Hello I've some static public ip from my ISP:
95.95.26.192/28
I set them on my routerboard RB1 connected with the ISP.
Now I need other static public ip so my ISP assigned me a new set of ips:
95.95.144.192/27 with a static route trought ip 95.95.26.206
so I can catch up with the netmap configuration other devices on my LAN using these new addresses:
ex.: 95.95.144.201--NAT--10.10.10.250
/ip firewall nat
add chain=srcnat action=netmap to-addresses=95.95.144.201 src-address=10.10.10.250
add chain=dstnat action=netmap to-addresses=10.10.10.250 dst-address=95.95.144.201
But this device has always pubblic ip 95.95.26.206 and not 95.95.144.201.
Is there a way to get out on the internet with this public address 95.95.144.201?
cetalfio
Re: Simple question about static routes
Read the mikrotik static route. you will get a better information.
Re: Simple question about static routes
A useful help?
cetalfio
cetalfio
Re: Simple question about static routes
A good first step would be to black hole route the /27 on RB1./ip firewall nat
add chain=srcnat action=netmap to-addresses=95.95.144.201 src-address=10.10.10.250
add chain=dstnat action=netmap to-addresses=10.10.10.250 dst-address=95.95.144.201
But this device has always pubblic ip 95.95.26.206 and not 95.95.144.201.
Is there a way to get out on the internet with this public address 95.95.144.201?
cetalfio
/ip route add dst=95.95.144.192/27 type=blackhole
This way, whenever port scan / IP scan traffic comes to unused addresses from your /27 it won't cause ping-pong traffic between your router and the ISP router until TTL expires. (may those bastards rot in hell)
Then, make sure that the netmap rules you posted are actually EARLIER in the chain than the default masquerade rule.
Re: Simple question about static routes
Thanks ZeroByte for blackhole advise.
The masquerade is the last row on NAT setting.
My IPs are:
95.95.26.192/28
and
95.95.144.192/27 on static route in 95.95.26.206
The netmap on the first subnet, the IPs do not have problems:
/ip firewall nat
add chain=srcnat action=netmap to-addresses=95.95.26.194 src-address=10.10.10.200
add chain=dstnat action=netmap to-addresses=10.10.10.200 dst-address=95.95.26.194
95.95.26.194 has 95.95.26.194 some as internet ip both incoming and outgoing traffic.
But with subnet 95.95.144.192/27 the forward works well incoming, I can reach the device through internet but when I check my internet IP that is always 95.95.26.206.
The statis routes 95.95.144.192/27 on static route in 95.95.26.206 is made on Cisco ISP where I can not access, is it possible that the problem is on the CISCO router?
cetalfio
The masquerade is the last row on NAT setting.
My IPs are:
95.95.26.192/28
and
95.95.144.192/27 on static route in 95.95.26.206
The netmap on the first subnet, the IPs do not have problems:
/ip firewall nat
add chain=srcnat action=netmap to-addresses=95.95.26.194 src-address=10.10.10.200
add chain=dstnat action=netmap to-addresses=10.10.10.200 dst-address=95.95.26.194
95.95.26.194 has 95.95.26.194 some as internet ip both incoming and outgoing traffic.
But with subnet 95.95.144.192/27 the forward works well incoming, I can reach the device through internet but when I check my internet IP that is always 95.95.26.206.
The statis routes 95.95.144.192/27 on static route in 95.95.26.206 is made on Cisco ISP where I can not access, is it possible that the problem is on the CISCO router?
cetalfio
Re: Simple question about static routes
So your Mikrotik's default gateway is 95.95.26.206?The statis routes 95.95.144.192/27 on static route in 95.95.26.206 is made on Cisco ISP where I can not access, is it possible that the problem is on the CISCO router?
cetalfio
What about your IPs in that first range, do they also show up as 95.95.26.206?
