Hi guys.
I am pretty new in RouterOS, although I have a handful of devices running as usual NAT gateways.
I need to prepare few devices, some for production (as replacement), some for backup (in case current routers fail), all based on the following setup:
- ISP public IP (link) (static)
- /29 public subnet routed by ISP through above mentioned link IP
Due to fact that link IP is changing pretty often due to ISP network upgrades / reconfigs, I need services behind router to be set-up on my own /29s.
The main scenario is following:
- ISP link IP: 1.1.1.1/24 from a 1.1.1.0/24
- gateway for link IP: 1.1.1.254
- /29 subnet: 2.2.2.0/29 routed through 1.1.1.1 above (link IP).
- /24 local subnet for clients: 192.168.x.0/24
As, from the /29 above I have 6 public IPs available for use, I need to assign those IPs for specific access to / from LAN side: ex: one for MTA, one for httpd, one for NAT access for clients.
I managed to configure the above setup (or similar) on different routers (Juniper, AT, Fortigate), using different approaches (eNat, VIPs, etc) but I don't seem to know how to start with Mikrotik, in order to map specific internal IPs to specific public IPs from routed public subnet.
The basic idea will look like this:
- NAT clients from LAN (192.168.x.100 - 192.168.x.200) will all use 2.2.2.7 as Public NAT-ed IP
- MTA in LAN (192.168.x.240) will use 2.2.2.2 as Public IP (with forwarded needed ports, like 25, 465, 995 etc)
- httpd in LAN (192.168.x.241) will use 2.2.2.3 as Public IP (with forwarded needed ports, like 80, 443 etc)
- etc
Is this doable with RouterOS? Am I using a wrong approach? Should I go with assigning public IPs to internal servers and filter packets by ACLs, and just NAT the link IPs to clients (although I wouldn't like this one very much)?
Thank you!