Re: Setting up EdgeRouter POE-5 with Comcast 5 static IPs

I went to the system tab on the GUI, and entered the WAN address into GUI.  It works.  Including the config.boot below.  What do I add so that traffic coming into 50.76.130.125 gets routed to 192.168.2.70 on my local network?  Another option is to simply be able to see 50.76.130.125 on my local network, as the web server has both the public IP and local ip setup.

Also, for the IPs that I don't have a server setup, how do I block those so they don't route to the ER-5 POE device?

Thank you, Ken

firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 50.76.130.121/29
address 50.76.130.122/29
address 50.76.130.123/29
address 50.76.130.124/29
address 50.76.130.125/29
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth2 {
description "Local 2"
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
description "Local 2"
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
description "Local 2"
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.2.1/24
description "Local 2"
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
protocols {
static {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN2 {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.75
dns-server 75.75.75.75
lease 86400
start 192.168.2.100 {
stop 192.168.2.243
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface eth0
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address 50.76.130.126
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password $6$mEbjNgZZS$t87UPfEqyJEBK26H64GiRB2VrQ1vpQdMn944hij/Gwxs2.wrInX4T51bAxo7xuJGNvW0G5kib040IvdgTsaoV1
}
level admin
}
}
name-server 75.75.75.75
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
traffic-analysis {
dpi enable
export enable
}
}

/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.8.5.4884695.160608.1057 */