My ISP has assigned me a PPPoE login and with it they give me a static IP (that never changes) when the router connects. But I also asked for additional static IP’s with a /29 bitmask. How do I add those addresses to the router?
The pppoe address looks like 206.243.xxx.yyy and the gatweway is 206.243.www.zzz. I think the gateway changes sometimes when the PPPoE login gets re-initalized.
The static IP’s look like 108.ttt.uuu.216 to 108.ttt.uuu.223. My understanding is that 216 is the network, I need to assign a gateway 217 to the router, and then my 5 useable (for host boxes) IP’s will 218, 219, 220,221 and 222. 223 will be the broadcast address that I can not use.
I can’t find a tutorial or posting on how to set this up on my new RB2011. I am very familiar with OpenWRT and DD-WRT but now that I am past the hobbiest stage I need to the get this and many more Mikrotiks running in commercial environments.
How silly of your provider to give you a static address (/32) that’s not already in your static subnet, but that’s beside the point, and it gives you 9 static IPs to work with instead of just 8.
You get your route from the PPPoE session, so that’s taken care of.
Now, this leaves you with 5 usable addresses from your subnet, which may or may not be enough. You CAN use all 8 addresses though:
/int bridge add name=lo0
/ip address
add address=192.168.1.1/24 interface=LAN
add address=192.168.2.1/24 interface=DMZ
add address=108.xx.yy.216/32 interface=lo0
…
add address=108.xx.yy.223/32 interface=lo0
/ip firewall nat
add chain=srcnat action=src-nat src-address=192.168.1.0/24 to-address=206.243.xx.yy
add chain=dstnat action=dst-nat dst-address=108.xx.yy.216 to-address=192.168.2.216
add chain=srcnat action=src-nat src-address=192.168.2.216 to-address=108.xx.yy.216
…
add chain=dstnat action=dst-nat dst-address=108.xx.yy.223 to-address=192.168.2.223
add chain=srcnat action=src-nat src-address=192.168.2.223 to-address=108.xx.yy.223
Well, it’s not really all that silly from a customer perspective, it just gives you an extra address to use.
As a provider though, it is silly, they’re wasting an IP unnecessarily. Comcast does this as well, a customer with a subnet assignment also gets a static IP outside that subnet. What’s infuriating about Comcast though, is that they keep the subnet captive within the router, which wastes 4 IP addresses (static, network, gateway, and broadcast). Bleh…
As a provider myself, if a customer wanted a static subnet, the static IP would be assigned out of that subnet, and the subnet itself would be routed to that static IP. The basic customer config would give them 5 IP addresses to use in the DMZ (use the GW address to NAT the LAN).
The customer could, however, bind all 8 IP addresses (as /32) to a loopback, then use NAT to take advantage of all 8 IP addresses, so long as they had a router that could handle such a configuration (which MT can).
On a managed customer network that needed 2 addresses, I’d give 'em a MT with a /31 as quick as you please! 3-4 addresses would get a /30, etc…
I wiped my nat table clean and loaded the code as per above.
It did allow traceroutes from the outside to succeed in that they demonstrated that the routes were advertised.
Interestingly I would get 2 so called final hops (I guess because of the 2nd hop to the NAT’d address).
But the final hop was another 25 ms over the 2nd last hop. I guess that is latency in the RB2011.
In any event, I am not sure I accomplished anything because I could not get a host on the 192.168.2.0/24 network to find the internet. Always got unreachable. And when I get unreachable I know I am into something too complicated for me to figure out.
Is there a simpler way to set up for this router to get a /29 working?
/tool traceroute 8.8.8.8
/tool traceroute 8.8.8.8 src-address 192.168.1.1 (test your NAT rules for the LAN)
/tool traceroute 8.8.8.8 src-address 108.xx.yy.216 (test the network address of your subnet)
/tool traceroute 8.8.8.8 src-address 108.xx.yy.217 (test a host address of your subnet)
Assuming that everything looks good so far, post the IP configuration and routes from one of the hosts in the DMZ. Remember, in this config, we’re trying to use all 8 of your static IPs, so your internal subnet needs to be larger. You can make it any size you want, but for simplicity, my config example assumed a /24:
It isn’t really silly at all. If an ISP hands the /29 to the PPPoE interface or routes it via the PPPoE’s assigned IP you have maximum configuration flexibility available in regard to the /29. For a larger commercial installation I would expect separation of the link net and allocated IP ranges and for a consumer/small business installation it is nice to have.
