# ER605 NAT IP Configuration - 76.53.10.35 **Last Updated:** 2026-01-31 **Document Version:** 1.0 **Status:** Active Documentation --- **Date**: 2026-01-09 **Question**: Do I need to configure 76.53.10.35 as a WAN IP, or just list it in the NAT rule? **Note:** ER605 was replaced by the UDM Pro (76.53.10.34). Port forwarding: 76.53.10.36:80/443 → 192.168.11.167:80/443 (NPMplus). NPMplus LXC has .166 and .167; only .167 is used in UDM Pro. --- ## Answer: It Depends on Your Router Configuration ### Option 1: Use in NAT Rule Only (Most Common) **If your ER605 WAN1 is configured with:** - IP Address: `76.53.10.34` - Subnet Mask: `255.255.255.240` (or `/28`) **Then:** You can use `76.53.10.35` directly in the NAT rule **without** configuring it as an additional WAN IP. **Why:** The router already knows about the entire `/28` block (76.53.10.32-47) because of the subnet mask. It can route traffic to any IP in that block. --- ### Option 2: Configure as Additional WAN IP (If Required) **If your router requires explicit IP configuration:** Some routers (especially in Omada Controller) may require you to configure additional WAN IPs explicitly. **Steps:** 1. Navigate to: **WAN** → **WAN Settings** → **WAN1** 2. Look for: **Additional IP Addresses** or **Secondary IPs** 3. Add: `76.53.10.35/28` (or just `76.53.10.35` with subnet mask) **Then:** Use `76.53.10.35` in your NAT rule. --- ## Recommended Configuration ### Check Your Current WAN1 Settings **Current Configuration (from docs):** ``` Interface: WAN1 IP Address: 76.53.10.34 Subnet Mask: 255.255.255.240 (/28) Gateway: 76.53.10.33 ``` **If this matches your setup:** You should be able to use `76.53.10.35` directly in the NAT rule without additional configuration. --- ## NAT Rule Configuration ### In ER605 GUI or Omada Controller **Navigate to:** NAT → Port Forwarding → Add Rule **Rule 1: HTTPS** ``` Rule Name: Web Services (All Domains) Enabled: ✅ Yes Interface: WAN1 External IP: 76.53.10.35 ← Just enter this IP here External Port: 443 Internal IP: 192.168.11.26 Internal Port: 443 Protocol: TCP Source IP: 0.0.0.0/0 ``` **Rule 2: HTTP** ``` Rule Name: HTTP (Let's Encrypt) Enabled: ✅ Yes Interface: WAN1 External IP: 76.53.10.35 ← Same IP here External Port: 80 Internal IP: 192.168.11.26 Internal Port: 80 Protocol: TCP Source IP: 0.0.0.0/0 ``` --- ## Testing ### Test if IP is Accessible 1. **From Internet:** ```bash curl -I http://76.53.10.35 # Should reach your Nginx (if NAT is working) ``` 2. **Check Router Logs:** - Navigate to: **System Tools** → **System Log** - Look for NAT/port forwarding entries - Check for any errors related to 76.53.10.35 3. **Test DNS Resolution:** ```bash dig sankofa.nexus +short # Should return: 76.53.10.35 ``` --- ## Troubleshooting ### If NAT Rule Doesn't Work **Try Option 2 (Configure as Additional WAN IP):** 1. **In Omada Controller:** - Navigate to: **Settings** → **WAN** → **WAN1** - Look for: **Additional IP Addresses** or **Secondary IPs** - Add: `76.53.10.35` 2. **In ER605 Direct GUI:** - Navigate to: **Network** → **WAN** → **WAN1** - Look for: **Additional IP Addresses** - Add: `76.53.10.35` with subnet mask `255.255.255.240` 3. **Save and Apply Configuration** 4. **Retry NAT Rule** --- ## Summary **Most Likely:** You can use `76.53.10.35` directly in the NAT rule without configuring it as an additional WAN IP, because: - Your WAN1 is configured with `/28` subnet mask - The router knows about the entire IP block - NAT rules can reference any IP in the block **If It Doesn't Work:** Configure `76.53.10.35` as an additional/secondary WAN IP, then use it in the NAT rule. --- ## Public IP Block #1 Reference | IP Address | Purpose | Status | |------------|---------|--------| | 76.53.10.33 | Gateway | ✅ Reserved | | 76.53.10.34 | UDM Pro (edge; replaced ER605) | ✅ Active | | **76.53.10.35** | **NAT for Nginx** | ✅ **In Use** | | 76.53.10.36-46 | Available | Available | | 76.53.10.47 | Broadcast | Reserved | --- **Recommendation:** Try using `76.53.10.35` directly in the NAT rule first. If it doesn't work, then configure it as an additional WAN IP.