Multiple public IPs routed via main WAN

I have a main public IP assigned via PPPoE and /29 subnet available to use.

How would I go about allowing the rest if public IPs to be routable via WAN?

The main public IP becomes the default gateway for others to use however I'm not sure how to allow routing on it.



Added TAgs
[edited by: emmosophos at 10:43 PM (GMT -7) on 14 Sep 2021]
  • Hi ,

    Thank you for reaching out to Sophos Community.

    You can add an alias on the WAN interface with the additional IPs provided by ISP provider.

    Add an alias

    Thanks,
    Yash Kothari
    Global Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, use the 'Verify Answer' link.
  • Thanks for a quick reply.

    I don't want the public IP to be set on the router itself, I want that public IP to be configured on a separate machine which would point at sophos wan IP as default gateway

  • If you don't want a traditional DMZ environment (doing port forwarding to a private subnet for DMZ machines) you'll have to take a port on the Sophos and bridge it to the main WAN interface then run that to the device.  I think you lose a little bit of security doing it this way, but I've done it in the past.  If you're running that bridged interface to a vmware stack there's a couple things you need to do in the virtual switch if I recall correctly.

  • Well I have a switch in top of wan cable, I can already ping WAN public IP, the question is how do I allow to route via it.

    I could also dedicate a single port on sophos and disable NAT on it, create my /29 network on it to route instead of NAT. Question is if sophos supports this scenario. I'm finding more and more basic router features sophos doesn't support unfortunately

  • HI Jay you may want to provide a quick diagram of what you want to accomplish, but at least in the scenario I mentioned, the gateway for both the WAN interface on the SOPHOS and the device you wanted to have another public IP on will be the IP address of your ISP's gateway(at least if the WAN interface is bridged to that 2nd port I mentioned above). If that doesn't help  like I said perhaps you could create a quick diagram of what you're trying to accomplish?

  • I have an access to /29 public IP pool from ISP.

    My WAN can get the first IP address assigned only via PPPoE dynamically so my SophosXG WAN has the first IP address available from /29 range assigned to me.

    I've been told that the way to utilise the rest of my public IPs is to route them via my first assigned IP address as gateway.

    Network xxx.xxx.xxx.72
    Usable Range xxx.xxx.xxx.73 - xxx.xxx.xxx.78
    Broadcast xxx.xxx.xxx.79
    Subnet Mask 255.255.255.248

    Effectively my WAN IP is the xxx.xxx.xxx.73, it's gateway is outside of .72/29 network.

    In order to utilise the rest of usable IP's I need to route them instead of creating a WAN.

    So a machine on my network would have static IP address of xxx.xxx.xxx.74 and it's gateway has to be xxx.xxx.xxx.73





    I guess what I'm trying to achieve is what's described in this article but replacing draytek with SophosXG
    https://www.draytek.com/support/knowledge-base/4796