Two WAN IPs

RouterOS General
1

I have an RB2011UiAS-2HnD Mikrotik router.

I have a Billion modem which is set on pure bridge mode. My Mikrotik is obtaining a public dynamic IP (196.x.x.105) using PPPoE which I am NATing to my internal devices on network 192.168.1.0

There is a second public static IP (196.x.x.198/30) that I can use from my Internet service provider, which I would like to give to a server also located behind my router without using NAT.
Network ID 196.x.x.196
Public IP 196.x.x.198
Subnet 255.255.255.252
Gateway 196.x.x.197
Broadcast Address 196.x.x.199

I have NAT enabled and I have DHCP server on network 192.168.1.0 enabled.

I set up a second subnet on my Mikrotik

  1. I removed port 10 from the bridge and made sure it had no master port.
  2. I added 196.x.x.198 to a separate IP Pool.
  3. In address list, I assigned IP address 196.x.x.197/30 and network 196.x.x.196 to port 10 (this changed my router’s local IP address to 196.x.x.197 and Netmask to 255.255.255.252 (/30))
  4. I added a new DHCP server and used the 196.x.x.198 as the address pool
  5. I added a new network using the following settings:
    IP address 196.x.x.196/30
    Gateway 196.x.x.197
    Netmask 30
    DNS servers 8.8.8.8 and 8.8.4.4

When I connect with the server on port 10, I get the following:
IP address 196.x.x.198
Subnet Mask 255.255.255.252
Default Gateway 196.x.x.197
DHCP Server 196.x.x.196
DNS Server 8.8.8.8 and 8.8.4.4

I am able to connect to the web from the server machine, but unfortunately, when I visit a site such as www.showip.com I get my dynamic public IP address 196.x.x.105. If I were to turn off NAT and visit www.showip.com, I would get my static public IP 196.x.x.198 but my other local machines on the 192.168.1.0 network are not able to access the web.

So basically, I need two networks on my Mikrotik

  1. Dynamic Public IP address 196.x.x.105 Nated to my local 192.168.1.0 network
  2. Static Public IP address 196.x.x.198 routed to port 10 for exclusive use by the server

Thank you in advance.

Sam

2

What happens when you configure your NAT (I assume it is an action=masquerade rule) with src-address=192.168.1.0/24

3

I’m not that technical. I did read up a lot though and correct me if I am wrong, but I should have the NAT disabled and then do masquerade to “NAT” my local IPs to the Dynamic Public IP 196.x.x.105 and that may clear my issue.

I looked up info on how to masquerade, but that did not have action masquerade. I added two NAT rules:

  1. In dstnat chain from Dst Address 196.x.x.105 with action to dst-nat to address 192.168.1.0/24
  2. In src chain from Src Address 192.168.1.0/24 with action to src-nat to address 196.x.x.105

Now this allowed the local network machines to access the Internet with my 196.x.x.105 IP and the server to access teh Internet with my 196.x.x.198 but I couldn’t forward ports etc and I was not sure if I was doing it right.

If there is any type of wiki that I can follow to properly setup masquerade, I’d appreciate it. It is very important that in my setup I can forward ports, etc to my local network including to server with the Static Public IP address 196.x.x.198. If that is not possible, then I have no problem with the server being fully open to the Internet with nothing more than it’s own firewall.

Thank you.