I have two public addresses from provider, for example 155.133.35.202 and 155.133.35.203 , gateway 155.133.35.201, network 155.133.200 , so far I have only used one address 155.133.35.202 , I need to set the other to work from only one address on the local network. I have an address 10.0.0.x , the computer on the network 10.0.0.198 (connected to ether5) is to use the address 155.133.35.203 , and the others further from the address 155.133.35.202. How to configure the router ?
Assuming something near a default configuration
I would create a new bridge, perhaps call it bridgewan2, turn off rstp on this new bridge.
It is only to hold ip addresses.
/interface bridge
add name=bridgewan2 protocol-mode=none
Create a new IP address on this bridge 155.133.35.203 network 155.133.35.203
/ip address
add address=155.13.35.203 network=155.13.35.203 interface=bridgewan2
Then create a source nat rule to srcnat from this address for the 10.0.0.198 address.
(You could use an address list for multiple)
/ip firewall nat
add chain=srcnat action=src-nat out-interface=ether1 src-address=10.0.0.198 to-addresses=155.13.35.203
Edit
You then need to move this firewall rule above the default masquerade rule (either in webfig or winbox)
Using a bridge as a local/loopback interface will not work if the addresses are presented directly - just add the addresses to the WAN interface, for example:
/ip address
add address=155.13.35.202/29 interface=ether1
add address=155.13.35.203/29 interface=ether1
Only if the additional addresses are routed via a single address do they need to be added to a loopback/local interface.
Yeah, that makes sense.
I think with this option it might be advisable to change the default masquerade rule
to a srcnat rule with to-address of 155.13.35.202
Otherwise, it could possibly choose either ether1 address for the masquerading.