What I think you're after is often referred to as 1:1 NAT but as MrSaffron says I'm not sure what sort of consumer kit you'd find this sort of capability on.

It's also important to note that you don't have a 4 port router, you have a NAT router with WAN and LAN sides, and a 5 port switch attached to the LAN side (one of the 'ports' is used internally to connect to the router chip so only 4 are available). The routing tables have no knowledge of this LAN switching as routers operate on the IP layer (layer 3) while switches operate on the MAC layer (layer 2) - the router just sees traffic arriving on the WAN and LAN sides regardless of what physical switch port it arrives on.

Also, just in case you come across this point down the line (but don't worry about it too much now), bear in mind that you have been assigned a few IPs from a much larger subnet, and not a whole subnet to yourself - this is sometimes an important consideration when it comes down to routing. This isn't a bad thing as a 4 address (/30) subnet is quite wasteful in terms of addresses - each of the interfaces (your router plus the ISP router) takes an address, which leaves one for each of the network and broadcast addresses. I.e. even though you'd get 4 dedicated addresses, you can only actually 'use' one.

If you have a spare computer with two NICs, you could play with something like Smallwall or pfSense as they support what you're after. Using 1:1 NAT, the PCs themselves don't actually get assigned the public-facing IP address but rather you effectively set up a 'DMZ' for each device you choose. Of course, be sure to set static internal IPs and ensure firewalls are enabled. Also, because you don't have an entire routed subnet (at least that's usually the case), you will probably need to use proxy ARP. This link explains it: http://doc.m0n0.ch/handbook/faq-ipalias.html

Edited by deleted (Sun 17-Apr-16 14:48:25)

Hiya,

Thank you.
I have played with IPCop a little, a smoothwall fork. I've also played a little with DD-WRT. I think that is the way for me to go.
I think this is going to be a long project, I'm not going "live" until I know a LOT more about the security implications.

I'm going to take a good look at m0n0wall, something I have seen in the past but never used.

Thank you for your reply.

BR
David

Edited by deleted (Mon 18-Apr-16 22:26:05)

The Draytel 2860 will do this (probably a few others models too).

You can setup each LAN port specifically to a VLAN and have one to one mapping. Each LAN can be setup with its own IP range too. The WAN aliases can be mapped to each VLAN/LAN port and this will achieve what you want.

http://scrn.at/jfQT4.png
http://scrn.at/SGehX.png

Matt

Hiya,

Thank you for your reply.
I think I'm going down the DD-wrt/m0n0wall route. But I need to to do lots more reading yet.

BR
David

Ahh yes, this is what I have done.

Zen give me 8 IPs (a /29), but I do not run a routed network for this. I still run NAT, but I have decided how each IP is NAT'd. For the end IP address of the 8 block delegated to me (which would normally be the broadcast address in routed IP setup), I have mapped that to be the public IP of my wireless "guest" network (everything behind this is VLAN'd with ID 1, with 192.168.1.0/24 being the private network being NAT'd). I then have other public IPs NAT'd appropriately as well (the default one being to route my "non-guest" 192.168.0.0/24 network).

So yes, you can do what you are describing - it's basically a more sophisticated NAT setup than what the average person will be running.

Edited by deleted (Mon 18-Apr-16 22:54:18)

I use OpenWrt because it has a large amount of features, the way it's laid out seems logical to me (OS X/*nix user) and it's open source (I customise and then compile it from the source code).

The only thing I could criticise it on is that the documentation is lacking if you compare it with something like Cisco's documentation, so you may struggle, as it's really meant for people who already have experience with networking technologies and want something that's low cost, yet feature-rich for their home.

I have a /28 (16 IPv4 addresses) and 2 networks as well as full 1500 byte MTU (FTTC) on my router. Here's how it's all laid out:

Network #1:
- Just like a standard home NAT setup, DHCP server hands out RFC 1918 addresses which are then masqueraded when they are leaving my network
- Bridged to it's own 2.4 and 5GHz wireless interfaces
- Part of the default VLAN (I think)
- IPv6 /64 from my /48

Network #2.
- DHCP server hands out proper IPv4 addresses (non-NAT addresses) for quick testing, but I also manually assign them to interfaces (not 1:1 NAT)
- Also bridged to it's own 2.4 and 5GHz wireless interfaces
- A second VLAN which allows me to connect to this network via physical ethernet
- Another IPv6 /64 from my /48

Note: As I don't have a web interface on it (just CLI access), I'm going of the top of my head.

So if you want to learn about networking and Linux at the same time I'd recommend getting a router that's compatible with OpenWrt. Personally, I have a Buffalo router, but have heard good things about the TP-Link routers. Had mine since 2011 or 2012 and I'm thinking about getting a Linksys WRT1900ACS next, but it's not quite there yet (software-wise) as there's been a bunch of issues that will be likely sorted in the future.

Look at some of the cheaper Cisco routers something like the SA520-K9 if you can get one on ebay.
You just need to create a rule, you would be able to create a rule that says lan device with IP of say 192.168.0.2 use public ip of 46.100.100.25 and another rule so lan ip 192.168.0.3 use public IP of 46.100.100.26
You can create another rule to make it two way so any data heading for IP 46.100.100.25 is directed to 192.168.0.2

In reply to a post by TrogLeDyte:

Thank you for your reply.
My service is ADSL.

What I want to do is have four internal networks, each with a different external IP address.
Why do I want to do this?
I'm playing with/experimenting with/learning about computer networking and I just wanted to try it.

BR
David

You have several choices.
Get a router that can do 1:1 NAT routing - then give each device a static IP on the internal range, and use the 1:1 feature to map an external IP to an internal IP.

Get a router that can present the Static IP range on both sides - then give some other devices each one of the additional static IP addresses from that range. They'll appear as whatever IP they're configured with.

Get a few "cable/dsl" routers (or basically a router that has a WAN port as Ethernet and some LAN ports), and a router for the ADSL side that can present the Static Range on both sides, assign one of the static IPs to each extra router WAN side, then have different LAN ranges (but note you can't easily get between those internal ranges from another).

...many other combinations exist.

The latter suggestion is closest and least technical in terms of ease to setup but requires several boxes.

All in one boxes exist to do this also via VLANs and so forth too - there are many ways to skin that cat.

Would having Fibre to the cab make much difference?
I have almost the same setup and this has been driving me crazy for over a week..

Hiya,

Question:

It's also important to note that you don't have a 4 port router, you have a NAT router with WAN and LAN sides, and a 5 port switch attached to the LAN side (one of the 'ports' is used internally to connect to the router chip so only 4 are available). The routing tables have no knowledge of this LAN switching as routers operate on the IP layer (layer 3) while switches operate on the MAC layer (layer 2) - the router just sees traffic arriving on the WAN and LAN sides regardless of what physical switch port it arrives on.

Does this actually mean a six port switch, one used internally to connect to the router, one for wlan and 4 for lan?


BR
David