Fowarding Public IP

tepes · January 14, 2009, 1:01pm

I have that configuration:

/ip address
add address=85.122.79.246 netmask=255.255.240.0 interface=ether1
add address=85.122.79.40 netmask=255.255.255.248 interface=ether2
/ip route add gateway=85.122.64.1
/ip dhcp-server
add address-pool=static-only authoritative=yes bootp-support=static disabled=no interface=ether2 lease-time=3d name=dhcp1
config set store-leases-disk=immediately
network add address=85.122.79.40/29 comment="" dns-server=85.122.79.253,85.122.79.254,193.231.236.10 gateway=85.122.79.41
lease add address=85.122.79.42 comment="" disabled=no mac-address=00:08:74:EF:DF:B3 server=dhcp1
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB max-udp-packet-size=50 primary-dns=85.122.79.253 secondary-dns=85.122.79.254

i set:

/ip firewall filter add chain=forward action=accept

When i start the machine i recive the ip 85.122.79.42 but the connection don’t work

the configuration with masquerade is working:

/ip address
add address=85.122.79.246 netmask=255.255.240.0 interface=ether1
add address=85.122.79.40 netmask=255.255.255.248 interface=ether2
/ip route add gateway=85.122.64.1
/ip dhcp-server
add address-pool=static-only authoritative=yes bootp-support=static disabled=no interface=ether2 lease-time=3d name=dhcp1
config set store-leases-disk=immediately
network add address=85.122.79.40/29 comment="" dns-server=85.122.79.253,85.122.79.254,193.231.236.10 gateway=85.122.79.41
lease add address=85.122.79.42 comment="Tepes" disabled=no mac-address=00:08:74:EF:DF:B3 server=dhcp1
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB max-udp-packet-size=50 primary-dns=85.122.79.253 secondary-dns=85.122.79.254
/ip firewall nat add chain=srcnat src-address=85.122.79.40/29 action=masquerade
/ip firewall filter
add chain=input connection-state=established comment="Accept conexiunile stabilite"
add chain=input connection-state=related comment="Accept conexiunile legate"
add chain=input connection-state=invalid action=drop comment="DROP la conexiunile invalide" 
add chain=input protocol=udp action=accept comment="UDP" disabled=no 
add chain=input protocol=icmp limit=50/5s,2 comment="Limitez pingul.." 
add chain=input protocol=icmp action=drop comment="... si branza la exces" 
add chain=input in-interface=ether2 src-address=85.122.79.40/29 comment="Accept ce vine din LAN" action=accept
add chain=input action=drop comment="DROP orice altceva"

I need some help please

SurferTim · January 15, 2009, 11:05am

Greetings!

The most obvious challenge is the duplicate network addresses on ether1 and ether2. Ether1 local net includes the ip range for ether2.

If you are looking to port forward, you need to assign the server/computer/router a local ip, then use dstnat to route public ips to that local ip. See the docs and wiki for setup and examples.
http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php