How to assign a public IP to use for an IP Block

RouterOS Beginner Basics
1

Hello Guys,
Everyone’s expertise is again needed. Currently my Mikrotik Router’s design is like this (See Image Below).

But I have a problem “How do I set the Outgoing rule for the Local IP’s 192.168.1.2, 192.168.2.2, 192.168.3.2 & 192.168.4.2 to use their respective Public IP Addresses?”




For my Incoming Policy I just set my dst-nat to this:

And it already worked. My problem is that although I already created a masquerade for all the local IP’s stated above, when I go to websites like mywanip.com to check the current IP address that I have I keep getting only one Public IP which is the first one the 128.16.4.17.

Can anyone help me on how to set the Outgoing rule for the Local IP’s 192.168.1.2, 192.168.2.2, 192.168.3.2 & 192.168.4.2 to use their respective Public IP Addresses when accessing the Internet. I need this so I can fulfill another requirement.

Ex.

When I’m inside the firewall 192.168.2.2, I should be using the assigned Public IP for me which is 128.16.4.18.

Thanks in advanced, I really need the help. My boss is giving me a headache with this deadline :frowning:

Rob

2

I hope anyone can help me. This is my current set-up that is why I need to know how to create an outgoing policy for my local ip’s to use the mapped public ip addresses when accessing the internet.

Currently, when I want to access a remote router and I’m using let’s say 192.168.4.2 firewall, I’m suppose to it since the incoming policy of that router only accepts 128.16.4.20. But I am always using the public ip 128.16.4.17 so thats why I can’t access it.

All I want is a src-nat that would allow my local ip’s to use their respective public ip addresses and still be able to use the internet:
192.168.1.2/24 = 128.16.4.17
192.168.2.2/24 = 128.16.4.18
192.168.3.2/24 = 128.16.4.19
192.168.4.2/24 = 128.16.4.20

Again you’re continued assistance gives me hope and encouragement to continue to learn and support the Mikrotik Brand.

Thanks in advance,
Rob

3

I can’t find a way to make my “masquerade” and “same” in my src-nat to work together.

“Masquerade” will be my source of internet connection and “Same” will make sure that I’m using the allotted public IP. Am I right?

4

Tried to do this:

Created a Mangle to define my source and used postrouting.

Action is new-connection

Nat Rule masquerade for my Internet Connection

Implemented a src-nat that would forward the local connection to a designated public ip.

But still to no avail it doesn’t work. Is there anyone with a solution out there? I hope someone can help he :frowning:

5

Are there any way to ask support aside from the Forums? Mikrotik Support Group? Anyone? Can anyone point me to the right direction. Thanks

6

You don’t need to mark the connection.

Just add srcnat rules eg:

/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1-gateway \
src-address=192.168.1.0/24 to-addresses=128.16.4.17
add action=src-nat chain=srcnat out-interface=ether1-gateway  \
src-address=192.168.2.0/24 to-addresses=128.16.4.18
add action=src-nat chain=srcnat out-interface=ether1-gateway  \
src-address=192.168.3.0/24 to-addresses=128.16.4.19
add action=src-nat chain=srcnat out-interface=ether1-gateway  \
src-address=192.168.4.0/24 to-addresses=128.16.4.20

The key thing is instead of using masquerade you use an action of src-nat and set the to-addresses

Hope that helps

Nick.

7

Did your suggestion. It worked haha!
I’m self-studying Mikrotik so I need more time to learn some of it’s tips and tricks. Thanks for your help Nick.

8

Hi
I’ve an RB 2011. I have 3 Public IP and I want to use indifferently in each network card except the first one because I’ll connect my WAN link.

For example, in Eth1 I want to connect my internet link and in Eth2 connected to a server with one IP public.
If I use NAT, I need to use a LAN IP in my servers and I preffer to use the public IP.
I have difficulty to make a bridge interface.