Public Address on Lan

RouterOS Beginner Basics
1

Hello,
I’m looking for some suggestions on how to use a public address on the lan side of the network.
I have a CRS125, Routeros 6.34
Suppose ISP provides a public IP subnet 211.100.200.152/255.255.255.248 for us, and the gateway IP is 211.100.200.158. The public IP addresses we can use are between 211.100.200.153 to 211.100.200.157.
how to set up a non-NAT subnet so that the server behind Mikrotik can use the public IP address 211.100.200.154.

2

NAT on internal networks can be always avoided by using routing, and viceversa.

See this post: http://forum.mikrotik.com/t/assigning-static-public-29-sub-net-to-lan-internal-network-ips/93359/1

You can accomplish the same, just make each public IP on each server a /32 (create an empty loopback or dummy device)

Are all servers on the same segment? Post a diagram (hand drawn is fine) of your network.

3

Network.jpg

4

Do you control the servers? Which OS are they using?

Is it your network switched or routed? I mean, there is Layer2 connectivity between server2 at the CPE end and the CRS?

The more centralized way of achieving this while saving on IPs would be by setting a PPPoE server, you’ll need layer2 between them and the CRS though.

You’ll need to set the .158 on the CRS, create an empty bridge for this (this will be a loopback interface), and assign the .158/32 to it. Why do this? to save on IPs: you will have a public ip on the CRS, not tied to any specific interface.

Then you can either set up the PPPoE server and manage everything in a centralized and “automatic” manner, or manually setup private “transit” IPs, (your already existing /24 links for example) from servers to the CRS, setting routing at both ends.

If you go the PPPoE way, use a Local IP not assigned to any interface, you can completely make it up, and doesn’t have to be a public one, don’t waste one for that. Specify the remote public IP for each server on its PPP user profile so that they always get the same public IP, set the pppoe interfaces on the servers and you’re done.

To accomplish the same manually, it will depend on your server’s OS; I assume they already have private IPs, isn’t it?

Say CRS is 192.168.0.1/24, server 1 is 192.168.0.10/24 and server 2 192.168.0.20/24.

  • Create a dummy or loopback interface on the servers, and assign the public ip, say server 1 is 211.100.200.153/32, server 2 211.100.200.154/32

  • Add routes on the CRS:
    To server 1: dst-address 211.100.200.153/32 gateway 192.168.0.10
    To server 2: dst-address 211.100.200.154/32 gateway 192.168.0.20

  • On the servers:
    If servers already have private IP on the CRS as default gateway (192.168.0.1) that’s all.