ADSL router as bridge + MK

RouterOS General
1

Hi all,
I’ve got an ADSL connection with a public IP address, that I’m trying to assign directly to one MK interface.
I’ve configured the ADSL as bridge, and assigned the public IP to on MK interface, network is as follows

ADSL rotuer (as bridge) <-----> MK

I’ve assigned the public IP address to the MK interface that connects to the ADSL router, masquerading all outgoing traffic from MK. MK Interface have two IP addresses: the public one and a private one in the same subnet of the router.
Router’s logs tell me that everithing is OK, but connection doesn’t work, despite I’m able to reach the router from MK. Is there something I’m doing wrong? :confused:

Thank you in advance

2

If you expected the result to be different then you’re doing something wrong. Please post your configuration if you want to know exactly what but from your explanation i see that the private and public is in the same subnet would be a clue to what’s going wrong.

3

Some routers (e.g. Cisco 1721) allow to assign more than one IP address on their interface, these are called “secondary IP address”. This is useful in order to save public IP address to connect two (or more) routers.
In my understanding MK should be able to manage such a configuration, so I gave two IP addresses on one interface (WAN interface), that will masquerade all IP traffic on its public IP and communicates with the (bridged) ADSL router on its private IP address.
Configuration is as follows

ADSL <----------------> MK
172.17.1.1

MK
IP 1 172.17.1.254
IP 2 81.73.132.xxx
DG 81.73.132.254
MASK 255.255.255.0

4

Past the results of:

/ interface ethernet
/ip address export
/ip firewall nat export

Then we can actually see what you did, and we might be able to help you.

5

Quite long… :sunglasses:

[admin@Adiesselle] > interface ethernet export

aug/28/2006 16:21:59 by RouterOS 2.9.29

software id = LS1J-A5N

/ interface ethernet
set ether1 name=“ether1” mtu=1500 mac-address=00:0E:A6:0A:F9:F3 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment=“” disabled=no
set ether2 name=“ether2” mtu=1500 mac-address=00:40:05:87:14:F2 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment=“” disabled=no
set ether3 name=“ether3” mtu=1500 mac-address=00:11:95:65:6E:43 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment=“” disabled=no
[admin@Adiesselle] > interface ethernet
[admin@Adiesselle] interface ethernet> ..
[admin@Adiesselle] interface> ..
[admin@Adiesselle] > interface ethernet print
Flags: X - disabled, R - running

NAME MTU MAC-ADDRESS ARP

0 R ether1 1500 00:0E:A6:0A:F9:F3 enabled
1 R ether2 1500 00:40:05:87:14:F2 enabled
2 R ether3 1500 00:11:95:65:6E:43 enabled
[admin@Adiesselle] > ip address export

aug/28/2006 16:22:27 by RouterOS 2.9.29

software id = LS1J-A5N

/ ip address
add address=172.17.1.254/16 network=172.17.0.0 broadcast=172.17.255.255
interface=ether1 comment=“” disabled=no
add address=192.168.100.2/24 network=192.168.100.0 broadcast=192.168.100.255
interface=ether2 comment=“” disabled=no
add address=192.168.5.1/32 network=192.168.5.0 broadcast=192.168.5.255
interface=ether2 comment=“” disabled=yes
add address=192.168.5.1/24 network=192.168.5.0 broadcast=192.168.5.255
interface=ether2 comment=“” disabled=no
add address=81.73.132.120/32 network=81.73.132.0 broadcast=81.73.132.255
interface=ether1 comment=“” disabled=no
[admin@Adiesselle] > ip firewall nat export

