i’m just about to buy an mikrotik Router for an issues i have with an local network. I hope you guys can help me out what to buy, and if my idea is working right.
I have an Server with an IP-Adresses i.e. 192.168.10.1/24 and i have to clients which have the same IP-Adress i.e. 192.168.10.10.
Both clients want to communicate with the same server, but obviously it can only be one in the same segment. So im thinking about NAT.
Edit: See my next Post for a drawing.
Would it be possibly to usean Mikrotik Router and NAT to setup something like this? Which Router would be neede minimum.
Its exactly that usage, no more clients, or other machines behind the router. Only that one client which would have the same address.
Are you able to provide a cleaner drawing of what you are wanting to do?
Why do both clients have the same IP address? Basic IP networking says that 2 hosts cannot be on the same segment / network / VLAN with the same address.
Are you able to tell us more about the client device with this IP address? Is it just 2 regular old computers? Is this some kind of IoT device?
This server, it has 2 IP addresses, 192.168.0.1/24 and 192.168.10.1/24. Are those IP addresses assigned to the same physical interface? Two interfaces? Are those 2 interfaces separate broadcast domains (layer 2 segments, VLAN)?
Sure, no Problem. Attached you’ll find a easy drawing of the connection.
As you want to know more… the 2 clients are old machines, which are hard configured to these ip adresses. It’s kinda hard to explain, but to make a long story short, in the end it will be easier, to NAT the traffic with a router.
It shouldn’t be too hard even without touching the server:
keep router’s interfaces separated (no bridge or switch)
add 192.168.10.11/24 on router’s LAN1 interface (to server), it will serve as virtual address for “hidden” client
add route 192.168.10.10/32 with gateway being the other interface (LAN2, to “hidden” client)
enable proxy-arp on LAN2
dstnat (netmap) everything from 192.168.10.11 to 192.168.10.10
srcnat (netmap) everything from 192.168.10.10 to 192.168.10.11
Limitations:
both 192.168.10.10 won’t be able to talk to each other
ruoter itself won’t be able to talk to 192.168.10.10 on LAN1
It’s probably solvable with another virtual address and different routing table, but since you most likely don’t need it anyway, there’s no need to complicate things.
The router shouldn’t even be visibile in the network, and its not needed or intended that the clients talks to the each other. The router is only there to get the devices seperated and the server can talk to both. So this setup is pretty much what i need.
Edit: I actually have an Mikrotik Router (HEX lite - RB750r2)
It works one way now! The Client can address the server and get a connection (ping, smb, etc…)
But the other way is not working yet. If i wanna get a connection from the server to the ip-address 192.168.10.11 its not connecting to the client it is still the router answering. Is there probably something wrong with my settings? Or do i need some more? (See below)
Probably yes, if hidden device tried to actively find it, i.e. if it would send ARP request for 192.168.10.10. I don’t remember seeing arptables equivalent in RouterOS, but if it would happen, it may be possible to work around it by creating a single-port bridge for internal interface and then use bridge filters for filtering (I’m not completely sure, I rarely use bridge filters myself).
Alright, i changed the NAT rules, as you told me.
The configuration looks like this now.
The effect now is kinda different. I set up 2 PC’s to act like the server and the client. Server has 192.168.10.80 and is on Port2 of the Router which has the 192.168.10.11 assigned. The Client has the 192.168.10.10 and is on Port 3.
If i try to ping the client from the server it says: host not reachable
And if ping from the client to the server, it ends up as a timeout.
Like this:
Hope you can help me out, big thanks in advance for your support and patience.
I have different addresses and interface names, but I changed them here to yours. Do you see anything in your config different from this (run “/export” in terminal to see it in text form)?
Here you go: That’s my Export of the Router.
PS: I can’t get rid of he settings for the hotspot profile, routerboard settings, and mac servers. But that shouldn’t be a Problem, Right?
Port5 is for my configuration Client.
For the Setup:
Port 2 → Windows-PC with these settings: 192.168.10.80/24 No Gateway/No DNS set.
Port 3 → Windows-PC with these settings: 192.168.10.10/24 No Gateway/No DNS set.
There’s something wrong, it must work even without changing gateways. Try to do some debugging. Since your hidden device is probably not very flexible, test it with e.g. notebook with same IP config connected instead. The trouble is, I have no clear idea what can go wrong here, it’s such simple config…
Direction from server to client should be ok. Virtual address 192.168.10.11 is on interface connected to common network, so if you try to e.g. ping it, server must get MAC address (using ARP) just fine. And any packet sent to 192.168.10.11 will be redirected to hidden 192.168.10.10.
The other direction is nothing complicated either. If hidden 192.168.10.10 asks for 192.168.10.80, proxy ARP will return MAC address of router’s ether3. After that, router knows where to find server (on other2) and srcnat will change source to 192.168.10.11.
Try to check if ARP resolution works correctly on both server and hidden client. Then you can check (using Tools->Torch) both interfaces for interesting traffic. It must be something simple…
Sooo this will be my final post in this thread, because it finally works (and already worked as Sob desribed it).
One of the testing systems has Windows 10 as OS and had the unidentified Network set to a “public” lan, which disables many functions and protocols. I manually set it to private, and all of it worked as expected.
Again a big thanks to you Sob, you really helped me out.
