Community discussions

MikroTik App
 
robertop23
just joined
Topic Author
Posts: 2
Joined: Fri Mar 17, 2023 11:36 am

VLAN ISP configuration

Fri Mar 17, 2023 11:48 am

Hello!

I have a very simple question (I'm sorry Im not a networking expert):

I have an ISP provider that gave me something like this:

VLAN: 510
Comunication IP: 10.100.10.122/30
Gateway: 10.100.10.121

Public IP: 42.230.20.38

I want to use the port eth1 as my WAN, but I dont now what to do with the Public IP.

I saw from other post that I need to do something like this:

/interface vlan
add name=wan interface=ether1 vlan-id=510
/ip address
add address=10.100.10.122/30 interface=wan
/ip route
add dst-address=0.0.0.0/0 gateway=10.100.10.121

Is that ok?

What else do I need? Because I'm missing the public IP configuration on my Mikrotik router (MikroTik RB941-2nD) and I need gain acces from outside using the public IP and obviously I need give Internet access to my router

Thanks in advance
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLAN ISP configuration

Fri Mar 17, 2023 7:27 pm

I can imagine two possibilities:
  1. ISP will perform netmap between public IP address given to you and your communication address. In this case you have to setup a pretty straight-forward src-nat rule (similar to rule below, but without the dst-address part and to-addresses set to interface IP address). After that you can do a test ... try to access some internet site and check which IP address it sees you coming from (e.g. open whatismyip.com).
  2. ISP will route traffic for the public IP address to communication IP address. It's then your router which has to perform NAT. The additional configuration (to what you already have) could be simple
    /ip firewall nat
    add chain=srcnat action=src-nat out-interface=WAN dst-address=!10.100.10.120/30 to-addresses=42.230.20.38
    
    There are many more ways to create SRC-NAT rule(s) which will properly change SRC IP address going from your network(s) towards ISP.

By all means don't forget to setup proper firewall rules ... use defaults as guidelines (execute /system default-configuration print to see defaults).

Who is online

Users browsing this forum: GoogleOther [Bot] and 40 guests