HOW TO USE PUBLIC IP IN A HOTSPOT ENVIROMENT!! PLEASE HELP!

RouterOS General
1

Hi:

I was reading this forum looking for a solution to use Public IP in a hotspot, I saw a few peoples that ask the same thing as me, but I did’t see a direct answer to do this. That is Why I post a new topic to see if somebody can help me.

This is the scenario:

I got a Hotspot, running in 2.4 Ghz, I sold prepaid cards, and postpaid users. I am using Radius Manager, and as you know, there is the posibility to give to the user a fixed Ip address. So, some monthly users that i have, now need a public IP. I got a pool of Class C IP, and i would like to assign to some users public IP.
I tryed to configure the “Fixed IP” field (In User Manager), filling with one of my class C IP, but never work. In /ip/hotspot/host pr i see something like this

MAC--------------------Address-------------To-Address
00:00:00:00:00:00-----10.40.0.248---------190.251.34.58

So the configuration to give Fixed IP is workin, but the client can’t access internet.

How could I do this? I want to still using Private IP, and for some users give Public IP.
I am missing some route configuration, or some NAT configuration?

I can’t make it work, I test several configurations, so I am a little lost here, thats why I bother you guys.

Thank You.

Fabian

2

Post your IP Condifiguration
You can Always use Public IP Pool in place of Privates IP Pool.

3

as noted you can just remove any masquerade rules you have and assign users public IP address via DHCP.

4

Ashish and Omega:

Thank you for your response.

I have to still using private IP becouse I don’t have a big pool of public IP. So i need a mix public and privates

I am just masquering the privates IP (10.40.0.0/19).

Now for testing configurations, I made a small LAN, this is the configuration of the test Using Privates IP:

My private network will be (10.40.0.0/24) and my Public IP’s will be (192.168.0.0/24) (JUST FOR TEST, I know that both are private IP’s) (this should work as in real)

(INTERNET)---------(201.251.3.5)Linksys(192.168.0.1)---------(192.168.0.7)(Mikrotik AP)(10.40.0.1))))))) ((((PC)))

Note that the PC is connected through WiFI with the AP Mikrotik, who include a hotspot.

So. the private IP’s in this case, will be 10.40.0.0/24 and the Public IP’s will be 192.168.0.0/24.
When I assing a fixed public IP to a user in User-Manager, the user take that IP but can’t browse internet.

Those are my routes:

Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf 
 #     DST-ADDRESS        PREF-SRC        G GATEWAY         DISTANCE INTERFACE
 0 ADC 10.40.0.0/24       10.40.0.1                                  wlan1    
 1 ADC 10.50.0.0/24       10.50.0.1                                  ether2   
 2 ADC 192.168.0.0/24     192.168.0.7                                ether1   
 3 A S 0.0.0.0/0                          r 192.168.0.1              ether1

Now if i insert this route:

2 A S 192.168.0.204/32                   r 10.40.0.1                wlan1

I can browse internet, even i can connect to msn, but, i can’t browse secure pages (443), even i can’t ping 192.168.0.1 (that is my gateway), and from the public side, i can’t ping the client’s IP. (REMEMBER THAT THIS IS JUST A TEST, I KNOW THAT I AM WORKING WITH PIRVATES IP ALL THE TIME, BUT SHOULD WORK).

I think that i missing something.

Thank You

Fabian

5

HI,

What you can do is, that you can assign a private IP to the client (always the same IP) and than you can dst-nat one public IP to that private IP

Regards.

Faton

6

Yes, that could be a solution, but, evry time that i create a new client, i have to configure in mikrotik the specific NAT rule.

If User Manager, has the posibility to asign a fixed IP address, just filling the “Fixed IP” field, this could be more easy for my operator. He just create a user name, password, and use one of my public ip to fill that field, and everythig work.
But something is not working, becouse just don’t work
Any other idea?

Thank You

7

in webmin:
write dst address to an real WAN address that you want to use
now,
click action
action
dst-nat
to addresses:
write your local IP
ports: 0

8

Sarpkaya:

Thank your answer.
Supose that my WAN is on ether1, with one public IP, should i assign to this ether1 all my pool of public IP? to be redirected thtough dst-nat?

9

Is possible to use a PPPoE server, in the same interface where is the hotspot working? (if its possible, i could give to the clients who want public IP, a PPPoE connection, with a public IP, and this could solve my problem).

I was reading in Mikrotik Refman, that for security reasons is not recommended to use a PPPoE server in a interface that have a DHCP and Fixed IP. But WHY? What could Happend?

Thank You!.

10

write it manually.

11

Hi,

What you need to do is to specify in all your routers from internet public gateway to your client’s nearest node, routes to your public-ip addresses or sub-pools.

To try if it is working, and how are you doing the route-setting, use traceroute to any internet ip from your client (or any other public IP you want to give your clients).
When it stops appearing hops (routers) without having arrived to destination, you must know the supposed next router and set there the correct route.

As others said, exclude your public-ip pool from masquerades.

12

did you guys ever get this working? I am wanting something similar… only that the user can click “I need a Public IP” from their hotspot login page.. which would in turn generate a one to one NAT to that user’s PC… however im stumped in getting any of this to work…
-Christopher

13

Hi People:
I have just one simple question:


The only way to do a One to One NAT is using IP Binding?


Thank You