Community discussions

 
kd7vea
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Dec 08, 2017 7:52 pm

I need to set up my second static public IP for my mail server

Fri Feb 01, 2019 10:52 pm

I know there is a Wiki out there somewhere that explains this, but I am having trouble finding it. I think I need a 1:1 NAT, but I'm not sure. I have 2 static IPs from my ISP, x.x.x.99, and x.x.x.100. right now everything in the house and all of my servers are using x.x.x.99. I am no running a mail server and it needs its own Public IP, so I have x.x.x.100, but I'm not how to set this up I will add my mail server to eth4, but I'm not really sure how to set up that port to work with my x.x.x.100 IP. can someone point me in the right direction?
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: I need to set up my second static public IP for my mail server

Sat Feb 02, 2019 5:20 am

Will the mail server be on the same LAN as the rest of your stuff at home or will be it be on a separate LAN? If it will be on a separate LAN, it's really easy.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
kd7vea
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Dec 08, 2017 7:52 pm

Re: I need to set up my second static public IP for my mail server

Sat Feb 02, 2019 8:25 pm

The mail server will be on its own LAN. I have part of this figured out, but I'm not sure how this is going to work. The DHCP server at my ISP has to hand out the address to the interface so in the quick set tab, I set acquisition to automatic.and that worked great, so I created a new bridge with ports 6 and 7. 6 for WAN, 7 for LAN. the only thing I can't figure out now is if I can set interface eth 6 to acquire an address from the ISP DHCP server. There is no way around this. if their server doesn't assign the address, I will not connect to the network. If this cant be done, I will have to use a second router. Can this be done?
 
anav
Forum Guru
Forum Guru
Posts: 2967
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: I need to set up my second static public IP for my mail server

Sat Feb 02, 2019 9:27 pm

Was looking at this topic in another thread cant remember which one right now but its essentially how to configure a second or more IP from the same provider but
a one to one mapping.................... Read up on netmap as it may have some ideas.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
kd7vea
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Dec 08, 2017 7:52 pm

Re: I need to set up my second static public IP for my mail server

Sat Feb 02, 2019 10:14 pm

Thanks anav, but is this going to work for me where the ISP DHCP server must assign my public IP to the interface? I am up and running on a second Mikrotik for now, but if I cant set eth6 to automatically be assigned an IP, I am going to have to purchase another Router.
 
anav
Forum Guru
Forum Guru
Posts: 2967
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: I need to set up my second static public IP for my mail server

Sat Feb 02, 2019 10:57 pm

If its a static IP, then you know what it is............... Should not need to buy another router!!!
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: I need to set up my second static public IP for my mail server

Sat Feb 02, 2019 11:11 pm

It looks like you are trying to do this in "Quick Set". Get out of Quick Set and NEVER touch it again. Quick Set is a fairly simple way to do a VERY basic setup for a MT router. Kinda like making it stupid like most "consumer" routers. If you are trying to do anything beyond the basics, you need to get out of Quick Set. And once you do anything outside of Quick Set, NEVER touch Quick Set again.
It is very easy to set multiple IP addresses on a single physical port on the same LAN (or WAN). My #2 router has five static IPs from my #2 ISP - all on the single WAN port. Each IP goes to a different LAN (either a physical port, or a VLAN on a trunk port).
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
kd7vea
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Fri Dec 08, 2017 7:52 pm

Re: I need to set up my second static public IP for my mail server

Sun Feb 03, 2019 8:53 am

I have tried several different things, and I just can't get this to work. I set up my other Mikrotik router, plugged the cable into eth1 and it works, So let me make sure we are all on the same page here. if I plug that same cable into my empty eth 6 on my primary router, it will let the ISP DHCP server assign an IP address to that port? is that correct? Because if it will not do that, this will not work.
 
anav
Forum Guru
Forum Guru
Posts: 2967
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: I need to set up my second static public IP for my mail server

Sun Feb 03, 2019 4:03 pm

I will look at this today................
netmap - creates a static 1:1 mapping of one set of IP addresses to another one. Often used to distribute public IP addresses to hosts on private networks

The case you have is you have one IP for normal routing (nat etc) and one or more IPs for 1:1 mapping.
The examples below just use different notation but they are more geared towards a subnet to a subnet (group of public IPs matched to a subnet of private IPs one to one)
/ip firewall nat add chain=dstnat dst-address=11.11.11.0/24 \
action=netmap to-addresses=2.2.2.0/24
/ip firewall nat add chain=srcnat src-address=2.2.2.0/24 \
action=netmap to-addresses=11.11.11.0/24

What is frustrating is that there seems to be examples to do this with or without NETMAP and its hard to discern the difference (why use one or the other for various scenarios).
From what I can gather is that if you have a block of IPs and/or a different subnet setup up NETMAP is best.
IF you simply want to take one of your current LANIPs and use a specific WAN IP then netmap may not be required.

Using an example. two external static WANIPs, one internal LAN, SERVER requiring 1:1 mapping


ExA NETMAP NOT REQUIRED SIMPLY TAKING ONE LANIP AND CONVERTING IT TO ONE TO ONE MAPPING (falls under current firewall filter rules though!!!)
ip address> add address=10.0.0.216/24 interface=Public
ip address> add address=10.0.0.217/24 interface=Public
ip address> add address=192.168.0.254/24 interface=Local

ip firewall nat> add action=dst-nat chain=dstnat \
dst-address=10.0.0.216/32 to-addresses=192.168.0.4 (to server)

ip route> ???????????????

{Order is important for these next two rules to ensure .04 goes out .216}
ip firewall nat> add action=src-nat chain=srcnat \
src-address=192.168.0.4/32 to-addresses=10.0.0.216 out-interface=WAN(public) (From server)
ip firewall nat> add action=src-nat chain=srcnat \
src-address=192.168.0.0/24 to-addresses=10.0.0.217 out-interface=WAN(public)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The following is my best guess at using netmap, same scenario as above but have a second network just for the one to one mapping
192.168.10.0/.24 (ip-pool 192.168.10.1-192.168.10.2)

/ip firewall nat add chain=dstnat dst-address=10.0.0.216 (to server)
action=netmap to-addresses=192.168.10.2 in-interface=WAN(public)
/ip firewall nat add chain=srcnat src-address=192.168.10.2 \ (from server)
action=netmap to-addresses=10.0.0.216 out-interface=WAN(public)
ip firewall nat> add action=src-nat chain=srcnat \
src-address=192.168.0.0/24 to-addresses=10.0.0.217 out-interface=WAN(public)

ip route???????????

Then of course there is this video I happened upon which takes a completely different course where there is not one to one mapping but almost passthrough........
https://www.youtube.com/watch?v=H4uaO8nDE4Q
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: No registered users and 7 guests