Community discussions

MikroTik App
 
DrChris
just joined
Topic Author
Posts: 1
Joined: Fri Sep 30, 2022 1:16 pm

Split IP Address Ranges - Router Config

Fri Sep 30, 2022 1:40 pm

Our ISP has assigned us two blocks of static IP addresses and I'm now having problems getting our Router configures correctly.

Original config
  • 185.106.134.192/28
  • Ports 1-6 assigned to Bridge 1 (DMZ)
  • Ports 7-8 used for LAN behind firewall, NAT, Masquerade rules etc
  • Bridge assigned IP address 185.106.134.194/28
  • Upstream gateway provided by ISP is on Ether1 and has IP address 185.106.134.193
  • Default route is via 195.106.134.193
That all works fine. Anything behind the firewall on the LAN has full internet access.
We've also got a computer in the DMZ with the static IP address 185.106.134.195 and netmask 255.255.255.240. That works also works perfectly

The ISP have now allocated us a second block of IP addresses: 185.106.134.160/28
We've set these up as follows
  • Additional address added to the bridge 185.106.134.161/28
  • Second computer in DMZ assigned static IP address 185.106.134.166 with netmask 255.255.255.240
This computer cannot access the internet although it can PING 195.106.134.195

What have I missed?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Split IP Address Ranges - Router Config

Sat Oct 01, 2022 1:03 pm

Hard to say without seeing the configuration export and the details of the configuration at the ISP side.
  • as you mention a DMZ, I assume you have got some firewall rules in place, that may prevent the "second computer" from reaching internet
  • there may be some issue with ICMP redirection - since both subnets are on the same bridge, the Mikrotik may be telling the "second computer" that a better gateway is available in the same L2 segment, but that gateway is outside the "second computer's" subnet which may confuse it
  • the same applies also for the ISP's router - I'd assume they have configured it in a way that it has no own address in the ...160/28 subnet and uses one of the addresses in the ...192/28 subnet as a gateway to the ...160/28 one - if so, it will receive the ICMP redirection packets too

Who is online

Users browsing this forum: Ahrefs [Bot], anav, menyarito and 65 guests