Hi I Have connected with this router to my bridged modem. From my ISP i have 4 static ip adress. When I connect PPPoE show only 1 static ip. Why I set up my router to get 4 dynamic static IP from My ISP. Thanks for answer.
Is the single address you get from the ISP on the 4011 a public one? I.e. does it fit into 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 range (private) or into 100.64.0.0/10 range (CGNAT), or into none of them?
There are multiple ways how an ISP can deliver public addresses to a PPPoE client, so it is impossible to say more without further investigation.
Do you know the public addresses you get or are they indeed dynamic and every time the PPPoE tunnel goes up you get a different four?
Last, would you mind to reveal your native language?
I have 4 static ip purchased from my isp, but my network address change on every resart.
I need all 4 addresses get dynamic, when network address chang change automatically for every ip address
My native language is slovak
Som voľaaký zmätený where the problem is.
You say you have purchased static addresses but at the same time you declare you need all 4 of them to get dynamic which I don’t understand. For me the categories are public/private/CGNAT in one dimension, static/dynamic in another one, and manually/automatically assigned in a third one (because a static address, as in “reserved”, can be assigned using DHCP or PPP rather than configured manually).
So if the purchased addresses are indeed static ones, I assume they are routed to you from the internet no matter what the single address assigned dynamically to your device is; if you have to manually assign three addresses neighboring to the one assigned dynamically each time the PPPoE reconnects, and all of them are pingable from outside, i.e. the whole quadruple of addresses indeed changes each time, it a) does not match the statement that you have purchased static ones and b) can only be resolved using a script and only if the additional 3 addresses can be systematically derived from the one assigned dynamically (like e.g. the last byte of the address by PPPoE is divisible by 4 and the other addresses are always +1, +2, and +3).
A separate question is what is the purpose of having 4 dynamically changing addresses - the only use case I can imagine would be multiple servers listening on the same port but serving different tasks and lack of possibility to distinguish between the tasks at application protocol level.
Another separate question is whether you want the additional addresses to be assigned to the PPPoE interface itself or whether you would prefer to give them directly to some devices in LAN.
Lastly, if you use the ISP device as a router, do the addresses also change with each reconnection or not?
Answers to all the above are important to choose the optimal approach.
Ok first I dont need set dynamic ip I just thought that’s how it should be, I have 4 static ip adress 213.1xx.1xx.xx2, 213.1xx.1xx.xx3, 213.1xx.1xx.xx4, and 213.1xx.1xx.xx5 but the ISP dont send me default getway address, and Network (remote address) always change after restart 212.xx.xxx.155, after restart 157 next restart 159 on my 1 dynamic adress and i doesnt remove thi, when I remove after resart jump back this address.
Second, My adresses are static and never change but only afer every restart or connection jump 213.1xx.1xx.xx3to dynamic, but this address never change! I dont need dynamic I need configure all addreses manualy and finish.
Third separated question I dont need dynamic addres. when I can turn odd it is my best possibility.
The next question is good for me, yes I have 3 router after this mikrotik router on lan, and when its possible, I set 1 of public IPs on every router after this mikrotik.
The last question from My ISp i have one modem on bridge mode and this mikrotik device is my device, and ip address never change only change network (remote address) on this one dynamic address. Please help me and thank you for answer. When you can any question I answer it.
The problem you are experiencing seems to be caused by the ISP. I think the ISP has created a pool of 4 public ip addresses allocated to you and gives them dynamically. This approach is very unprofessional for an ISP. You can contact the ISP and ask them to define the ip address 213.1xx.1xx.xx2 as static on your PPPoE connection and make the other ip addresses 213.1xx.1xx.xx3, 213.1xx.1xx.xx4, 213.1xx.1xx.xx5 static routes to the ip address 213.1xx.1xx.xx2.
Then manually add your 213.1xx.1xx.xx3, 213.1xx.1xx.xx4 and 213.1xx.1xx.xx5 ip addresses to the PPPoE interface on your Mikrotik Router.
Actually I tested remove the manual added IP and only leave this 1 dynamic, but I have dst and src forwording on firewall from tih other address, and tell me how can it work, when I removed this addresses from ip coulomb and only leave this 1 dynamic address.
Sorry for late answer, the e-mail notifications were not coming - the first one that came was about @Burak’s post.
As those 213…2 to 213…5 addresses are indeed static ones, you don’t need to care about the fact that the one being assigned to the PPPoE client interface changes with every re-connection. You cannot get rid of this dynamically assigned one, but you can just ignore it’s existence.
Think of the PPPoE tunnel just as of an interconnect network. The ISP will send packes for your static addresses via that tunnel no matter what the current local and remote addresses on the tunnel are. It is a job of your Mikrotik to forward those packets to the devices to which those static addresses are actually assigned. There is no need to have these static addresses on the 4011 itself during production, it only makes sense for testing or if you want to access the 4011 itself from the internet.
To test that the ISP indeed routes the traffic for those static addresses to you via the tunnel, it is enough to assign one of them to some other interface of the 4011 than the PPPoE one, e.g. to a bridge interface with no member ports, and ping that address from the internet.
