Question AP that can use Public IP Addresses?

Jun 12, 2019
13
4
15
I have been asking this question, in similar way, in numerous forums, so apologies if you have read it elsewhere.
Not received a single response that answers the question yet, so hoping the experts here can help :)
Also waiting on a response from NetGear support.

Short question:
Is there an AP or router in AP mode (preferably the NetGear Nighthawk X6 R8000 that I already own) that can use public IP addresses?


Detailed question:
I am a UK Virgin Media Cable customer.

In process of switching from residential to Business.

I will have a range of 13 public IP addresses.

The router they will be supplying does not have WIFI.
I need WIFI.
I must use their router but can add an AP.
I have just been told their router uses Generic Routing Encapsulation (GRE) tunneling protocol if this is relevant.

I just bought, 2 days ago, a Nighthawk X6 R8000 router before I decided to switch to public IP addresses.

I am guessing this R8000 in AP mode is not up to the job of disabling NAT and using Public IPs?

If this is not possible do you have a recommendation of a AP that can handle this?

Something not too expensive =<£200 and preferably available in UK PC World so I can try and swap the one I just bought ??

This is how I kind of envisage the setup.
-----------------
ISP Supplied Router:
DHCP Disabled.
Router assigned 1 public IP Address by WAN setup (the gateway address for whole network).
2 Ports on router used for the 2 clients physically located next to router.

-----------------
AP or router in AP mode.
On same subnet as primary router.
1 public IP statically setup on it for its own use.
Port on AP connected to a port on router.
Clients connect to AP via WIFI.
All use public IP of primary router as gateway.

Now I think this would easily be possible using the hardware I have if I was using NAT and private IP address.
But I need to use all public IP addresses.
And I don’t think the Nighthawk X6 R8000 supports disabling NAT and using public IP addresses (but am hoping I am wrong).

If not, what AP (or router in AP mode) could I use to achieve this?
 
Jun 12, 2019
13
4
15
More than two and a couple of web servers, two NAS both serving media files on the same ports. A coupe of xboxes too. It is complicated and I just have a preference for not using NAT. The easiest way to do this is with public IP addresses. Plus I have now signed a contract for 2 years so I might as well use the public addresses as i am paying heavily for them.
 

QwerkyPengwen

Splendid
Ambassador
Well to answer your initial question, you can't do that with public ip

Simply because the point of contact to the outside world is running through a single point (the modem they gave you) and this single connection and device can only use a single public ip at any given time, unless the device is capable from within its own firmware of connecting with more than one ip at the same time and can designate those separate ip connections to different Ethernet ports on the main device. (Assuming this modem has more than one Ethernet port on it.)

And if said device does not have this ability, then you either need to get one that does, or ask them for a second one and ask if you can connect to another public ip using it at no extra charge like virtually having two different internet services going into your place, but in reality just one service split amongst two modems
 
Jun 12, 2019
13
4
15
I have done this before. The router then had WIFI built in so there was not a problem with needing an AP. The router I will be getting directly from the ISP is going to be setup with the public IP addresses. Unfortunatley it does not have WIFI. Hence the need for an AP that supports public IP addresses. If I can find one I am confident it will work. The only other option is geting a few more IP addresss and a second router on a different subnet and setting up a route to the gateway router. I used to do this before when I had a router and separate hardware firewall appliance. This is the more expensive option and I would pefer to go with the AP.
 

QwerkyPengwen

Splendid
Ambassador
Actually, after reading a little bit of something, I've come across this:

You pay for multiple public ip that I am assuming you have confirmed are able to be provided through your connection and modem given to you simultaneously correct?

If so, simply plug an Ethernet switch into the main modem, then plug your multiple routers into different ports on your switch.

Each router (with WiFi) should be able to get its own connection and thusly it's own public ip if setup correctly.

You just have to make sure that on each router you manually set a custom static internal ip address so as not to have any cross communication and conflict with other routers.

But also your modem itself should have (hopefully) some kind of firmware that you can log into in order to manage this.

If not, it either automatically handles such things or it doesn't work at all.

So my suggestion is to use a switch then plug in your new router and set it up with static ip, then take any other router you can get your hands on (old or new) and plug that into the switch and get that one set up and see if they each get their own public ip address when you connect a device to it and check on Google.
 
