Community discussions

MikroTik App
 
gerbmeister
just joined
Topic Author
Posts: 21
Joined: Mon Jul 24, 2006 8:16 pm

Weird Static Routing Question

Fri Oct 13, 2006 6:37 am

I have a situation where I have 16 Public IPs delivered from my ISP to my router. They aren't routed to me, they are all bridged, so one address is used for ether1 (my external). I would like to use the other 15 on the ether2 (my internal).

Any pointers on how to do this? The old router we are replacing had translation rules for each address. The translation rule was set up with the same IP address on the inside and outside (interesting).
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Fri Oct 13, 2006 8:31 am

probably, full NAT will be suitable method for you. User has local addreess, but router translates request from/to him using public address,
http://wiki.mikrotik.com/wiki/How_to_li ... Local_ones
 
gerbmeister
just joined
Topic Author
Posts: 21
Joined: Mon Jul 24, 2006 8:16 pm

Fri Oct 13, 2006 4:49 pm

That's sort of what I figured, but since I haven't done this before, I was nervous.

If one of the boxes (that now has an internal address) is a web server, ftp server, or citrix server, what configuration "gotchas" are there in setting them up with the new address?

If one of the workstations (which are internal) attempt to access one of the boxes by its external address, is the route:
workstation -> internal interface -> external interface -> internal interface (now NATed) -> web server? (Not an issue, just for my info)
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Fri Oct 13, 2006 6:56 pm

If you will set correct NAT rules, then internal host should be redirected to the respective server.
 
gerbmeister
just joined
Topic Author
Posts: 21
Joined: Mon Jul 24, 2006 8:16 pm

Tue Oct 24, 2006 4:30 am

I did as was suggested and everything works except for an FTP server. It is using pasv mode and when it responds back to the client, it is stating to use the internal address (ie: 192.168.1.4) to talk to the server. I have read the docs for the FTP stuff, and they say this is a problem with the NAT. The NAT is not translating this. Any suggestions as to what I need to do?
 
changeip
Forum Guru
Forum Guru
Posts: 3806
Joined: Fri May 28, 2004 5:22 pm

Re: Weird Static Routing Question

Tue Oct 24, 2006 4:35 am

I have a situation where I have 16 Public IPs delivered from my ISP to my router.
You could probably send them an email and ask for a /30 subnet for routing. Then have them route those 16 ip addresses thru the new /30 they assign you. Most providers are happy to help you get things setup properly.
 
gerbmeister
just joined
Topic Author
Posts: 21
Joined: Mon Jul 24, 2006 8:16 pm

Tue Oct 24, 2006 4:49 am

Oh that it was so simple! The ISP providing this evidently hasn't heard of ROUTING. I don't know if it is their equipment or what, but they cannot route these addresses to me.
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Tue Oct 24, 2006 5:22 am

What is the terminating device?
Whatever it is, set a /30 for transport and then add routes so all the others /30 and /29 go to your Mikrotik or whatever. That gives you 12 ips to use out of the 16 since 4 are tied up in the transport.

ex.
Router internal ip xx.xx.xx.1/30
Mikrotik Wan ip xx.xx.xx.2/30

In router that Mk connects to
add route xx.xx.xx.4/30 xx.xx.xx.2
add route xx.xx.xx.8/29 xx.xx.xx.2

Now your mikrotik has 12 ips to hand out.

If you can not do this, then add pppoe and dish them out as you see fit.
 
gerbmeister
just joined
Topic Author
Posts: 21
Joined: Mon Jul 24, 2006 8:16 pm

Tue Oct 24, 2006 10:06 am

I would like to get back to my original problem:

I have NAT set up and everything works except for an FTP server. It is using pasv mode and when it responds back to the client, it is stating to use the internal address (ie: 192.168.1.4) for the data channel. I have read the docs for the FTP system, and they say this is a problem with the NAT. The NAT is not translating this. Any suggestions as to what I need to check or do so NAT works correctly?
 
changeip
Forum Guru
Forum Guru
Posts: 3806
Joined: Fri May 28, 2004 5:22 pm

Tue Oct 24, 2006 6:45 pm

are you using the ftp nat helper? Not sure it changes the payload, but it does help in most situations. So it's not the firewall dropping it but a problem of the remote side finding the private ip ? Which FTP server? I think servuftp asks for the external IP so it can place it within the payload.
 
gerbmeister
just joined
Topic Author
Posts: 21
Joined: Mon Jul 24, 2006 8:16 pm

Tue Oct 24, 2006 10:36 pm

I'm not exactly sure how to use the ftp nat helper.
Correct, the firewall doesn't drop the packets, the remote gets a Pasive command with the value being set to (for example) 192,168,1,2,7,239
192.168.1.2 being the ftp server. The client then attempts to communicate to the server on this address (at port 2031 in this case) which, of course, fails.
This ftp server is running ssl on a different port than 21, no option to tell it an external IP addr to use.
 
gerbmeister
just joined
Topic Author
Posts: 21
Joined: Mon Jul 24, 2006 8:16 pm

Wed Oct 25, 2006 1:33 am

One other problem with this:

Following the full NAT example that sergejs referenced, My email server is xx.xx.xx.18, my routher's external is xx.xx.xx.16. When the email server sends traffic, it routes through xx.xx.xx.16 (the router) instead of xx.xx.xx.18
I am assuming this is because of the prefsrc setting, but why isn't the NAT srcnat rule from 192.168.1.4 to xx.xx.xx.18 working?
 
valens
Trainer
Trainer
Posts: 246
Joined: Tue Jun 01, 2004 5:42 pm
Location: INDONESIA
Contact:

Wed Oct 25, 2006 4:04 am

Maybe you can use bridge for both ethernet?
You still can do bandwidth management and firewalling.

Who is online

Users browsing this forum: Bing [Bot], Guscht, Kindis, LunaticRv, MaRaToN, MSN [Bot] and 123 guests