I have a /29 routed over a /30 that I would like to route to a bridge that also serves private IP addresses on a lan. I have had this working before, but I am having trouble figuring out where I am going wrong now.
Here’s a basic diagram of a portion of the network:
These are the settings I think are correct, but I’m not sure:
you assigned the same ip address & network address, this may cause issues. set different ip address like 69.174.131.177/29 for example. on all devices that use this subnet, set 69.174.131.177 as default gateway.
anyway i don’t recommend you mix between public and private subnet in one bridge, separate it as lan & dmz by putting it on different bridge. assign 10.0.1.1/24 to bridge1-lan and 69.174.131.176/29 to bridge2-dmz for example.
Thank you very much. It was right in my face. That fixed it. I guess I was thinking that adding the address and subnet would do it all.
I know it’s not recommended to do that, but until I replace that unmanaged switch with a managed switch, I’m kind of stuck with where things are. It’s kind of hard to do a vlan to get to that PBX server location without a managed switch, and I can’t really move hardware around much with how things are at the moment. Sometimes we do what we have to.
I was wrong. That didn’t help. I forgot to fully submit the change on the host.
Okay, so what should I be changing the address to in order to get it to route through to the 69.174.129.201 gateway? I have 8 IP addresses, and since I’m not making them into a network, I should be able to use all of them. So I tried changing to, for instance, address: 69.174.131.176 and I have tried three different gateways: 69.174.129.202, 69.174.129.201, and 10.0.1.1. None of them seem to work.
If you use it as standard subnet (that’s what you do when you assign /29 to some interface), then 176 is network address and 183 is broadcast. Both are wasted, there’s no completely clean way how to use them. Then one of 177-182 is on router. It doesn’t matter which one, I usually use the first one, so let’s say it’s 177, as was already suggested. It leaves you with 178-182 available for other devices. Give them of these addresses with same /29 netmask and use 177 as gateway. That’s it.
The router has the address of 69.174.129.202 from the /30. It is set as the 0.0.0.0/0 route. All I need to do is have my traffic from the host not be masqueraded, and the route be recognized by the router in order for it to get to and from the host. The router of the ISP sends all traffic to every one of those /29 addresses to my router, and my router then decides what to do with them.
This is why I was using the 10.0.1.1 gateway on the host. I had all this working before for about a month, but now it’s not.
This can’t work because host doesn’t know how it can reach the default gateway (there’s no way it can deduct that default gateway is in fact in the same L2 network). There are some dirty tricks to try to actually use 10.0.1.1 as gateway but I’m not sure exactly how the settings on hosts should look like to make the scheme work therefore I’m not going to write exact recipe here.
assumed the ip subnet of 69.174.131.176/29 is routed to 69.174.129.202 by your isp.
in that case, you can try to put all the server in your lan subnet, use ip private address of 10.0.1.x/24 with default gateway of 10.0.1.1
then, make a port forward/reverse nat on the mikrotik firewall, for example:
change the 10.0.1.x with lan ip address of your server.
this makes the ip address of 69.174.131.179 is being held by mikrotik router, traffic destined to this address will be forwarded to its lan private ip address of 10.0.1.x.
with this, no public ip addresses will be route inside your lan and you don’t need to setup a dmz. the server is using lan ip address and can be accessed from lan using that private address. the public ip address only be used to access the server from outside the lan or the internet.
Thanks alexanwar. It appears you are suggesting 1:1 nat, although you only got one side of it. There was some trouble with my voip traffic getting slowed down to the point of being detected as a disconnection while doing that prior, so I am trying to avoid that.
I guess it isn’t clear in my diagram, but the PBX server has two physical interfaces. I’m not trying to give two IP addresses to the same physical interface. Not that it matters usually, but it seems to matter in this scenario.
