My ISP provides me a single public IP to my PPPoE link and today I do the usual that is to Nat that address to my internal network and just provide the traditional routing functions.
Now I want to use a new router/security device that doesn’t support PPPoE for their WAN link so I need to find a workaround.
I see couple of options.
A 1:1 Mapping between the public IP and a Private IP
I think I can achieve that, but I am interested in a more transparent solution.
A way to put the public IP address on my new router/security (non mikrotik) device. (Desired)
So the Mikrotik device does the PPPoE authentication but the IP address gets assigned to my NonMikrotik device. I do have fixed IP, so I only need to solve the PPPoE part on the Mikrotik and doing some translation (At L3?) between the PPPoE session and my device.
Some hints will be appreciated. I have some networking background so just a general direction will be great.
PPPoE creates an L3 tunnel, and tunnel establishment and IP address assignment cannot be separated. Hence the (double) dst-nat is the only way in your configuration - the public IP will be up at the Mikrotik, and whatever arrives to it from the internet will be forwarded to the other device’s private address in Mikrotik’s LAN. But you can assign the same public IP to some virtual interface on the other device (or as a secondary one to the interface connected to the Mikrotik) and use dst-nat rule at that device to translate the LAN address back to the public one if that makes the application running at that other device feel better.
There is no L2 on the PPPoE interface itself, hence no ARP and even no broadcast. Even for the address assignment, PPP’s IPCP is used, not DHCP.
L2 is the transport for PPPoE, but the payload is only L3.
To be absolutely precise, all PPP-based protocols can also do L2 tunneling using BCP, but ISPs only use L3 tunnels over PPPoE.
