IP allocation
Hi! I need advice for setting up my network.
I have 23.130.212.0/24, and I want to assign a /29 to a router. My border router is a mikrotik and the router I want to assign the /29 to is a Unifi box.
Advice?
61 Replies
I'm willing to send my configs-
dude pls don't dox yourself
How did I?
that's a public IP address it's set for Vancouver BC
presumably that's where you are
Yeah uhhh I don't mind-
Everyone knows I'm in Vancouver already.
And I'm not actually in vancouver I only have offices in vancouver
well don't dox your offices either!
but i mean if you insist
can you show your network topography? are you trying to set up an Internet service that needs to put out like a website or do you just need connection to the internet?
-# also you should hire me to design your network :bp_wink:
Well it's absurdly simple.
I mean if you have good ideas...
ok so does it kinda look like this?
Uh no.
your network isn't in a design language i'm familiar with unfortunately
Wdym design language?
I’ve got bgp sessions with both HE and VANIX.
ok so explain how your innernet and opennet look like then
are you connected directly to HE and VANIX?
Yeah. I have a fiber link.
Well both are just names I use to keep track of
ok so explain what they look like on the inside
are they OSPF autonomous zones?
Osfp?
Well I’ve got three routers.
One is the border which connects up to VANIX and HE.
The other two connects to the border.
ok so you have your opennet router and your innernet router
Yes.
for your opennet is that supposed to be for server traffic? do you have some servers that need to receive connections from the public internet?
Innernet works.
Uh so innernet are for server traffic. Opennet is for like VPNs.
explain
What can I explain?
ok let me take this one at a time
you say innernet is working, what services are in there and which are working? presumably all of them but which?
Well working as in it is reachable from the no default zone.
Sorry I mean default free zone.
what's the default free zone?
Well uhhh the zone of the internet that can reach every part of the internet without using default routes.
ok i might be getting ahead of myself
let me go back to your actual question first
you typically don't need to have multiple public IPs unless you have services to render
Well I have a /24 so…
if you do have services to render, i.e. web server or dns or whatever, it's common practice to set it so 1 ip does 1 service
And I do have multiple services to render. With IPv4 exhaustion tho I prefer to port forward and use reverse proxies.
i.e. ns1.service.com would get 212.241, ns2.service.com would get 212.242
yea you can either set them up on your mikrotik border router or your unifi controller
Yeah that’s done.
It’s just I need the opennet router working.
if you set them on your unifi controller, you're basically setting your mikrotik as a switch interface and then set the IPs on the computers directly
if you set them on your mikrotik, you would need to do NAT
Oh the mikrotik is the border.
yes that's what i mean
Why would I need NAT? The /24 I have is a public routable block.
yes, so standard practice is typically to have a private IP address on the inside (e.g. 172.20.0.101, .0.102 etc.) and do NAT/port forwarding on the external
but you don't have to do that necessarily
BUTTT on the other hand doing it with port forwarding does make it easier to scale in the future, plus it makes it lets you more easily centralize your security config
Yeah I know that. That is done for each of the networks already.
The border router would assign public ips via dhcp
ok so your problem you mentioned was opennet? what does opennet do
Well what I need is it to be able to get a /29 range of public IPs (which the border router would route to and from opennet).
ok i understand that, but what do you need those public IPs for?
To set up VPNs.
explain
I need to be able to proxy traffic through any of those /29 IPs.
Also I want to set up a tor exit node and not have my main IP (.254/31)’s reputation be blown to smithereens.
why would your main IPs reputation be affected?
A lot of places block exit node IPs.
ok i think i just need to hop in a discord call with you if you're available
Sure in a sec
ill be in #🤙︱General Voice 2
Okay
It’ll be five minutes.
@pls hire me no perms…
despair emoji
:(
what
what's the threshold for Active again
lavendar.earth gave me a 404 btw
ooooohhh wait im a goober you said tor im silly
also im not sure if this server is allowed to help you with tor stuff
for your opennet VPN traffic you can just do one IP for your incoming VPN connections
or you can do a connection where IPSec or 1194/UDP traffic specifically gets port forwarded to your VPN server, and anything else just gets passed through as normal
kinda cursed setup but it could work :cereal1:
Oh why not?
against server rules possibly
Right but Opennet isn't able to be reached.
Huh. First time hearing internet privacy is against the rules.
i mean you did just get here yesterdaty
im not gonna ping a mod because im not sure but im not gonna help you with tor specifically (also because ive never worked with tor :brainless:)
i can help you with VPNs though
Fair :P
Well it isn't even tor.
It's more getting the OpenNet router an IP/
im still confused on why you would even need that
oh you're active i think you can join vc now
im in #❓︱Support Voice
TOR exit node stuff is fine
Nothing illegal about it