Have a bit of a complex scenario here I am trying to figure out.
Here is the scenario:
PPPoE service with 2 IP addresses/aliases attached it.
103.xx.x.90
103.xx.x.91
Before getting into the technicals, I have tested that both IP addresses are useable for internet access - they are working therefore when I browse the web from my local network 192.168.2.1 I can tell it which IP to use
I need to forward 103.xx.x.91 to a port that a computer or another router can plug into and use 103.xx.x.91 (doesn’t have to be DHCP) this has to show up as the WAN/IP on the device plugging in. We don’t want to setup an internal network range such as 192.168.1.1/24 and give the customer 192.168.1.2 as their static IP and gateway as 192.168.1.1 then do a NAT onto that IP range - this I know can be done but it doesn’t look as clean.
What I’ve tried:
pppoe1out is created on interface 1 which is plugged into a modem passing all traffic in
Under “addresses” I have the first IP “103.xx.x.90” given to me by the DHCP client from ISP then “103.xx.x.91” is setup statically
I have created a bridge group with ethernet 1 and ethernet 3 (the port i want the customer to plug into)
This is where I am stuck and contradict myself in the thought process - I would think I can’t assign the WAN IP 103.xx.x.91 to my router as well as try and give that to my connecting device, so it doesn’t make sense that I should create this IP address on the router and statically assign it to my computer for example.
What I did try was create a bridge. pppoe1out was then pointed to a new bridge group, I assigned eth3 and eth1 to the new bridge group and only got my first address through DHCP for my MikroTik local network 103.xx.x.90. I then assumed since the pppoeout1 is in a bridge with eth1 and eth3 I could then plug a device into eth3 and statically assign it 103.xx.x.91 since this is technically also on the same broadcast network as the WAN service coming into the MikroTik however this did not appear to work.
My main question is, can this even work? Can I “bridge” a second WAN address that is on the same service as my DHCP/Main WAN ip address to a specific port and have it passthrough? Keeping in mind that these two addresses are on the exact same pppoe account.
I’m not sure if I understood it 100% but in general you can do this through the firewall settings. If you simply enter the rule as Des. Address the desired ip of your ISP.
but probably it would be easier to use a 2nd router.
Let this one do a second dial-in if possible or bridge the pppoe port with a lanport on router1 and then connect the second router to it.
Then you have 2 gateways in the network and can configure them very easily.
I think you have pretty much guessed where I am coming from. I tried bridging eth1 (the WAN uplink) and eth3 (the 2nd router) and assigned a static IP to the second router however that didn’t work.
You’ve basically guessed it. The end goal is to use a second router that plugs into this port on the mikrotik and have the ability to give it, its own WAN address via the mikrotik and its PPPoE session out of eth1 thats contain 2 IP addresses
Thinking of it now, I think the only way to really do it is to bridge eth1 and eth3 together and have the router in eth3 do its own PPPoE session that is tied to this second IP rather than combine the two IPs together into the same PPPoE session
Would this sound more like it?
Your ISP is only expecting a single PPPoE session - you would likely have two order two services from them, each with a single public IP.
pppoe1out is created on interface 1 which is plugged into a modem passing all traffic in
Under “addresses” I have the first IP “103.xx.x.90” given to me by the DHCP client from ISP then “103.xx.x.91” is setup statically
I have created a bridge group with ethernet 1 and ethernet 3 (the port i want the customer to plug into)
For info, the PPPoE WAN address is negotiated by NCP during the session setup, not DHCP.
There is no point including ether1 in a bridge unless you are going to run a separate PPPoE client on another device. The WAN traffic is passing though it encapsulated, so the actual WAN port is the pppoe1out interface.
If you had a /30 subnet it would be easy, e.g. if your ISP provided x.x.x.20/30 and assigned x.x.x.21 to the PPPoE connection you would configure an IP address of x.x.x.21/30 on an ethernet port, the other device would be configured with an address of x.x.x.22/30 with a gateway of x.x.x.21. Having the same IP address on different interfaces may seem wrong, but it isn’t. The default firewall rules would need adjusting to allow traffic.
