Hi to everybody, after many post read I decideto ask directly the info on this forum.
My isp give me band, the router cisco 2800 8 public ip natted to a net 192.168.0.x, them my routerOS 3.10 that organize all my network.
I use the first address 192.168.0.1 for internet access to my customers on ether-wan, one of these ask me a public ip directly to his lan.
I know that I had to set a rules in the firewall but:
I had only one lan out from the cisco and I had all the 8 ip at the same time on that lan-port, may I set another ip to the same lan? how will work? and off course how to do it. I don’t want to stop the service in case of an error by me.
You need to change the config of the Cisco router so you can use public addresses instead of the Nat’ed ones and add a route to your Mikrotik router. Do a search, this has been discussed many many times.
The real question is if your customer really need public address on his comp or he just need an traffic to be passed to his local ip.
Most likely, the second alternative is enough, in which case you just need to nat the the 192.168.0.x ip of one of the public ips to his ip, so he will get the traffic directly form the public to his local ip.
To give you the exact command you need to provide exact info (ip addresses, what is nat’ed where and to, etc…).
Thank you for any info, I ask to my provider give me direct IP not natted, now I had public IP!
I don’t know exactly wat to do; one things may be:
/ip address add address=xx.xxx.xx.xx/yy interface=ether1
then in firewall filter nat
/ip firewall nat add chains=dstnat action=dst-nat dst-address=xx.xxx.xx.xx to address=aaa.aaa.a.aa
User tell me thai he intend to put a cisco at both ends!
site1 - - - internet - - - my router - - - internal ip via wireless
I had found on a post the info previus indicated, it will work? There is another way?
I read about eoip but the question is:
may I use also eoip for centralize pppoe if I use eoip for this “vpn”.
But this will be ask in another post.
News about situation.
I had configured address for the lan and rules in firewall, maybe something wrong, now the ip seen in internet is not the original of the network but the new one assigned to my customer.
Because I recive other request of public address reserved for customers I had to solve this problem.
I had seen many post and read many info, maybe too because now I don't understand what to do for have an ip for all the normal customer and assign a public ip only for who request this service but that ip must be seen only from them.
Here is my config:
_[admin@router] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; added by setup
10.1.1.150/24 10.1.1.0 10.1.1.255 lan
1 X 172.16.143.130/30 172.16.143.128 172.16.143.131 (unknown)
2 AA.BB.CC.26/24 AA.BB.CC.24 AA.BB.CC.24 wan
3 AA.BB.CC.30/24 AA.BB.CC.30 AA.BB.CC.30 wan
[admin@router] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Masquerade per uscita in internet indirizzi privati
chain=srcnat action=masquerade src-address=!AA.BB.CC.26
out-interface=wan
2 ;;; Destination nat per vpn su 10.1.1.1 da ASSIST-UNO
chain=dstnat action=dst-nat to-addresses=10.1.1.1
src-address=XXX.XX.XXX.195 dst-address=AA.BB.CC.24
3 ;;; Destination nat per vpn su 10.1.1.1 da ASSIST-DUE
chain=dstnat action=dst-nat to-addresses=10.1.1.1
src-address=XX.XXX.XXX.230 dst-address=AA.BB.CC.24
4 ;;; PUBLIC ip CUSTOMER-ONE
chain=dstnat action=dst-nat to-addresses=10.10.4.100
dst-address=AA.BB.CC.30 in-interface=on-lan
5 X chain=srcnat action=src-nat to-addresses=AA.BB.CC.30
src-address=10.10.4.100_
NOTE: in nat number 4 and 5 was added for the public IP, I notice that if I use the correct interface (lan) or not at all, all the traffic pass thru the two ip aa.bb.cc.26 and aa.bb.cc.30
Help me to understand what's wrong, please.
I guess your customer needs public ip for vpn with 2 cisco routers, which in this case, the nat won’t be possible (except double nat which complicates the things). Try to route public ip directly to the customer.
