New Member
Posts: 8
Registered: ‎06-26-2016

Public Routed /31 to /29 subnet

Sorry for the Nubie question but I can make it work after scouring the forums for the past week.... I am trying to get the subnet setup on a ER 8 Pro to allow 5 Devices public IP addresses without NAT. and Without any firewall rules. at the same time I have an internet network that I need internet access with NAT. Anyone have configuratiuon examples?

 

Internal Address 172.16.23.1/24

 

 

Subnet provided by the ISP :

 

The block 88.1.1.240/29 has been routed to 88.1.1.219

• IP address: 88.1.1.219
• Subnet: 88.1.1.218/31
• Netmask: 255.255.255.254
• Gateway: 88.1.1.218
• Routed Subnet: 88.1.1.240/29

 

Thanks for any help..

 

Veteran Member
Posts: 6,096
Registered: ‎01-04-2017
Kudos: 886
Solutions: 314

Re: Public Routed /31 to /29 subnet

Veteran Member
Posts: 7,986
Registered: ‎03-24-2016
Kudos: 2083
Solutions: 913

Re: Public Routed /31 to /29 subnet

On top of article above, you also need a masquerade rule, that does not work for /29 source

 

 

Spoiler
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service nat rule 5010 protocol all
set service nat rule 5010 source address !w.x.y.z/29
SuperUser
Posts: 8,585
Registered: ‎01-05-2012
Kudos: 2263
Solutions: 1144

Re: Public Routed /31 to /29 subnet

And for keeping a basic firewall for the private network(s), the WAN_IN ruleset, should looks, more or less, as

Spoiler
configure
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action accept
set firewall name WAN_IN rule 20 destination address 88.1.1.240/29
commit

Wouldn't be a bad idea, have also firewall rules between the public network and the private network.
Cheers,
jonatha