Community discussions

MUM Europe 2020
 
winanjaya
just joined
Topic Author
Posts: 9
Joined: Wed Jan 06, 2016 7:57 am

set a public IP to a server

Sat Nov 05, 2016 6:38 pm

Hello,

I have this config on Mikrotik:
ISP rj11 -> Eth1 Mikrotik
Eth2 Mikrotik -> Switch to Servers

Mikrotik is on 10.100.100.3


My ISP IP:
202.1.2.3/30 (202.1.2.1 - 3)
and they give me 14 static public IP
139.1.2.3/28 (139.1.2.1 - 14)

is it possible to connect 139.1.2.5 to server C without NAT? I meant I set the IP address of server C to 139.1.2.5/28 gateway to 202.1.2.3?
or any other better way for doing this?..
please don't ask why we don't want use to NAT.. because we are in the progress to port forwarding a Video Conference and we used NAT but no luck, a video conference 's brand ask us to use public IP to their video conference device..

how to configure this?

many thanks in advance

Regards
Win
 
Sob
Forum Guru
Forum Guru
Posts: 5117
Joined: Mon Apr 20, 2009 9:11 pm

Re: set a public IP to a server

Sat Nov 05, 2016 6:50 pm

Do they just route whole /28 to you? If so, you can do anything you want. The most simple traditional approach would to be put 139.1.2.1/28 on router's internal interface and then give 139.1.2.x/28 to servers. Or you can split /28 into individual addresses and freely route them anywhere in your network. For directly connected server you can use them as point to point addresses, give 139.1.2.x/32 to server with gateway 10.100.100.3.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
winanjaya
just joined
Topic Author
Posts: 9
Joined: Wed Jan 06, 2016 7:57 am

Re: set a public IP to a server

Sun Nov 06, 2016 1:08 am

Hello,

Yes, they do but I am not clear, I m newbie and never do this before, what I have now is:

The ISP UTP CAT5 cable plug into Mikrotik's ether1 and its IP is 202.1.2.3/30
And IP addresses
139.1.2.1 is natted with server A
139.1.2.2 is natted with server B
139.1.2.3 to 139.1.2.4 -- reserved (currently not used)

139.1.2.5 --> will be used by video conference

They ask us to set the IP of VCon device to 139.1.2.5 and we dont know how?, since the ISP gave us 1 cable and it connected to Mikrotik ether1 as mentioned above.

could you please more detail?

Thanks a lot in advance
 
Sob
Forum Guru
Forum Guru
Posts: 5117
Joined: Mon Apr 20, 2009 9:11 pm

Re: set a public IP to a server

Sun Nov 06, 2016 2:59 am

Ok, lets start from beginning. Subnet /28 is 16 addresses. The one with low numbers is 0-15, where for simple use with whole subnet on one interface, .0 and .15 are "wasted" for network address and broadcast. There are two basic ways how you can get /28:

1) Routed subnet. It means that on ISP side would be only route to 139.1.2.3/28 via 202.1.2.3 and whole subnet would be yours. You could split it any way you want and route any address anywhere you need it in your network. And it would be possible to use all 16 of them.
2) Other subnet on WAN. ISP would assign 139.1.2.x/28 (one address) to their router. The rest minus network address and broadcast would be yours (so 13 addresses) and you'd be expected to have all hosts in /28 reachable on your WAN interface.

If you say you can use .1 - .14, I can't decide what you have. Probably 1) and maybe they just expected that you put it on internal interface and end up with 14 useable addresses (including the one on router).

-

In any case, if you already have some other addresses from /28 on router, you'll want to route just a single address to server. You can:

a) Give server only 139.1.2.5 and no other address. On router:
/ip route
add dst-address=139.1.2.5/32 gateway=<name of internal interface with connected server>
On server (using RouterOS syntax; but the same can be done on other systems too, it's called point to point addressing):
/ip address
add address=139.1.2.5/32 interface=<server's wan> network=10.100.100.3 comment="RouterOS puts remote address in network field"
/ip route
add dst-address=0.0.0.0/0 gateway=10.100.100.3
b) Let server have internal address (probably 10.100.100.x) and also 139.1.2.5. On router:
/ip route
add dst-address=139.1.2.5/32 gateway=<server's internal ip address>
On server, in addition to internal address:
/ip address
add address=139.1.2.5/32 interface=<loopback or other interface>
In this case, if you'd want to use 139.1.2.5 for outgoing connections, you'd have to configure programs to specifically bind to this address.

