Hi everyone, i need some help here, let me explain...

My ISP gives me a /27 class C block of IP addresses, from x.x.x.64 to x.x.x.95
IP x.x.x.65 it's my ISP router and gateway.


[Internet] ----> ISP Router (x.x.x.65/27) ----> MT (WAN: x.x.x.94/27 - LAN: 192.168.0.1/24) ----> PPPoE Server ----> PPPoE Clients


The MikroTik box has the x.x.x.94 on the WAN Interface, and I'm using a PPPoE server to authenticate my clients, in the LAN Interface side.

The question is, how to make some clients receive a public IP address once they authenticate against the PPPoE server ?

¿As simple as adding one of the public IP address on the Remote Address at the PPP Secret section ?
Note: (Winbox > PPP > Secrets tab > PPP secret <secret> )

I've been reading about making a pool with the public IP addresses, and assign that pool on the PPPoE Profile, but the topics I've found aren't too much explained.

I mean like this.

Thanks for your help, I hope this makes sense for you guys...(Excuse my, bad, english!)

Create DHCP with Public Ip pool on LAN interface.

and in PPPoe profile create new or edit existing profile by giving remote address as a Ip Pool.

Create DHCP with Public Ip pool on LAN interface.

and in PPPoe profile create new or edit existing profile by giving remote address as a Ip Pool.

If you're using PPPoE there is no reason to create a DHCP server anywhere, and could actually pose a security risk as the users could just switch from PPPoE to DHCP and get an address without authenticate undermining the PPPoE authentication.

All you need to do is create another pool, and set the clients you want to have public IP's to use the public pool instead of your standard private.

You can do this with RADIUS by passing the "framed-pool" parameter. If you're using Mikrotik's internal user management then just add another profile for the public IP users, and set the remote addresses to use the new pool.

If you're looking to just assign static IP's, then you can create a secret and set the static IP in the remote-address field.

Make sure your routing tables are correct on any intermediary hops, and you're done.

public ip pool behind nated network ?

how this can work?

scratch that.. i just re-read your original post..

I'd call the ISP and ask them to create a /30 between their router and yours then assign the /27 to the LAN interface on your router... You should have a point to point link between your ISP router and your Router instead of wasting IP's from your /27 to link to your router... You'll then need to subnet the /27 into smaller blocks so you have some public addresses to route to your PPPoE Server.

If your ISP is unwilling to allocate additional addresses then you'll have to use address out of your /27..

Basically you have to rethink the logical design of your network.

EX: say you have the following address block 1.1.1.1/27, the ISP should give you a point to point link via a /30 not in your assigned subnet then you'll need to subnet the /27

Internet <---> ISP_ROUTER [2.2.2.1/30] <---> [2.2.2.2/30] My_Router [1.1.1.1/29] <---> [1.1.1.2/29] PPPoE server [private/public_pools]

If you subnetted the 1.1.1.0/27 into /29's that'd give you 4 x /29 networks...

1.1.1.0/29 (core)

You could then route the additional subnet's to your PPPoE concentrator.

1.1.1.8/29
1.1.1.16/29
1.1.1.24/29

You could summarize the last two networks into 1.1.1.16/28 or break up the /27 into two /28... it all really depends on how many hosts per segment. You don't want to waste unnecessary IP's if you don't need to due to the limited amount provided to you.

Your other options are proxy-arp and/or NAT.. but I would not recommend using these methods. The best way to give your clients public IP's is to subnet and route.

Also I would advise against using any IP's in the 192.168.0.0/16 subnet as these are commonly used for SOHO grade routers (linksys/dlink/netgear/etc...). Use something in the 10/8 subnet or 172.16/12 as defined in RFC1918.

So the solution is between these two:

All you need to do is create another pool, and set the clients you want to have public IP's to use the public pool instead of your standard private.

and

I'd call the ISP and ask them to create a /30 between their router and yours then assign the /27 to the LAN interface on your router... You should have a point to point link between your ISP router and your Router instead of wasting IP's from your /27 to link to your router... You'll then need to subnet the /27 into smaller blocks so you have some public addresses to route to your PPPoE Server.

No doubt last one is the correct way to go. I have only one problem, I got already running some services like DNS, FTP, SMTP, POP3 and WEB, with some public IP's from the /27 block, don't wanna change that for now.