If you don’t mind that the routers on the LAN side of the 4011 (and whatever is connected behind those routers) will be unable to access the public addresses that fit into the smallest subnet that includes the 213.1xx.1xx.xx2 to …xx5 range plus at least one other address, you can assign those addresses to the LAN side routers, assign the .xx1 or .xx6 address to the LAN interface of the 4011, and set the latter as the default gateway on the hosts. The size of the subnet depends on the xx in the last byte - if xx=25, the subnet may have to be a /23 or even larger.
If you don’t want your LAN side devices to lose access to the public addresses adjacent to your ones, you can configure the addresses of the LAN side routers as /32 ones and assign some totally unrelated, even private, address to the 4011 as the gateway for them. The exact way of configuring this on Ethernet interfaces depends on what operating system those routers use. This way you can even avoid bridging together the interfaces to which those routers are connected, which will allow you to control the traffic between those routers by IP firewall rules.
Since you’ve explicitly stated that the LAN side devices are routers, I assume they take care about security on their own so you don’t need to restrict access from the internet to those addresses by firewall rules on the 4011.
Neznášam príbehy s otvoreným koncom… posunul si sa niekam?
Translation Kind: Alarmcom, please respond as you have people willing to help and are famished for more feedback/information to make progress for your issues.
Translation Real: Alarmcom, please dont leave us hanging, we would like to resolve your issues.
Translation llama: WTF over, you ask for help and then disappear???
Sorry but I dont see you answer, yes i need create this tunel and set static ip adress on my routers an not on 4011, but please write me sample how to set up or test it, thank you.
Don’t you see it at all (even now) or you didn’t see it before because no notification e-mail has arrived? What does the forum show you if you click this link?
On the Mikrotk side, you would set the following:
/ip address add address=10.100.10.100/32 interface=bridge-lan
/ip route add dst-address=213.160.xxx.172/30 gateway=bridge-lan
If “router 1” was a Mikrotik router and ether1 was its WAN, you would set it the following way:
/ip address add address=213.160.xxx.173/32 network=10.10.10.10 interface=ether1
/ip route add gateway=10.100.10.100
You need to find an equivalent setting for UBNT. With these settings, you won’t need any dst-nat rules, hence also no hairpin nat rule to allow the LAN-side clients of one of your internal routers to establish connections with the public address of another one of your internal routers.
Off topic, do you realize that 192.0.0.0/16 is not a private subnet?
Ok, question pppoe assig to eth1? and firewall settings leave or remove?
Sorry, you quote my whole post and then ask a question without referring to any particular part of it, so it is hard to understand what you actually have in mind. So guessing:
On the 4011, keep pppoe settings as they are now. Regarding firewall, no idea how it looks like now, so no idea whether it needs any modification.
If you had in mind attaching a PPPoE client to eth1 on the UBNT, doing that and setting up a PPPoE server on the 4011 would be yet another way how to assign the static public IPs to the UBNTs, which may be easier to set up on the UBNTs than the above suggestion. I have no knowledge about what can be configured on them and what cannot.
Your settings only work when I set pppoe connection to bridge-lan interface. My next question is, can I assign 1 of the static ip to acess my mikrotik router and manage it?
This setting I tested on pc and work fine wit all addresses, but not work on ubnt, I searching true setting for this.
and between router 2 and 4011 have 2 mikrotik 60ghz antenna a need set addresses for this devices for managment.
That’s strange, but as you haven’t posted the export of your configuration, I can’t see why.
Of course you can. Just assign it as a /32 one to any interface of the router. You can even use it instead of the 10.100.10.100 in my example, the advantage being that the 10.100.10.100 can be used in UBNT’s LAN if necessary.
You can use multiple IP subnets in the same L2 segment, so just attach some private address to bridge-lan as an e.g. /29 one, and assign addresses from the same /29 to the 60 GHz boxes. Or you may use VLANs to separate the management traffic from the customer one.
Fine but i dont understand completly, sorry but can you write me example for this
213.160.xxx.172 assign for manage mikrotik
173 need connect to 60ghzap1 and client1 and finally this public ip add to my ubnt
and 174-175 add to uy primary connected ubnt. Please write me who is a best config with sample for me. I dont need separate vlan for managment.
I set it up and send export file
Export the file as it is now, I will give you a script to modify it. Or maybe even better if you follow this post.
The 60 GHz link will act as a “hi-tech cable”, so the configuration of the UBNT holding the .173 will be exactly the same like the one of those holding .174 and .175.
The better chance for me is send config file for you on whatsapp my number is xxxxxxxx
eth1 modem bridge
eth2 ubnt primary coneccted ubnt router
eth 10 60ghz antennas and ubnt router
Not to leave the hypothetical future readers curious about the outcome: there was a happy end, they broke up…
The LAN side clients are UBNT devices, and we haven’t found a way to configure them to use a /32 public address on their end and a private address as a gateway on the Mikrotik side. So after establishing a pppoe server on Mikrotik side and pppoe clients on the UBNT side, which worked but there were some issues related to src-nating on the UBNT when two pppoe clients were configured on the same UBNT to let it use two of the pubic addresses, we ended up using a private interconnect subnet between the Mikrotik and the UBNTs and setting the public addresses as virtual ones on the UBNTs, i.e. routing traffic for them to the private addresses in that interconnect subnet on the Mikrotik, and dst-nating the public destination address to the private one on the UBNT.