And again, public IP's

franco · July 24, 2006, 7:38pm

Hello to everyone.
I have a question on the passing on of PUBLIC IP.
I have 6 IP at the disposal.
My MT server gets one.
I would like to pass the other 5 to my customers.
However, I would not like to use a NAT.
If I dial in at my provider and check my IP, I can see which ones I have got.
How can I cope with it in the scenario to be seen above?
My customers logged in with pppoe.

Sorry for my bad english

HarvSki · July 25, 2006, 7:56am

You can assign the public IPs to the clients PPPoE using the “Remote Address” in the PPP secret for that client. You may need to enable Proxy Arp on the interface of the MT that is used for the internet connection.

franco · July 25, 2006, 10:15am

Thank you for your answer.

Can I use DHCP, too?
So customers have dynamic IP. Customers that need static IP, I type this in “Remote Address”.

Would you use EoIP for this network?

HarvSki · July 25, 2006, 11:36am

Yes you can use DHCP too but I would recommend that you only use PPPoE.

You can create an IP Address Pool of your private addresses and assign the pool to the Remote Address of the PPP profile. The use that profile for your PPP Secrets. Remember to add a SRCNAT mascarade rule in the firwall for your private addresses.

a PPP Profile example:

 1   name="CIR 20k/56k NORM 256k/1500k BURST 60sec to 2.5M" 
     local-address=192.168.9.254 remote-address=pool_svw 
     use-compression=default use-vj-compression=default 
     use-encryption=default only-one=yes change-tcp-mss=yes 
     rate-limit=280000/1500000 410000/2600000  180000/800000 30/60 8 
                20000/56000 
     dns-server=192.168.9.254,192.168.9.201

franco · October 8, 2006, 9:46am

I have my network public IP at this run now.
It works wonderfully. (almost)
I must open sebarate port for every customer.
How I create it, to give public IPs with open ports?
Making the large providers like it.

My english

HarvSki · October 9, 2006, 4:24pm

You can open (accept) your forward firewall for the block of Public IP addresses you have.

Your English is better than my Geman, so keep asking questions

franco · October 10, 2006, 7:55am

Thank you HarvSki.

How I can make this?
Can you give me an example?

HarvSki · October 10, 2006, 9:47am

in terminal window goto: ip firewall rule forward

Then

 add  dst-address=83.210.245.64/28 action=accept

This will allow all traffic on all protocols and ports though to the IP address block 83.210.245.64/28

This is a start for you rules, I normally would set up a Jump rule first to another firewall chain, this makes managing many rules much easier.

franco · October 10, 2006, 10:51am

Thank you.

Another possibility give it?
I must activate such approx. 250 IP addresses.
This can get arduous.

HarvSki · October 10, 2006, 11:44am

if the addresses are all in one block then you just change the subnet, /24 rather than /28

You probably need to read about TCP/IP Subnetting and firewalls as this is generic stuff rather than MikroTik specific.