Community discussions

MikroTik App
 
torfin
just joined
Topic Author
Posts: 5
Joined: Thu Mar 18, 2021 5:58 pm

Set IP public to server behind mikrotik rb4011 wihtout nat

Thu Mar 18, 2021 6:04 pm

Hello all.

i've 1 IP for my rb4011 named A1/30 with the gateway A2/30. So the ISP give me 5 other IP address named B1, B2, B3, B4 and B5 in other range than A1.

I want to attribute the B1 to a server behind the rb4011 without nat because the server must have the public IP address.

So i've for an other ISP an address C1/29 for the main access and all users is behind the rb4011 with masquerade output to this ISP.

Can you help me. i've search but don't find for this.

best regards
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: Set IP public to server behind mikrotik rb4011 wihtout nat

Sun Mar 21, 2021 1:23 am

Graphical scheme would be appreciated. :)
I want to attribute the B1 to a server behind the rb4011 without nat
Let's say you have ether1 port dedicated for WAN and ether2 dedicated for your server. Create bridge in your Mikrotik router and add eth1 and eth2 interfaces. Consider your created bridge as WAN interface.

Assign static IP to your created bridge - this IP will be used by Mikrotik as this is Mikrotik's WAN interface.

Since server is in the same bridge and "directly" connected to WAN, in actual server configure another static IP.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Set IP public to server behind mikrotik rb4011 wihtout nat

Sun Mar 21, 2021 1:00 pm

The solution by @erkexzcx will work only if the extra addresses are handed out exactly the same way as A1 (come with gateway and subnet mask). If you follow the solutuon, then RB's firewall won't protect server unless you configure bridge to use IP firewall. Another option is to create a DMZ bridge and use proxy-ARP so that firewall will work "out of the box", but you'll use one of B-addresses for router in that subnet.

If OTOH the extra addresses are routed via A1, then you have 2 options:
  1. if addresses are continous, you can use them as a subnet. You will loose 3 of them (one used for router in that subnet, one network address and one broadcast address), but setup is pretty straight-forward
  2. you can actually use them for NAT (you can do that also in case if addresses are not routed towards you) in a 1:1 manner (nat action=netmap). This way you can use all of addresses, RB will automatically firewall server, the only thing is that server will still use private IP address. You have to think about the requirement for server to have public IP address (what is basic reason for that).
 
torfin
just joined
Topic Author
Posts: 5
Joined: Thu Mar 18, 2021 5:58 pm

Re: Set IP public to server behind mikrotik rb4011 wihtout nat

Wed Mar 31, 2021 6:43 pm

Hello, thanks for your answer this are the graphical.

Image

So all it's okay for the vlan 20 and for vlan 440-445. the problem is with the vlan 21

the ISP give me IP A.B.72.81 to the box and the IP A.B.72.82 for my router. And give the additionnal IP at A.B.73.91 to A.B.73.95
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 276
Joined: Mon Mar 15, 2021 9:10 pm

Re: Set IP public to server behind mikrotik rb4011 wihtout nat

Fri Apr 02, 2021 8:33 pm

Hey,

If your switch L3 capable you can create a point to point /30 private IP between RB4011 and your switch then route the additional
ip block given to you by the ISP ( A.B.73.91 to A.B.73.95) on this private IP in this way you will not waste public IP and no NAT will be involved, then your switch next-hop 0.0.0.0/0 would be the RB4011

Use the same technique that your ISP does to transport / route the additional IP block to you, I hope it make sense. Just my 0.2$
 
torfin
just joined
Topic Author
Posts: 5
Joined: Thu Mar 18, 2021 5:58 pm

Re: Set IP public to server behind mikrotik rb4011 wihtout nat

Tue Apr 06, 2021 10:08 am

I'm sorry loloski,
but i don't understand how i can do that.
We have about 10 or 12 switch with many vlan on it those vlan are in trunk between each.

i've think about that solution, but i don't know if it will work with ipsec vpn.
So the rb4011 will have all IP on it, then on the vlan 21 we will have private ip like 10.20.73.0/24 then use the mikrotik to make 1:1 from the IP A.B.73.91 to internal IP 10.20.73.91. and the default route will be 10.20.73.1 (rb4011) for the server.

Thanks for reply
 
torfin
just joined
Topic Author
Posts: 5
Joined: Thu Mar 18, 2021 5:58 pm

Re: Set IP public to server behind mikrotik rb4011 wihtout nat  [SOLVED]

Fri Apr 23, 2021 5:23 pm

So we have solved the issue with this solution:

ether2 with the IP X.X.72.82
ether3 with the IP X.X.73.91 (one was used by the older firewall and we reused it like that) as the gateway for other IP in the pool on some VMs.

Who is online

Users browsing this forum: No registered users and 77 guests