How to I give some clients a Public IP and some a NAT'd

wifiryan · December 18, 2013, 2:01am

I have a cable connection with a /29 block with 5 usable public IP’s.

I plug the cable modem into ethernet1 of the Mikrotik and my 16 port switch into ethernet2.

If a user pulls a DHCP address I want to assign the device a private IP in the 192.168.0.x subnet, utilizing the first of my 5 public IP’s.

But I also want to be able to assign a few devices a static public IP using the remaining 4 public IP’s.

How exactly do I go about that? Thank you. I don’t want to use 1to1 NAT, I want to assign a real public IP to a few devices.

Ryan

efaden · December 18, 2013, 2:31am

Depends.. Are the IP’s routed or bridged?

Sent from my SCH-I545 using Tapatalk

wifiryan · December 18, 2013, 6:53pm

The network is bridged.
208.89.242.98 - 208.89.242.102 Usable Addresses

This is my setup:

Charter cable modem —> ethernet 1 of Mikrotik

IP of ethernet 1 is assigned as follows:
208.89.242.98/29
208.89.242.97 Gateway

If a client connects and gets a private DHCP address from the Mikrotik they will get out to the Internet via NAT on 208.89.242.98, which currently works fine.

I want to statically assign some clients, on the same switch port, 208.89.242.99, 100, 101, etc. How do I go about this?

efaden · December 18, 2013, 8:32pm

Basically what I would do is setup two switch groups…

eth1 + eth2
eth3 + others

The first group will be for your bridged internet… and the eth3 will be setup with the private range and NAT.

Make sense?

wifiryan · December 18, 2013, 9:54pm

I can only use ether1 and ether2

ether1 is the internet connection
ether2 goes to a large switch, which all devices are connected to. I cannot physically connect the other devices to ether3. Even if I could, I do not want to for the scenario.

Thank you for your help

wifiryan · December 19, 2013, 4:40pm

I added ether1 and ether2 to “bridge1”

I can now statically assign clients a public IP and they work fine. HOWEVER now the clients that obtain a DHCP address can no longer browse the Internet. DHCP server still works, just no route to the Internet. As soon as I disable the bridge the DHCP assigned clients work and the statically assigned public IP clients stop working.

Any hints? Thanks

efaden · December 19, 2013, 4:47pm

I really wouldn’t do it the way you are trying… either use 3 ports, use a switch in front of your mikrotik (realizing that the computers will be outside of the firewall), or use vlans or something… but putting both private and DMZ on the same internal interface is a security problem.