I have a question about using Multiple Public IP’s. I have a range of 5 Public IP’s. I have one of the IP’s set up on Eth1 Interface and it is working fine. I can also use the other IP’s on Eth1 and by using Masquerading and DNAT can forward traffic to my LAN static IP’s on Eth2.
I am pretty sure the following can be done but need a little guidance. I would like to set a static IP on the LAN side using one of the available Public IP’s. The reason for this is the VoIP guys tell me they need a public IP set up on their phone for it to work correctly and it will be on the LAN side of my network. The following aren’t real IP’s, but might help explain what I am trying to do.
Public IP’s
69.128.128.2
69.128.128.3
69.128.128.4
etc
Public IP Gateway 69.128.128.1
Eth1 is set up with IP 69.128.128.2 and gateway 69.128.128.1
I want to set a host up on Eth2 with Public IP of 69.128.128.3.
Do I need to use bridging for this?
Should the gateway for the device at 69.128.128.3 be 69.128.128.1 or 69.128.128.3?
We used yoda vt100 boxes and they worked perfect with private ip and masq/dst-nat. In the local area they could use their private number, and outside call they could use forwarded public number.
If your network is setup with users NAT’d behind it then you can do one to one NAT which basically maps one of your private IP’s to a public one.. so say you did this for 192.168.1.50 and 69.128.128.3 was the public IP you wanted for that private IP. You just setup your dst/src-nat accordingly and all traffic is forwarded to that IP address. I have yet to do this with Mikrotik, but I’ve done it with other routers/gateways in the past. It’s definately do-able I’d just have to look the admin config guide to give you a step by step solution and I’m on the road at the moment.
Thanks for the help guys. I do understand how to do this with NAT, but was trying to figure out if it can be done without NAT. The VoIP guy claims that he needs to set his phone with a Public IP. I know this is not true, but he is very adament about it. So, I want to try and appease him.
So, basically he wants to put a Public IP on the private side of the router which is eth2. The Public side of the router is eth1 and this is assigned one of the public IP’s. He wants to put a host with a diiferent Public IP on the private side. This is what I am trying to do, if it is possible.
If you forward an entire IP using one-to-one nat you should not have any problems. Every single port will be passed thru as if this IP was public. Tell him that if he wants to be on the public network then he’s going to have to go elsewhere because your in charge of your security. Sharing an IP subnet between two interfaces is not a good idea really. IMO of course, someone might prove otherwise.
You can also use proxy-arp so that the public address is used directly on the client device. This is what I do. Search the archive here or let me know and I can post links.