ok, i have an Adtran router from my ISP with only one LAN facing port, through which all 5 of my public IPs (supposedly) are forwarded. this single interface is connected to ether1 on my MT RB433, and that is assigned one of the public IPs. ether2 is connected to my LAN as gateway and has a private IP on the LAN subnet.
traffic coming in on the public IP assigned to ether1 gets through no problem, and i use a bunch of NAT rules to forward specific stuff to specific machines. the problem that i'm now having is getting traffic from another one of the public IPs to reach any machines on the LAN subnet. i have configured DNAT rules for this IP address that are the same as teh ones for the other address but nothing ever gets through. i've done everything i can think of, and i don't know how to make this work with only one interface to use for the public IPs.
networking is most definitely not my strong suit and i get lost really easily, so any helpful comments need to be very specific about configuration, please, preferably with WinBox as i'm not doing much terminal configuration. i can basically figure out what i need to do from looking at terminal commands, if necessary.
-
-
justfishing
just joined
- Posts: 23
- Joined:
Re: two public IPs > one LAN subnet - only two interfaces
That sounds interesting. I can't help you on the multiple IPs. But if you search the forums, I remember seeing some good posts on having more than one public IP address. UPDATE: someone just posted asking for help with (4) public IP address, with access to (4) different LANs. It appears that you could easily modify this to what you are needing. Read the post here with what was suggested:
http://forum.mikrotik.com/viewtopic.php?f=13&t=58477
------------------------
However, I did come up with a pretty good way of testing my Firewall & NAT rules that you might appreciate that is very simple. Using a ping command directed to the WAN coming from outside of my LAN, I temp. redirected the response to come to a local pc on my LAN. Here's the Winbox GUI steps I did below:
Testing
- Menu: Firewall, Filter Rules, icmp ENABLED - default install with router
General, Chain = input, Protocol = (icmp), Action = Accept
- I'm guessing you would need to also specify the DST WAN IP address here too since you have multiple public IP's, u could test for results??
- Menu: NAT, Chain = dstnat, Protocol = (icmp), Action: Action = dst-nat, To Addresses = (ip of workstation to test, make sure firewall is off on pc)
I hope that helps
http://forum.mikrotik.com/viewtopic.php?f=13&t=58477
------------------------
However, I did come up with a pretty good way of testing my Firewall & NAT rules that you might appreciate that is very simple. Using a ping command directed to the WAN coming from outside of my LAN, I temp. redirected the response to come to a local pc on my LAN. Here's the Winbox GUI steps I did below:
Testing
- Menu: Firewall, Filter Rules, icmp ENABLED - default install with router
General, Chain = input, Protocol = (icmp), Action = Accept
- I'm guessing you would need to also specify the DST WAN IP address here too since you have multiple public IP's, u could test for results??
- Menu: NAT, Chain = dstnat, Protocol = (icmp), Action: Action = dst-nat, To Addresses = (ip of workstation to test, make sure firewall is off on pc)
I hope that helps
Who is online
Users browsing this forum: massinia, papabear23 and 42 guests