Community discussions

MikroTik App
 
Duhhhh
just joined
Topic Author
Posts: 7
Joined: Thu Jan 27, 2022 10:23 am

Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Sat Jan 29, 2022 5:08 am

Hi all. I have general idea about networking and I ran into the problem that I need to solve.

Let's say we have device that have web UI accessible through ethernet, only with GChrome by entering https://192.168.255.129.
The PC must have static IP address 192.168.255.130 subnet 255.255.255.0 in ipv4 settings of the ethernet.

The problem, I need to connect, and have constant connection in multiple Chrome windows to 5 devices simultaneously, not one by one, not one after another, all 5 at the same time, in 5 different Chrome windows.
The IP of the device is not changeable, it should stay the same, it's preset by manufacturer. No, it can not be changed on the device itself.

What I would like to do is, to do the forwarding of each endividual ethernet port on my router RB5009UG+S+IN.

My pc on ether1.
Device 1 on ether2
Dev2 on ether3
Dev3 on ether4
And so on.

The idea is to make router adress to the right device with custom IP that I'll assign them with.

Let's say. Dev1 192.168.255.11
Dev2 192.168.255.12
Dev3 192.168.255.13
Etc.

So if I enter 192.168.255.12 in Chrome adress bar, the router knows that it needs to send this request to dev2 that is on ether2 on https://192.168.255.129. And then return the reply the same way back to that Chrome window.

I made a little config, please advise if it'll work. Or maybe you know better solution..

ip route vrf

add interfaces=ether2 routing-mark=DEV1

add interfaces=ether3 routing-mark=DEV2

add interfaces=ether4 routing-mark=DEV3

add interfaces=ether5 routing-mark=DEV4

add interfaces=ether6 routing-mark=DEV5

/ip address

add address=192.168.255.1 interface=ether1 network=192.168.255.0

add address=192.168.255.3 interface=ether2 network=192.168.255.4

add address=192.168.255.3 interface=ether3 network=192.168.255.4

add address=192.168.255.3 interface=ether4 network=192.168.255.4

add address=192.168.255.3 interface=ether5 network=192.168.255.4

add address=192.168.255.3 interface=ether6 network=192.168.255.4

/ip address

add address=192.168.255.11 interface=ether1 network=192.168.255.0

add address=192.168.255.12 interface=ether1 network=192.168.255.0

add address=192.168.255.13 interface=ether1 network=192.168.255.0

add address=192.168.255.14 interface=ether1 network=192.168.255.0

add address=192.168.255.15 interface=ether1 network=192.168.255.0

/ip firewall mangle

add action=mark-routing chain=prerouting dst-address=192.168.255.11 new-routing-mark=DEV1

add action=mark-routing chain=prerouting dst-address=192.168.255.12 new-routing-mark=DEV2

add action=mark-routing chain=prerouting dst-address=192.168.255.13 new-routing-mark=DEV3

add action=mark-routing chain=prerouting dst-address=192.168.255.14 new-routing-mark=DEV4

add action=mark-routing chain=prerouting dst-address=192.168.255.15 new-routing-mark=DEV5

/ip firewall mangle

add action=mark-routing chain=prerouting dst-address=192.168.255.130 new-routing-mark=main

/ip firewall nat

add action=dst-nat chain=dstnat dst-address=192.168.255.11 in-interface=ether1 to-addresses=192.168.255.129

add action=src-nat chain=srcnat out-interface=ether2 to-addresses=192.168.255.3

add action=dst-nat chain=dstnat dst-address=192.168.255.12 in-interface=ether1 to-addresses=192.168.255.129

add action=src-nat chain=srcnat out-interface=ether3 to-addresses=192.168.255.3

add action=dst-nat chain=dstnat dst-address=192.168.255.13 in-interface=ether1 to-addresses=192.168.255.129

add action=src-nat chain=srcnat out-interface=ether4 to-addresses=192.168.255.3

add action=dst-nat chain=dstnat dst-address=192.168.255.14 in-interface=ether1 to-addresses=192.168.255.129

add action=src-nat chain=srcnat out-interface=ether5 to-addresses=192.168.255.3

add action=dst-nat chain=dstnat dst-address=192.168.255.15 in-interface=ether1 to-addresses=192.168.255.129

add action=src-nat chain=srcnat out-interface=ether6 to-addresses=192.168.255.3
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Sat Jan 29, 2022 8:51 pm

