Let's say I have the following setup, whereby a customer (who wants a public static IP) is connected to my main router.

Internet > main router (with 1:1 NATing) > bridged wireless system > customer router (NATed with private static IP on wan) > switch > rest of network

Just think of the bridged wireless system, as a long ethernet cable.

I understand that with 1:1 NATing, the customer would have a private static IP address on the WAN port of his router…and I would have to configure a public static IP in the 1:1 NATing section of the main router.

Wouldn’t this 1:1 NATing allow the customer to remote into his network, the same as if the main router was in bridge mode and the customer had the public static IP address on the WAN port of his router?

But, I have heard that some applications on the customer’s computer (that he might try to access remotely…maybe via VPN), may not work properly, unless the WAN port of the customer’s router actually had a public static IP address. I’m not sure how true that is.

So I could use some comments on this.

I would think that 1:1 NATing would even have some advantages, such as the inherent security of NAT.

Thanks for any comments on this.

I think you would need to have a network that supported VLAN's, and on your main router VLAN off a lan port and share that vlan with the internet port, so that you could get multiple WAN IP's via one box instead of duplicating the same thing over and over again.

I've done this with a Buffalo router running DD-WRT, http://dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_%28Separate_Networks_With_I nternet%29

So with the VLAN detached networks, what I am able to do is have a single cable internet connection, on one router, I then setup 4 WAN IP addresses off of one router.

Port 1 on the router was one IP, Port 2 was another, port 3 a third, and port 4 the last.

I did this setup for a small office building that had four individual tenants in the building and they each wanted a real world, routeable internet IP address. So then I just ran a single ethernet cable from each port to the individual offices.

I think the same concept would have to apply here. But it all depends on your main router and if it supports Detached Vlans and also if you can get a second IP address from your ISP.

- Josh

Hi umvidx:

Thanks for your reply. I'm not sure if I understand the physical setup you have. Might this be the setup you are describing?...

Internet > main router (with 1:1 NATing) > managed switch with vlans ports to customers >

> vlan port 1 to customer 1s router (NATed with private static IP on wan) > customer 1 computer or network
> vlan port 2 to customer 2s router (NATed with private static IP on wan) > customer 2 computer or network
> and so on

And I would have each private public IP address (for each customer) set up in the 1:1 NAt section of the main router. And this 1:1 NATing would translate over to the private static IP addresses at each customer router. That how you do it?

I want to make sure I understand you physical setup...and then I'll follow up with a few more questions.

Thanks much

What I have is a cheap $40 wireless router that has 1 WAN port and 4 LAN ports, running DD-WRT on it.

DD-WRT is open source linux firmware that runs on the router. Since its running Linux, its running IPtables which basically allows you to run any type of configuration you want on it.

And well I set it up so that I could get for dynamic IP addresses from the cable internet providor in the office I set this up in, and then I setup the DD-WRT to have each 4 LAN ports to be individual networks and get 4 different internet IP addresses.

I went this route so that I didn't need to have redundant equipment, 4 routers mainly. instead I was able to accomplish the setup with one router, using VLANs.

so I have VLAN1 which was LAN port1, VLAN2 goes to port 2, ect.....

and all 4 vlan's are terminated on port5 which in my case was the WAN port, so that basically when a customer pluged in either their own router or a single pc they got a real world IP address and not a NAT IP address.

In terms of your setup, I'm not exactly sure how I would approach it in the best way possible. you would either have to have a seperate wireless network, or you are using an access point that can do multiple SSID's and you can do VLAN's on each SSID. Thats really the only way I could think you could do it.

- Josh