proxmox/docs/04-configuration/ER605_NAT_IP_CONFIGURATION.md

ER605 NAT IP Configuration - 76.53.10.35

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

---

Date: 2026-01-09
Question: Do I need to configure 76.53.10.35 as a WAN IP, or just list it in the NAT rule?

Note: ER605 was replaced by the UDM Pro (76.53.10.34). Port forwarding: 76.53.10.36:80/443 → 192.168.11.167:80/443 (NPMplus). NPMplus LXC has .166 and .167; only .167 is used in UDM Pro.

---

Answer: It Depends on Your Router Configuration

Option 1: Use in NAT Rule Only (Most Common)

If your ER605 WAN1 is configured with:

• IP Address: 76.53.10.34
• Subnet Mask: 255.255.255.240 (or /28)

Then: You can use 76.53.10.35 directly in the NAT rule without configuring it as an additional WAN IP.

Why: The router already knows about the entire /28 block (76.53.10.32-47) because of the subnet mask. It can route traffic to any IP in that block.

---

Option 2: Configure as Additional WAN IP (If Required)

If your router requires explicit IP configuration:

Some routers (especially in Omada Controller) may require you to configure additional WAN IPs explicitly.

Steps:

1. Navigate to: WAN → WAN Settings → WAN1
2. Look for: Additional IP Addresses or Secondary IPs
3. Add: 76.53.10.35/28 (or just 76.53.10.35 with subnet mask)

Then: Use 76.53.10.35 in your NAT rule.

---

Recommended Configuration

Check Your Current WAN1 Settings

Current Configuration (from docs):

Interface: WAN1
IP Address: 76.53.10.34
Subnet Mask: 255.255.255.240 (/28)
Gateway: 76.53.10.33

If this matches your setup: You should be able to use 76.53.10.35 directly in the NAT rule without additional configuration.

---

NAT Rule Configuration

In ER605 GUI or Omada Controller

Navigate to: NAT → Port Forwarding → Add Rule

Rule 1: HTTPS

Rule Name: Web Services (All Domains)
Enabled: ✅ Yes
Interface: WAN1
External IP: 76.53.10.35    ← Just enter this IP here
External Port: 443
Internal IP: 192.168.11.26
Internal Port: 443
Protocol: TCP
Source IP: 0.0.0.0/0

Rule 2: HTTP

Rule Name: HTTP (Let's Encrypt)
Enabled: ✅ Yes
Interface: WAN1
External IP: 76.53.10.35    ← Same IP here
External Port: 80
Internal IP: 192.168.11.26
Internal Port: 80
Protocol: TCP
Source IP: 0.0.0.0/0

---

Testing

Test if IP is Accessible

1. From Internet:

   curl -I http://76.53.10.35
   # Should reach your Nginx (if NAT is working)
   

2. Check Router Logs:

   • Navigate to: System Tools → System Log
   • Look for NAT/port forwarding entries
   • Check for any errors related to 76.53.10.35

3. Test DNS Resolution:

   dig sankofa.nexus +short
   # Should return: 76.53.10.35
   

---

Troubleshooting

If NAT Rule Doesn't Work

Try Option 2 (Configure as Additional WAN IP):

1. In Omada Controller:

   • Navigate to: Settings → WAN → WAN1
   • Look for: Additional IP Addresses or Secondary IPs
   • Add: 76.53.10.35

2. In ER605 Direct GUI:

   • Navigate to: Network → WAN → WAN1
   • Look for: Additional IP Addresses
   • Add: 76.53.10.35 with subnet mask 255.255.255.240

3. Save and Apply Configuration

4. Retry NAT Rule

---

Summary

Most Likely: You can use 76.53.10.35 directly in the NAT rule without configuring it as an additional WAN IP, because:

• Your WAN1 is configured with /28 subnet mask
• The router knows about the entire IP block
• NAT rules can reference any IP in the block

If It Doesn't Work: Configure 76.53.10.35 as an additional/secondary WAN IP, then use it in the NAT rule.

---

Public IP Block #1 Reference

IP Address	Purpose	Status
76.53.10.33	Gateway	✅ Reserved
76.53.10.34	UDM Pro (edge; replaced ER605)	✅ Active
76.53.10.35	NAT for Nginx	✅ In Use
76.53.10.36-46	Available	Available
76.53.10.47	Broadcast	Reserved

---

Recommendation: Try using 76.53.10.35 directly in the NAT rule first. If it doesn't work, then configure it as an additional WAN IP.