Community discussions

MikroTik App
 
samciar
just joined
Topic Author
Posts: 4
Joined: Thu Oct 10, 2019 8:24 am

Assigning public ip without being routed on the main ip

Thu Jun 23, 2022 8:38 am

hi guys,

I would like to ask the experts about my case.

My provider gave me an ip pool 177.93.x.200/29 and I assigned the ip 177.93.x.202 my main mikrotik.

Now I want to assign ip .203 to a customer, who has private ip: 10.10.10.8 for example.

If I do Destination NAT to set as src and dst the public and private, my client still sees the 202 of my mikrotik, as his public ip, not the 203 that I assigned him.
chain=srcnat action=masquerade src-address-list=!PUBLIC IPS out-interface-list=INTERNET log=no log-prefix=""

chain=dstnat action=dst-nat to-addresses=10.10.10.8 dst-address=177.93.51.203 log=no log-prefix=""
chain=srcnat action=src-nat to-addresses=177.93.51.203 src-address=10.10.10.8 log=no log-prefix=""
This case is difficult for me because I am trying to assign an ip of the same subnet as the one my provider gave me.

I have been given ideas of proxy-arp, or denying src on my masquerading nat, but I can't get it to work.

Thanks in advance for your help
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Assigning public ip without being routed on the main ip

Thu Jun 23, 2022 7:47 pm

Order of rules matters, because first matching one gets used. So you need generic masquerade after client's src-nat.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Assigning public ip without being routed on the main ip

Thu Jun 23, 2022 8:01 pm

Why don't you just route the public IP to the customer without NAT? They may be more happy with that as well, and it solves your issue.
 
samciar
just joined
Topic Author
Posts: 4
Joined: Thu Oct 10, 2019 8:24 am

Re: Assigning public ip without being routed on the main ip

Fri Jun 24, 2022 3:34 am

Why don't you just route the public IP to the customer without NAT? They may be more happy with that as well, and it solves your issue.
It sounds pretty good, but unfortunately I don't understand how it could be implemented, could you give me an example with a script? I would be very grateful if you could guide me,

I have relied on the wiki, on nat, to know about the ips assignment, but it doesn't say anything about when the ip is part of the same subnet that is assigned to my mikrotik core.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Assigning public ip without being routed on the main ip

Fri Jun 24, 2022 4:12 am

1) Deliver the address to client. One way is routing it to existing internal address:
/ip route
add dst-addres=177.93.x.203 gateway=10.10.10.8
2) Make it visible to upstream router:
/ip arp
add address=177.93.x.203 interface=<WAN> published=yes
3) Make sure it can pass through your router. If it should be completely unlimited, you can use "/ip firewall raw" and action=notrack for packets to and from 177.93.x.203, and allow untracked packets through router.
 
samciar
just joined
Topic Author
Posts: 4
Joined: Thu Oct 10, 2019 8:24 am

Re: Assigning public ip without being routed on the main ip

Fri Jun 24, 2022 9:15 am

Order of rules matters, because first matching one gets used. So you need generic masquerade after client's src-nat.
Thank you very much for that small but important detail.

I think that's what I was missing, ordering my nat rules.

In the tests I have done, it has worked, but I am waiting for the customer to test tomorrow with their proprietary applications.

Thanks to everyone else for offering me your ideas and alternatives, I am very very grateful.

Who is online

Users browsing this forum: Amazon [Bot], edielson_atm, peracchi, syslog and 89 guests