fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
164 lines
4.1 KiB
Markdown
164 lines
4.1 KiB
Markdown
# ER605 NAT IP Configuration - 76.53.10.35
|
|
|
|
**Last Updated:** 2026-01-31
|
|
**Document Version:** 1.0
|
|
**Status:** Active Documentation
|
|
|
|
---
|
|
|
|
**Date**: 2026-01-09
|
|
**Question**: Do I need to configure 76.53.10.35 as a WAN IP, or just list it in the NAT rule?
|
|
|
|
**Note:** ER605 was replaced by the UDM Pro (76.53.10.34). Port forwarding: 76.53.10.36:80/443 → 192.168.11.167:80/443 (NPMplus). NPMplus LXC has .166 and .167; only .167 is used in UDM Pro.
|
|
|
|
---
|
|
|
|
## Answer: It Depends on Your Router Configuration
|
|
|
|
### Option 1: Use in NAT Rule Only (Most Common)
|
|
|
|
**If your ER605 WAN1 is configured with:**
|
|
- IP Address: `76.53.10.34`
|
|
- Subnet Mask: `255.255.255.240` (or `/28`)
|
|
|
|
**Then:** You can use `76.53.10.35` directly in the NAT rule **without** configuring it as an additional WAN IP.
|
|
|
|
**Why:** The router already knows about the entire `/28` block (76.53.10.32-47) because of the subnet mask. It can route traffic to any IP in that block.
|
|
|
|
---
|
|
|
|
### Option 2: Configure as Additional WAN IP (If Required)
|
|
|
|
**If your router requires explicit IP configuration:**
|
|
|
|
Some routers (especially in Omada Controller) may require you to configure additional WAN IPs explicitly.
|
|
|
|
**Steps:**
|
|
1. Navigate to: **WAN** → **WAN Settings** → **WAN1**
|
|
2. Look for: **Additional IP Addresses** or **Secondary IPs**
|
|
3. Add: `76.53.10.35/28` (or just `76.53.10.35` with subnet mask)
|
|
|
|
**Then:** Use `76.53.10.35` in your NAT rule.
|
|
|
|
---
|
|
|
|
## Recommended Configuration
|
|
|
|
### Check Your Current WAN1 Settings
|
|
|
|
**Current Configuration (from docs):**
|
|
```
|
|
Interface: WAN1
|
|
IP Address: 76.53.10.34
|
|
Subnet Mask: 255.255.255.240 (/28)
|
|
Gateway: 76.53.10.33
|
|
```
|
|
|
|
**If this matches your setup:** You should be able to use `76.53.10.35` directly in the NAT rule without additional configuration.
|
|
|
|
---
|
|
|
|
## NAT Rule Configuration
|
|
|
|
### In ER605 GUI or Omada Controller
|
|
|
|
**Navigate to:** NAT → Port Forwarding → Add Rule
|
|
|
|
**Rule 1: HTTPS**
|
|
```
|
|
Rule Name: Web Services (All Domains)
|
|
Enabled: ✅ Yes
|
|
Interface: WAN1
|
|
External IP: 76.53.10.35 ← Just enter this IP here
|
|
External Port: 443
|
|
Internal IP: 192.168.11.26
|
|
Internal Port: 443
|
|
Protocol: TCP
|
|
Source IP: 0.0.0.0/0
|
|
```
|
|
|
|
**Rule 2: HTTP**
|
|
```
|
|
Rule Name: HTTP (Let's Encrypt)
|
|
Enabled: ✅ Yes
|
|
Interface: WAN1
|
|
External IP: 76.53.10.35 ← Same IP here
|
|
External Port: 80
|
|
Internal IP: 192.168.11.26
|
|
Internal Port: 80
|
|
Protocol: TCP
|
|
Source IP: 0.0.0.0/0
|
|
```
|
|
|
|
---
|
|
|
|
## Testing
|
|
|
|
### Test if IP is Accessible
|
|
|
|
1. **From Internet:**
|
|
```bash
|
|
curl -I http://76.53.10.35
|
|
# Should reach your Nginx (if NAT is working)
|
|
```
|
|
|
|
2. **Check Router Logs:**
|
|
- Navigate to: **System Tools** → **System Log**
|
|
- Look for NAT/port forwarding entries
|
|
- Check for any errors related to 76.53.10.35
|
|
|
|
3. **Test DNS Resolution:**
|
|
```bash
|
|
dig sankofa.nexus +short
|
|
# Should return: 76.53.10.35
|
|
```
|
|
|
|
---
|
|
|
|
## Troubleshooting
|
|
|
|
### If NAT Rule Doesn't Work
|
|
|
|
**Try Option 2 (Configure as Additional WAN IP):**
|
|
|
|
1. **In Omada Controller:**
|
|
- Navigate to: **Settings** → **WAN** → **WAN1**
|
|
- Look for: **Additional IP Addresses** or **Secondary IPs**
|
|
- Add: `76.53.10.35`
|
|
|
|
2. **In ER605 Direct GUI:**
|
|
- Navigate to: **Network** → **WAN** → **WAN1**
|
|
- Look for: **Additional IP Addresses**
|
|
- Add: `76.53.10.35` with subnet mask `255.255.255.240`
|
|
|
|
3. **Save and Apply Configuration**
|
|
|
|
4. **Retry NAT Rule**
|
|
|
|
---
|
|
|
|
## Summary
|
|
|
|
**Most Likely:** You can use `76.53.10.35` directly in the NAT rule without configuring it as an additional WAN IP, because:
|
|
- Your WAN1 is configured with `/28` subnet mask
|
|
- The router knows about the entire IP block
|
|
- NAT rules can reference any IP in the block
|
|
|
|
**If It Doesn't Work:** Configure `76.53.10.35` as an additional/secondary WAN IP, then use it in the NAT rule.
|
|
|
|
---
|
|
|
|
## Public IP Block #1 Reference
|
|
|
|
| IP Address | Purpose | Status |
|
|
|------------|---------|--------|
|
|
| 76.53.10.33 | Gateway | ✅ Reserved |
|
|
| 76.53.10.34 | UDM Pro (edge; replaced ER605) | ✅ Active |
|
|
| **76.53.10.35** | **NAT for Nginx** | ✅ **In Use** |
|
|
| 76.53.10.36-46 | Available | Available |
|
|
| 76.53.10.47 | Broadcast | Reserved |
|
|
|
|
---
|
|
|
|
**Recommendation:** Try using `76.53.10.35` directly in the NAT rule first. If it doesn't work, then configure it as an additional WAN IP.
|