1 WAN with 3 external IP adresses and 3 LAN's with own rules

sarunas · January 11, 2012, 2:05pm

Hi guys,
Wanted to get advise, I do have one WAN connection that gives me 3 external IP adresses (as showed in picture) let’s say adresses are 10.0.0.1 , 20.0.0.1 , 30.0.0.1 . What I want to do, I want to nat first two to diferent LAN networks 10.0.0.1 to 192.168.0.0/24 , 20.0.0.1 to 192.168.1.0/24 and last one 30.0.0.1 must bet bridget thru router directly to Mail Server, how to nat first two its all fine, just do different nat rulles and it’s all ok, but never did a bridge on MT and not realy sure how it can be done if it can be done at all.
To clearify lets say WAN connected into eth1 , LAN 1 to eth2 , LAN 2 to eth3 , Mail Server to eth4
LAN1 and LAN2 will be having own PPPTP VPN connections with different clients in other countrys, would love to build proxy server for LAN1 as well.

Question is:
Is RB450G performance enought for this job.
How to bridge third external IP adress to Mail Server to make it just pass router to specific port.

picture to make sure what i’m talking about:

p.s. sorry for my english language, it’s not my native language.

Girith · January 11, 2012, 5:16pm

Your mail server still has to have a private IP address. I think you could do this by these commands:

/ip firewall nat add chain=dstnat dst-address=30.0.0.1 action=netmap to-addresses=Private_IP_of_mail_server

/ip firewall nat add chain=srcnat src-address=Private_IP_of_mail_server action=netmap to-addresses=30.0.0.1

you can add specific ports and/or protocols in these commands so only mail traffic can go to mail server

sarunas · January 11, 2012, 6:29pm

Yep that’ll be simple NAT to 3’nd LAN, but I just wonder if there’s posibility to bridge external IP adress directly to the server.

Girith · January 11, 2012, 9:27pm

hmmm, I don’t know… never heard of that kind of a setup… maybe just make Mikrotik transparent bridging (bridge two ethernet ports with no IP addresses) and put static public IP on mail server… but that would be a security risk, because you would have no control over mail server connections coming from the outside

wirewisp · January 12, 2012, 2:24am

Use switch in front of router with public ip this will create DMZ for mail server.

sarunas · January 12, 2012, 6:20am

I’ll try that out thanks. About security its linux mail server it’s not so vulnereable, but you have a point there, maybe its just simpliest way to nat 3nd WAN to 3nd LAN forward pop and smtp + 80 for webmail and we done

Still it would be great to know if it is posible to bridge external IP adress trought router itself.

And what’s about second question, is RB450G perfomance enought for 3WAN , 3 LAN connections, 2 LAN’s having they own PPPTP VPN connections to somewhere + web proxy on LAN1 , trafic shaping on both lans.

cmoegele · January 13, 2012, 4:24pm

You can directly bridge two or more ports ( e.g ether 3 and 4 ) by using the Master - Slave function of OS.
simple go interfaces and configure ether4 ( MAsterport = ether 3 ).

sarunas · January 14, 2012, 8:39am

Thanks for that. And what’s about second question, is RB450G performance enought for all my needs or should I look for something better ?