Community discussions

MUM Europe 2020
 
mcisar
just joined
Topic Author
Posts: 18
Joined: Fri Mar 20, 2015 5:51 pm

Configuring Static IPs and routed IP blocks on Mikrotik RB493G

Sat Jan 02, 2016 10:49 am

I've had quite a bit of experience with using Mikrotik as a NAT/SOHO device but I'm now involved in a project that requires that (at least part of) my configuration is more of a true router, with the addition of IPV6 on top of the equation. I'm having a little more of a problem wrapping my head around the concept than I anticipated so I'm hoping someone can give me a quick rundown on how to accomplish what I need. I'm sure I've way over-complicated it in my head which is what has gotten me totally confused. The router in question is an RB493G.

The provider has provided the following addresses for the point-to-point link (all subnets shown in example are fictitious to protect the innocent and/or confused :-) but the IP address (last octet) and CIDR/netmasks are valid)....
1.1.1.32/30... .33 is their router's IP and .34 is my router IP
2001:1:1:1::/126... ::1 is their router's IP and ::2 is my router IP

They have statically routed IP blocks to me as follows...
2.2.2.96/27 to 1.1.1.34
2001:2:2::/48 to 2001:1:1:1::2

The provider's link will connect to ether1. Ether2 will connect to an external switch (Switch1) and be used for LAN (NAT, firewall, etc...LAN IPs will likely be 10.0.0.0/22 or 10.0.0.0/24). Ether3 will connect to an external switch (Switch2) for servers directly on the public internet.

The IPV4 /27 ip block needs to be split into two /28's one of which will serve as the public IP's for the NAT network on ether2 and the other one routed out ether3 to be used by whatever public devices connect to that switch. Likewise the IPV6 /48 block needs to be split up with one /64 block routed to the LAN (ether2) and the remainder of the subnets to routed to the switch on ether3

All hints, pointers, examples are greatly appreciated.

Cheers,
Mike
 
User avatar
pukkita
Trainer
Trainer
Posts: 3002
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Configuring Static IPs and routed IP blocks on Mikrotik RB493G

Sat Jan 02, 2016 12:02 pm

Not your exact scenario, but the technique (to optimize public IP addresses usage) shown in this post http://forum.mikrotik.com/viewtopic.php?f=2&t=102623 is the same.

Draw a diagram (hand drawn is more than fine) of your projected setup including any other routers on your lan and post it here so that we can use it as a reference to guide the thread...
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
mcisar
just joined
Topic Author
Posts: 18
Joined: Fri Mar 20, 2015 5:51 pm

Re: Configuring Static IPs and routed IP blocks on Mikrotik RB493G

Sun Jan 03, 2016 9:14 am

Draw a diagram (hand drawn is more than fine) of your projected setup including any other routers on your lan and post it here so that we can use it as a reference to guide the thread...
Thanks Pukkita... here's a quick drawing of the IPV4 layout for starters, I'll draw up the IPV6 side when I get another few spare minutes.

Image

I can set up the point-to-point link on ether1 no problem, and configure the LAN and associated NAT on ether2... what's I can't quite figure is how to accept the /27 subnet that they are statically routing to me on ether1 and then further subnet it into two /28's... then routing one of the /28's to the public side of the LAN/NAT setup on ether2 while routing the other directly out ether3

Cheers,
MIke
 
deejayq
Member Candidate
Member Candidate
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: Configuring Static IPs and routed IP blocks on Mikrotik RB493G

Sun Jan 03, 2016 1:14 pm

first of all you can't use 2.2.2.113 on one of the servers, it has to be assigned to ether3 like 2.2.2.113/28, the servers will get ip's from 2.2.2.114 to 2.2.2.126, all having netmask 255.255.255.240 and gateway 2.2.2.113.
i don't see the need for 2.2.2.96/28 if you are NAT'ing on ether1, you should asign to ether2 10.0.0.1/24 and the computers connected to ether2 ip's from 10.0.0.2 to 10.0.0.254, all having netmask 255.255.255.0 and gateway 10.0.0.1.
then add a rule to masquerade on chain srcnat, out interface ether1 and source address 10.0.0.0/24.
be sure you don't have ether2 and ether3 in the same bridge.
 
mcisar
just joined
Topic Author
Posts: 18
Joined: Fri Mar 20, 2015 5:51 pm

Re: Configuring Static IPs and routed IP blocks on Mikrotik RB493G

Wed Jan 06, 2016 8:27 am

first of all you can't use 2.2.2.113 on one of the servers, it has to be assigned to ether3 like 2.2.2.113/28, the servers will get ip's from 2.2.2.114 to 2.2.2.126, all having netmask 255.255.255.240 and gateway 2.2.2.113.
i don't see the need for 2.2.2.96/28 if you are NAT'ing on ether1
Point taken with regard to .113. Insofar as the need for the .96/28 subnet perhaps my diagram oversimplified the NAT side of the equation... there are multiple devices behind the NAT which are not vanilla workstations and which will receive port forwards from the outside world. The majority of which will share a public IP, but a number of which require their own public IP.

Cheers,
Mike

Who is online

Users browsing this forum: Google [Bot] and 37 guests