Hi all,
I’ve an ISP router and a LAN. 192.168.1.1/24
I need to put a second router (Mikrotik) between the ISP router and the LAN.
It’s possible to have the WAN port (ether1 of Mikrotik) with say 192.168.1.2,
the Bridge IP 192.168.1.1 (so the SAME of IPS router)
and maintain the LAN IPs?
If yes, how?
Thanks 
N
No.
Basic idea of routing is that different interfaces have IP addresses belonging to different subnets.
Why do you want to keep IP addresses unchanged both on ISP router’s LAN interface and in your actual LAN?
Yes.
But you will need to use a VRF, that has a few limitations.
Here is a thread where something similar has been done (interposing a Mikrotik router keeping LAN gateway the same):
http://forum.mikrotik.com/t/attempting-to-evolve-from-cavemans-failover/170048/59
Not exactly “simple”, but doable.
I suggest you to test in GNS3 with CHR, I posted there some reproiducible configurations.
Thank you for the responses, now I try!
I want to do this because I haven’t access to the ISP router and do not want to reconfigure >50 devices!
N
The solution is at this post http://forum.mikrotik.com/t/attempting-to-evolve-from-cavemans-failover/170048/59 thanks @jaclaz!
I tested with a real router and all seems to work: normal LAN, web browsing, Email and Tailscale.
The only thing that I’m not able to do is to connect to the ISP router (or another specific IP in the “outside” LAN) using a browser from the LAN.
This is not important but I’m curious if it’s possible to achieve also this!
Thanks
Nicola
Yep, the issue with that approach is that - but hopefully it will be fixed in 7.16 or later (it has been given as solved in one of the latest 7.15 but seemingly it doesn’t actually work) is that the DNS (and consequently also the NTP) don’t work in a VRF.
A few posts later, in post #37, I posted a configuration with the VRF “reversed” to allow these services to work (which is the one I am actually using) .
About connecting to the original router, of course it is not possible without some special setting as it has the same 192.168.1.1 address as the Mikrotik, and from the LAN side the “first” 192.168.1.1 encountered is the Mikrotik.
Very likely it is possible to use another IP and “re-map” it to the original ISP router IP, using dst-nat or some other trick, there are some hints here:
http://forum.mikrotik.com/t/double-destination-nat/175277/1
and in connected thread:
http://forum.mikrotik.com/t/managing-two-separate-subnet-with-same-class-addresses/130530/1
I never delved deeper in that particular aspect because I have no reason to connect to the ISP router (as all I can get is a prompt for user and password credentials which I don’t have).
In fact the DNS is not working.
I was only able to spot this:
prerouting: in:ether1 out:(unknown 0), connection-state:established src-mac b4:43:26:6f:73:8d, proto UDP, 208.67.222.222:53->192.168.1.198:34564, len 122
It seems to me that there is a problem routing the DNS response to the Router himself. But I’m not able to solve. Still learning!
N
@jaclaz has warned you that some local processes in RouterOS, such as DNS and NTP, cannot be told which VRF to use (hopefully yet). So if VRF stands in the way, why not trying my “VRF-free” approach as suggested above