Let
pub1_IP be your current public IP.
Network > Interfaces > Devices and create a device. Configure:
virtual0in this guide.
Save and apply. Then head to the
interfaces tab. Create new interface. Configure:
After creating, open advanced settings and tick
Use default gateway off. Save and apply. Note down the IP your ISP gave to
wan2. We will refer to it as
Now that we have more than one public IP, we need to specify which public IP maps to which local IP. Configure the port forwards as you want but remember to match the public destination IP:
pub1_IPfor traffic forwarded to
pub2_IPfor traffic forwarded to
Now your servers have reachable public IPs. However, your
srv2 doesn't have any way to respond to requests. Let's fix that.
Network > Static Routes and add some routes:
wan2is connected to
wan2is in (CIDR notation)
Save and apply.
The last step is to redirect all the traffic from
srv2_IP to the route table 62 created earlier. This is easily done, but it requires modifying the config files directly.
SSH to the router and open /etc/config/network in editor. Append:
config rule option src 'srv2_IP/32' option lookup '62'
to the end of file.
Side note: This was the step where I forgot CIDR, which led to catastrophic consequences.
Then restart some interface or reload network config some other way. Issue command
ip rules show to make sure your rule was added.
As you might have observed, my blog isn't a traditional one. Usually people create posts in one sitting and never get back to them. I on the other hand intend to keep my content in these thread-like conventions so people who seek solutions to problems can read them easily. After all my inspiration for writing a blog was to warn other people of the horrors that I've gone through. Why did I write this solution then? Because not even criminals deserve poorly documented software.Thank you for reading