MAx utilizing of public Ip's support

RouterOS General
1

Hi,

Thanks for helping the people who are really searching for a support for the mikrotik routers,

Here is the support required, this is the question will help lot more people who works for the small companies and small area internet service providers

in the most countries provider cant supply public Ip’s to every one , mostly we will use masquerade with the mikrotik (natting), So my question is lets say one have 300 clients which he has to provide internet through masquerade he is having 16 public ip’s as the pool belongs to 240 subnet, So 30 Mbps speed was allocated by the ISP to tht 16 Ip’s (to tht whole subnet) means With any ip we can get 30Mbps of connectivity

Here is the problem , how to utlilise all the 16 ip’s with the WAN port , which helps for the Websites like rapidshare etc to lock down the limit , at present most people will only use 1 Ip and rest of the 15 will be wasted

Please suggest the configuration how we can use 16 ip’s simultanously , because 16 is always better than 1

Thanks,
Sathish

2

Slice up your internal space when you’re NATing.
Let’s say you have 1.1.1.1 and 1.1.1.2 as public IPs, and your private network is 10.0.0.0/24, and customers are well distributed across that network.

/ip firewall nat
add chain=srcnat action=src-nat to-addresses=1.1.1.1 src-address=10.0.0.0/25
add chain=srcnat action=src-nat to-addresses=1.1.1.2 src-address=10.0.0.128/25

That’s very simple to understand and troubleshoot. You could get more complicated and use PCC or Nth to decide what to NAT to.

3

if you have 16 IPs, use

/ip firewall nat
add chain=srcnat out-interface=Public action=src-nat to-addresses=1.1.1.1-1.1.1.16

instead of masquerade =)

4

Hi,

Sorry for the delay in getting back to you , and iam having a small doubt thanks for the solution with a small rule but are u sure all ip s are utilised by this rule and any connection porblems occur while downloads etc

please tell me

Thanks

5

if you want to avoid problems with downloads, use ‘action=same’ instead of ‘action=src-nat’

6

Chupka thanks for the reply, can u please tell me whether the masqerade will work with requirement ?

Thanks u very much

Sathish

7

Chupka i will re-explain the situation, iam having X.X.X.X/240 public ip and natted to X.X.X.X/24 and using masquerade now iam using only one public ip and not i want my clients to use all the public ip’s utilised and download should not be distrubed and bank websited should not get the problem

Please help me that SRC nat to avtion=same will work or not

Thanks,
Sathish

8

Hi,

From the Wiki:

same - gives a particular client the same source/destination IP address from supplied range for each connection. This is most frequently used for services that expect the same client address for multiple connections from the same client

What Chukpaka posted will work. The clients will be masqueraded across the addresses defined in to-addresses. If a client is initially NATed out 1.1.1.5 he will continue to use 1.1.1.5 for all subsequent connections.

This rule should do exactly what you’re looking for. Please try it and post back the results.

/ip firewall nat
add chain=srcnat out-interface=Public action=src-nat to-addresses=1.1.1.1-1.1.1.16
9

I’m just unsure, when NAT starts to use second, third, etc. addresses…

10

Me, too. For every translation? When all ports on the first IP are expired?

If it doesn’t work, you could also use PCC to NAT.

11

net-map will be quite enough, I think. seems like an address is just overwritten with ‘to-addresses’ network, and host part of an IP stays the same, so it will create necessary dispersion

12

action=netmap will not work because he only has 16 IPs, and 300 clients. He needs to use action=same.

13

it will. for example, if you have users’ space as a.b.0.0/16 and public addresses x.y.z.0/24, then each address a.b.X.n should be natted to x.y.z.n, and all users with different X’s will be NATted to the same IP