Community discussions

MikroTik App
 
networknoob88
newbie
Topic Author
Posts: 45
Joined: Sun Jul 15, 2018 6:00 pm

How to make outgoing WAN use a specified public IP, when two blocks IPs are assigned to the same interface?

Thu Dec 27, 2018 2:08 am

My CCR is connected to an AT&T ONT box (bypassing AT&T modem/gateway) on a fiber connection. I have a /29 static public IP block from AT&T, but the way AT&T does static IP is as follows:

1. The ONT *must* assign a public IP via DHCP.
2. The static public IP block is then routed through this DHCP public IP.

Generally, when an AT&T modem/gateway is being used, it would first get its DHCP public IP, then the customer would enter his purchased /29 block into the modem as "public subnet". Then he can enter one of these purchased static IPs on a router connected to the modem. When this is done, any outgoing WAN traffic will show the static public IP, not the DHCP public IP (even though it is routed through the DHCP IP).

Now I have bypassed the AT&T modem/gateway, and instead have two blocks of IPs assigned on the same interface in RouterOS. One block is obtained via a DHCP client on the interface (this would be the DHCP public IP), the purchased static /29 is manually entered under IP -> addresses.

The connection is live. Both the DHCP public IP and static public IPs are reachable from the internet. However, outgoing WAN traffic always uses the DHCP public IP as the source IP.

Below is the default routing table generated by RouterOS ,using mock IPs. 11.11.100.101 is the DHCP public IP, with gateway 11.11.100.1, whereas 22.22.100.156 is the static public IP, with gateway 22.22.100.158.
Dst. Address		Gateway				Distance	Routing Mark	Pref.Source
0.0.0.0/0		11.11.100.1 reachable wan	1							
11.11.100.0/22		wan reachable			0				11.11.100.101
22.22.100.152/29	wan reachable			0				22.22.100.156

Please note that 22.22.100.152/29 does depend on 11.11.100.0/22 being live to be "reachable".

So my question is, how do I adjust the routing table such that my wan uses 22.22.100.156 as outgoing IP instead of 11.11.100.101?

Your help would be greatly appreciated.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: How to make outgoing WAN use a specified public IP, when two blocks IPs are assigned to the same interface?

Thu Dec 27, 2018 3:08 am

The "pref source" can be defined on the default route too, but I'm not sure if that will do the trick.
 
networknoob88
newbie
Topic Author
Posts: 45
Joined: Sun Jul 15, 2018 6:00 pm

Re: How to make outgoing WAN use a specified public IP, when two blocks IPs are assigned to the same interface?

Thu Dec 27, 2018 3:18 am

The "pref source" can be defined on the default route too, but I'm not sure if that will do the trick.

This is the first thing I tried. Set pref source on the default route to 22.22.100.156. No errors, but outgoing IP still shows 11.11.100.101.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: How to make outgoing WAN use a specified public IP, when two blocks IPs are assigned to the same interface?

Thu Dec 27, 2018 3:23 am

Normally this is an ISP appliance communicating within ISP internal network only. It won't use clients ip's. Since you got them merged ...you can have scenario where client communication would originate from that merged point.

What about src-nat-ing the outgoing traffic from the router only? The forwarded traffic is / will be ok.
 
networknoob88
newbie
Topic Author
Posts: 45
Joined: Sun Jul 15, 2018 6:00 pm

Re: How to make outgoing WAN use a specified public IP, when two blocks IPs are assigned to the same interface?

Thu Dec 27, 2018 3:41 am

What about src-nat-ing the outgoing traffic from the router only? The forwarded traffic is / will be ok.
Can you clarify this? All the clients that are connected to my CCR use private IPs and NAT. They won't be using any of the static public IPs. The static public IPs are just assigned to the router and I really just want to use one of them.

My current outgoing NAT rule is the standard
Chain		Outgoing Interface		Action
src-nat		wan				Masquerade

 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: How to make outgoing WAN use a specified public IP, when two blocks IPs are assigned to the same interface?

Thu Dec 27, 2018 4:01 am

You're to use the range of ip's assigned to you. Since that range is fixed, use src-nat instead of masq. and one of the ip's at hand.
And that for both forwarded and local traffic.
 
networknoob88
newbie
Topic Author
Posts: 45
Joined: Sun Jul 15, 2018 6:00 pm

Re: How to make outgoing WAN use a specified public IP, when two blocks IPs are assigned to the same interface?

Thu Dec 27, 2018 5:01 am

You're to use the range of ip's assigned to you. Since that range is fixed, use src-nat instead of masq. and one of the ip's at hand.
And that for both forwarded and local traffic.

Yes!! That did it, thank you so much!

Just a couple of questions, sorry I'm pretty new to this(as my username suggests) :

1. I have only one src-nat chain rule under my nat rules. It has nothing but chain=src-nat, out-interface=wan, action=src-nat (changed from masquerade as you instructed), to-addresses=my_static_ip
So when you mentioned "And that for both forwarded and local traffic", does this single rule cover everything? Will it cause any issues as opposed to the original Masquerade setting?

2. Some older RouterOS documentation/tutorials added to-ports=0-65535 to the src-nat rule, I tried it but it says it's "valid only for tcp/udp/sctp ...etc" and won't take it. I assume I can just leave this field blank without problems?

3. Do you think the original AT&T ISP modem/gateway internally was using the action=src-nat to define the translated IP address when the static IPs were used?

4. Why is that when I set the default route to use the 22.22.100.158 gateway (the gateway in my static block) instead of the 11.11.100.101 DHCP gateway, the routes show "reachable" but internet does not work? Is it because 22.22.100.158 isn't a "true" public gateway, but merely used in AT&T's internal ONT/modem/gateway to map to the DHCP gateway 11.11.100.1, which is the real gateway?

Thanks again!
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: How to make outgoing WAN use a specified public IP, when two blocks IPs are assigned to the same interface?

Thu Dec 27, 2018 2:18 pm

Yes, it covers both scenarios. No, no issues.

No need for port part, auto managed.

Probably not, just forwarding the received packets to router down the line.

22. are all local either on your router or on direct link, hence reachable. "22.22.100.158" would need to be a router to forward the traffic down the pipe. The rule to forward to 11 is correct, just that automatic ip selection associated with that route is picking the 11. as ip, which we don't want in this case.

Who is online

Users browsing this forum: Bing [Bot], EmuAGR, GoogleOther [Bot], TheCat12 and 79 guests