Hello!

I'd would like to ask for your help.

I use the subnet 192.168.23.0/24 on my pc's and printers.
All ips are set statically on the machines.

But, one of my machines have a hardware problem which prevents me from changing it's ip. (damaged buttons and no web interface)
The ip of the machine is 192.168.2.250 and probably it doesn't even have a gateway set.

Is it possible to somehow assign 192.168.23.250 to this machine through the MK router?
I know that same subnet routing is not possible...
Any ideas?

Thank you very much in advance!

NAT can help you:

NAT can help you:

Code: Select all

/ip address
add address=192.168.2.1/24 interface=<name> network=192.168.2.0
add address=192.168.23.250/24 interface=<name> network=192.168.23.0
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.23.250 to-addresses=192.168.2.250
add action=masquerade chain=srcnat dst-address=192.168.2.250

This is close, but it's not going to be enough to get it to work. It will also need arp=proxy-arp on both interfaces, and a static route.

Choose an interface on the Mikrotik for the 2.250 device, let's say ether5. Make sure that ether5 has master port = none (no switch) and that it is not part of any bridge. I'm also going to assume that bridge-local is your LAN interface - whatever interface it is, configure it with arp=proxy-arp, and configure ether5 for arp=proxy-arp as well.

Now, configure the IP address 192.168.2.1/24 on ether5.
At this point, you should be able to ping 2.250 from the router.

Now the trick to get proxy arp working: Lastly, you'll need NAT so the device and your other LAN hosts won't know that something strange is happening: As long as there are no forwarding chain filters standing in the way, this should work.
If you ping 192.168.23.250 from some other device on the LAN, you should see it in the local ARP table with the same MAC address as the default GW.

This will allow you to use the device's IP address explicitly, but any "discovery" protocols won't work because the device is still in a different network and it won't get IP broadcasts.

For the record, my config was for simple "everything in one LAN/switch" setup, i.e. same interface for both addresses. Router having 192.168.23.250 is not exactly nice, but proxy-arp does not want to work with same interface (I'm not sure if it's correct or not).

For the record, my config was for simple "everything in one LAN/switch" setup, i.e. same interface for both addresses. Router having 192.168.23.250 is not exactly nice, but proxy-arp does not want to work with same interface (I'm not sure if it's correct or not).

That's correct behavior from the standpoint of split-horizon thinking. Since the out-interface would match the in-interface, the interface shouldn't respond to any ARP request that would result in a hairpin.

Honestly, since the box isn't going to be able to work on the whole discovery/auto protocol stuff anyway, and will require an explicit unicast to its IP address (i.e. you'll have to set its IP up in whatever wants to use it) then there's no real benefit to making its IP appear in 192.168.23.x anyway. It's probably best to dedicate a port on the router to the old box (I'm always about to say 'printer' because that's what my gut tells me this is), put 192.168.2.1/24 on that interface, and if the printer doesn't have a default GW set on it, then do masquerade to fix that requirement.

(I suppose that you could ping it from a remote source and snoop to see if any ARP requests start coming out of the printer - if so, then whatever IP it's requesting is almost certainly going to be whatever the printer thinks its default GW is)

Then at least you'd have direct IP connectivity to it.

Ok, what can I say, great community, awesome support. Thank you very much.

As you can tell, I'm a newbie in MK routing and this forum provide so valuable information and such great tips.

Some more in depth information of my setup.
A server with two ips (23.100 and 2.100) is communicating with the 2.250 machine. (which by the way is an encrypted signature generator with thermal printing capability).

And I use these Unfortunately there is no way I can directly connect the 2.250 machine to the MK....
It must be on that position for changing the paper roll, and I only have one cable on a switch, coming from another switch....

So my last question.
Do you think I should leave the two ips setup on the server?
(by the way, I cannot ping 23.100 through my vpn, only 2.100....)
Or use your great suggestions?

I attach an image from packet sniffer.

Thank you very much for your time!