Routing public range to hosts behind the router

RouterOS General
1

Hi,

I do not know what i am doing wrong. I am trying to configure mikrotik to distribute public 29 subset to hosts behind the router.
I have go from my ISP one subnet for nating and one subnet for published hosts.

my GW is configured on ether1 ( let say 144.0.0.0/29 for nated uses and 132.0.0.0/29 for public hosts )

my local network (192.168.88.0/24 ) is configured on ports ether2, ether3 and spf1 and works well.

i have 2 bridges : bridge1-LAN( ether2,ether3,spf1) and bridge1-WAN ( ether1, vlan2 - via spf1 )

I would like to configure vlan2 as wan vlan with dhcp assigning public ips

I achevied

  • WAN DHCP distributes proper public ip to hosts on vlan2
  • i can ping this host from mikrotik
  • i have no communication between internet and mentioned host

I set arp proxy on bridge1-WAN, ether1, sfp1 and vlan2

configured ip address

ADDRESS NETWORK INTERFACE

0 192.168.88.1/24 192.168.88.0 bridge1-LAN
1 144.0.0.1/29 144.0.0.0 ether1
2 132.0.0.1/29 132.0.0.0 bridge1-WAN

routes

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 144.0.0.1 1
1 ADC 132.0.0.0/29 132.0.0.1 bridge1-WAN 0
2 ADC 144.0.0.0/29 144.0.0.1 bridge1-WAN 0
3 ADC 192.168.88.0/24 192.168.88.1 bridge1-LAN 0

Could You help me, because i cant sleep because of that.

2

First, what you posted can’t work at all. You probably overdid it with masking your real addresses, because if 144.0.0.1 is default gateway and at the same time is assigned to your router (144.0.0.1/29 on ether1), there’s no way how anything can connect to internet.

Next, you should provide some info, how exactly you get those /29s from ISP. There are two ways. Either the subnet is on your WAN, ISP’s gateway has address from it, and yours to use are only other hosts. Or the whole subnet is routed to you, i.e. there’s some different connecting subnet between you and ISP, and they add route to /29 via your router’s address. Second option is better, because it gives you more control. From what you posted, it looks more like the first one. But it can also be mixed, one /29 on WAN and /29 routed. So try to clarify that. Just to be sure, because putting both on WAN seems like kind of a stupid move on ISP’s side.