It looks like it should work. I did something similar here:

viewtopic.php?p=532709#p532709

And extended version that allowed also connections from those same-address devices:

viewtopic.php?p=639899#p639899
 
Duhhhh
just joined
Topic Author
Posts: 7
Joined: Thu Jan 27, 2022 10:23 am

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Tue Feb 01, 2022 2:21 am

It looks like it should work. I did something similar here:

viewtopic.php?p=532709#p532709

And extended version that allowed also connections from those same-address devices:

viewtopic.php?p=639899#p639899
I have routeros7, and it's an issue for me, cause vrf been moved to different menu. And I really struggled to make it work. I showed this config to few other people and they said that it should work, but for some reason it doesn't. 🤕😪😭. I don't know what to do. Should,ve buy Cisco I guess.
 
Duhhhh
just joined
Topic Author
Posts: 7
Joined: Thu Jan 27, 2022 10:23 am

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Tue Feb 01, 2022 5:07 am

Diagram.jpg
This is what i need to achieve pretty much, no internet connection needed.
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Tue Feb 01, 2022 5:39 am

Take your pick. With VRF:
/ip vrf
add name=DEV1 interfaces=ether2
add name=DEV2 interfaces=ether3
...
/ip address
add interface=ether1 address=192.168.255.1/24
add interface=ether1 address=192.168.255.11/24
add interface=ether1 address=192.168.255.12/24
...
add interface=ether2 address=192.168.255.1/32 network=192.168.255.129
add interface=ether3 address=192.168.255.1/32 network=192.168.255.129
...
/ip route
add dst-address=192.168.255.0/24 gateway=ether1 routing-table=DEV1
add dst-address=192.168.255.0/24 gateway=ether1 routing-table=DEV2
...
/ip firewall mangle
add chain=prerouting dst-address=192.168.255.11 action=mark-routing new-routing-mark=DEV1
add chain=prerouting dst-address=192.168.255.12 action=mark-routing new-routing-mark=DEV2
...
/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp
set [ find default-name=ether3 ] arp=proxy-arp
...
Without VRF:
/routing table
add name=DEV1 fib
add name=DEV2 fib
...
/ip address
add interface=ether1 address=192.168.255.1/24
add interface=ether1 address=192.168.255.11/24
add interface=ether1 address=192.168.255.12/24
...
/ip route
add dst-address=192.168.255.129/32 gateway=ether2 routing-table=DEV1
add dst-address=192.168.255.129/32 gateway=ether3 routing-table=DEV2
...
/ip firewall mangle
add chain=prerouting dst-address=192.168.255.11 action=mark-routing new-routing-mark=DEV1
add chain=prerouting dst-address=192.168.255.12 action=mark-routing new-routing-mark=DEV2
...
/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp
set [ find default-name=ether3 ] arp=proxy-arp
...
 
