Community discussions

MikroTik App
 
sirkike
just joined
Topic Author
Posts: 18
Joined: Mon Mar 22, 2010 10:34 pm
Location: Peru

Public IP's

Fri Feb 15, 2013 2:58 am

Hi, i need to set a router to manage a /24 publics ip address, but in the clients don't work... help.

From my ISP...
Network: AA.BB.CC.100/30
Gateway: AA.BB.CC.101

Public IP Pool: DD.EE.FF.0/24

In my Mikrotik...
[admin@gate] > ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                           
 0   AA.BB.CC.102/30   AA.BB.CC.100   ether1                            
 1   DD.EE.FF.1/24     DD.EE.FF.0     ether2                            
[admin@gate] > 
[admin@gate] > ip route print 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0   S  0.0.0.0/0                          AA.BB.CC.101              1
 1 ADC  AA.BB.CC.100/30    AA.BB.CC.102    ether1                    0
 2 ADC  DD.EE.FF.0/24      DD.EE.FF.1      ether2                    0
[admin@gate] > 

[admin@gate] > ip firewall nat print 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade src-address=DD.EE.FF.0/24 out-interface=ether1 
[admin@gate] >
And, in the client configure:

IP: DD.EE.FF.2
Mask: 255.255.255.0
Gateway: DD.EE.FF.1
DNS: 8.8.8.8, 8.8.4.4

but i can't go outside, ping don't respond... ping google.com and timeout...
 
manson
newbie
Posts: 32
Joined: Thu Feb 14, 2013 9:41 am

Re: Public IP's

Fri Feb 15, 2013 9:45 am

And what about connection tracking? You have to set it to enable.
[admin@Domek] > ip firewall connection tracking print
                   enabled: yes
      tcp-syn-sent-timeout: 5s
  tcp-syn-received-timeout: 5s
   tcp-established-timeout: 1h
      tcp-fin-wait-timeout: 10s
    tcp-close-wait-timeout: 10s
      tcp-last-ack-timeout: 10s
     tcp-time-wait-timeout: 10s
         tcp-close-timeout: 10s
               udp-timeout: 10s
        udp-stream-timeout: 3m
              icmp-timeout: 10s
           generic-timeout: 10m
             tcp-syncookie: no
               max-entries: 481448
             total-entries: 26
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Public IP's

Fri Feb 15, 2013 2:54 pm

Can you ping the ISP gateway? Which DNS servers are you using - are lookups working?

Do you have any NAT rules active?

Output from /export compact would be useful.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
SwissWISP
Member Candidate
Member Candidate
Posts: 181
Joined: Fri Sep 23, 2011 12:16 pm

Re: Public IP's

Fri Feb 15, 2013 3:04 pm

Hi!

Since you are routing a public IP-Range, you don't need "masquerade".
Everything else looks good.

First thing you should check is, if your RB is able to ping your GW, which is AA.BB.CC.101 in your example. If this isn't possible your problem lies between your RB and your ISP.

If you've got networking problems, please try to ping IP addresses instead of domain names.

- Mat
 
cupis
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Sun Apr 10, 2011 1:25 am

Re: Public IP's

Fri Feb 15, 2013 7:47 pm

but i can't go outside, ping don't respond... ping google.com and timeout...
Maybe your ISP has not got that /24 setup to route to your router, so return traffic is not making it to you...
 
sirkike
just joined
Topic Author
Posts: 18
Joined: Mon Mar 22, 2010 10:34 pm
Location: Peru

Re: Public IP's

Sat Feb 16, 2013 1:14 am

Thanks, was the nat rule :/ jeje. This is the best way to routing public ip range?
 
SwissWISP
Member Candidate
Member Candidate
Posts: 181
Joined: Fri Sep 23, 2011 12:16 pm

Re: Public IP's

Sat Feb 16, 2013 11:57 am

Thanks, was the nat rule :/ jeje. This is the best way to routing public ip range?
Well, it's the correct way of routing... What would you change?

Who is online

Users browsing this forum: No registered users and 15 guests