Lets say a ISP gives ip addresses range that can be used 1.10.100.114-1.10.100.126/28 with .113 as gateway.
I used 1.10.100.114 as WAN 1 and NAT it to some LAN network. And it is working properly.
But i think it is waste to let others (115-126) waste without use. Can i use the as other WAN and buff the the network? Or are there other options to use it? Put a switch between ISP and Mikrotik?
Generally there are two ways how multiple IP addresses are handed over to you:
they are routed via your gateway
In this case you only need single IP address on WAN interface and ISP's router will pass traffic for extra IP addresses via that single IP address. I don't think that's it in your case as that single WAN IP address of your router is then usually from a different IP subnet than the rest of IP addresses.
they are made available on the same subnet.
In this case you can either put multiple devices on the WAN segment and each will get their own IP address. Or you can set multiple addresses on WAN interface of your router and use those extra addresses for NAT or something.
The only "gotcha" in this scenario (setting multiple IP addresses on WAN interface) isselecting IP address which will be used by default when IP address has to be chosen (either traffic originating from router itself or as NAT source adderss) ... you do it by setting pref-src property on default route (or any other route if it's using WAN interface).
NAT (the inverse of DST-NAT) should be using IP address used as dst-address when starting new connection so it should not be affected by pref-src setting.
For the scenario where the router will sit in front of every devices that will "use" those 1.10.100.115-1.10.100.126 addresses (for instance servers or VMs), because the router needs to do firewall filtering duty for example, there is a way to do that involves no NAT:
In /ip address the address entry associated with ether1 should be address=1.10.100.114/32 network=1.10.100.113, instead of address=1.10.100.114/28 network=1.10.100.112.
In /ip route the static default route is still dst-address=0.0.0.0/0 gateway=1.10.100.113.
Add 12 published=yes ARP entries on ether1 for the addresses 1.10.100.115-1.10.100.126:
On the bridge or VLAN or ethernet interface where the servers / VMs with public IP addresses will reside, configure the /ip address entry. Let's assume the interface is called servers:
Now we can either manually assign static addresses for hosts connected to the servers interface, with addresses in the range 1.10.100.115-1.10.100.126, default gateway should be set to 1.10.100.114.
Or alternatively we can just setup DHCP server on the servers interface with the correct information:
And of course, it's preferable to add static leases on this DHCP server because we don't want the devices' addresses to jump around!
In case we have a masquerade rule on out-interface=ether1 that perform SRCNAT going to the WAN, then we need to modify this rule to exclude the devices that already have the public IP addresses from being NAT-ed. The rule will modified to be something like:
Adjust the firewall filter table with rules that explicitly allowed incoming traffic to the addresses and ports of the devices in servers if needed.
After doing this, we'll have hosts/servers/VMs in attached to the servers interface with true public IP addresses. They will be able to go out to the internet with their own public IP addresses as source addresses, and no NAT will be performed.
If the filter rules are correct, they wil be also be able to directly accept incoming connections from the outside, to the allowed ports and services hosted on them, using their own public IP addresses as destination. No DSTNAT is involved.
Here is my test config to confirm the above is working as intended:
