Internet provider ------ antenna A-DynaDish 5 |---(( .........))---| antenna B-DynaDish 5 -----------MikroTik router------multiple 192.168.X.0/24 internal networks

Hello guys, I would like to ask you for some help with network design and some basic configuration
.
I am getting just one public IP address from ISP and I would like to have it available on MikroTik router, if possible (I think that it's not, but want to be sure).

I have a topology above and here is the problem:
- if I set antenna A to wireless mode 'bridge', same as antenna B, it is not a problem to set DHCP client on MikroTik router, interface towards ISP (let's call it outside)
- this MikroTik router will act as DHCP server for multiple internal networks and will do src-nat for that networks
- antenna A is on a place with very limited access, so my primary goal is to have the access to this antenna using public IP from ISP
- I assume there is no possibility to have public IP also on outside interface on MikroTik router and also on any interface of antenna A (as I am getting just one public IP from ISP)

- so based on that, I would say the only way is to set DHCP client on ethernet interface of antenna A (to make sure this antenna is accessible from Internet in case radio link between antennas is down for any reason)
- set 10.0.0.1/29 on wlan 1 on antenna A and 10.0.0.2/29 on bridge1 on antenna B (this bridge contains ethernet and wlan1 interface)
- set 10.0.0.3/29 on outside interface on MikroTik router, default route pointing to 10.0.0.1
- set src-nat to IP on ethernet interface on antenna A

Is this design OK, or do you think it is possible to make it easier?

Hi

Just two remarks:
* natting will need to be done at antenna A. Depending on the traffic amount, that can be taxing, as DD5 isn't that powerful. Have you considered putting a small router (ex: hex gr3) in between internet & dd5 A? then both DD5's can be in pure bridge
* "set src-nat to IP on ethernet interface on antenna A" did you meant to do that on MR at the back? I woudn't

Cheers

Easier: get IPv6 from your internet provider and use it to manage the antennas. then you have enough addresses to directly access your antennas and you can
still bridge the IPv4 address over both antennas to your router. Plus of course a second subnet of IPv6 is present at your LAN side and can be used there.

No IPv6 at your provider? Tell them they are from the past century and find a more uptodate provider.

Easier: get IPv6 from your internet provider and use it to manage the antennas. then you have enough addresses to directly access your antennas and you can
still bridge the IPv4 address over both antennas to your router. Plus of course a second subnet of IPv6 is present at your LAN side and can be used there.

Yes, this is easier way, I fully agree

No IPv6 at your provider? Tell them they are from the past century and find a more uptodate provider.

Unfortunately, there is no other option and provider does not provide IPv6. But this situation is with almost every ISP here, unfortunately

So, what is your recommendation now? Is the design OK?

* natting will need to be done at antenna A.

That's what have I already written

Depending on the traffic amount, that can be taxing, as DD5 isn't that powerful. Have you considered putting a small router (ex: hex gr3) in between internet & dd5 A? then both DD5's can be in pure bridge

What do you mean by taxing? any accounting? If yes, then my answer is no, no accounting at all, just pure routing.

* "set src-nat to IP on ethernet interface on antenna A" did you meant to do that on MR at the back? I woudn't

I mean to do that on DD which has direct connectivity to internet from ISP. I think without that there will be no internet connectivity on DD which is at remote location (antenna B on the scheme above)

Thank you

depending on the throughput, and tasks, natting, conntracking, mangling?, queuing?, wireless retransmissions, the CPU might not be fast enough

on DD just natting, no mangling/conntrack/marking...

Unfortunately, there is no other option and provider does not provide IPv6. But this situation is with almost every ISP here, unfortunately

So, what is your recommendation now?

Call your ISP and ask them when they will roll out IPv6 and to be on their pilot program for that.

[/quote]
Call your ISP and ask them when they will roll out IPv6 and to be on their pilot program for that.
[/quote]
That's what have I already suggested, but they have no plan for IPv6 deployment. So till that time, does the design created by me looks OK to you?

I agree with sebastia. You provide no spec of the speed requirements so it is impossible to say if it will work.