I wanted to have multiple IPs on my server set up for quite some time because I run multiple SSL sites and only one of them could be on a standard port 443. I ran SSL sites on non-443 ports, but unfortunately, many companies block outbound ports, with a funny implication that using one port number is somehow more secure than another. But we have to deal with the reality we have, not the reality we want. So to enable letting multiple port 443 routes, as well as routing port 80 to different boxes inside my LAN I went ahead and got multiple static IPs from U-Verse. Here's what I learned while making it work.
- If 2Wire RG router has invalid entries in the device list - clean the list first. Otherwise clicking Save button on the "IP Address Allocation" page will produce "Invalid Address Assignment" error if you don't change anything. One can clean up the list on the System Restart page. If you have ports NATted/forwarded using Firewall page, cleaning up the list will unlink all "applications" from "devices". So after you have cleaned the device list, you will have to set port forwarding again. The fact that you can't remove one device from the list and have to clear the entire list - a really destructive thing to port forwarding settings - shows that 2WIRE RG management console software is written very poorly.
- Routing multiple external IPs to the same machines is possible only if the PC has multiple NICs. 2WIRE RG can't simply map and external IP to a LAN IP. Instead, it maps an external IP to an internal MAC address. Which is why you can't just add multiple IPs to the same NIC and be done with that. Adding an extra virtual NIC to a VM is not an issue, but adding a physical NIC to an up & running production server could mean one has to improvise. There you have it: it's pretty easy to host multiple SSL/443 on the same box this way. It's funny to see that as you add NICs to a box, you'll see multiple instances of the same box in the device list - that's, of course, because RG sees them by MAC but shows them in the list using device names. Like I said, RG web management console is kind of pathetic.
- Another "no kidding" feature. In order to use an IP from a range of static addresses, the box needs to get its IP from RG's DHCP - no static IPs allowed. RG then will give your box the IP from static range, making your box essentially a DMZ box sitting unfirewalled exposed to the world of hurt (internet attackers). It appears it may be possible to use firewall on external IPs, but not clear how, especially given that RG's port forwarding feature doesn't support multiple external IPs. It seems to forward ports only with an assumption that router has only one external IP. So if you want your box to be visible inside the LAN, add another NIC and give it your LAN's IP. As you see, you ended up with a server being a poor man's firewall instead of being behind the firewall. Did I mention that RG web console sucks?
Anyway, UVerse's multiple static IP feature would be much easier to use if 2WIRE had better software. RG's mapping internal MACs to external IPs, and its inability to forward and external IP to a LAN IP (eliminating the firewall) are really serious drawbacks to be considered when deciding on whether to do static IPs with such a crude RG.