Can you make a map with the routers/gateways? The way I think it should be working is the customer with a private goes to the gateway, then that gateway should have the routes pointed back towards the tower but using the public IPs.
On 4/14/09, Keith Barber <[email protected]> wrote: > Okay, so this one has been bugging me for a bit. And of course it has to do > with NAT, the most evil of evils. > At one of our tower sites we were trying to make it so that a standard home > customer (no public ip), can talk to a customer with a public IP. > > The public IP is located on the customer's router on their premisis. > The home customers have private address's, which are NAT'ed to a pooled > public ip at the tower site. > I have to say it works great for most everything. The problem we are having > is that communication between these two types of customers doesn't work if > they are connected to the same tower. > > Below is the export from the 3 places I would think would be playing a > factor in this fun little mess. > > As you can see, the public IP's are located on a different interface than > the private ones, but I wouldn't think that would cause any problems. > > Does anybody have any ideas, or possibilities if this is even possible? > It's like I need the traffic to be nat'ed to having a public IP as soon as > it enters the router, or something. > > Thanks for the ideas. > (and hopefully this message won't be flagged as an unknown charset, since > it's from my webmail client instead of evolution) > > -Keith- > > > / ip firewall nat > add chain=srcnat action=src-nat to-addresses=208.84.196.130 to-ports=0-65535 > \ > src-address-list=Customer_Pool comment="NAT all customer pool traffic to > \ > 208.84.196.130" disabled=no > > /ip firewall address-list > # LIST ADDRESS > 0 Customer_Pool 10.100.71.0/24 > 1 Customer_Pool 10.100.70.0/24 > 2 Customer_Pool 10.100.72.0/24 > 3 Customer_Pool 10.100.150.0/24 > 4 Customer_Pool 10.100.73.0/24 > > / ip address > add address=208.84.196.130/26 network=208.84.196.128 > broadcast=208.84.196.191 \ > interface=Nic1 comment="Portable Public Block 208.84.196.128/26" \ > disabled=no > # > / ip address > add address=10.100.70.1/24 network=10.100.70.0 broadcast=10.100.70.255 \ > interface=RB1 comment="BlueE ; JFWest; JFNorth; QQ; SionHill" > disabled=no > add address=10.100.71.1/24 network=10.100.71.0 broadcast=10.100.71.255 \ > interface=RB2 comment="Blue 2 ClairMont; CaneBay" disabled=no > add address=10.100.72.1/24 network=10.100.72.0 broadcast=10.100.72.255 \ > interface=RB3 comment="BlueN; BlueW" disabled=no > add address=10.100.73.1/24 network=10.100.73.0 broadcast=10.100.73.255 \ > interface=RB3 comment="BlueN; BlueW" disabled=no > > Route List: > # DST-ADDRESS PREF-SRC G GATEWAY DIS > 0 ADo 0.0.0.0/0 r 208.84.198.9 110 > 31 ADC 10.100.70.0/24 10.100.70.1 0 > 32 ADC 10.100.70.13/32 10.100.70.254 0 > 33 ADC 10.100.71.0/24 10.100.71.1 0 > 34 ADC 10.100.72.0/24 10.100.72.1 0 > 35 ADC 10.100.73.0/24 10.100.73.1 0 > <..snip..> > 236 ADC 208.84.196.128/26 208.84.196.129 0 > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://www.butchevans.com/pipermail/mikrotik/attachments/20090414/538fd4cf/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 Those who don't understand UNIX are condemned to reinvent it, poorly. --- Henry Spencer _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
