Routing Public IP address

eanjoy · July 14, 2010, 7:01pm

We need to route public IP address through Mikrotik to a Bio Metric interface so that the client can view it any where in the world

fewi · July 15, 2010, 2:08pm

Not enough details. What’s your network layout? Draw a diagram and attach it to the thread.

tgrand · July 16, 2010, 8:08pm

Routers just pass the data on to the next hop, therefore routing public addresses is not a problem at all.
I would suggest using OSPF for the routing protocol and use PPPoE to connect the device (Biometric Scanner).
Have your Gateway provider route the public address through your gateway address.

eanjoy · July 17, 2010, 2:32pm

My Mikrotik Router has for example 192.168.150.10/29(not the real ip for security reasons) as the public ip the Vsat modem has
192.168.150.9/29
2. My Mikrotik server has 3 interface cards that is eth0 having 192.168.150.10/29 connecting to the Internet
3. Eth1 172.16.100.1/30 connecting to the back bone AP which has 172.17.100.2/30 running PPPoE server
4. Eth2 192.168.60.1/24 connecting to my LAN
5. I have a remote office about 10 Miles away connected to the 172.17.100.2 AP
6. the bio metric scanner is on 10.5.0.10/24 network

Now we have that Bio metric scanner which has an HTTP interface as in you can use http://10.5.0.10 to get to it, what we need is to give it a public ip address (192.168.150.12/29) to be able to view it from anywhere in the world.

I hope this is clear enough

fewi · July 17, 2010, 5:20pm

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Destination_NAT

That’s simple destination NAT.

/ip firewall nat
/ip firewall nat add chain=dstnat dst-address=10.5.0.10 action=dst-nat to-addresses=192.168.150.12
/ip firewall nat add chain=srcnat src-address=192.168.150.12 action=src-nat to-addresses=10.5.0.10

Make sure that srcnat line is above any other srcnat lines you probably already have. You must also add 192.168.150.12 to the interface facing the DSL modem (you can add multiple IPs on the same network to an interface).

eanjoy · July 18, 2010, 6:45pm

Fewi
Thanks please see the diagram below it will explain alot
Routing Public IP.pdf (176 KB)

fewi · July 18, 2010, 7:15pm

The configuration I posted didn’t work?

Does the Internet router have a route to the end device, or are you NATing on the back bone?

eanjoy · July 18, 2010, 9:41pm

I needed you to see the whole layout and ask you will it work on all the 3 AP’s through the mikrotik to the client Bio metric

fewi · July 18, 2010, 9:59pm

It should.

eanjoy · July 18, 2010, 10:03pm

Thanks ill do that just now and give you the updates one more thing i need to redirect an ip address to our webserver and after disconnection

fewi · July 18, 2010, 10:11pm

Same principle applies. Though I don’t know what the “after disconnection” part means.

eanjoy · July 19, 2010, 10:10am

Doesnt work

[admin@WORX] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=src-nat to-addresses=10.5.0.10 src-address=192.168.150.12
1 chain=srcnat action=masquerade

2 chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80

3 chain=dstnat action=dst-nat to-addresses=192.168.150.12 dst-address=10.5.0.10
[admin@WORXl] >

fewi · July 19, 2010, 1:38pm

Does the scanner work on port 80? You said it uses HTTP. You have a dstnat rule that rewrites port 80 and would fire first. Disable it, try again. Also, you have to test this from outside your network.

If it’s still not working sniff traffic on every hop and see how far you make it. In theory this works as long as the Internet router knows how to reach the scanner (i.e., has routes to it). If the traffic isn’t making it something between the two is configured to block it.

eanjoy · July 19, 2010, 6:22pm

Fewi
I managed to get round all this had to do some routing (Major) and change some commands in a nut shell the below is what i swapped and it works like charm through PPPoE

[admin@WORKX] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=src-nat to-addresses=10.5.0.10 src-address=192.168.150.12

1 chain=dstnat action=dst-nat to-addresses=10.5.0.10 dst-address=192.168.150.12

[admin@WORKX] >

fewi · July 19, 2010, 6:30pm

I’m glad it’s working.

eanjoy · July 19, 2010, 6:37pm

Fewi
One more thing
i need to redirect an IP address say 1.1.1.10/32 to a webserver on my network when the service is diconnected or when we are doing upgrades to the system

How do i go about this i have tried using proxy but i fail

fewi · July 19, 2010, 6:47pm

http://forum.mikrotik.com/t/mikrotik-advertise-url-with-pppoe-environment/35755/1

That outlines the general idea of using the web proxy to show messages to users. You should be able to adapt it to your environment.