Help configuring RB2011L-IN

slahy · September 18, 2013, 7:26pm

Hi,

I am new to routerOS and I am trying to configure my router in line with the diagram below/attached. The problem I am having is I dont know how to allow the static WAN address through the router to the static host. Can somebody please tell me how to configure this or what I should be trying to configure to achieve this. All and any help would be great. Thanks

RouterOS version 5.20
RB2011L-IN

Switch has no config

Rudios · September 18, 2013, 8:16pm

If the server doesn’t need to have the IP address on it’s own interface but should be reachable on the address, you can configure a 1:1 nat rule for that specific IP address.

friction · September 19, 2013, 2:41am

1:1 NAT seems to be the easiest.
You can add each IP address you own on the router’s WAN interface and add specific NAT rules.

You could still use vlans however, if you’re a bit adventurous. I know the switch has no configuration options, but that is not a dealbreaker per se.
If’m not mistaken, a dumb switch switches on the basis of the destination mac address and it does not care nor check the internal data. It might get dropped if the packet size is too large though, but this can be adjusted on the host/router interfaces.

What you need to do on the RB2011 is create two bridge interfaces:

a bridge interface called LAN with the physical port towards the LAN. It has the static LAN ip, dhcp server etc.
a bridge interface called WAN with the WAN physical port and a VLAN interface with e.g. tag 2 and has as interface the LAN bridge. This brigde will have the WAN ip.

This setup should translate packets from the WAN side towards tagged vlan 2 packets on the LAN side and vica versa, while LAN packets have no tagging at all and will need to be NAT’ed to go outside.

If you set up the server to use vlan 2, we’re all set.
You should be able to server to use the LAN as well and add a vlan-based virtual interface.

A plus of this systems is that you can easily add other hosts to the wan by configuring them to use vlan 2 and you can add a managed switch later on.
A downside is security. You have no direct control over which host on your LAN try to access the VLAN.

NB:1)The bridge interface LAN could just be the physical port itself actually, but I like to use brigde interfaces as a way of abstraction, as they tend to be more change-proof (adding/removing physical interfaces etc).
2) I’ve actually never tried such a setup, but in theory, I think it should work, if not, don’t hesitate to correct me

Edit: added some more info.