Split IP Address Ranges - Router Config

Our ISP has assigned us two blocks of static IP addresses and I’m now having problems getting our Router configures correctly.

Original config

• 185.106.134.192/28
  
  
  
• Ports 1-6 assigned to Bridge 1 (DMZ)
  
  
  
• Ports 7-8 used for LAN behind firewall, NAT, Masquerade rules etc
  
  
  
• Bridge assigned IP address 185.106.134.194/28
  
  
  
• Upstream gateway provided by ISP is on Ether1 and has IP address 185.106.134.193
  
  
  
• Default route is via 195.106.134.193

That all works fine. Anything behind the firewall on the LAN has full internet access.
We’ve also got a computer in the DMZ with the static IP address 185.106.134.195 and netmask 255.255.255.240. That works also works perfectly

The ISP have now allocated us a second block of IP addresses: 185.106.134.160/28
We’ve set these up as follows

• Additional address added to the bridge 185.106.134.161/28
  
  
  
• Second computer in DMZ assigned static IP address 185.106.134.166 with netmask 255.255.255.240

This computer cannot access the internet although it can PING 195.106.134.195

What have I missed?

Hard to say without seeing the configuration export and the details of the configuration at the ISP side.

• as you mention a DMZ, I assume you have got some firewall rules in place, that may prevent the “second computer” from reaching internet
• there may be some issue with ICMP redirection - since both subnets are on the same bridge, the Mikrotik may be telling the “second computer” that a better gateway is available in the same L2 segment, but that gateway is outside the “second computer’s” subnet which may confuse it
• the same applies also for the ISP’s router - I’d assume they have configured it in a way that it has no own address in the …160/28 subnet and uses one of the addresses in the …192/28 subnet as a gateway to the …160/28 one - if so, it will receive the ICMP redirection packets too