Page 1 of 1
Public IPs and NAT Craziness
Posted: Thu Aug 21, 2008 11:25 pm
by jknudsen
Ok, we have really been impressed with Mikrotik, so much in fact we purchased the RB1000 with Mikrotik LVL6 License. The image attached shows how our network is configured and also how we would like to configure it, but we are a bit stumped.
Basically we have a /27 block of IP addresses, the RB1000 has 4 10/100/1000 ether ports. 1 port is used for WAN, 1 port is used for a static network with the majority public ip addresses attached, we would like to used the other two interfaces and create two seperate NAT/Masqurade networks. The green area on the picture shows what I would like the network to look like.
Thanks,
Jairus Knudsen
RB1000_Config.jpg
Re: Public IPs and NAT Craziness
Posted: Fri Aug 22, 2008 8:17 am
by SurferTim
Looks like you have it figured out.
Assign the addresses:
/ip address add address=192.168.1.1/24 interface=eth1
/ip address add address=192.168.2.1/24 interface=eth2
Masquerade you local nets as your internet interface:
/ip firewall nat add chain=srcnat action=masquerade out-interface=eth0
Then set up dhcp servers on each local net if you need them.
/ip dhcp-server setup
I used eth0-eth3 from your pic. Actually, it is ether1-ether4 in ROS.
Re: Public IPs and NAT Craziness
Posted: Fri Aug 22, 2008 5:06 pm
by jknudsen
This looks pretty good, however, I want to share a different public IP for each NAT. I would prefer to assign x.43.112.2 to eth1 and x.43.112.3 to eth2. How would I achieve this?
Thanks,
Jairus
Re: Public IPs and NAT Craziness
Posted: Fri Aug 22, 2008 11:33 pm
by SurferTim
I will use eth0 to eth3, presuming you have renamed them. I will also presume there is a gateway to the internet on eth3. eth1 will go out eth0. all else (including eth2) goes out eth3.
The routing mark:
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=eth0out in-interface=eth1
Nat (in this order!):
/ip firewall nat add chain=srcnat action=masquerade routing-mark=eth0out out-interface=eth0
/ip firewall nat add chain=srcnat action=masquerade out-interface=eth3
Routes:
/ip route add gateway=xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx = gateway for eth3
/ip route add gateway=yyy.yyy.yyy.yyy routing-mark=eth0out
yyy.yyy.yyy.yyy.= gateway for eth0
Feel free to use any IP sets you want. Just no duplicate subnets, and if you use public IPs on a local net, you may have a bit of trouble.
I prefer 192.168.x.x and 10.x.x.x subnets for local net IPs, so I would assign eth1 192.168.1.1/24 and eth2 192.168.2.1/24.