This sounds like maybe the ISP's router is doing NAT
Re: Simple question about static routes
Maybe I'm wrong something:
I've changed the Cisco ISP router with a MT, It's connected directly to the Internet:
/ip address
# ADDRESS NETWORK INTERFACE
0 ;;; IP vlan1-101
xxx.xxx.3.82/30 xxx.xxx.3.80 vlan1-101
1 95.95.26.193/28 95.95.26.192 ether1-master-local
/ip route
0 A S ;;; Default route
0.0.0.0/0 xxx.xxx.3.81 1
1 ADC 95.95.26.192/28 95.95.26.193 ether1-master-l... 0
2 A S ;;; Rotta Statica 95.95.144.192/27
95.95.144.192/27 95.95.26.206 1
3 ADC xxx.xxx.3.80/30 xxx.xxx.3.82 vlan1-101 0
RB1
/ip address
;;; LAN address
10.10.10.253/24 ether2_LAN
95.95.26.206/28 95.95.26.192 ether1_WAN
;;; Gateway classe 95.95.144.192/27
95.95.144.193/27 95.95.144.192 ether4
/ip route
0 A S 0.0.0.0/0 95.95.26.193 1
1 ADC 10.10.10.0/20 10.10.10.253 ether2 0
2 ADC 95.95.26.192/28 95.95.26.206 ether1_WAN 0
3 ADC 95.95.144.192/27 95.95.144.193 ether4_Rete_Tes... 0
4 SB ;;; Blackhole
95.95.144.192/27 1
5 S 95.95.144.192/27 95.95.144.193 1
RB2
/ip address
1 95.95.144.201/27 95.95.144.192 ether1
/ip route
0 A S 0.0.0.0/0 95.95.144.193 1
1 ADC 95.95.144.192/27 95.95.144.201 ether1 0
/tool traceroute
address: 8.8.8.8
# ADDRESS LOSS SENT LAST AVG BEST WORST
1 95.95.144.193 0% 3 0.3ms 0.8 0.3 1.7
2 95.95.26.193 0% 3 0.4ms 1.3 0.3 3.3
3 xxx.xxx.3.81 0% 3 0.6ms 0.7 0.6 0.8
from RB2 this site http://www.myip.dk says your IP address is: 95.95.26.206
I am confused cetalfio
I've changed the Cisco ISP router with a MT, It's connected directly to the Internet:
/ip address
# ADDRESS NETWORK INTERFACE
0 ;;; IP vlan1-101
xxx.xxx.3.82/30 xxx.xxx.3.80 vlan1-101
1 95.95.26.193/28 95.95.26.192 ether1-master-local
/ip route
0 A S ;;; Default route
0.0.0.0/0 xxx.xxx.3.81 1
1 ADC 95.95.26.192/28 95.95.26.193 ether1-master-l... 0
2 A S ;;; Rotta Statica 95.95.144.192/27
95.95.144.192/27 95.95.26.206 1
3 ADC xxx.xxx.3.80/30 xxx.xxx.3.82 vlan1-101 0
RB1
/ip address
;;; LAN address
10.10.10.253/24 ether2_LAN
95.95.26.206/28 95.95.26.192 ether1_WAN
;;; Gateway classe 95.95.144.192/27
95.95.144.193/27 95.95.144.192 ether4
/ip route
0 A S 0.0.0.0/0 95.95.26.193 1
1 ADC 10.10.10.0/20 10.10.10.253 ether2 0
2 ADC 95.95.26.192/28 95.95.26.206 ether1_WAN 0
3 ADC 95.95.144.192/27 95.95.144.193 ether4_Rete_Tes... 0
4 SB ;;; Blackhole
95.95.144.192/27 1
5 S 95.95.144.192/27 95.95.144.193 1
RB2
/ip address
1 95.95.144.201/27 95.95.144.192 ether1
/ip route
0 A S 0.0.0.0/0 95.95.144.193 1
1 ADC 95.95.144.192/27 95.95.144.201 ether1 0
/tool traceroute
address: 8.8.8.8
# ADDRESS LOSS SENT LAST AVG BEST WORST
1 95.95.144.193 0% 3 0.3ms 0.8 0.3 1.7
2 95.95.26.193 0% 3 0.4ms 1.3 0.3 3.3
3 xxx.xxx.3.81 0% 3 0.6ms 0.7 0.6 0.8
from RB2 this site http://www.myip.dk says your IP address is: 95.95.26.206
I am confused cetalfio
Re: Simple question about static routes
check all involved routers /ip firewall nat
check all involved routers connections to try to isolate where the NAT is taking place...
check all involved routers connections to try to isolate where the NAT is taking place...
Who is online
Users browsing this forum: No registered users and 51 guests