Dear all,

Coming from a non Mikrotik environment before, i would really appreciate some help with our current set-up.

We want to use our brand new MT as a router only device, with multiple Firewalls behind it.

We have a /29 subnet from our provider connection is made with PPPoE

On our previous Cisco router, the router itself connect with PPPoE and had the first ip in the subnet, let say we use; 10.10.10.9/29
We then configure the FW's behind with one (or more) of the remaining ip-addresses (static), thus FW1 has 10.10.10.10 and 2 has 10.10.10.11

How to do this one a Mikrotik?

At this moment id o have it connected, with internet access, but now we are stuck on how to continue.

I have a requirement for this exact same situation.

FTTP with /29 via PPPoE.
When connecting one cisco firewall, pppoe always gives one (router) address in the /29 to the outside interface, and i get a default gateway, and I can NAT the other addresses perfectly on the outside.
I want to site a second firewall along side the cisco firewall, and each have an address in my /29.
ISP offers no help or support or will even confirm if its possible. They simply don't know anything other than the router they supply, and i can't speak to a technically competent person.

If I connect a basic switch inline, PPPoE on the Cisco firewall works as usual. Adding a second firewall with IP configured in the /29 does not arp or route. I have not wiresharked, perhaps I should?

Connecting a CRS326 as PPPoE Client will authenticate and obtain the address that the firewall gets on authentication. Having other static IP addresses in the /29 on the outside of either firewall will not route to the CRS326 or to the wider internet. Nothing ARPs, and nothing routes, only the CRS326 with the PPPoE to the Internet.

I have tried with a bridge, in a VRF, and VLAN. I have struggled to find an exact config for this scenario. I'm going to try a cisco router when i can borrow a suitable device, I've more time with Cisco devices under my belt, than with Mikrotik. Would prefer to use the mikrotik I have or buy something suitable, if it isn't.

Help received with thanks.

Could one of you please provide a network diagram so I can wrap my head around your problem?

Diagram attached.

PPPoE gives an IP within the /29, the highest in the subnet, with a /32 mask (not /29), and a default gateway of another address in a different subnet. With just the firewall alone, the rest of the addresses in the /29 are usable as NAT addresses on the firewall.

It's Openeach delivered business grade FTTP from a smaller UK ISP, one of the highly rated ones, not one of the consumer mass market ISPs, if it matters.

I think I now understand your request and I also think that assigning the same address you recieve via the PPPoE to a bridge between the two ports and adding static addresses to the devices afterwards would do the trick. Reference topic:

viewtopic.php?t=178654

I think I now understand your request and I also think that assigning the same address you recieve via the PPPoE to a bridge between the two ports and adding static addresses to the devices afterwards would do the trick. Reference topic:

viewtopic.php?t=178654

Perfect thanks for the pointer. I'll work through it and let you know how I get on.

Firewall rules were what I was missing. I hadn't realised they were required in this situation.
Thanks to this and another Reddit post I made, I'm there now work with this setup. Working as desired, but need to get a router to achieve required put. The CRS tops out at 300Mbit, but it's proven the concept works.

Glad I could help! Hopefully the topic author finds it also useful