I have a pretty unique setup which I can’t quite get to work. Here’s the setup:
Internet ↔ Router A ↔ Router B ↔ Router C ↔ Clients
I have router A that I cannot configure. It is configured to send traffic via layer 2 to clients within the subnet. Let’s assume the router has 10.0.0.1/24. It will forward external traffic to 10.0.0.x/24 and act as the default gateway for traffic coming from the local network.
I now want to connect my MikroTik router B to that 10.0.0.0/24 subnet and configure it so that it replies to ALL possible IPs with it’s own MAC and forwards all traffic to router C, say, 10.20.0.1.
Example A) An incoming request to 10.0.0.99 will be sent via router A to router B (layer 2). Router B forwards this request via layer 3 to router C (without NAT).
Example B) Router C forwards a request to 8.8.8.8 from 10.0.0.77 to router B. Router B should forward this request to router A on 10.0.0.1 (again, without NAT).
I know it’s unusual, but since I can’t configure router A, my options are a bit limited. The main challenge for me is to get router B to act as an ARP proxy even for unknown IP addresses, as it does not have direct visibility into the clients connected on router C.
I figure you mean all possible IPs within 10.0.0.0/24, as that is all it ever gets any traffic for from Router A, is that a correct assumption?
The key here is the proxy-arp functionality as you have properly mentioned. So assuming router A has an own address 10.0.0.1/24, I would take an Ethernet interface etherX on Router B, remove it from any bridge, remove any existing IP address or DHCP client from it, and do the following: /ip address add interace=etherX address=172.16.0.0/32 network=10.0.0.1
/interface set etherX arp=proxy-arp
/ip route add dst-address=0.0.0.0/0 gateway=10.0.0.1
/ip route add dst-address=10.0.0.0/24 gateway=10.20.0.1
An interface with arp behavior set to proxy-arp responds with its own MAC address to received ARP requests for any IP address it has a route to, except those reachable via the same interface to which the ARP request has arrived. So should any devices with 10.0.0.x addresses remain connected to Router A, you would have to add routes towards their addresses via 10.0.0.1 in order to prevent Router B from sending competing ARP responses. 172.16.0.0 is an example - use any private address that doesn’t collide with any subnet or range you use.
Thank you for this solution, I just tested it and it works perfectly for requests originating from externally/the client!
I did notice however that now the clients behind Router C can’t reach Router A, which of course makes sense because the client wouldn’t know how to reach 10.0.0.1 through layer 2. I don’t think this matters much for me, because Router A won’t be sending direct requests and the Client doesn’t need to, but maybe there’s a simple solution to get this working, too? I would assume this involves adding another proxy-arp to the client’s interface on Router C?
Assuming that neither Router C itself nor any client connected to it use 10.0.0.1, on Router C, you can add a route to 10.0.0.1/32 via the address of Router B in 10.20.x.x, and then you can make Router C selectively respond with its own address only to 10.0.0.1 using /ip arp add address=10.0.0.1 interface=the-one-to-which-clients-are-connected publish=yes . You can use arp=proxy-arp also here instead, but the selective way seems “safer” to me.
Nice setup Sindy: Proxy ARPing for the same subnet as the one you are in.
Actually I’ll use that proxy-arp @home now as well, but with 2 router B’s (failover setup)