Here's the question:
I have a public ip 13 block and have the switch hooked up to that through my external microtik router
then i have one of the ports going into my wifi router (ax11000pro or be88u running merlin) that takes one of the public ips and nats it to a private subnet for local devices.
The switch both the real wan from cable modem and out to the wan in on the merlin router all reside together on a managed trendnet 10gb switch.
The issue i am running into is that i cannot access the switch via ping or web etc as i gave it an ip in and alternate private subnet
I have tried to put in a static route and this still does not work..
I have the ip on the switch as a totally differnt subnet .14 vs my .11 main private subnet.. as not to conflict and confuse the switch as the only way to really reach my .11 private subnet needs to be through the wan in on the ax11000 pro router.
Question is how can i add a static route .. right now the merlin router cannot even ping the .14 subnet/switch.. i can see it with arpping so set is up on the correct ip, but i need it reacheable preferably from the ax11000pro,
and then through one of my local pcs if i put nic on that alternative .14 subnet for maintenance..
I don't want to give it a true public ip which will work and have it on the wider internet.
thanks in advance..
anytime i try a static route ie 192.168.14.0 mask 255.255.255.0 x.x.x.x (where this is either the wan ip of the ax11000 oir the next hop up) it ignores my route.
i would have thought this would work but it doesnt
route add -net 192.168.14.0 netmask 255.255.255.0 gw 173.14.x.x
ie
/tmp/home/xxxx# arping 192.168.14.1
ARPING to 192.168.14.1 from 173.14.182.124 via eth0
Unicast reply from 192.168.14.1 [78:2d:7e:23:a0:05] 1.280ms
Unicast reply from 192.168.14.1 [78:2d:7e:23:a0:05] 2.721ms
^CSent 2 probe(s) (1 broadcast(s))
Received 2 reply (0 request(s), 0 broadcast(s))
admin@portal:/tmp/home/root# ping 192.168.14.1
PING 192.168.14.1 (192.168.14.1): 56 data bytes
Honestly i am having a hard time following the network layout you have based on the text. Do you have a diagram that shows how it is all connected. What if any vlan's and private networks are there. What is suppose to be handeling the routing between the network.
It sounds like you may have some stuff nested possibly
A good clear picture of how the network is designed could really help. Are you using any vlans and if not how did you give these devices their own ip range on the network. Did you just assign IP's on different networks.
1 Like
as i remember private ips are not routable over public ip space so this will never work..
my only solution seems to be to isolate the port on the switch since it has that option and only allow a certain ip access. (the maintenance) pc and put the .14 ip on that machine and leave it plugged in to the switch permantely so when i am remote i can have access if needed. Right now i have no empty ports so will have to move something to sfp+ probably fiber.
Well they should never be routed beause conflicts will occur. But on a local network you should be able to run multiple subnets on vLan's.
I have it running at my home now. That is why i asked about the exact layout/design of your network. It seems it should be possible for a device to go from your wifi network to talk to the switch management IP as long as they don't have to leave your local network to do. Or simply put your Microteck router is aware of both subnets and then handles layer 3 routing.
That is why I asked about VLans and such. If your wifi router though is taking a external IP through the Microtek router then that could be the problem right there. Is there a need for that? Could the wifi Router be put in AP mode and then the subnet it is assigned to be a local vLan to isolate it.
its a little more complicated everything has a backup ie backup mikrotik , backup asus router. etc all on wifi switches on an alternate att access point so i can reboot stuff and swap over to the alternate equipment remotely in case of failiure as the house is empty 5 months a year when we are elsewhere.
the problem with putting the asus router in ap mode causes issues when there are private ips and public ips going throught the same switches and routing issues occur.
i need the mikrotik router to be in bridging/firewall mode as my gw is on same subnet as ip range and therefore to have the firewall work correctly i have to route packets for certain services/ports to one single public ip (that is my wifi router) which translates into my local private subnet... thus it cannot be in access point mode.. the firewall has to just have rules that work on the public ip network.
i do have another wifi router downstairs in ap mode
for instance to allow ssh or vpn etc to work the rule has to map incoming ports services to the local subnet ip. etc.
ok so just so i am sure i understand the microteck device is just being a firewall and not really doing any routing. That is all being done by the Asus Router. and then devices attached to the swtich are getting public IP's? They are being protected by the Firewall.
Does that sound right. So really your dmarc for your local network is the Asus switch and even though you assigned the Trendnet a Private ip it really isn't on a local network?
? do you need 13 IP addresses or are you really just using 1. The main reason you would neeed more then one is if you were running multiple of the same service and needed to use the same network ports. Otherwise you could use 1 and just forward the ports through the NAT.
i need 6
1 main mail server
1 backup i can swap in
1 for the microtik router
1 for main mail drac
1 for backup mail drac
1 for asus router
minimum blocks are either 5 or 13
yes microtik router is in bridging not routing mode and has a bridging firewall between the two ports in use.
yes that the out trendnet is not on the local net it is has only things plugged in that have public ips save the one out from the bridge on the microtik that knows about the local net.
for now i put a .14 separate private ip on the switch and i can plug in a nic on one of my machines to get to it when i want.. my main machine has 2 built in nics and a dual intel 10g nic i added for the speed so i have extra nics to enable this.. unless you recommend a better way.
and yes on the multiple services.. i havent yet but for instance i have a backup mail server natted to one of my nas's on the local net..(in a windows server virtual machine) just as a store and fwd server in case main servers are down. if i needed another one i would have to use another public ip as you say to reuse the port.
