Just a NAT device, nothing more - RB2011L-in

MIEGroup · December 27, 2013, 11:13am

Hey guys,

I am rather new to Mikrotik.. Lets say totally new.

I have a setup with some servers controlled by there own firewall (TMG2010) and other devices that needs NAT in front of it.
From my ISP i recived a block /29 that allows me to have 5 usable adresses to work with.

I want my router to be able to do the following;

My first port is the uplink to ISP. This is to be managed from the outside.
Port 2 is a slave with a device behind it that has a static IP. (out of the 5 from my ISP) Router should be manageable from that device.
Port 3 is a slave with a device behind it that has a static IP. (out of the 5 from my ISP) Router should be manageable from that device.
Port 4 is a slave with a device behind it that has a static IP. (out of the 5 from my ISP) Router should be manageable from that device.
Port 5 is a slave with a device behind it that has a static IP. (out of the 5 from my ISP) Router should be manageable from that device.

As the network behind the Mikrotik has its own firewall i need the Mikrotik to be transparant.
However I do need to specify what outside IP adress is able to manage the router.

Is this possible?

I can post the current config if that helps, i have been trying some stuff so far.

Let me know if this is in any way unclear, i will try to specify what and where i can!

Regards, René

Rudios · December 27, 2013, 1:07pm

Are the connected devices are destined to have the ISP delivered public IP’s or do you want the Routerboard to have the IP’s and use NAT?

MIEGroup · December 27, 2013, 1:15pm

Yes they should hold the IP of the ISP.

Rudios · December 27, 2013, 1:20pm

In that case just bridge all the interfaces, or use master-port setting

MIEGroup · December 27, 2013, 1:26pm

So,

If I set port 2-5 as slave this should work?

How about the firewall then? Are there any rules to use or can i disable it in its whole.

When trying to set ether2 {Master Port ether1-gateway} i get back error:
Could’t change interface - already in bridge(6)

Can I delete the bridge?

=------------------------------------------------------------update-----------------------------------------------------------------=

Okay, i have unchecked ether2 from bridge and am able to bind ether2 with Master port ether1-gateway.

Also did the same for ether3, ether4 and ether5.
I can now ping from all ip adresses to all adressen so that works.

However, the firewall is still active now…
Any way to disable that?

MIEGroup · December 30, 2013, 11:14am

Hmm looks like not much response on this one.

Ill leave the firewall on for now. Gonna make a new thread on how that one works out.

Thanks for the help though.

troy · December 30, 2013, 7:53pm

Here’s a thread with a similar setup that might help:

http://forum.mikrotik.com/t/how-do-i-setup-router-for-public-29-address-space/71870/1