Multiple Static IPs Question

[MySongRanHills]

My business account with comcast includes 13 static ips. Their documentation states:

"Subnet mask:

A CIDR /30 (or 1 static IP) - 255.255.255.252

A /29 (or 5 static IPs) - 255.255.255.248

A /28 (or 13 static IPs) - 255.255.255.240

Gateway IP: This is a static IP address, in addition to the number of ordered IPs, which is assigned to the Comcast modem (IP Gateway). By default, it is the last IP in the range loaded on the Comcast Gateway."

Currently I only have a cable modem and router. Cable modem subnet is /30 and has 1 wan IP.

I really only need 1 static IP (previous staff was a little over zealous) so am I fine leaving the subnet as /30 or if router reboots/loses power is there a chance it could mistakenly grab one of the other static ips?

 

[MysticRyuujin]

Generally speaking when you have static IPs you configure it on the router to use a specific IP address and DHCP is usually off on that link so you wouldn't have to worry about the IP changing.

 

[Cmustang87]

I really only need 1 static IP (previous staff was a little over zealous) so am I fine leaving the subnet as /30 or if router reboots/loses power is there a chance it could mistakenly grab one of the other static ips?

Short answer in addition to what Mystic said, no. There are only 2 available IPs to use in a /30 block of IPs. There are 4 addresses in a /30 but one is for Network ID and the other is for broadcast. Your ISP will use one of the remaining 2 and that is your gateway. The available IP (which will be your WAN) will not change in this scenario, unless they move you to another subnet.

 

[goodcooper]

grab one of the other static ips?

static ip's aren't grabbed

 

[Dead Parrot]

Give the router the static IP of your choice in the range provided. No point to using DHCP on the WAN side.

 

[Dr.Nut]

It sounds like you have a bridged network with Comcast (no routing or PPPoE,) but I could be wrong.

There are a few things you can do:
1. Plug in your PCs and devices and manually give them static IPs in from your IP block.
2. Or run a DHCP server to hand out the static IP addresses to your connected devices.
3. Or the best, but most complicated option: NAT on your own router.

• Assign all IPs from your static block to your router on the WAN port.
• Set up a private network (192.168.0.0/24, etc) on your LAN side.
• Decide how to map your static public IPs to your private network and set up one-to-one NAT for those.
• Use Masquerade for all other devices on your LAN.

Here is a quick and dirty script of how to do this in Linux. Masqueraded devices will all be mapped to the first IP address assigned to the WAN port (eth0.) And of course you'll need to run dnsmasq to assign private IPs and to proxy DNS requests.

#!/bin/sh

# Assign all static IPs to the router so ARP works
ip addr add pub.lic.ip.241 brd pub.lic.ip.255 dev eth0
ip addr add pub.lic.ip.242 brd pub.lic.ip.255 dev eth0
ip addr add pub.lic.ip.243 brd pub.lic.ip.255 dev eth0
ip addr add pub.lic.ip.244 brd pub.lic.ip.255 dev eth0
ip addr add pub.lic.ip.245 brd pub.lic.ip.255 dev eth0
ip addr add pub.lic.ip.246 brd pub.lic.ip.255 dev eth0
ip addr add pub.lic.ip.247 brd pub.lic.ip.255 dev eth0
ip addr add pub.lic.ip.248 brd pub.lic.ip.255 dev eth0
# etc, etc

# Bring up WAN and LAN ports
ip link set eth0 up
ip link set eth1 up

# Add the default route to your ISP's gateway IP.
ip route add default via pub.lic.ip.254


# Clear out iptables
iptables -F
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# Conntrack.
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Static 1-to-1 mapping (add more if you want)
iptables -t nat -A PREROUTING -i eth0 -d pub.lic.ip.242 -j DNAT --to-destination 192.168.0.242
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.242 -j SNAT --to-source pub.lic.ip.242

# Masquerade everthing else
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE