Mikrotik - Add second WAN IP and route specific traffic - networking

After 20 pages of SO results about Mikrotik and some more google results, I'm come here, down on my knees to request some enlightment.
I have a network with static IP and some public IP (248 mask).
So far I've configured the network to use one of those public IP and use it for 2 subnets (192.168.85.X and 192.168.5.X) wich are isolated from each other and both can access internet.
What I'm trying to achieve is to add a second WAN ip to the router, and route traffic to a specific server to use that IP.
What i mean is:
Any PC from 192.168.85.X should use WAN IP1 and use internet with it.
Any PC from 192.168.85.X trying to access www.facebook.com should use WAN IP2 to browse and navigate to that website (while all the rest of the traffic goes through WAN IP1).
The device that gives me the WAN link only has 1 "out" port, so there is no way to put 2 cables from the "modem" to the Mikrotik, right now there is 1 cable going from the modem to the Mikrotik device. I've seen some forum post where the first part can be solved by just connecting 2 cables and then assign different IP for each interface.
As you may notice, I'm really raw in networking and routing, so any GUI/Winbox instruction is appreciated, but CLI commands would be just fine.

This info is for reference for anyone who may want to do this in the future:
1.- If you assing the IP to the WAN interface using the same notation X.X.X.X/29, the router will know that you want to use all the IP but set the default route to use the given IP as the prefered. This can be looked up in IP > Routes.
2.- If you want to use different IP for different traffic, you have to a) Mark that traffic and b) Force that traffic to go out by an specific IP. You do this in IP > Firewall > Mangle to mark the traffic and IP > Routes to add the new route for that traffic. There are contradictory info about if you need or not to add NAT (IP > Firewall > NAT) rules for the traffic and i'm really lost about it (it doesn't work with or without, but sometimes does work).
This is all i can contribute to this, i'll keep trying to find and answer in serverfault as #SergGr suggested.

Related

My Router Internet IP is different from my public IP

I am running a ddns client on Ubuntu for Nextcloud server, however my ISP has done something to the router so internet IP showing in the router is different from my public IP which causes an issue when ddclient updates the IP of my domain.
I have tried to contact my ISP but they want me to pay a huge amount for a fixed IP.
Is there any solution for this?
My router model is HG8245Q2.
*PS: The IP shown in the image is just an example.
Note: I tried this on a another router model HG8245Q, and it gives me the same IP on both router and google. so no issue on the old router model.
The IP address you see in your router is just another internal IP address from private range 10.x.x.x
This means your router is not connected directly to the internet but to another subnet of your ISP. And only this subnet is connected to the internet over another router (with NAT) and this router has a public IP address.
This is standard behavior with most of ISP because they have limited count of public IP addresses. If you need public IP, you have to pay for it, change ISP who gives you one for free or try some edge case solution like rent VPS server and make VPN tunnel to your home router (this requires advanced networking skills)
Maybe DDNS comes in handy for you. You can opt for free DDNS services like DynDDNS or NoIP.
Steps [I personally prefer noip.com ]:
Create a Free Account
Choose a hostname(We can say a domain name pointing towards ur system IP)
Download their desktop client(To sync your Dynamic IP with the hostname you selected)
Boom it's done! Use that hostname instead of IP wherever needed, traffic will be redirected to your system. Just take care of port forwarding and firewall settings.

How can I ping my home computer from outside?

I'm trying to wrap my head around networking and the internet. This is a very big subject, and it is not my goal to understand all of it. However, I want to know how to use it for... stuff... which right now means I want to find a specific computer. I'm going for my home computer. I know the IP adress is alpha and omega when it comes to finding something online, so I have looked it up, by typing "my ip" into google. So far, so good.
However, I did the same on my phone, which is connected to the same wireless router, and lo and behold, it has the same IP address, according to google. So, if I am on a different computer, on a different network, and I try to ping that IP address, my best bet is that I'll reach that wireless router and that's that (I've checked in the router settings that that is indeed my router's IP address as well). How can I send a ping (as in, using the sommand ping, either on linux or windows) from somewhere else that goes out on the internet, and specifically finds my computer, instead of just the router controlling my home network?
Your home router has a single IP address. The router's job is to use a network address translation (NAT) to figure out which computer or device on your home network sent which requests so that all the devices on your router can use the same external IP address.
The router also has port forwarding settings that you can look up so you can, for example, set up a game server or web server that directs all outside network traffic trying to use that port to that one specific computer. You can also DMZ a specific computer but that leaves that device open to attacks.
To keep it simple: the devices in your home network do have an IP address, but it is a private IP address. In order to be able to reach your phone from the internet, it should have a public IP.
Unless you try to mess with the router, you can't reach any device from outside your network.
Your PC lives underneath the router on a smaller network called your LAN. The internet cannot see it, it can only see your router, which in this case is serving as a gateway.
Pinging is difficult behind a router depending on whether your router uses PAT or NAT. In order to forward traffic to a specific port you can change a setting in your router to forward incoming traffic on that port to the local machine.

How to Find My Proper Ip Address to Connect to Another Computer Remotely

My friend wanted to connect to my computer using Remote Desktop Connection. But the problem is I am confused what my Ip address is.
My computer is connected to the internet via router via broadband internet network. My ip address is dynamic.
Here, my main purpose is not only the remote connection but also learning how dynamic ip connect to another pc.
I searched for ip address on Google. They show me an ip address. But I think it is not mine, it's related with the router or broadband network. I also find a WAN ip (it is different from that i found on google) on router settings. It did't work.
I used Team Viewer. It worked perfectly. But I want to do that manually because I am going to make a multiplayer game on GM8.
It will helpful if someone explain about ip and port forwarding.
Teamviewer is a great tool, but uses different techniques than what you plan to do. Teamviewer always uses an outgoing connection and use a mediator on the Internet to connect you and the other PC.
You should ask your Internet provider if he technically enables you to be reachable from the outside Internet. Often this is not possible at all, even if you configure your router the correct way.
When you ask this you can ask him if you have a static IP.
It seems you are not aware of basics of IP networking, so I'd strongly advise against trying this on your router as wrong settings would render it useless. But here's for your information how port forwarding and IP Address and dynamic DNS can be used to solve your problem.
Basically your ISP is likely to give you a router having an IP address. If this IP address is a global IP address, it is possible to connect to this IP from outside. How do you find out whether your IP address is global? Look for your WAN IP address setting. If it is in 10.x.x.x or 192.168.x.x range, it's unlikely to be global and in that case it might not be possible to connect to your computer from outside - without help of a third server (some kind of a registration server, where you connect and register your application). The Registration server would determine your globally visible IP address and then convey it to another Application who is interested in connecting to it. This is somewhat complicated to make it work (but if you intend to make a game - this is something you'd have to do regardless). This is mostly how software like TeamViewer would work.
If you have a global IP address - it means it can technically be reached from anywhere in the world. In that case you could use port forwarding to make things work for you. Port forwarding works basically as follows - You expose a certain port (on TCP) to external world - say 8000 and then you make a setting like following on your router.
<TCP>-<RouterIP>-8000 --> <TCP>-<Your LAN IP><Your application Port>
(You can find you lan ip using ipconfig on windows or ifconfig on Linux).
Now all connections coming to port 8000 would be directed to your application. You might want to do it on UDP as well and the protocol above would change. That is how you 'open' a few ports to be accessible from outside, configure them on your router and then run corresponding applications on your network.
There's another thing called dynamic DNS, where the IP address you use if it is dynamic (and global) can be registered with a Dynamic DNS server so that you don't have to know and remember the current WAN IP Address. But that can be for later.
Hope that helps.

how to communicate hosts in different subnet

We have two subnets
Router 1
192.168.2.1
255.255.254.0
Router 2
192.168.1.1
255.255.255.0
Modem >> switch
>> router1 wan port >> from lan port to switch >> Different computers
>> router2 wan port >> from lan port to switch >> Different computers
Please note two different static public ips(of same subnet) for both routers.
I would like to know how I can access a host from Router 1 to a host in Router 2 or vice-versa.
use a single router:
Modem >> router >> switch >> lan1 >> computers in lan1
>> lan2 >> computers in lan2
You don't even need two LANs formally, since the PCs don't need a special routing rule to reach all local systems in this case.
You use two address sets: 192.168.1.xxx and 192.168.2.xxx and a network mask of /23 or even /16, no difference there. This way all PCs know they can simply send out packages to everything inside 192.168... Whereas for packages outside they need a rule routing those packages through the router. The routing of packages between the two areas on the LAN side is done automatically by the switch. That is what a switch is build for.
This is an explanation of how you would do it assuming that you must keep these as two separate subnets!
That is, you'll have to set up access for each IP address in the other router's firewall, and then specify to which internal system it will connect.
Note: It's only safe to do this because you have two static IP addresses! There really isn't an easy, safe way to do this with dynamic IPs.
In that case, Router 1 will have to grant access to Router 2's public IP address and vice versa. How you do this completely dependent on the make and model of the router.
The routers will know how to route to each other, because they'll be using the public IPs.
So, the data path will be: System1 (subnet1)->Router1->Internet->Router2->System2
Since different routers have you specify addresses in different ways, make sure you know how yours expects you to input the address or range of addresses.
However, that's not enough. Because you have multiple systems on each subnet, all sharing the same public IP address, you also have to specify which inbound traffic goes to what subnet host.
That is, you start on System1 in the above data path. The data goes out Router1 and back into Router2. How does Router2 know where to send it? It only has ONE external IP address.
Again, there are different ways of doing this for different routers. On some, you can specify that data on certain ports gets sent to certain systems. (Port Forwarding)
Using Telnet as an example (you shouldn't! Telnet isn't secure. It's just easy to use as an example)...
You want to get from System1 (on subnet1) to System3 (subnet2).
On Router1 you specify that incoming data on Port 23 (Telnet port) should go to System1. On Router2 you send all Port 23 data to System3.
Port Forwarding, however, is somewhat limited insofar as, in the setup above, only System1 and System3 can receive Telnet data.
The other common way to do this is to have all data from a particular IP sent to one particular system on your subnet. That won't work for you, because you have multiple systems on each subnet!
I hope this isn't too non-specific! (Or too rambling! :-) ) I'm trying to be as non-specific as possible, but it makes it difficult to explain things! Unfortunately, since each company's routers use different interfaces, it's impossible for me to exactly what you need to do!
Let us know what your routers are. Then I can possibly be more specific.
In the meantime, however, look for the sections in your router to 1) the other router's data in, and 2) specify what data goes to which system on the subnet!
I hope this helps!

Access localhost from another computer not on network

Before you say that it is a dupe, this is not the same as this, this, this or this.
My question is how do you do it globally.
For instance, consider this. I have EasyPHP running in my computer. At present my ip address (global) is 223.231.178.118
Now, let's say there is someone else (maybe in a different country altogether) who wants to access my ip (223.231.178.118). I do know how to access 192.168.x.x from the same network. I just want to know how you can do this globally, if possible.
P.S 1 : The computer running EasyPHP is behind a router.
P.S 2 : My IP (local IP is, but global one is not) is not static. But let us assume the person who wants to access my localhost does know my Dynamic IP. For example, let us assume I tell the person who wants to access my localhost is my friend and I tell him over phone what my IP is.
You can use tools just like ngrok or Forward
more tools are in this post Accessing localhost From Anywhere
Your local IP address "192.168.x.x" is only known to your router and unknown to everyone outside your LAN. The global IP address (223.231.178.118 in your example) is the global address of your router.
To be able to access the EasyPHP server on your local computer you need to forward the corresponding port (for http webservers the default is 80 but it might be different for EasyPHP) from your router to your local IP. You need to check your routers manual on how to do this.
After you have done that you can just tell the person who wants to access your local computer the global ip address of your router and he will see your EasyPHP response by browsing to that global address.

Resources