I want to route public IPs subnet behind MikroTik router (RB1200) with masquerading of MAC-addresses.
First interface of my router connected to datacenter core router, 2nd port - to my local network. In local network I have servers with public white IPs on network interfaces (NOT private subnet).
I want to route/gateway this addresses to datacenter network, but I cant send MAC-addresses of this interfaces to DC network, because on DC core enabled port security/mac filtering.
I cant use classic NAT, because I need to have real IPs on servers interfaces, not private IPs.
According to this, both known by me variants (NAT and bridge) seems invalid.
Are the subnets for local users and subnet for datacenter the same? (Or - are IP addresses for both interfaces of your router in the same subnet?)
If not - you simply DO NOTHING . No NAT is needed for public IP’s, and no bridge is needed if they are different subnets. It’s simply IP routing!
In 7-layer OSI model:
Layer 2 - ethernet/wifi/dsl/etc. frame with MAC addresses
Layer 2 devices are switches and bridges
Layer 3 - IP packet with IP addresses
Layer 3 devices are routers
Each router, computer, etc. (= each layer3 device) changes source MAC (layer 2) of outgoing packet to MAC of the outgoing interface. So each time a packet leaves an IP subnet and goes to another IP subnet (changes broadcast domain) - it is done on a layer 3 device, changing MAC addresses. MAC’s are visible only inside the subnet, it is normal behavior.
You just need to be sure, that the datacenter core router (gateway for the datacenter network?) have IP route for the dst-addresses from the local subnet through your RB1200 (either simple static routing or OSPF/RIP)
. No NAT is needed for public IP’s, and no bridge is needed if they are different subnets. It’s simply IP routing!