Community discussions

 
steve88
just joined
Topic Author
Posts: 3
Joined: Tue Apr 02, 2013 11:27 pm

Nat public ip range in half bridge

Thu Apr 04, 2013 12:12 am

Hi all, i have a noob question.
I have a small network with a PPPoAtm dsl connection and a mikrotik rb750gl. The adsl connection has a static ip (eg: 1.1.1.1/30) and a pool of /29 public ips (eg: 2.2.2.1/29). The dsl router has one of the public ip in the lan side, the mikrotik has the other ip addresses in the wan side. The entire network (192.168.88.0/24) is behind mikrotik and there are some workstations with 1:1 nat mapping, because they need a public ip address.
Network.jpg
Now i want to configure the dsl router as half bridge, for better performances: the pppoatm public ip will be on the wan side of the mikrotik, and the /29 ip pool on the lan side of the mikrotik. If i give a secondary lan ip (192.168.88.1/24) to the lan interface, can i still use the 1:1 nat mapping rules? In this case, the private ip and the public ip are on the same interface, so i don't think the nat will work.
Network 2.jpg
I don't want to give the workstations directly the public ip address, do i need a 2nd mikrotik to make the 1:1 mapping or is there anything i can do with a single mikrotik?
Thanks.
You do not have the required permissions to view the files attached to this post.
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Nat public ip range in half bridge

Thu Apr 04, 2013 12:51 am

If you run into an interface issue you could place the /29 range on a bridge in the Mikrotik unit. Exactly which options are available depends on how the /29 is delivered by the ISP. Remember that the filtering options that you have on the firewall are pretty much the same with or without NAT.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
steve88
just joined
Topic Author
Posts: 3
Joined: Tue Apr 02, 2013 11:27 pm

Re: Nat public ip range in half bridge

Thu Apr 04, 2013 10:14 am

The /29 pool is routed, it must be placed in the lan side of the first router connected to the adsl.
By creating a bridge, do you mean assigning the lan ip and the /29 pool on two distinct ethernet and then place them on a bridge interface? Can you give me an example?
 
User avatar
nickshore
Member
Member
Posts: 473
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Nat public ip range in half bridge

Thu Apr 04, 2013 6:49 pm

You should be able to put the /29 and the /30 on the wan interface and use NAT rules.

Your ISP will be routing the /29 to your /30 endpoint

Hope that helps

Nick.
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
steve88
just joined
Topic Author
Posts: 3
Joined: Tue Apr 02, 2013 11:27 pm

Re: Nat public ip range in half bridge

Thu Apr 04, 2013 11:34 pm

Thanks Nick, i will try putting the ip addresses on the wan interface.
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Nat public ip range in half bridge

Fri Apr 05, 2013 4:28 am

If the /29 is being routed to you then you should be able to place the /29 of it or any part of it on any interfaces that you desire and apply such NAT rules as are required.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

Who is online

Users browsing this forum: No registered users and 37 guests