4

I'm not very knowledgeable with networking, so what I'm asking might make no sense at all. I would appreciate help to point me in the right direction.

Here is my situation (I used local IP for representation only).

My network

I have a /29 network from my ISP and I want to have internet at a remote location that I have no line of sight for point-to-point wireless. However, I have a friend between the two places. I offered my friend: I'll give you internet if I can locate an antenna at your place.

What I am doing is basically NAT-ing everything at my first router after the modem. I bridged all the antennas together, which works okay. But now I'd like to give the external IP directly to my friend and the remote location, so my friend can port forward on his own.

Here's my problem. The modem is in "Bridge Mode" but when I use Wireshark on eth1 of my router, I can only see traffic that my interface has an IP for, and some ARP requests for XXX.XXX.XXX.XXX and replies to XXX.XXX.XXX.XXX. I'm under the impression that I need an IP on the eth1 interface of my first router for it to send back an ARP so the modem knows my MAC address, because as soon as I add the address on the interface traffic starts to come in.

What I was expecting to see was traffic coming to my interface no matter what. If I have an IP on it and then if I had only then my router would ping back to the internet since the IP is on the interface.

So since I don't have any traffic coming to the interface I can't route packets to be sent to another interface since I never receive any traffic.

So my question is: Is there some kind of MAC address NAT-ing possible on MikroTik? Or maybe I got this all wrong and I should do it in another way.

Also, I'd like to stay away from bridging altogether since traffic would be pretty high from my first location, and my friend and I would like the traffic to be routed.

Thanks for your time and answer!

Improve this question
5
  • The microtik router could have ARP broadcasting disabled. See this link for configuration details wiki.mikrotik.com/wiki/Manual:IP/ARP In your configuration as shown you shouldn't need arp proxying; assuming the routers are configured with the correct subnet.
    – Argonauts
    Commented Sep 7, 2016 at 18:07
  • @Argonauts I think I actually need arp proxying though. Cause like i said If I ping from an external source the public ip configured at my friend for example it will never show up on wireshark on my frist router, And then if I put my friend public ip on the Eht1 of my first router I start receiving the request since my router actually answered the arp request the modem sent. Its like the modem don't route the traffic, til there is an ip to the connected interface.
    – Nicolas Racine
    Commented Sep 7, 2016 at 18:15
  • I'm not sure what you want to acheive, but RouterOs has some firewalling commands at MAC level; check the bridge menu, filters and NAT tabs. You can do stuff like MAC dst-nat / src-nat here, and it works nice.
    – Benoit PHILIPPON
    Commented Sep 8, 2016 at 11:33
  • 1
    What are the subnet and default gateway settings for each of the 3 routers - 10.0.0.1, .2 and .3? The issue of if and/or where you could use an arp proxy for routing purposes is dependent on that answer. Also with the topology in your drawing, the path that normal traffic takes is always the same ( bridged or routed). In other words while you can certainly control the ability to route between the various LAN segments ( eg each of your NAT networks), functionally all traffic to/from the internet must go through eth1.
    – Argonauts
    Commented Sep 8, 2016 at 11:34
  • @Argonauts All of my routing was okay, All router had the same gateway 10.0.0.1 I figured what was going on actually and posted it if your interested. Also i know there is only one route and that a bridge or not, would have been the same thing. But I was saying that because if i just would have put ether1 of router 1 bridged with all router modem arp brodcast would have made everything work ( since the modem would of had receive mac of all router) but would also have made all traffic on router1 go all the way to air even if its dst to internet.
    – Nicolas Racine
    Commented Sep 9, 2016 at 11:55

1 Answer 1

Reset to default
2

Thanks all, I figured my answer. What I needed was an ARP-Proxy on my router one at eth1.

My problem was that my modem even though it was configured as "Bridge" wasn't a real bridge. For some reason the modem wasn't forwarding all traffic to my router.

It was only forwarding traffic with a dst-address=10.0.0.2 since 10.0.0.2 was actually up on interface=eth1. So because the 10.0.0.2 address was setted up on an interface the router was answering arp brodcast from the modem concerning who has 10.0.0.2 with hes own mac address making traffic dst to 10.0.0.2 flow to him.

The problem was no traffic was flowing to my router1 with dst-address 10.0.0.3 or 10.0.0.4 so because of that my router coud not route packet to router2 or router3

So thats where to arp-proxy come in.

After I setted ether1 from router1 to arp-proxy once the interface see that it just sended a packet to the internet with a src-address not seen before say 10.0.0.4, it will answer ARP brodcast asking who has 10.0.0.4 reply to 10.0.0.1 with my first router mac address. Only from then on my router1 will start receiving traffic destinated to 10.0.0.4 and route it toward him.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .