I've setup NAT many times, and used multiple Public IP's on the WAN interface - but I've never had multiple Public IP blocks I could use inside.
I have a x.x.x.248/29 block that I'm using on the WAN/Public side - ether1
I have a x.x.x.128/28 block that I'm using on the LAN/Private side - ether2
I've added x.x.x.250/29 as the main IP on ether1
I've added x.x.x.129/28 as the main IP on ether2
Default Routes include:
x.x.x.248/29 ether1 x.x.x.250
x.x.x.128/28 ether2 x.x.x.129
I added a route:
Basic setup according to Mikrotik Wiki
Can ping router from internet and SSH and Winbox to it.
So I can get to the router from the internet.
I can manage it and login.
While logged in, I can ping to any internet address, as well as hostname so DNS works too.
I can also ping Private addresses (using the x.x.x.128/28 block) from the router while logged in.
If I get on one of the local machines that has a x.x.x.128/28 block address, I can ping it's gateway IP of x.x.x.129 - which is on ether2 on the router. I can also manage the router from that machine using Winbox.
So to summarize:
-I can access router from internet
-From the router I can access internet or local network (with public IP block)
-From local network I can access router
-I can't access anything local from the internet (even with firewall rules, though I may have them wrong)
-I can't access the internet through the firewall
Note - I have not setup any NAT rules
So my questions are:
-Am I lacking routes?
-Am I lacking the correct firewall rules? In which case what is the syntax?
-Am I supposed to do a Bridge or Proxy Arp? (I've tried both these with no results)
Thanks in advance