Routing public IP addresses odd behaviour

I have 2 routers as follows;

Router1 - connected to the internet. Static route for 123.123.123.16/28 (made up) to Router2.

Router1 ETH9 10.100.0.101/30 > Router2 ETH5 10.100.0.102/30

I have added IP addresses from the /28 to Router2 ETH5 as required ie 123.123.123.17/28, 123.123.123.17/28, 123.123.123.18/28 etc.

Here is the odd issue.

The only way I can use the individual /28 addresses is to add them to Router1 1st and then remove them. It’s as if I have to tell Router 1 they are in service, however I thought I had already done that in my static route.

DST-ADDRESS		    	GATEWAY
123.123.123.16/28               10.100.0.102              1

Is there another way I need to advertise addresses please? what am I missing?

Thank you

So, your /28 allow you to have 14 hosts.
As far as I can tell, you have a 123.123.123.16/28
You assign 123.123.123.17/28 to your bridge and 123.123.123.18/28 123.123.123.19/28 etc to clients behind the bridge.
Correct so far?

I haven’t actually assigned an address to the bridge as I have created a static route so I didn’t think it was neccessary and a waste of an IP. Perhaps this is where I am going wrong?

Devices, using those public adresses, need a route back to internet via their gateway. The easiest way is to assign one of those addresses to the bridge and use it as gateway address for the rest.
Another possibility is to use point-to-point routing (both ends use completely unrelated addresses), but that’s slightly more complicated to setup - not all devices support that in same way.

Thank you for your reply.

I have updated the config as follows;

Router 1 ETH10 123.123.123.2/28 (Cisco upstream 123.123.123.1)

Router 1 ETH9 (bridge to Router 2) 123.123.123.17/28
Router 2 ETH5 (bridge to Router 1) 123.123.123.18/28

Router 1. Deleted the static route as this is dymanic now from IP addresses.
Router 2. Static route 0.0.0.0/0 123.123.123.17

Anything else I need to add?

Anything else I need to add?

Yes. Several hours at least on https://wiki.mikrotik.com/wiki/Manual:TOC

As I said earlier:

So, your /28 allow you to have 14 hosts.

From 1 to 17 there are more than 14 hosts
If that 123.123.123.?/28 is a real public subnet, you can only use 14 hosts (IP addresses)
If your subnet is 123.123.123.16/28, your will have 123.123.123.17/28 on bridge and another 13 for devices with public IPs on that bridge, like 123.123.123.18-30
See https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=28&cip=123.123.126.16&ctype=ipv4&printit=0&x=70&y=24

The example IPs I am posting are causing confusion for myself.

I have setup many Miktorik routers but only using PPPoE or Ethernet. I have never used a router behind a router and this is where I am getting in a muddle. I am sure it’s so simple but I just cannot see the wood from the trees. Sorry!

Please be patient with me while I start again. This time using IPs closer to my actual ones so I don’t confuse myself and everyone else!

123.123.123.192/27
Subnet Mask 255.255.255.224
Default Gateway 123.123.123.193 (Cisco)
First Usable 123.123.123.194/27 (Router1 ETH10)
Last Usable 123.123.123.222

I would like to give Router 2 a /28.

Here is what I have so far.
Router 1 (ETH9) 123.123.123.209/28 > Router 2 (ETH5) 123.123.123.210/28

Router 2 static route 0.0.0.0/0 > 123.123.123.209

Thanks again

The Cisco expects to be able to make an ARP request for any address from .194 to .222. As you are routing the upper half of a physical /27 subnet elsewhere ARP requests will fail, you need to enable proxy ARP on the router 1 interface connected to the Cisco.

Proxy ARP is also required if you hand out individual addresses from an physical subnet to PPPoE or VPN clients.

Thank you very much I will try this.

Other than this I cannot see what I have done wrong.

@tdw Thank you so much for the explanation and not making me feel an idiot. You were indeed correct. I would have never of found that without your help.