Done, and still the same.
I can ping my 207.75.xx.55 address and it is really getting to the machine, but if I go to a site that tells me my IP, it is the 207.75.xx.60
Here are my current nat rules:
[admin@MikroTik] ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Static for Goomba
src-address=10.0.4.11/32 action=nat to-src-address=207.75.xx.55
1 ;;; masquerade hotspot network
src-address=10.0.5.0/24 action=masquerade
2 ;;; masquerade hotspot network
src-address=10.0.4.0/23 action=masquerade
[admin@MikroTik] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 dst-address=207.75.xx.55/32 action=nat to-dst-address=10.0.4.11
1 ;;; redirect unauthorized hotspot clients to hotspot service
in-interface=hotspot protocol=tcp flow=!hs-auth action=redirect
to-dst-port=80
2 ;;; intercept all DNS requests
dst-address=:53 protocol=udp action=nat to-dst-address=12.xx.xx.1
3 ;;; transparent HTTP proxy for hotspot clients
in-interface=hotspot dst-address=:80 protocol=tcp action=redirect
to-dst-port=80
hello daiceman,
Why not try uPnP ? i would have suggested proxy-arp but it will be a problem cos u r running a dhcp.
Forget what you see on whatismyip.com etc. Try accessing from some other network I am sure it will open 207.75.xx.55…
Right, it does work that way.
BUT, what I am needing is for a maching to be able to be accessed from the internet with a public IP. This is working. Also, the parent company wants to allow that SAME IP to tunnel thru their corparate firewall. This is not working, they are seeing the .60 address not the .55
Your problem is here
3 ;;; transparent HTTP proxy for hotspot clients
in-interface=hotspot dst-address=:80 protocol=tcp action=redirect
to-dst-port=80
The action redirect to destination port 80 is not correct, this is the port of hotspot service, this may be 8080 or 3128(check your webproxy service port) and if you are checking in theses web pages(http://www.whatismyip.com, etc) your clients are transparent proxied… try disabling this rule in dst-nat and don´t configure to use web-proxy in the browser and try again…
Regards!
Thanks for all the info. I will try the last option. What I have configured is hotspot for all the normal clients and now I have PPPoE setup for the clients that need publicly accessable addresses.
I have hotspot with dhcp leasing public ip address to my clients, i have a bridge which is linking the public interface and the hotspot interface, and i only have 1 public IP address in the interface bridge… at 2 years i have this and work perfectly… remember to wait at least 30 seconds to the bridge interface learn the network…
Regards and sorry my bad english
Alessio
Completely agree, I have just entered the proxy and I also get gateways IP address…
Cheers…