Hi, my wan pppoe is giving me dynamic ip address which is not i want. whenever it changes, i am not able to access my dmz zone or servers inside my network at the office from the internet like in my home. I want to have a static ip address. can mikrotik router stick permanently a pppoe wan ip address from ISP?
Your ISP gives you your dynamic IP address. The Mikrotik router plays no part in this process. Your options are
- get a static IP from your ISP
- change to an ISP who will give you a static IP
- Subscribe to a dynamic dns [google ddns] service, which will update a domain name to your static IP address in real time and allow you to access your network by domain name rather than IP address
The question is if that dynamic IP is the office IP (where the DMZ is located) or home one (the source of the traffic to the DMZ)?
How the firewall rules allowing connection to the DMZ are configured? Do you have access to them or not?
How the DMZ zone is exposed to the internet? Do you have any VPN configured? .....
More details please.
I'm sorry. Please just ignore DMZ. Let's just say that I have servers installed on my network live webserver and i used port forwarding or dst nat to access it externally. I was able to access it like in my home but there are times that I can't access it because of the public ip im using keeps on changing. Is there a way to keep or stick the public ip address that the ISP giving me via pppoe? or the only way is to buy fix static ip address? I wanted to buy a static ip address of /29 but it's expensive coz the ISP will upgrade my contract plan to leased line connection.
As DuctView suggested, use dynamic DNS registration. There is a "Cloud" version built in ROS. You can access your company's servers as serialnumber.sn.mynetname.net
You can also use that value as CNAME value in the DNS if you have your domain and access resources with mypreciousdata.company.name that would be an alias for serialnumber.sn.mynetname.net.
1 Like
In other words, you have a built-in mechanism within the router to keep track of the changes.
All you need to do is use the mynetname.net:port# to access the server.
However, how many folks are accessing your server.
If its just a few, then much better to skip port forwarding and just create a wireguard interface, and then securely access the IP address directly through a VPN tunnel.