Private PPPoE

RouterOS Beginner Basics
1

Hi all,

I have a setup where when connected to PPPoE i get a private ip address assigned.
Than the ISP routes a public subnet over this, i can than use this public subnet on my LAN interface so i can connect servers ‘directly’ public.
Problem is now that this private ip is now used by the mikrotik router as out interface, so every thing i do from the router towards internet will result in using the PPPoE private ip.
icmp will not be answered and i cannot access the upgrade.mikrotik.com host, also registration of teh router will not succeed, so it is stuck in trial mode…

Is there a way to tell the router that his internet interface should be the routed subnet ip i give him?

2

In the PPPoE server, secretes, use the Public IP belongs to you in Remote Address.
This way the PPPoE server will give the PPPoE client that public address when this client authenticate.

3

Solar,

Problem is that the PPPoE server is a complete other device, not managed by us.

4

You could remove the “add default route” checkmark for the PPPoE interface and add a default route manually
which is like the automatically added route, but with the pref-src field filled with the IP address you want to use.

5

pe1chl,

Tried that, ping to IP works, but to DNS names does not.
When i than enter the DNS servers to the routes an let it route whithout pref-src it does resolve and ping works.
However than the router cannot connect to the upgrade servers nor i can register it to the mikrotik site, it says: Error connection timed out

6

You can upgrade by downloading the packages from the MikroTik server then upload to the router and reboot.
For further help with your config please include a /export of the router configuration.

7

You need to use SRC-NAT to rewrite any connection initiated from the router to one of the Public adresses of the route Subnet.
In order to save addresses, I would abuse the very first address of the prefix, which is unusable within standard ethernet (Network address)

8

here is mij config:

# mar/24/2018 10:09:50 by RouterOS 6.41.3
# software id = 
#
#
#
/interface ethernet
set [ find default-name=ether2 ] name=lan
set [ find default-name=ether1 ] name=wan
/interface pppoe-client
add allow=pap,chap disabled=no interface=wan name=pppoe-out1 password=\
    ******* user=********
/interface list
add name=WAN
add name=LAN
/snmp community
set [ find default=yes ] addresses=89.20.80.149/32 name=test
add interface=pppoe-out1 list=WAN
add interface=lan list=LAN
add interface=wan list=WAN
add list=LAN
/ip address
add address=89.20.89.253/30 interface=lan network=89.20.89.252
add address=192.168.10.191/24 interface=ether3 network=192.168.10.0
/ip dns
set servers=89.20.90.2,89.20.64.132
/ip firewall address-list
add address=89.20.89.253 list=Router-IP
/ip firewall filter
add action=accept chain=input dst-address-list=Router-IP dst-port=\
    21,22,23,80,443,8291,8728,8729 protocol=tcp src-address=89.20.90.248/29
add action=accept chain=input dst-address-list=Router-IP dst-port=161 \
    protocol=udp src-address=89.20.80.149
add action=accept chain=input protocol=icmp
add action=drop chain=input dst-address-list=Router-IP
/ip route
add distance=1 gateway=pppoe-out1 pref-src=89.20.89.253
add distance=1 dst-address=89.20.64.132/32 gateway=pppoe-out1
add distance=1 dst-address=89.20.90.2/32 gateway=pppoe-out1
/snmp
set contact=test enabled=yes location=test
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=chr-001.test
/system ntp client
set enabled=yes primary-ntp=89.20.90.89
9

You have to add this at the top of your firewall rules:

add action=accept chain=input connection-state=established,related

Otherwise you will drop te replies to the DNS lookups and outgoing connects to MikroTik server

10

Yes works now thanks!!!