HELLO
my company lease (2-Public IP) from one ISP :
1- for internet (NAT)(Private IP)
2- for application server (Public IP)
i use MikroTik (RB1100 AH)X2 so use:
Bridge 1 == WAN (ether 1,2,3,4)
Bridge 2 == LAN (ether 5,6,7,8)
i want to use public IP in application server no NAT for forwarding protocol to application server and use MikroTik firewall to protect server from DNS request or any other threat
Hi.
- you can bridge your want port and the port that the server is plugging into and setup the IP directly on the server, but mt firewall won’t work well.
- you can use nat, forward all requests to the second public ip to the app server and create a src nat so all the outgoing traffic originates from that second Ip address
ok
thank you how can i do it ?
Simplest way is to bridge two ports together, connect one to ISP and other to server, then assign one address to this bridge, other directly to server and it will work. To filter some stuff, you can use bridge filters.
can you explain it with details please
What exactly you don’t understand? Pick two independent ports (not switched together). Create bridge and assign these two ports as members. Put router’s WAN config (IP address) on bridge. Configure server with public address as if it was connected directly to ISP. That’s enough to get everything connected.
To filter some traffic, you can use bridge filter:
/interface bridge filter
add action=drop chain=forward dst-port=53 in-interface=<ISP interface> ip-protocol=udp mac-protocol=ip
Thanks for your info
Sent from my iPhone using Tapatalk