NAT

RouterOS General
1

Dear friends,

I am newbie in Mikrotik but i have to design such configuration (defined in the picture ) for my institution , please guide me to do

problem statement:

we are actually using two isp , isp1 Private IP (10.118.246.118) that nat with a ip pool 14.139.220.81.-94 public ip , we have to use those public ip for institutional activities , we are using a mikrotik routerboard 450G ,

isp1 connected with wan port eth1 and isp2 connected to eth2 simple public ip 220.225.86.4

but i want some public ip on port eth5 , that i can directly connect with some switch and use public ip like
14.139.220.90 for webserver
14.139.220.91 for mailserver
etc

so i have attach a pic that clarify my view , please guide me step by step to configure it
misbp.jpg

2
  1. Okay first lets remove Ethernet 4 from the switch under interfaces change its master port to none.
  2. Ip Addresses assign a public address to Eth4 and apply the network range
  3. Firewall mangle prerouting src=public network range action=apply routing mark “Public”
  4. Firewall nat EDIT do not add the rule for masquerading on Eth0 routing mark if NOT “Public” (This exempts the public addresses from NAT)
  5. DHCP server on Eth4 address pool static only. (then go marry the MAC addresses of the servers to the Public IPs)
  6. Ip Routes apply a route for your public default gateway for traffic with routing mark “Public”

That should do it. Make sure on step 4 you check the NOT box.

3

I cant understand please can u elaborate , that i can easily do it

4

  1. Okay first lets remove Ethernet 4 from the switch under interfaces change its master port to none.
    Interface - Edit Ethernet 4 Edit change master port to none
    This is removing Ethernet 4 from the switch interface.

  2. Ip Addresses assign a public address to Eth4 and apply the network range
    IP - Addresses New Your public address for the router plus the public address range Example 14.139.220.81/28
    This is giving the router a public address on Ethernet 4 and tell it what its network range is on that port.

  3. Firewall mangle prerouting src=public network range action=apply routing mark “Public”
    IP - Firewall - Mangle New prerouting src=14.139.220.81/28 action=apply routing mark “Public”
    This is marking the packets from your public ip with a tag that reads “Public”

  4. Firewall nat EDIT do not add the rule for masquerading on Eth0 routing mark if NOT “Public” (This exempts the public addresses from NAT)
    IP - Firewall - Nat - EDIT routing mark is NOT “Public” (Use the check box on the right and that is the NOT rule)
    This tells NAT that it does not masquerade for packets that have a mark “Public” (done in step 3)

  5. DHCP server on Eth4 address pool static only. (then go marry the MAC addresses of the servers to the Public IPs)
    IP - DHCP server - ADD on ethernet 4 set IP pool to static
    This allows you to setup static IP assignment in the router based off clients max address.

  6. Ip Routes apply a route for your public default gateway for traffic with routing mark “Public”
    IP - Routes ADD 0.0.0.0/0 gateway=you isps gateway IP Routing mark= “Public”
    This establishes a route for your devices with public IP. (This step is also tied to step 3)