Setting up a block of static IPs from ISP

RonRN18 · Nov 22, 2019, 7:04 PM

I am looking at potentially moving, which will require me to go with a different ISP than I have now. The new ISP, AT&T, offers static IP in blocks of 8 IPs, with all but three of them usable (5, 13, 21, etc). I believe that in order to access these IP addresses, I will need to go to "FirewallVirtual IPs" to add them. My question is, do I need to add just the usable IP addresses individually or can I just list the first IP in the block of 8 and use something like 1.2.3.4/29 to include them all.

After this, in "Firewall/NAT", I'm guessing that it is safest to just use "Port Forwarding" to route just specific ports to a specific internal machine than to use "1:1"... correct?

stephenw10 · Nov 23, 2019, 2:45 PM

Unless the ISP is routing the complete subnet to you, via some other IP, it's better to use individual VIPs.

Port forwarding is not necessarily any safer. By default it will add a linked firewall rule to pass the traffic defined in the forward. 1:1 NAT rules do not, you need to add firewall rules for the ports you need. So add only one port and the result is similar. 1:1 NAT also NATs traffic from the target outbound so if you need that internal host to appear to use that public IP for connection it initiates it can be the better option. You can also do that with a manual outbound NAT rule + a port forward.

Steve