public ip to my server behind MT ( no NAT)

ropeba · August 14, 2006, 9:09am

hi,

I have 128 (xx.250.108.128/25) ip addresses which I got from provider. Most of them I use for pppoe, but I would like to give couple of them to servers who are behind of microtic. I dont want to use nat but I want that ip’s are directly on servers. I try following: I add xx.250.108.128/29 to interface on which I connect servers

on servers I set

xx.876.250.108.129 subnet 255.255.255.248
xx.876.250.108.130 subnet 255.255.255.248
xx.876.250.108.131 subnet 255.255.255.248

everything works good for a couple of minutes and then all bandwith is being stopped. Does anyone can help me to solve this issue?

janisk · August 14, 2006, 10:00am

configure your nat to do not natting for these addresses, and check on routing in MT manual, thats all what you need

ropeba · August 14, 2006, 12:21pm

configured, but I still have some problem

tneumann · August 14, 2006, 9:17pm

Post the relevant sections of your config here (interfaces, ip addresses, routing), that’ll allow us to understand much better what is going on.

–Tom

ropeba · August 14, 2006, 9:38pm

servers are connected to interface LOCAL

tneumann · August 14, 2006, 9:57pm

It looks like the IP address on your LOKAL interface is equal to the network base address? The address 87.250.108.128 is the network address of 87.250.108.128/29 and should not be used as an interface address for any device, just like a (sub-)networks broadcast address should not be assigned to an interface.

Try assigning 87.250.108.129 to your LOKAL interface and move the server that is currently using that address to another, unused address and remember to change the gateway to 87.250.108.129 on all devices.

–Tom

ropeba · August 15, 2006, 9:14am

same again..I add 08.250.108.129/29 on local interface

on servers I have add:

server1: IP:08.250.108.130 gtw:08.250.108.129
server2: IP:08.250.108.131 gtw:08.250.108.129
server3: IP:08.250.108.132 gtw:08.250.108.129

everything works fine for about 5 minutes and then it has stopped again

savage · August 15, 2006, 10:24am

Looks to me like you’re just not subnetting correctly… The IP Numbers you use in the diagrams make no sense as to how you split your subnets.

Have a look at this and see if you can assign IP addresses based on these networks/netmasks… It should work

Everything you get from your provided, we split this in a 50/50 cut

Everything:
Network:   87.250.108.128/25
HostMin:   87.250.108.129
HostMax:   87.250.108.254
Broadcast: 87.250.108.255

The first 50% of your IP addresses, are split 50/50 again, giving us to /27 allocations. One is reserved (30 Addresses), the other, we continue to split on a 50/50 basis. Thus it gives us two /28’s.

Local:
Network:   87.250.108.128/28
HostMin:   87.250.108.129
HostMax:   87.250.108.142
Broadcast: 87.250.108.143

The below gets routed and assigned to your “servers”

Servers:
Network:   87.250.108.144/28
HostMin:   87.250.108.145
HostMax:   87.250.108.158
Broadcast: 87.250.108.159

The /27 that is reserved.

Reserved:
Network:   87.250.108.160/27
HostMin:   87.250.108.161
HostMax:   87.250.108.190
Broadcast: 87.250.108.191

The last halve of your /25 is allocated for PPPoE

PPPoE:
Network:   87.250.108.192/26
HostMin:   87.250.108.193
HostMax:   87.250.108.254
Broadcast: 87.250.108.255

ropeba · August 15, 2006, 11:38am

If I understund you well, on interface which goes to my provider I need to add address that is given to me from my provider 87.250.126.210/30 and other addresses 87.250.108.128/25

then, on “local” interface I should add 87.250.108.128/28

on interface for server I add 87.250.108.144/28

and then I need to create pool for pppoe which need to have addresses from 87.250.108.161 to 87.250.108.254

is that correct?

savage · August 15, 2006, 12:01pm

Yes, that is fundamentally correct.

Does your provider link to you with 87.250.126.210/30 ? That makes this whole execersise even easier…

The Interface going to your provider: 87.250.126.210/30 - ensure you can ping the remote end of your provider.

Then, you have 87.250.108.128/25 to play with. I won’t recommend that you put IP addresses from two different networks on the same interface. That won’t route properly either.

So you have your link to your provider already on the ULAZ Interface. Then, assign as per my example, 87.250.108.128/28 to your LOKAL Interface, 87.250.108.144/28 to your “Servers” Interface - which seems to be non existant in the pics you posted, and the last /25 goes to your IP Pool used to offer IP addresses to your PPPoE clients yes.

The most important thing here is to have good governance regarding network designing. 1 Interface = 1 IP Network. You seem to have to few Interfaces to do everything you want to.

I’d also move the 10.0/16 and teh 192.168.0/24 to dedicated Interfaces, and add a seperate Interface for the “Servers” section that you need.

The routing will definately work on the numbers I’ve provided above in regards to the subnets. You may have undesired results however, as multiple IP networks will share the same interfaces, but that’s something seperate we can address later

ropeba · August 15, 2006, 5:43pm

yes, my provider is give to me 87.250.126.210 for my mikrotik router, and he gave to me 128 IP addreses( 87.250.108.128/25). I have add 87.250.108.129/29 on interface where I’m connecting server, i set 87.250.108.130 to my server. I ping mikrotik (87.250.108.129) from server and everything works good for some time but after a while server is louse connection to internet and mikrotik (87.250.108.129) does not answering to ping. After that, I go to mikrotik with pppoe connection, delete IP address (87.250.108.129/29) from interface on wich servers are connected, then I add again that IP address on same interface, and that works just for some time (30 min…).