Jun 12, 2019
13
4
15
If I got a second router, with WIFI, it would not be any old one as i want a reasonably reliable connection ;)
By ports I do not mean physical ports, I mean TCP/UDP ports.
The router has 4 physical ports I believe, of which I only need 3 (2 servers and the AP). All other devices have to connect via WIFI.
I am not fantastic at networking but i can get this setup if only I can find an AP that supports public IP addresses. Maybe many/all do as they do not do NAT themselves I believe. Just pass the packets to the router? I could be be wrong about this though, hence the question :)
 
Jun 12, 2019
13
4
15
Actually I think I have just answered my own question and my opening post was wrong? Of course the AP does not need to support disabling NAT as it does not use it. Doh!
Still unsure if it will pass packets from public IP Addresses but I would not think there is any reason why not. I am fairly confident now that the R8000 in AP will work but would not bet my life on it ;) Hoping that NetGear will confirm it will work.
 

QwerkyPengwen

Splendid
Ambassador
ok. let me explain it a bit better.

there is a line that comes into your business/home that carries with it a connection to the outside world from your ISP.

Connected to this line is a box that phones home and allows a connection that is provided to you by your ISP. This is the modem.

Connected to this modem would be a router. (A device that is capable of "routing" this single connection to multiple devices through either ethernet, WiFi, or both)

Then connected to the router would be all of your devices.

This is typically how home networks are set up.

Also, (typically) a modem usually only has a single ethernet port on it aside from the one it uses to connect to the outside world (assuming this is the way it connects, otherwise typically it uses a coax cable) and that is where a router comes in, allowing you to connect multiple devices to the internet through this single line to the modem, and the job of a router is to manage that traffic and assign internal IP addresses to the different devices so that they can be distinguished from each other.

I am going to assume that this is the case with your modem.

So typically an ISP only provides a single public IP address to the consumer through the main line, but in your case they clearly provide more than one.

Normally, with a single public IP, the IP is assigned to the main connection and through the modem.

But in your case it's more than one, so this should (theoretically) mean that the main line and the modem aren't assigned the public IP, but instead something like a router is where the public IP gets assigned in this chain.

And if this is the case, then you need to be able to plug more than one router into this single ethernet port on the modem.

"But how do I do this?" you might ask..... well, that is where an ethernet switch comes in.

Unlike a router, it has no firmware and isn't fancy in any way and doesn't handle anything like internal IP addresses and assigning them, it just simply lets you connect multiple devices through a single line, and it would be up to those individual devices to handle IP addresses.
Meaning this hub wont interfere with the chain by it being assigned it's own public IP address through this connection.
(again, assuming this is how your ISP and the modem they gave you does things)

So what you would do is simply add the switch into the chain between the modem and the router, and use it to plug in more than one router.

However, once again, this is all theoretical and assuming this is how your ISP and the modem they provided you this when it comes to multiple public IP addresses through a single line.

And the only way to know for sure how they handle this sort of thing is to either contact their tech support and request to be elevated to someone who actually knows a thing or two, or to just try it out for yourself and see what happens.

Hopefully this was a better explanation on the matter and that it helps to clarify things.

I should also note that while your ISP may have something in place to allow you to manually set a static public IP address to your connection to the outside world through them, chances are that they don't and that these public IP addresses that get assigned to things on your connection are auto managed and will change every now and again to a different number because most ISP provide the public IP using DHCP and such which creates a new public IP number for your connection.

If this is the case, then the only way to get around it is to request static numbers, or to make sure that the routers you are using have built in support for services like No-IP so that even when the public IP address changes, a web address you assign to your No-IP account will still DNS forward to your servers on your network.
 
Jun 12, 2019
13
4
15
There is no modem. Well there is but it is built into the router.
These are real static IP addresses. I will be getting a block of 13 usable public IP addresses (the 13 number comes after the routers IP address, and broadcast and network addresses (definitely) have been taken into account. So if you include the router it is actually 14 usable addresses? I believe this is a 0.0.0.0/28 (networking is not my strongest point so I may have that wrong).
The router will come pre-configured to use them. I have been using no-ip.com up to now but will have no need for it once this is in place. I also have full access to my DNS records (CNAME, A, MX etc) so I can assign some devices their own domain name (which I already own) and get web and email etc up and running again, without having to use the more cumbersome and limited no-ip.com control panel to do it.
 
Jun 12, 2019
13
4
15
Do you already have the ISP-provided modem/router? If so, can you not just test things out with your R8000 set up as an AP? Or are you keeping the R8000 unopened until you figure out if it would work, in case you need to return it for something else?
I wish I did have it already but will not get it until the day of install (a week or two).
Already been using the R8000 with the current connection, though I have just removed it and set the ISP router/modem combo back to router mode from modem mode.
I have a strategy now though. The new ISP supplied router will be configured as modem mode. Going to install dd-wrt on the R8000 and set it up as a gateway router. Been informed it will support this setup with public IP addresses and to be honest the ISP supplied routers are rubbish routers (for example it is not possible to setup any IP reservations as a batch. They have to be configured one-by-one, applying settings, waiting for network to reconnect again and doing next one, which takes forever). dd-wrt gives me many more possibilities that may arise. I feel much more happy and confident now :)
 
  • Like
Reactions: TJ Hooker
It's a really bad idea and there is not a good reason for it. If one insecure device gets a public ip it's probably going to get hacked in a few hours. Putting a NAS on a public IP is a horrible idea. You can configure the clients ip, gw and dns manually and see if that works. DHCP probably won't work unless all the ips are in the same CIDR range.
 