aug/28/2006 16:22:37 by RouterOS 2.9.29

software id = LS1J-A5N

/ ip firewall nat
add chain=srcnat src-address=192.168.100.0/24 action=masquerade comment=“”
disabled=yes
add chain=srcnat dst-address=0.0.0.0 routing-mark=tecno-routing action=src-nat
to-addresses=81.73.132.120 to-ports=0-65535 comment=“” disabled=yes
add chain=srcnat src-address=!192.168.100.3 action=masquerade comment=“Natta
il traffico” disabled=no
add chain=dstnat dst-address=192.168.100.2 protocol=tcp dst-port=80-81
action=dst-nat to-addresses=172.17.1.5 to-ports=81 comment=“Sito web
Tecnospace” disabled=no
add chain=dstnat protocol=tcp dst-port=82 action=dst-nat
to-addresses=172.17.1.3 to-ports=80 comment=“???‘’‘’'”
disabled=no
add chain=dstnat dst-address=172.17.1.254 protocol=tcp dst-port=5900
action=dst-nat to-addresses=172.17.1.5 to-ports=5900 comment=“VNC”
disabled=no
add chain=dstnat protocol=tcp dst-port=99 action=dst-nat
to-addresses=192.168.5.2 to-ports=99 comment=“” disabled=yes
add chain=dstnat protocol=udp dst-port=4679 action=dst-nat
to-addresses=192.168.5.2 to-ports=4679 comment=“” disabled=yes
add chain=dstnat dst-address=172.17.1.254 protocol=tcp dst-port=4668
action=dst-nat to-addresses=192.168.5.2 to-ports=4668 comment=“Emule Test”
disabled=no
add chain=dstnat dst-address=192.168.100.2 protocol=tcp dst-port=4668
action=dst-nat to-addresses=192.168.5.2 to-ports=4668 comment=“”
disabled=no
add chain=dstnat dst-address=172.17.1.254 protocol=udp dst-port=4679
dst-address-list=list action=dst-nat to-addresses=192.168.100.95
to-ports=4679 comment=“” disabled=no
add chain=dstnat dst-address=172.17.1.254 protocol=tcp dst-port=4669
action=dst-nat to-addresses=192.168.5.4 to-ports=4669 comment=“Emule
DeMariano” disabled=no
add chain=dstnat dst-address=192.168.100.2 protocol=tcp dst-port=4669
action=dst-nat to-addresses=192.168.5.4 to-ports=4669 comment=“”
disabled=no
add chain=dstnat dst-address=172.17.1.254 protocol=tcp dst-port=4664
action=dst-nat to-addresses=192.168.5.7 to-ports=4664 comment=“Emule
A.Bertino” disabled=no
add chain=dstnat dst-address=192.168.100.2 protocol=tcp dst-port=4664
action=dst-nat to-addresses=192.168.5.7 to-ports=4664 comment=“”
disabled=no
add chain=dstnat dst-address=172.17.1.254 protocol=tcp dst-port=4663
action=dst-nat to-addresses=192.168.5.5 to-ports=4663 comment=“Emule
S.Bertino” disabled=no
add chain=dstnat dst-address=192.168.100.2 protocol=tcp dst-port=4663
action=dst-nat to-addresses=192.168.5.5 to-ports=4663 comment=“”
disabled=no
[admin@Adiesselle] >

6

Your public address assigned to ether1 has the wrong subnet mask.

add address=81.73.132.120/> 32 > network=81.73.132.0 broadcast=81.73.132.255
interface=ether1 comment=“” disabled=no

What subnet is assigned to your block of IPs? If it is not a /24 then you might want to delete the address and re-add it with the proper subnet mask so that the network and broadcast addresses match the intended subnet mask.

What’s the output of “/ip route print”?

What are you trying to do with 172.17.1.254/16?

7

Thank you jarosoup for reply,
I’ve corrected the subnet.
My ISP assigned me:
IP address 81.73.132.120
Subnet mask 255.255.255.0
DG 81.73.132.254

I can assign these to an ADSL router (DLink 504T) on the WAN interface, and everithing is ok. What I’m trying to do is to assign this address to MK (behind DSL504T), using the ADSL router as a bridge, in order to use the single public IP address on MK withouth asking the ISP for an IP public subnet (8 IPs).

Ip route print is as follows

DST-ADDRESS PREF-SRC G GATEWAY DIS

0 ADC 81.73.132.0/24 81.73.132.120
1 ADC 172.17.0.0/16 172.17.1.254
2 ADC 192.168.5.4/32 192.168.5.1
3 ADC 192.168.5.5/32 192.168.5.1
4 ADC 192.168.5.7/32 192.168.5.1
5 ADC 192.168.5.239/32 192.168.5.1
6 ADC 192.168.5.240/32 192.168.5.1
7 ADC 192.168.5.250/32 192.168.5.1
8 ADC 192.168.5.251/32 192.168.5.1
9 ADC 192.168.5.253/32 192.168.5.1
10 ADC 192.168.5.254/32 192.168.5.1
11 ADC 192.168.5.0/24 192.168.5.1
12 A S ;;; Per raggiungere i clienti PPPoE Pace
192.168.6.0/24 r 192.168.100.3
13 ADC 192.168.100.0/24 192.168.100.2
14 A S 0.0.0.0/0 r 172.17.1.2
r 192.168.100.253
r 192.168.100.253
15 A S 0.0.0.0/0 r 192.168.100.1
16 S 0.0.0.0/0 81.73.132.120 r 81.73.132.254

172.17.1.254/16 is to communicate with the ADSL router, that has (on LAN interface) 172.17.1.1/16. I’ve added a static route to DSL504T that tells him how to reach 81.73.132.120 (on MK), and it works fine (I’m able to ping 81.73.132.120 from DSL504T)