I’m setting up a mikrotik router to be used as a gateway to segment a small part of my network. Lets assume the main router where my pop is setup with a gateway of 100.100.121.1. I want to program the 2nd mikrotik router with a static ip of 100.100.121.x to talk back to the main gateway and then nat everybody on the lan side of the router with private ip’s. I’ve got this working fine.
The problem is I have a few customers on natted side of the network who have public statics already of 100.100.121.x which used to talk back to my main router. Now that the network is natted with private ips on that side of the network I’d like those customers to simply pass through the 2nd router and use the main router as their gateway. How do I do this? I’m a mikrotik newbie so be gentle.
Nat based on the ip address instead of interface.
You may require multiple nat rules.
Just do not nat the public IPs.
Also be sure that your provider appropriately routes those IPs to your routers IP.
Ok that makes sense. How do I write a route to pass the static publics through this router though? I’m having trouble with this more than the natting for some reason. Basically I want a 100.100.x.x (example) static public address on the lan side of the router to pass through the router and use a gateway on the wan side of the router.
Still not working. I know I’m missing something basic here. If you don’t mind perhaps you could post a sample config?
Lets say main router (imagestream) has 100.100.121.1 as gateway for static public customers using 100.100.121.0/24 address space. This is an existing bridged network. I want to add a 2nd router to segment a portion of the network using NAT and dhcp. These customers will masquareade behind 100.100.121.231 with private IP addresses using 172.100.0.0/24 space.
I can get this far. But now I have a handful of existing customers who have already been statically assigned public ip’s of 100.100.121.0/24 and have 100.100.121.1 as their gateway in their local routers. Maybe I am going about this wrong but I’d like to have my 2nd router simply pass these addresses on to the 1st router untouched and still nat the rest of my customers.
How do I accomplish this? I’ve been searching and reading for a month now trying to grasp this and I think I’m confusing myself the more I look at it. I’m new to all this and if I could see a working configuration it would probably make more sense to me. If anybody out there could post some step by step instructions I’ll buy you a steak dinner if you ever come to my town!
It seems like the easiest way to accomplish that exact situation (if you are intent on using a second router) is to simply leave everything in place as it is and add the second NATing router behind the first, but only put the NATed space behind it
|--customer A (100.100.121.2)
---------- |--customer B (100.100.121.10)
--internet--WAN-|router-1|-LAN (100.100.121.1)--|
---------- |
| ----------
|--WAN (100.100.121.231)-|router-2|-LAN (172.100.0.0/24)
----------
On a sidenote, 172.100.0.0/24 is public IP space. 172.16.0.0 - 172.31.255.255 is private.
Thanks for the tip on public vs. private. I’ll make some adjustments to that later once I figure this out and go live with it. The reason I want the 2nd router is this. I inherited a wireless network that spans dozens of cities. We are talking about 2000+ wireless radios. The entire network is bridged! For obvious reasons I want to unbridge it. So my intent is to segment the network into smaller areas so that problems such as broadcast storms don’t bring the entire network down like it does now. So when I say I’m adding a 2nd router I don’t mean its plugged into the 1st router. Its in another city. If theres a better way to go about this I’m willing to hear suggestions but right now I’m looking for a quick solution to breaking up the network into groups. I’d like each group to have its own dhcp server, but I still need to address the existing customers that have public statics in their routers already and are setup to talk to the first router.
So I’m hoping I can put a router in a city, turn on dhcp and issue private IP’s to most of my customers. The ones that request public static IP’s I figure I can give them statics and have them use the 1st router as the gateway. I just cannot figure out how to configure the microtik router to nat privates and still pass public statics through it.
I don’t see how you can logically segment those guys with static IPs away from the existing network. You’d have to either bridge them in directly via router interfaces (the new router has an outside interface and two insides, one of which is bridged to the outside, and the other being the NAT interface), or you’d have to build layer 2 tunnels that get bridged back on the original router. You can’t insert a layer 3 hop between a customer and his direct gateway.
