4 public IP addresses , same modem



  • I have a Motorola Surfboard router from my ISP. The ISP disabled the routing feature for our office so now it is just a modem.

    It has 4 gigabit ports and is "supposed" to only supply dynamic IP , but I have confirmed that I can plug in all four ( more with a switch ) and get virtually unlimited public IP addresses.

    I contacted the ISP and they said that while this does work and does not violate any policies , it is not supported.

    I would like to have these IP addresses as it saves me A LOT time which would be spent dealing with reverse proxies / non-standard port usage configurations . There is not speed increase , it is balanced.

    I would like to use 1 public IP port outgoing on the LAN and the other 3 to point to servers on the LAN ( HTTPS ).

    I currently have a gateway group with all 4. The gateway group has been added to the LAN rules as the gateway to be used. Its seems to be working fine but sometimes I get my LAN public IP changing between LANS.

    I haven't looked at this in too much detail since before doing so I would like to get some input on possible alternatives or better solutions.

    Thanks!

    Pretty sure the picture added shows almost nothing useful , but thought maybe someone may see something obvious I am doing incorrectly .
    ![pfsense copy.png](/public/imported_attachments/1/pfsense copy.png)
    ![pfsense copy.png_thumb](/public/imported_attachments/1/pfsense copy.png_thumb)



  • You only need one WAN link.  All of the other IP addresses can be handled via Virtual IPs.  How is this modem giving you "unlimited" IP addresses?  Is it pulling them from your ISP's DHCP pool?  Dop you get served the same IP addresses each time, or do they change regularly?  This would be a lot easier to handle with a standard business Internet plan with a few public static IP addresses.



  • Doesn't a VirtualIP need static IP ? Mine are all dynamic . Yes , I get IP's pulled from the ISP DHCP pool. They change daily.



  • If you're using DHCP addresses, how would you set up a service?

    I have a similar configuration, but my ISP gives me 5 static IP addresses.  I configured a VirtualIP for each IP I want to use a service with.



  • Yes, you need static IPs or at least static mappings.  You are setting yourself up for grief by doing it this way.  Do what you have to do to get some static IP addresses.



  • I think I have fixed the issue , it was actually a faulty network card. I have replaced with all intel ct 1000 cards. Has been running great since last post.

    Why is this setting myself up for grief? Could you please elaborate?

    @cpk:

    If you're using DHCP addresses, how would you set up a service?

    I have a similar configuration, but my ISP gives me 5 static IP addresses.  I configured a VirtualIP for each IP I want to use a service with.

    What are you talking about ? I use DynDns and a smart host for my mail…solves all the problems I have ever run into. Sometimes I create a CNAME point to a dyndns so I can get an SSL certificate. I forget what RFC violation that is but whatever.



  • As for your comment about static IP's .

    Its not hard at all to get them , its just costly. I don't have to set it up this way either its just easier and seems to work fine. If I feel like spending the 400$ a month for 5 static IP addresses ill go and do that later but for now , 5 dynamic is fine with me. Look at these numbers below, I would be paying 4x as much money for 1/2 the speed (up AND down).

    FibreOP Business Internet
    50/30
    Low price of
    $99.95/mo

    Advertised as 1 dynamic , am using 5.

    FibreOP Static 5 IP
    20/15
    $299.95/mo

    5 Static IP. Price for 12 months going up to $399.99 a month



  • I've just always been adverse to running business servers off of dynamic DNS and DHCP from the ISP.  More points of failure than I'm comfortable with.  If it's working for you then that is good news for sure.

    How many servers are you running?  I'm wondering if you could get away with port forwarding your front-facing servers through the one IP address.



  • I've got Exchange 2013 (mailbox + client access ), Windows server 2012 R2 ( SSTP , RDweb and RD gateway ) and I have a Linux server with a Tomcat SSL server .

    Port forwarding exchange from 443 to something else is from what I can tell , impossible. Same goes for SSTP ( without client side reg edits ) and its just a complete pain in the a**.

    The only problem I have ran into while running this in the last 2 years using DHCP was that mail was being blocked from exchange and I had to route though a smart host … thats it.



  • As they say, if it ain't broke, don't fix it.