Using Public Routeable IP's behind firewall/router

Posted: Sat Apr 24, 2010 6:23 pm
by carus
I've setup NAT many times, and used multiple Public IP's on the WAN interface - but I've never had multiple Public IP blocks I could use inside.

I have a x.x.x.248/29 block that I'm using on the WAN/Public side - ether1
I have a x.x.x.128/28 block that I'm using on the LAN/Private side - ether2

I've added x.x.x.250/29 as the main IP on ether1
I've added x.x.x.129/28 as the main IP on ether2

Default Routes include:
x.x.x.248/29 ether1 x.x.x.250
x.x.x.128/28 ether2 x.x.x.129

I added a route: x.x.x.249/ether1

Firewall Rules:
Basic setup according to Mikrotik Wiki
Can ping router from internet and SSH and Winbox to it.

So I can get to the router from the internet.
I can manage it and login.
While logged in, I can ping to any internet address, as well as hostname so DNS works too.
I can also ping Private addresses (using the x.x.x.128/28 block) from the router while logged in.
If I get on one of the local machines that has a x.x.x.128/28 block address, I can ping it's gateway IP of x.x.x.129 - which is on ether2 on the router. I can also manage the router from that machine using Winbox.

So to summarize:
-I can access router from internet
-From the router I can access internet or local network (with public IP block)
-From local network I can access router

-I can't access anything local from the internet (even with firewall rules, though I may have them wrong)
-I can't access the internet through the firewall

Note - I have not setup any NAT rules

So my questions are:
-Am I lacking routes?
-Am I lacking the correct firewall rules? In which case what is the syntax?
-Am I supposed to do a Bridge or Proxy Arp? (I've tried both these with no results)

Thanks in advance

Re: Using Public Routeable IP's behind firewall/router

Posted: Sun Apr 25, 2010 10:47 pm
by dejanb

Please post your config first...