So I think I'm going for the "quick" and first solution.

Simple as creating another pool with the public IP's, right? Hope so!

Thank's a lot for your help wildbill442 and all the people at the forum for your great support.

I'll let you know how it goes!

you can also use proxy-arp feature if your ISP cannot provide a /30 for you.

IIRC if you enable proxy-arp on the public (?) interface, it will allow you to assign your public remote addresses on pppoe sessions (via framed-ip-address or framed-pool or ppp secrets). It's not the "Right Way" to do it, but it should work.

ricardocasares,

That may work but I'd only set it up that way temporarily until you can get everything routed correctly. It's more of a bandaide solution when using proxy-arp to provide users with public IP addresses.

And just to clarify disregard my first post, I had posted that thinking the MT Router was your PPPoE server.. You wont be able to just create a public pool and it will magically work. You'll need to do some creative proxy-arp or NAT solution to provide your clients with static IP's..

I understand renumbering is a pain and can be cumbersome, but in this situation I'd recommended resubnetting. If you're POP/SMTP/FTP/DNS servers have IP's close to each other (ie 1.1.1.2, 1.1.1.3, 1.1.1.4) you should be able to subnet around that, and just change the subnet mask on the respective hosts without changing their IP addresses.

Right now Im trying to redo my network, I started out with this proxy-arp for assigning my public IPs in a /27 to PPPoE sessions, and its worked that way for a long while without issues but its becoming harder to manage and expand.

my current setup is ISP Router --->x.x.x.32/27(GW x.x.x.33) --> Mkt router(x.x.x.34/27) .. remaining /27 proxy-arp to PPPoE clients

Now.. what I planned to do was subnet the /27, make myself a x.x.x.32/30 and let me router have .34 with GW .33 .

that left me with

x.x.x.36/30
x.x.x.40/29
x.x.x.48/28

So do I assign the remaining IP ranges to my internal network, say WLAN1? like if I have a x.x.x.36/30, does that mean I assign my WLAN1 interface x.x.x.37/30? then Im only left with one IP in the range for PPPoE? or do I assign the WLAN interface x.x.x.36/30? leaving both free for PPPoE? but no real IP for the WLAN1 interface? (.36 is the network address?, cant be used?)

My other situation is another DSL line comes in (pppoe client), router gets dynamic IP, etc.. but the ISP routed me 2 /28 subnets, again, do I assign the first available IP in each subnet to the WLAN1 interface? This would end up giving the router a lot of IPs assigned to one interface wouldnt it? In my case, 5?

At what point do I disable proxy-arp?

That may work but I'd only set it up that way temporarily until you can get everything routed correctly. It's more of a bandaide solution when using proxy-arp to provide users with public IP addresses.

That's exactly what I'm going to do until my ISP gives me a /30 between they router and my MT.

I just tried to setup the pools, and giving public IP addresses to my clients from the PPPoE server, I've NATted the WAN Interface, and made it to proxy-arp, everything worked just fine. The clients where able to get a public IP address on their machines.

wildbill442: My PPPoE server IS the MT box, sorry for the wrong diagram.

Can someone explain me the "pros and cons" of using Proxy-ARP ?
For me a pro would be the quick setup, and that I could leave my current addressing intact.
So I'm more interested at the cons... Any suggestions ?

Hello Every One,
I have a similar problem.. In my case the user has been assigned the public IP everything works fine however when he checks on checkmyip.com he gets the WAN IP.

Please help.

Thank you

Hello Every One,
I have a similar problem.. In my case the user has been assigned the public IP everything works fine however when he checks on checkmyip.com he gets the WAN IP.

Please help.

Thank you

Check if you have any NAT rule masquerading your client's public IP behind your WAN IP.

mag2020,
You were correct. Its now fixed.

Thanks.

mag2020,
You were correct. Its now fixed.

Thanks.

Good to hear that its now fixed!

This is how I achieved it.

https://ibb.co/h6RPW5

When modem /client router(modem) is dial it gets a static ip. Server connected to the modem should have public ip of same subnet or
even with NAT server can server web servers.
Eg Server is runing a site
modem ip 202.56.215.3(any public ip)
what will be server ip ? 202.56.215.2 or even 192.168.1.2 will also work.