K
K
kovalr2016-09-10 02:51:07
Mikrotik
kovalr, 2016-09-10 02:51:07

Why doesn't Mikrotik allow traffic from multiple IPs through one physical interface?

The provider gave me 4 public addresses.
Let's assume this is 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4.
All addresses are registered on one physical port. Command
/ip address add address=1.1.1.1/32 interface=ethernet1
/ip address add address=2.2.2.2/32 interface=ethernet1
/ip address add address=3.3.3.3/32 interface=ethernet1
/ip address add address=4.4 .4.4/32 interface=ethernet1 Trying to
ping 1.1.1.1 from the internet. Ping is coming.
I'm trying to ping 2.2.2.2 from the Internet. There is no ping.
I try to ping 3.3.3.3 from the Internet. There is no ping.
I try to ping 4.4.4.4 from the Internet. There is no ping.
I turn off the address 1.1.1.1. I check the ping on 2.2.2.2 - it goes. I include the address 1.1.1.1. I check 1.1.1.1 ping is coming.
I include all IPs. I am overloading the router. There is no ping. I turn off and turn off IP 1.1.1.1. The ping works.
What is the point? Why does ping only work after juggling IP addresses?
I can't find patterns. Now rebooted and everything works. Sometimes I overload and ping only one IP. Firewall turned off. NAT too.
UPDATED:
The provider issued a pool of addresses from its router connected to the switch.
For example:
network 8.8.8.208/29
gateway provider 8.8.8.209
IP 8.8.8.210 Mikrotik first port, provider switch 1 port
IP 8.8.8.211 Mikrotik first port, provider switch 1 port
IP 8.8.8.212 Mikrotik first port, provider switch 1 port
IP 8.8.8.213 The server is connected directly to the provider switch, provider switch 2 port
IP 8.8.8.214 Mikrotik first port, provider switch 1 port
IP 8.8.8.215 Broadcast
8.8.8.210 = GW (192.168.1.1) for local network users.
8.8.8.211 = Linux server (192.168.1.200) on LAN
8.8.8.212 = Linux server (192.168.1.201) on LAN
8.8.8.214 = Linux server (192.168.1.202) on LAN LAN
192.168.1.0/24
Mask / 32 for each specific address was made in order not to affect the IP 8.8.8.213 (which is connected to the server directly bypassing the router).
How to do NAT ONE-TO-ONE?
/ip address add address=8.8.8.208/29 interface=ethernet1
/ip firewall nat add chain=dstnat dst-address=8.8.8.211 action=dst-nat \
to-addresses=192.168.1.200
/ip firewall nat add chain=srcnat src-address=192.168.1.200 action=src-nat \
to -addresses=8.8.8.211
Only if I do this command /ip address add address=8.8.8.208/29 interface=ethernet1
won't my router accept packets for host 8.8.8.213 ?
Or is the provider configured so that packets for IP 8.8.8.213 will only come from the second switch port, and everything else (8.8.8.210, 8.8.8.211, 8.8.8.212, 8.8.8.214) from the first?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
M
Mystray, 2016-09-10
@kovalr

Do not use /32 without a clear understanding of what it is and why in this situation.
How exactly did the provider give you 4 public addresses? How does the connection work in general?
And why /32?

K
Kirill Vasiliev, 2016-09-12
@vasilevkirill

I strongly recommend that you read books and articles about how networks work, since you simply do not have enough base, you confuse everything into one mess.
start with this https://habrahabr.ru/post/134892/
you can somehow set up network equipment with copy-paste, and then shout that it does not work

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question