With your 103.x.x.90 & 103.x.x.91 this method will work if the other device supports /31 or /32 subnets. The mikrotik would be configured with /32, e.g.
/ip address
add interface=ether3 address=103.x.x.90/32 network=103.x.x.91
note ether3 should not be a member of a bridge.
The other device would be IP=103.x.x.91/31 gw=103.x.x.90 if it supports /31, or IP=103.x.x.91/32 net=103.x.x.90 gw=103.x.x.90 if it supports /32
The ISP is providing a /32 network sorry I should have mentioned
Alright so I’m starting to grasp what your saying now.
So are you saying there are two ways to go about this?
One way is a second PPPoE session over the same link attached to my 103.x.x.91 so that the second router (we’ll call it that) can use this for its PPPoE session (how would it plug in if bridge groups aren’t being used?)
OR
I create an IP address on the mikrotik and the port plugging into the second router and have it set on 103.x.x.90/32 network will be 103.x.x.91/32 and then on the second routers WAN port would it be static IP address and then IP address will be 103.x.x.91 network will be 255.255.255.255 and gateway will be 103.x.x.90?
OR are you saying I HAVE to have the second IP address attached to a second PPPoE session because it is a /32 network and I also need to configure the above?
Thank buddy, sorry I’m just trying to get my head around it. I’m sure it’ll click soon haha
My experience goes that IPv4 addresses provided via PPPoE are /32 … and none other WAN IPs are usually routed through it. If they are, they are because of special arrangements with ISP, but client can’t just make it magically work by configuring stuff on their own end.
Which means that you actually have to run two PPPoE sessions, one for each WAN IP address. If you run both PPPoE sessions on first router, it will result in both WAN IP addresses assigned to first router. Since you don’t want to construct a private IP subnet for routing towards second router (including NAT), this means you actually have to run second PPPoE client on the second router itself so that the second WAN IP will be assigned to the second router “natively”.
This will only work if the ISP is expecting two PPPoE sessions to be established with different credentials, one would be assigned the x.x.x.90 address and the other the x.x.x.91 address based on the credentials.
Create a bridge with ether1 and ether3 as members, the PPPoE client would be attached to this bridge, not ether1.
I create an IP address on the mikrotik and the port plugging into the second router and have it set on 103.x.x.90/32 network will be 103.x.x.91/32 and then on the second routers WAN port would it be static IP address and then IP address will be 103.x.x.91 network will be 255.255.255.255 and gateway will be 103.x.x.90?
OR are you saying I HAVE to have the second IP address attached to a second PPPoE session because it is a /32 network and I also need to configure the above?
The PPPoE client on the Mikrotik only has the single /32 WAN address assigned to it by NCP during session setup. Packets for the other /32 WAN address arrive at the Mikrotik as they are routed from the ISP, so you need a route on the Mikrotik to forward them to the second router - this could be an implicit route which is generated from the address on the ethernet interface linking to the second router (appears as DAC in the routing table), or an explicit static route if you were to use private IP addresses on the link between the Mikrotik and second router (although you are trying to avoid this method).
That is completely the opposite of my experience. As you say the PPPoE client IPv4 address is a /32 as that is the way NCP works, but the ISP will route any other addresses assigned to the client via that address. Depending on the ISP the /32 may be part of the other addresses or separate, e.g.
ISP #1 provides 82.x.x.88/29 and assigns the PPPoE client 82.x.x.94
ISP #2 provides 83.x.x.92/30 and assigns the PPPoE client 83.x.x.93
ISP #3 assigns the PPPoE client 80.x.x.119 and provides 46.x.x.136/30 routed to it
the sites all use the additional addresses in various ways.
We are actually saying the same thing: PPPoE client receives single /32 IPv4 address, the rest is up to special arrangements with ISP (such as other WAN addresses being routed over the basic connection). Client can’t “attract” additional WAN IP addresses only by some magical configuration on it’s equipment, ISP has to do their own part of configuration.