If you don't get lost in it and set it up correctly (or if I didn't make some stupid mistake), the following can happen:

a) It will work.
b) It won't work because the way you get /28 is in fact option 2). Then it would require proxy ARP on router:
/ip arp
add address=139.1.2.5 interface=<WAN> published=yes
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
winanjaya
just joined
Topic Author
Posts: 9
Joined: Wed Jan 06, 2016 7:57 am

Re: set a public IP to a server

Sun Nov 06, 2016 3:48 am

Hi thanks a lot!

Just want to clarify:

Server's IP range is 10.100.100.1-50
Mikrotik IP is 10.100.100.3
So I have to set the IP of the VCon device to 10.100.100.47/24 gateway 10.100.100.3

Then

You wrote:
===
/ip route
add dst-address=139.1.2.5/32 gateway=<name of internal interface with connected server>
====

Can I put 10.100.100.47 as gateway field above?

And you wrote:
===
/ip address
add address=139.1.2.5/32 interface=<server's wan> network=10.100.100.3 comment="RouterOS puts remote address in network field"
/ip route
add dst-address=0.0.0.0/0 gateway=10.100.100.3
===

What I dont understand is:
The interface=<server's wan>

Do I need to create another interface lets say ether2? Then put ether2 to that interface field?
Then plug in the UTP cable into that ether2 port and vcon as the endpoint?

Sorry, sounds like stupid question, newbie here :D

Thanks & Regards
 
cutedrummerboy
Member Candidate
Member Candidate
Posts: 137
Joined: Thu Nov 14, 2013 6:32 pm

Re: set a public IP to a server

Sun Nov 06, 2016 4:13 am

just forget about your internal ip.

as per your first post its look like your 139.1.2.0/28 subnet is routed to you via 202.1.2.3
from a scratch config just put 202.1.2.3 to your routers external interface, put 139.1.2.1 to your routers internal interface, put 139.1.2.2 to one of your server interface with a gateway 139.1.2.1 and finally put yours isp router ip (let assume 202.1.2.1) as default gateway in your router.

for second server you have to put 139.1.2.3 and for third one 139.1.2.4 and go on.

no nat requires. this is the main function of a network router, interconnect two or more network. your isps /30 and yours /28
Device: RB2011UIAS-RM, RB750GL, CISCO SG300-28, UNIFI UAP-LR
 
winanjaya
just joined
Topic Author
Posts: 9
Joined: Wed Jan 06, 2016 7:57 am

Re: set a public IP to a server

Sun Nov 06, 2016 4:31 am

One more question before I try it:

Do I need to create a new interface lets say "ether2"?
Then plug in a UTP cable into it and connect it to vcon as the endpoint?
and at vcon I will set the IP:

(paste from first post)
139.1.2.5/28
gateway 202.1.2.3

Need your advice

Thanks a lot in advance
 
winanjaya
just joined
Topic Author
Posts: 9
Joined: Wed Jan 06, 2016 7:57 am

Re: set a public IP to a server

Tue Nov 08, 2016 1:16 pm

hello ..
any body can help me please?
 
busla
just joined
Posts: 17
Joined: Tue Nov 08, 2016 12:35 pm
Location: Russia, Saint Petersburg

Re: set a public IP to a server

Tue Nov 08, 2016 2:29 pm

It is a classic way: use separated network for public servers.
You can find more info by words: "DMZ", "demilitarized zone", "demilitarized network".

1) disable brige
2) plug directly server C into Mikrotik
3) set ip 139.1.2.1 for 3th interface
4) define routes
5) check firewall rules
 
winanjaya
just joined
Topic Author
Posts: 9
Joined: Wed Jan 06, 2016 7:57 am

Re: set a public IP to a server

Tue Nov 08, 2016 2:32 pm

I am trying to dst-nat 139.1.2.3 to 10.1.2.3 but the recipient says they received my private ip..

Who is online

Users browsing this forum: DEMONbunta, eworm, JohnNL, omidkosari, philipaps and 87 guests