Could anyone tell me if this configuration is possible on RouterBoard 951G, like this:
I have 5 Public IP`s:
Public-IP on: ether1-WAN-port (with public IP to access router)
ether2, ether3, ether4 - for LAN (dhcp ip addresing)
ether5 - DMZ connected to Dedicated server where i want to setup virtual servers with Public IPs.
Sould i configure router in Mode: Bridge or I can stay with Mode: Router?
Do i need to setup VLAN for LAN and DMZ ethers? Or I can configure bridge ether ports and use Public IPs behind router? Or Im wrong…
At the moment Im using NAT Firewall setup and my VMs are running on LAN ips.
I almost achieved what I want, but still have some questions. I have configured my router in Bridge mode (not as a router).
Do I need to create VLAN for my internal network to protect/isolate it from outside world or there is another way?
It is not possible to answer this question because essential information is missing.
You should not use bridging for this in general, but you ISP might force you to do it by using an unreasonable setup.
Normal would be to put the /29 network you got from your ISP on your DMZ port and then on your ISP-facing port you
would have another IP address that is used for the link. The provider sends all traffic for that network over this link
and your router forwards this to the DMZ port because that is where the network is configured. That is how a router
is supposed to work. However, when the provider already gave you a router and delivers the /29 on an ethernet port,
yes you may have a problem. Easiest way around that is to skip the MikroTik for that work (use another port on your
provider router for the DMZ) but it can be made to work with tricks like proxy-arp.