My router has 3 ethernet interfaces. I use ether1 as WAN and add 2 public IPs to it.
(95.xx.xx.52 and 95.xx.xx.53)
I use ether2 to connect a LAN for user1 in the local network 192.168.0.0/24
I use ether3 to connect a LAN for user2 in the local network 192.168.1.0/24
User1 and user2 use srcnat to access the WAN. User1 should acces the WAN via 95.xx.xx.52 and user2 should access the WAN via 95.xx.xx.53.
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=src-nat to-addresses=95.xx.xx.52
src-address=192.168.0.0/24 out-interface=ether1-WAN
1 chain=srcnat action=src-nat to-addresses=95.xx.xx.53
src-address=192.168.1.0/24 out-interface=ether1-WAN
I checked with http://www.ipchicken.com that User1 is visible via 95.xx.xx.52 in the internet, and user2 is visible via 95.xx.xx.53. That is ok !!!
Now my problem:
If I try to access the router from the WAN with telnet or try to ping it, it is only accessable via 95.xx.xx.52 and not via 95.xx.xx.53.
Why?
How can I enable access also with 95.xx.xx.53?
I think the mac-telnet setttings don’t care because I’m talking about IP-telnet access and ping.
Also I have no entries in firewall/filter.
While trying to solve the problem yesterday I found out, that sometimes it is possible to access the router only over 95.xx.xx.53 and sometimes only over 95.xx.xx.52. Also I have seen for a short time, that it was possible to access the router over both IPs.
Is it possible, that the router is only accessable over the WAN IP which is currently used by a user (user1 or user2) to access the internet?
I have a PC and the ISP-Router (95.xx.xx.126) directly connected to the WAN side of the router. So the ISP-Router does not matter. Access from this PC to the router is the problem.
Well both of the IP addresses are assigned, and there is nothing in your firewall that would prevent them from talking directly. I would have to say look at the PC then, check it’s routing and ARP tables to see if something might be up with them. What happens when you connect the PC directly to ether1-WAN, can it talk to both IP addresses that way?
You are right, if I connect the PC directly to ether-WAN1 I can ping 95.xx.xx.52 and 95.xx.xx.53.
Sorry for that !!! I think I have simplyfied my problem too much. Here is my complete network structure:
I think the problem is the RB/411 bridge (95.xx.xx.90). If I connect my PC on the left side of this bridge I can ping 95.xx.xx.52 and 95.xx.xx.53, and if I connect my PC on the right side of this bridge and behind the Lancom AP I cannot ping 95.xx.xx.52 and 95.xx.xx.53 all the time. From my experience, the Lancom transparent bridge is really transparent, that means that it acts like when I’m directly connected to the WLAN. So this should not cause the problem. So I assume the problem is in the RB/411 router.
If I ping 95.xx.xx.52 and 95.xx.xx.53 with the ping tool inside the RB/411 I can reach both IPs. They both have the MAC-address of ether1-WAN.
If I ping 95.xx.xx.52 and 95.xx.xx.53 from the PC or from another RB/411 that is in the WLAN, I can sometimes reach 95.xx.xx.52 and sometimes reach 95.xx.xx.53. They then both have the MAC-address of RB/411 wlan1.
I’m searching for a solution where I can ping 95.xx.xx.52 and 95.xx.xx.53 all the time from behind the Lancom AP. And it would also be nice if 95.xx.xx.52 will be visible with MAC-address of ether2-USER1 and 95.xx.xx.53 with MAC-address of ether3-USER2.
I’m not familiar with wireless bridges/links like that, but I think it might have to do with the method you chose to use in linking the sites together. Maybe a different mode will suite your needs better. There are several wiki examples submitted from users about layer2 wireless links. http://wiki.mikrotik.com/wiki/Wireless_Setups
