Ok, we have really been impressed with Mikrotik, so much in fact we purchased the RB1000 with Mikrotik LVL6 License. The image attached shows how our network is configured and also how we would like to configure it, but we are a bit stumped.
Basically we have a /27 block of IP addresses, the RB1000 has 4 10/100/1000 ether ports. 1 port is used for WAN, 1 port is used for a static network with the majority public ip addresses attached, we would like to used the other two interfaces and create two seperate NAT/Masqurade networks. The green area on the picture shows what I would like the network to look like.
Thanks,
Jairus Knudsen
Public IPs and NAT Craziness
You do not have the required permissions to view the files attached to this post.
Re: Public IPs and NAT Craziness
Looks like you have it figured out.
Assign the addresses:
/ip address add address=192.168.1.1/24 interface=eth1
/ip address add address=192.168.2.1/24 interface=eth2
Masquerade you local nets as your internet interface:
/ip firewall nat add chain=srcnat action=masquerade out-interface=eth0
Then set up dhcp servers on each local net if you need them.
/ip dhcp-server setup
I used eth0-eth3 from your pic. Actually, it is ether1-ether4 in ROS.
Assign the addresses:
/ip address add address=192.168.1.1/24 interface=eth1
/ip address add address=192.168.2.1/24 interface=eth2
Masquerade you local nets as your internet interface:
/ip firewall nat add chain=srcnat action=masquerade out-interface=eth0
Then set up dhcp servers on each local net if you need them.
/ip dhcp-server setup
I used eth0-eth3 from your pic. Actually, it is ether1-ether4 in ROS.
Re: Public IPs and NAT Craziness
This looks pretty good, however, I want to share a different public IP for each NAT. I would prefer to assign x.43.112.2 to eth1 and x.43.112.3 to eth2. How would I achieve this?
Thanks,
Jairus
Thanks,
Jairus
Re: Public IPs and NAT Craziness
I will use eth0 to eth3, presuming you have renamed them. I will also presume there is a gateway to the internet on eth3. eth1 will go out eth0. all else (including eth2) goes out eth3.
The routing mark:
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=eth0out in-interface=eth1
Nat (in this order!):
/ip firewall nat add chain=srcnat action=masquerade routing-mark=eth0out out-interface=eth0
/ip firewall nat add chain=srcnat action=masquerade out-interface=eth3
Routes:
/ip route add gateway=xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx = gateway for eth3
/ip route add gateway=yyy.yyy.yyy.yyy routing-mark=eth0out
yyy.yyy.yyy.yyy.= gateway for eth0
Feel free to use any IP sets you want. Just no duplicate subnets, and if you use public IPs on a local net, you may have a bit of trouble.
I prefer 192.168.x.x and 10.x.x.x subnets for local net IPs, so I would assign eth1 192.168.1.1/24 and eth2 192.168.2.1/24.
The routing mark:
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=eth0out in-interface=eth1
Nat (in this order!):
/ip firewall nat add chain=srcnat action=masquerade routing-mark=eth0out out-interface=eth0
/ip firewall nat add chain=srcnat action=masquerade out-interface=eth3
Routes:
/ip route add gateway=xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx = gateway for eth3
/ip route add gateway=yyy.yyy.yyy.yyy routing-mark=eth0out
yyy.yyy.yyy.yyy.= gateway for eth0
Feel free to use any IP sets you want. Just no duplicate subnets, and if you use public IPs on a local net, you may have a bit of trouble.
I prefer 192.168.x.x and 10.x.x.x subnets for local net IPs, so I would assign eth1 192.168.1.1/24 and eth2 192.168.2.1/24.