I have a new 2011 installed as the gateway on our wireless network with about 120 users. I’ve set it up to assign dhcp addresses to users but I have one connection that requires a static address and a separate external address & I’m not sure how to set that up. The external address is xxx.xxx.151.4 and the internal dhcp pool is 10.0.2.0/24 (the wireless network is ubiquity radios on a 10.0.4.0/22 subnet). I want have the additional external address xxx.xxx.151.10 connect through to the static address 10.0.10.2/30, gateway 10.0.10.1/30. We previously had this user connected through snat on a Vyatta gateway but it’s not clear to me how to do that on the RB2011.
Use src and dst nat rules to translate between the public and private addresses on your gateway router (I assume the public address is routed to your gateway router).
e.g. in Winbox, IP>Firewall>NAT
+
Chain: Srcnat
Src Address: <private>
Action: src-nat
To Addresses <public>
OK
+
dstnat
dst address: <public>
Action: dst-nat
To Addresses: <private>
OK
In your specific case, = x.x.151.4 and = 10.0.10.2
Make the IP allocation for that particular machine Static in the mikrotik DHCP Server (in winbox, IP>DHCP>Server>Leases, find the relevant machine, click Make Static).
I assume your routeing/firewalling are otherwise OK.
Thanks - worked fine. This is what we had on the far less sophisticated Vyatta gateway we previously had but there it only required a simple dnat and snat rule. A couple of additional notes for the MicroTik OS: The dnat and snat rules in IP/Firewall/NAT have to be moved above the general masq rule for the dhcp service (otherwise the connection is masqueraded to the principle external gateway address) and they shouldn’t be associated with an interface. My initial try I associated the snat with the ether1-gateway which didn’t work.