Scratching my head - We have a /28 from the provider and applied to ether1. I am trying to separate Voice and Data to take different public IPs for all traffic from that subnet. Whenever I change the to-address to a different IP other than the IP assigned to Ether1 (.2) (say enable NAT rule 1), no traffic will flow out the router for that subnet, ping dies, etc. I have to kill the Sessions via Connection Tracker and disable nat rule 1 and then traffic will work out rule 3. Same applies to our Voice Traffic, Rule 2 and 4 appropriately.

I think I'm missing something obvious, must be starring at it too long.

/ip address print
174.xxx.xxx.2/28 174.xxx.xxx.0 ether1
10.254.254.253/30 10.254.254.252 ether2
10.100.1.1/24 10.100.1.0 Data (eth2 vlan 101)
10.100.2.1/24 10.100.2.0 Voice (eth2 vlan 102)

1 X ;;; Data Network .5
chain=srcnat action=src-nat to-addresses=174.xxx.xxx.5
src-address=10.100.1.0/24 out-interface=ether1 log=no log-prefix=""

2 X ;;; Voice Network .6
chain=srcnat action=src-nat to-addresses=174.xxx.xxx.6
src-address=10.100.2.0/24 out-interface=ether1 log=no log-prefix=""

3 ;;; Data Network
chain=srcnat action=src-nat to-addresses=174.xxx.xxx.2
src-address=10.100.1.0/24 out-interface=ether1 log=no log-prefix=""

4 ;;; Voice Network
chain=srcnat action=src-nat to-addresses=174.xxx.xxx.2
src-address=10.100.2.0/24 out-interface=ether1 log=no log-prefix=""

Have you tried and add IP's 174.xxx.xxx.5 / 174.xxx.xxx.6 to ether1?

Does your ISP route those IP's to you?

I have not - so I would go IP -> Addresses, add .5/32 or the matching Subnet .5/28? Any reason why the /28 isn't covering the entire spread?

They should be routed, its a Cable Modem Handoff and the Modem only has 1 Port. Otherwise I wouldnt think the connection would come up if the netmask and scope wernt in agreement?

I have not - so I would go IP -> Addresses, add .5/32 or the matching Subnet .5/28? Any reason why the /28 isn't covering the entire spread?

They should be routed, its a Cable Modem Handoff and the Modem only has 1 Port. Otherwise I wouldnt think the connection would come up if the netmask and scope wernt in agreement?

174.xxx.xxx.2/28 174.xxx.xxx.0 ether1 is IP address . 174.xxx.xxx.0/28 174.xxx.xxx.0 ether1 is the network but with the 14 hosts, just add the necessary ips on the ether1 manually!

Okay so Individually adding that IP works,The one IP I used for testing, .6 is working and with >1ms latency.

Question #1 - Some of the IPs from the /28 are responding to ping but with a 14ms latency, some of them don't. I only have the .2/28 and the .6 w/ Network ID setup.

#2 - What would have been the correct way to install the /28 scope and then assign the Router an IP and not have to individually put in IPs from the /28 block into Ip -> Addresses? In this case, 14 useable IPs is not bad but just wondering for future? Or if I wasn't using the IP to Src-Nat a subnet but for a port Forward, it wouldn't need it?

Ex.
.1 Gateway
.2 pings >1 (Router)
.3 No
.4 No
.5 No
.6 Yes
.7 Yes ~14ms
.8 Yes ~14ms
.9 No
.10 Yes ~14ms
.11 No
.12 No
.13 Yes ~14ms
.14 Yes ~14ms

Make sure those IP's belong to you, you might be stealing your neighbors IP and ISP is not going to be impressed

Yeah really strange, assigned a /28, but hitting IPs that are not ours (not showing up in our block lists when running port scans). Contacting the cable company incase they sent the wrong mask, or range for us. Weird that we are working, but also weird we might be sharing a space :/

Did ISP actually say that whole /28 is yours? If not, you can't assume anything and only use addresses specifically said to be yours. Connecting different customers in same subnet is nothing too unusual.

Whats weird about the hole thing was we relocated office, they gave us a new block but the paper had our old block information and new. On the old block they specifically listed the Gateway, and First Usable, Last Usable and mask which was 14 IPs.

On the sheet of paper, they basically just gave the new scope IP and gateway and that was it. Not what was first usable / last usable. Left a lot of room for assumption but it just doesn't seem right with what we have. Friggen Cable Companies. We are going to contact them and I'll give an update once we get to the bottom.