I am new to Routerboards configuration, but also find BT’s configuration odd too.
I have a Fibre connection FTTC, and connect with PPPOE. The PPPOE has a dynamic IP address and must get my Static IP’s from my username. My RB2011UiAS-2HnD has connected the session fine, and I have created firewall rules for the static IP address to ports of the web server, but because the PPP session has a dynamic IP when I try and connect to our RB1200’s at work the out going IP address is not static assigned to me and gets refused.
My question is how do I allow subnet 192.168.0.0/24 to have one of my public static IP address and not the dynamic one from my PPP session.
I have tried to allow my static IP address using the out interface of my PPP in the firewall but still gives me the dynamic IP.
Am I looking in the wrong place?
Create static routes to those 1200’s to use one of your static IP addresses as the preferred source:
/ip route
add dst-address=123.45.67.89 preferred-source=98.76.54.32 gateway=pppoe-outNow, when connecting to the 1200’s at work, the connection will come from whichever static IP you choose to use.
You say you have 5 static IPs… is this 5 seperate /32 address assignments, or is this a full /29 subnet that’s being routed to your dynamic IP?
If you have a /29 subnet being routed to you, there is a way to use all 8 addresses. Check out this thread.
Thanks, I followed your way of adding static routes, but first had to add address 123.456.78.9/29 in my address list using interface pppoe-out. Added the static route but still didn’t work, then found I was still using the gateway from the dynamic ip not the static.
All is good, apart from I need, lets say my machine 192.168.0.10 to have public static ip address 123.456.789.10 and a mail server 192.168.0.100 to have static 123.456.789.11.
I must have the full /29 routed by dynamic IP, do I have to implement as described in the link and DMZ a port?
Not necessarily. If you have the full subnet routed to you, you can bind all 8 addresses to a loopback and go from there…
If your subnet is 11.22.33.8/29:
/int bridge add name=lo0
/ip address add address=11.22.33.8/32 interface=lo0
/ping 8.8.8.8 src-address=11.22.33.8Assuming that you pass this test, bind the other 7 IPs to the lo0 interface:
/ip address
add interface=lo0 address=11.22.33.9/32
…Now, you have some servers…
192.168.0.10 - Web
192.168.0.100 - Mail
You have 2 ways to do this. 1:1 or port-to-port. I’ll show both:
/ip firewall nat
NAT for outbound browing 'n stuff - use Dynamic Address
add chain=srcnat action=masquerade out-interface=pppoe-1By setting up your NAT on a port-by-port basis, you can actually run multiple services on 1 IP, even if they are on different physical/virtual servers. SMTP to .100, DNS to .150, HTTP to .120, etc…
You can also do port mapping… 2201 for ssh to server1, 2202 for ssh to server2, etc… all on the same IP.
Of course, you could skip all this, and put the /29 on an ethernet port and call it a DMZ.
