Link to home
Create AccountLog in
Avatar of wmtrader
wmtraderFlag for United States of America

asked on

Sugggested Router to Route Public IPs?

MY ISP gave me a single public IP for my router's WAN port and a public IP LAN block (5 public IPs on a different subnet) for the routers behind the first router.

I need a router to route public IPs. The router will be configured with public IPs on both the WAN and the LAN (public IP LAN block).
I need a router that only routes traffic without NAT and without a firewall. The two routers behind this router will do the NAT and firewall functions for the local area network that they are attached too.

I see many routers for sale but they all seem to be geared towards public WAN to private LAN uses.
What router would you suggest?
Avatar of hypercube
Flag of United States of America image

It's not clear to me why you want a router for this sitation.

Here's what I do:

I have a router (which is the interface to the ISP much like a modem might be) with the public address on the WAN port and one of the public block IPs on the LAN port.  It's in "Router" mode which means "No NAT".

The LAN port connects to a switch that I call the "Internet Switch"
Then all of the devices that will have public IP addresses out of the block are statically-addresses and plugged into this same switch.  The switch can be viewed as a mini-connection to the internet.  Well, as far as I'm concerned, it *is* the internet with limited address scope but the router takes care of all the universe beyond.

Then, in turn, each device with a public address is configured as it would be were it alone connected to a modem or ISP port.  Our main firewall is an example.  Some VPN boxes are other examples, etc.
There is no need for routing at the "Internet Switch" level.  The ISP takes care of internet routing.
Avatar of wmtrader


The ISP will only allow traffic coming from the device configured with the IP they gave me, the IP for the front router. So I will need device that will appear as if traffic is coming from the IP they gave me.
Yes.  I understand.  
But you also said:
and a public IP LAN block (5 public IPs on a different subnet)
So, let's suppose that:
- the ONE they gave you is so we assign that to the WAN side of your router.  That's what they will "see" from their end of the connection.  And, of course, anyone on the internet, including the ISP can "see" all of your other public IP addresses in use VIA your router.
- the FIVE they gave you are in the subnet (just an example public subnet).
Actually, there are 6 hosts in that subnet so you should have some understanding with them what's the situation.  But, I will assume one of two situations: will be assigned to the ISP for some reason that I don't need to understand.  Otherwise I would probably assign it to the LAN port on your router.
and - are the 5 available for your devices.
So, if somehow (or the equivalent thereof) is being used by the ISP (leaving but 5 out of the 6) then I would:
Assign one of the remaining e.g. to the LAN side of your router.
Assign four of the remaining e.g. to to your other devices needing public IP addresses.

Otherwise, if what you meant was that you could have 5 devices with public addresses NOT including your router LAN port, then:
Assign one of the 6, e.g. to the router WAN port. (It could be any of them, but this is rather conventional practice).
Assign five of the remaining e.g. to to your other 5 devices needing public IP addresses.

Does that help?

Your router, in router mode with no NAT, accepts packets from its WAN side.  They are routed to the appropriate port on the switch going to your device with that address - as those are all on the same subnet.

Your router, in router mode with no NAT, accepts packets on its LAN side,  destined for the rest of the public internet, and passes them to the WAN side of the router and on to the ISP.

Since all of your public addresses are on the same subnet, any packet destined from one of your devices (either one with a public address or one on a LAN subnet behind it) and TO the public address of one of your other devices, will simply pass through the Internet Switch on the LAN side and NOT be passed to the WAN side and the "rest of the world".
Disregard the above, the wrong copy/paste.

AT&T (AT&T Business Direct fiber, the fiber service for large business) restricts traffic coming from a customer's location based on the the IP of the device connected to their service.

AT&T offered me a "managed router" to be installed behind their "fiber to copper media converter" but they failed to tell why they where offering me a managed router so I declined. Come to find out now I need a router using the /30 subnet address to provide access to the public IP LAN block using a the IP addresses of the /29 subnet.

So all I need is a solid fast router (their is a lot of traffic coming/going) that does nothing but routing, no firewall and no NAT.
That all sounds correct.  The new information is that the AT&T side address is in a /30 block.  That's fine, whatever....

Yes, you need a router to connect to the fiber to copper media converter.  That's exactly what we're doing at sites like this.
My question is not if I need a router, I know I need a router, but what router do you suggest?
I need a fast, solid router to only do routing of public IPs.
What is the data rate that you expect?
I'm using a very simple RV042 for this purpose with data rates at 30Mbps peak.

There are really two considerations:

- you don't want to pay for all kinds of features that you aren't going to use and might well increase the complexity of configuration.

- you want to be able to support the data rate.  

So, the RV042 is a good choice for the first part and now we need to help decide if the data rate will be supported.
I am not sure about the data rate.
The fiber is a 100Mbps connection.
The traffic consist of VoiP traffic from 50 handsets going to/from Ring Central, 3 router to router VPNs (VPN traffic supporting RDP, SAP, mail, file/print), a public Exchange server, and multiple offsite employees accessing the terminal server via Remote Web Access along with the 50 or so employees browsing the web and doing mail via the Exchange server.
Avatar of Benjamin Van Ditmars
Benjamin Van Ditmars
Flag of Netherlands image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I reviewed the  CISCO1941/K9 and decided that is was the good choice.