I have a Broadcom BCM5352 router running DD-WRT firmware and four external IPs. In my network config at home I have first a router, and then a switch connected to the router (to avoid multiple cables through the whole appartment.
A server is connected to the switch, and if possible, I would like to give that server a different external ip (that is, tell the router to route all traffic to the specified external ip to the server and vice versa). I don't have static IPs, my ISP only offers DHCP.
So is there anyway to configure this? The firmware supports iptables, so if it can be done with iptables, then that is a solution. It is possible to do with pf, where the feature is called bidirectional nat mapping (1:1 mapping).
First, as mentioned above by another - I have never heard of an ISP giving out multiple IPs with DHCP. You might want to check on this.
None of this is DD-WRT specific:
... If they do really hand it all out on DHCP, then you will need multiple MACs on one interface card, or you will need 4x NICs all plugged into a switch which is then plugged into your ISP router. That's b/c the DHCP server will keep handing you the same IPs no matter what if its all on the same MAC. I dont think Linux has anyway to do multiple MACs on the same NIC.
After this, its pretty easy:
- Use 'ip addr X.X.X.X dev eth0 (or whatever NIC you use on that side) for each IP you want to be.
You will need to setup NAT as usual in iptables
Then you will need to configure DNAT (port forwarding) to direct incoming traffic to the server. Your will setup those rules to forward to the internal IP of the server...
If you want that server to always come from that IP, then you also need to use SNAT to do this, and you will need to mark the packet in the mangle table, and then setup an 'ip rule' command for that.
We do all this on our router here...
and here is what the iproute2 rules would look like:
Notice how we mark TCP 25 to always go out a certain route. That's your mail will get bounced if you dont have it going out the IP that the MX record states on many receiving SMTP server.
Yes, it is possible to do with iptables, however you need to have two IPs assigned to you from your ISP. I'm 99% sure the only way to get that is with static IPs, I've never heard of an ISP giving two IPs via DHCP.
I think you can do it with iptables but it will be a bit hard, I don't remember but I was looking into this ages ago and someone showed me a few samples with dynamic IPs. Then I switched to a couple of virtual server firewall instances instead so I have one per external dynamic (dhcp) ip - all through a single external host NIC (and yes they run Microsoft ISA right now but that doesn't really matter). This seemed way more easy and I like running my firewall and NAT-router on a generic server OS for some reason ;)
Many ISPs in Sweden hand out more than one public dynamic IP via DHCP - 5 is a very common default amount though sure not all do. That way you don't really need to bash your head against the horrors of NAT to support more than one host at home... though consumer-level edge firewalls normally can't handle that I guess...
Have you searched the DD-WRT forums? Here
I run DD-WRT on my router and have an ISP that assigns 5 DHCP IPs. However I took a different and simpler route. I have my internet connection go directly into a switch that then plugs into my servers and into my DD-WRT router. Each device gets its own DHCP IP as if it was on its own network connection. However I can still talk to my servers at the full 100Mbps (The speed of my switch) vs the speed of my internet connection.
Another option is to just hook your server into your Router and make it a DMZ server, this would have a similar effect but your router and server would share an IP.
A fourth and much more complicated way of doing this would be to use 2 NICs in your server and have you server add a virtual interface on its outgoing connection and bridge that virtual interface to your router. Then both devices would have their own IP. ( In this case the server would be doing what you stated you wanted the router to do )