Here is my problem:
10 public IPs for 8PCs and 2 printers - users need this kind of sollution.
Beside these 10 devices there is a Seagate file server and several local devices (printers etc.) .
All public IPs comes in one wire from ISP.
Need Your help with configuration - Want to “mirror” public IPs to the devices that need it (all devices have static IPs), and create some private network with other devices like file server and all the rest local devices, but all devices should be accessible for all PCs.
Ofcourse file server should be accessible only from PCs - not public.
I have RB951G-2HnD to handle this project - is it possible?
Yes, its possible. If you start out with the default config for that router, all you going to have to do is add each of the Public IP addresses to the router. Then in IP → Firewall → Nat you are going to create rules for each one. Here is how you set up 1:1 NAT: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#1:1_mapping
thanks for Your reply. I’m not sure how to do it. I’m “fresh” with Mikrotik.
If I NAT 1:1 I will not have the IP from public pool on PC (ex. 10.0.0.1 and it will be forwarded?) or I can set it up manualy (xxx.xxx.xxx.101) and my network behind MT could have some ather addresses?
my ISP gives me 13 public IPs (xxx.xxx.xxx.100-xxx.xxx.xxx.112) with gateway xxx.xxx.xxx.099 . I’d like to set up the WAN of MT with xxx.xxx.xxx.100 and DHCP server with pool xxx.xxx.xxx.120-xxx.xxx.xxx.150 and gateway xxx.xxx.xxx.100, and static IPs for PCs from the public pool xxx.xxx.xxx.101-xxx.xxx.xxx.112 and gateway xxx.xxx.xxx.099. Will it work? Will all devices connected to MT see each other?
I don’t know if it’s clear
for me the best way it would be
ISP
|
|
LAN1
MT - - - - - - - public poll IPs without DHCP on LAN2
|
| - - - - - - - - LAN3 bridged WLAN - with DHCP server
devices connected to LAN2, LAN3, WLAN should see each other, the ones connected to LAN3/WLAN not reacheable form Internet.
What you’re asking for is a little confusing, but it should work for the most part. If you want the Public IPs to reside on the end hosts, then the interface that they are connected thorough will have to be bridged to the WAN port. Try that and see if works the way that you want it to.
You should try to avoid putting PC’s out on the public Internet if at all possible. Most organizations, these days, will do a 1:1 “Static NAT” as described by ssofet. It allows more control over the traffic that reaches the computer than bridging the devices directly onto the Internet. If you absolutely have to have these PC’s publicly addressed, you could plug your 1 wire from the ISP into a switch and address each PC as needed. I would recommend running a firewall on that wire, i.e. a pfSense machine that bridges two interfaces at layer 2, with a third interface on your local (private) network for management purposes.