Duhhhh
just joined
Topic Author
Posts: 7
Joined: Thu Jan 27, 2022 10:23 am

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Tue Feb 01, 2022 6:42 pm

Take your pick. With VRF:
/ip vrf
add name=DEV1 interfaces=ether2
add name=DEV2 interfaces=ether3
...
/ip address
add interface=ether1 address=192.168.255.1/24
add interface=ether1 address=192.168.255.11/24
add interface=ether1 address=192.168.255.12/24
...
add interface=ether2 address=192.168.255.1/32 network=192.168.255.129
add interface=ether3 address=192.168.255.1/32 network=192.168.255.129
...
/ip route
add dst-address=192.168.255.0/24 gateway=ether1 routing-table=DEV1
add dst-address=192.168.255.0/24 gateway=ether1 routing-table=DEV2
...
/ip firewall mangle
add chain=prerouting dst-address=192.168.255.11 action=mark-routing new-routing-mark=DEV1
add chain=prerouting dst-address=192.168.255.12 action=mark-routing new-routing-mark=DEV2
...
/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp
set [ find default-name=ether3 ] arp=proxy-arp
...
Without VRF:
/routing table
add name=DEV1 fib
add name=DEV2 fib
...
/ip address
add interface=ether1 address=192.168.255.1/24
add interface=ether1 address=192.168.255.11/24
add interface=ether1 address=192.168.255.12/24
...
/ip route
add dst-address=192.168.255.129/32 gateway=ether2 routing-table=DEV1
add dst-address=192.168.255.129/32 gateway=ether3 routing-table=DEV2
...
/ip firewall mangle
add chain=prerouting dst-address=192.168.255.11 action=mark-routing new-routing-mark=DEV1
add chain=prerouting dst-address=192.168.255.12 action=mark-routing new-routing-mark=DEV2
...
/interface ethernet
set [ find default-name=ether2 ] arp=proxy-arp
set [ find default-name=ether3 ] arp=proxy-arp
...


First thing, is not working. The packets for the device should come from 192.168.255.130/24 or at least it should think that it's coming from that ip.
I'll try second option without vrf.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Tue Feb 01, 2022 11:10 pm

What can I say, works here.
 
Duhhhh
just joined
Topic Author
Posts: 7
Joined: Thu Jan 27, 2022 10:23 am

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Wed Feb 02, 2022 4:47 am

What can I say, works here.
Second one also doesn't work, chrome shows me : this site can't be reached, 192.168.255.12 took too long to respond.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Wed Feb 02, 2022 11:39 am

You'll have to go a bit deeper than that. Start with ping from router (ping 192.168.255.129 interface=etherX), then ping from 192.168.255.130, check what packets you see on interfaces (with Tools->Torch or using logging rules), things like that, and you should find where exactly it fails.
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Wed Feb 02, 2022 12:32 pm

I can explain the symptom two ways.

1. This RB5009 isn't the Chrome machine's gateway, so the packets are going to some intervening device (e.g. a wifi router) which is rejecting the packets. For this dstnat scheme to work, the RB5009 has to be the next hop on the network.

2. The target device speaks HTTP/1.1 and is looking at the Host header, and it's rejecting the connection attempt because it doesn't say "Host: 192.168.255.129". Destination NATting won't rewrite HTTP headers. You can verify this by digging deeper. The Network tab in the Chrome developer tools may help. Or, try a command line tool with verbose logging, such as curl. Alas, if this is the problem, fixing it may be quite difficult, since HTTPS complicates proxying and header rewriting.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Wed Feb 02, 2022 12:54 pm

1. It shouldn't be this, because it is (should be) same /24 subnet everywhere.
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Wed Feb 02, 2022 1:50 pm

Fair point. Could it be a bad interaction between dstnat and ARP? When the client asks for the MAC of one of these NATted devices, do you have to configure the router to answer on behalf of the device? They'll certainly ignore ARP for those made-up IPs.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Wed Feb 02, 2022 2:00 pm

Addresses used to access devices (.11, .12, ...) exist on router, so there's no problem in this direction (from client .130). Opposite direction (from .129 devices) is handled by proxy arp on interfaces (ether2+) they are connected to.

But dstnat, that's it, I forgot to post dstnat rules:
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.255.11 to-addresses=192.168.255.129
add action=dst-nat chain=dstnat dst-address=192.168.255.12 to-addresses=192.168.255.129
Oops.
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Host PC static IP => RB5009UG+S+IN => 5 devices with same IP addresses. Help. How to?

Wed Feb 02, 2022 2:10 pm

Yay, Cunningham's Law triumphs once again! 😛

Who is online

Users browsing this forum: No registered users and 16 guests