Forward External IP to wirelessly connected end-point?

RouterOS General
1

Hi There,

Let me begin by saying that I understand I may be doing this completely wrong and I appreciate / welcome any suggestions or advice.

I have a fairly high-speed broadband service that I am currently sharing with a nearby office across a fixed WiFi Link. I did the following to set it up

  1. Router A has pppoe-out1 interface on eth1
  2. Router A has External IP 000.000.000.245 (0’ed out for security) set on pppoe-out1 interface
  3. Router A has Internal IP 192.168.101.6/29 configured on eth2
  4. Router A has following port forward and masquerade rule
chain=dstnat action=dst-nat to-addresses=192.168.106.1 dst-address=000.000.000.245 log=no log-prefix=""




chain=srcnat action=src-nat to-addresses=000.000.000.245 src-address=192.168.101.0/29 out-interface=pppoe-out1 log=no log-prefix=""
  1. Wi-Fi Link A on roof is connected to eth2 with IP 192.168.101.5/29 gateway = 192.168.101.6/29
  2. Wi-Fi Link B on other building’s roof is configured with IP 192.000.000.4/29 gateway = 192.168.101.6/29
  3. Wi-Fi Link B is connected to Router B eth1
  4. Router B has Internal IP 192.168.101.1/29 configured eth1 (Standard LAN Bridge on eth2)
  5. Router B has following port forward and masquerade rule
 0    ;;; Masq WAN1
      chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""




 0 ADS  0.0.0.0/0                          192.168.101.6             0
  • I’ve left out DNS information. I don’t feel it’s relevant for description

Now this works, traffic flows, Internet browsing works, NAT traversal etc.

I’m trying to do the same setup for another office (Different IP’s of course External = 000.000.000.246, Internal = 192.168.102.6/29) that use a Cisco Router instead of RouterOS Device.

I’ve been able to configure to the point where I can ping the Router A on 192.168.102.6 and I can ping Cisco router on 192.168.102.1 but I can’t Internet browsing or traffic to work.

To make this more complicated this site has a bunch of VLAN’s, ASA firewalls etc that I wasn’t originally informed about. I know when I’m out of my depth so got the company in that originally set it all up to help.

Said company has asked me to “Provide a Real IP instead of NATTED Internal IP”. So I assume they want me to set this up in such a way that the Cisco Router is configured on 000.000.000.246? Problem is I have no idea on how to get it working in that matter.

So how do I go about achieving this? Or am I completely in the wrong land?

2

Set up NAT rules in the main router so that x.x.x.246 is passed through without NAT.
(chain=dstnat action=accept dst-address=x.x.x.246 / chain=srcnat action=accept src-address=x.x.x.246)

Then leave your network as configured, but create a static route:
/ip route add dst=x.x.x.246/32 gateway=192.168.102.1

The Cisco may then use this IP for any NAT it likes.

3

Or if they don’t like that, you could just dump the IP out the ethernet interface for them with a /32…

suppose your router’s actual wan IP is x.x.x.241 and you’re assigning x.x.x.242 to the customer…

configure arp=proxy-arp on the ethernet interface that faces the new customer. Leave the 192.168.102.0/29 network in place for your management of the wireless gear. Add another IP address to that interface:
/ip address add x.x.x.241/32 network=x.x.x.242

The customer will configure the Cisco as x.x.x.242/28 (I’m guessing /28 - make it whatever your IP block’s netmask is) with default GW = x.x.x.241

4

This is exactly what they after! Thanks heaps I’ll give this a try later today, thank you!

5

This reply is overdue, ZeroByte that solution worked perfectly. I’ve even been able to give them additional external IP’s using the same setup.

Thank you!