Last edited:
Jun 12, 2019
13
4
15
It's a really bad idea and there is not a good reason for it. If one insecure device gets a public iP it's probably going to get hacked in a few hours. Putting a NAS on a public IP is a horrible idea. You can configure the clients ip, gw and dns manually and see if that works. DHCP probably won't work unless all the ips are in the same CIDR range.

I have been doing this for 20+ years and no-one has hacked me yet. Nothing they can take in any case, not even a suspect photograph.
First time I have had to do this on Cable and I usually use a real ISP to do this, A&A being my favourite. Not available where I am unless I want a 16Mbit line.
No different to opening up ports and port forwarding them, if the NAS is insecure and on the Internet. Saying that though, I may put it on a different subnet, just because I like to tinker.
I do see hundreds of attempts daily on telnet, but 5 incorrect attempts and it is blocked.
I am meticulous about installing security updates and have a very secure password policy. Its a risk I am willing to take but thanks for the advice.
 
  • Like
Reactions: TJ Hooker
I have been doing this for 20+ years and no-one has hacked me yet. Nothing they can take in any case, not even a suspect photograph.
First time I have had to do this on Cable and I usually use a real ISP to do this, A&A being my favourite. Not available where I am unless I want a 16Mbit line.
No different to opening up ports and port forwarding them, if the NAS is insecure and on the Internet. Saying that though, I may put it on a different subnet, just because I like to tinker.
I do see hundreds of attempts daily on telnet, but 5 incorrect attempts and it is blocked.
I am meticulous about installing security updates and have a very secure password policy. Its a risk I am willing to take but thanks for the advice.

Many services weren't designed to have ports on wan. No security updates are fixing that either. All pain no gain with what you're trying to do.
 
Jun 12, 2019
13
4
15
Many services weren't designed to have ports on wan. No security updates are fixing that either. All pain no gain with what you're trying to do.

Really, OK. The services I am running are designed to use ports on the WAN. They are specifically designed to allow the WAN to access the LAN. There is no pain and lots of gain.
Some of the ports I use will be identical on each device. Something port forwarding cannot resolve. Some have suggested using UPnP and this will not work either and like NAT something I do not like.
The ONLY way to achieve what I want is through multiple public IP addresses.
I do not remember asking the question please advise me on how to run my network. I simply asked if anyone cold advise on a particular hardware device to achieve my aim.

"Is there an AP or router in AP mode (preferably the NetGear Nighthawk X6 R8000 that I already own) that can use public IP addresses? "

So while discussion is good, it is achieving nothing. I am a big boy and can look after my own network and accept the consequences of any potential intrusion. Just like I would if I used NAT and private IP Addresses.

This matter is now resolved.
I am going to use the ISP router/modem combo into Modem mode. The ISP is supplying it to me this way, ready configured.
I have today installed dd-wrt onto the R8000 router.
This will work exactly how I require it to.
I can now run any WAN>LAN Service I like, including multiple devices runnin gthe same services, using the same TCP/UDP ports without having to fluff about changing the port numbers that was designed to be used for the task.

I may choose to setup two isolated network segments, one for those running as servers and those not. This will be as secure as anyone running with their router only one public IP and the clients using private addresses.

Thank you to everyone that replied. Even if you did not reply with an answer to the question asked ;)
 
Am not versed with using multiple public IP, but I get the sense we are all amateurs, including me, here trying to deal with an enterprise situation. What is that other site, Small Business Builder something...

Whether home or business, is glaring that you don't seem have a hardware firewall box up front. I vaguely recall businesses setting up public servers hook them up at the firewall's DMZ.

Sure u don't want to hire somebody to set these up?
 
Last edited:
  • Like
Reactions: TJ Hooker
Jun 12, 2019
13
4
15
There's no router out there that will hand out your internet service providers public ip addresses. Routers only hand out internal ip address via it's own dhcp server. You'll have to connect all devices to the modem then statically assign each device it's own public ip address/subnet mask/gateway in each devices' network settings.

tell that to all the ISPs who do exactly this :)