I have a big problem to asign some public ip address to my clients. My clients can not connect to another of my clients through the public IP address.
For example, a client that have the public ip address 212.4.xxx.155 can not connect to a windows server of other client that have the ip 212.4.xxx.165.
There are some screenshots of my router:
In “Address List”, my clients obtain the local ip as their IP Address, and the real public ip address as network. Why?
“Br-Interno” is a bridge that contains some ethernet ports.
I think that the firewall is not the problem, as from a another company adsl can connect perfectly.
The problem may be the routes, or ip addresses in address list, because instead of having the public IP address 212.4.xxx.155 has the internal ip address 172.10.0.2.
When I do a tracert from the client answer me this:
C: \ Documents and Settings \ Administrator> tracert 212.4.109.165
Tracing route to var165-109.gnet.es [212.4.109.165]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.2.1 → Internal router of client
2 1 ms <1 ms <1 ms var153-109.gnet.es [212.4.109.153] → Gateway of ADSL2
3 53 ms 51 ms 52 ms 212.4.96.5 → Gateway of my ISP
4 50 ms 52 ms 52 ms var153-109.gnet.es [212.4.109.153]
5 101 ms 102 ms 101 ms 212.4.96.5
6 104 ms 102 ms 101 ms var153-109.gnet.es [212.4.109.153]
7 150 ms 151 ms 151 ms 212.4.96.5
8 150 ms 151 ms 153 ms var153-109.gnet.es [212.4.109.153]
9 204 ms 201 ms 201 ms 212.4.96.5
address you see as local address is set into profile where it explicitly states that this address should be used as a local address while remote is correctly set from the pool.
you can attempt to set arp=proxy-arp on the local interface that has address from network where your customers belong to.
i think your mangles is your problem…disable your ping mangles and then check again.
when your clients connect their PPPOE’s their add a connected route to your router.but when you use prerouting chain in mangle and mark for example ICMP packets that’s packets skip main routing table and then they cant connecting together…check it.
I tried what you said and it worked by changing the prerouting chain to output in the first three rules (mark routing).
The problem I have if I change that, is that all customers leave for internet on the same DSL connection (ADSL_1), and the other two connections are not used, and this is a big problem for me, because the line is saturated ADSL_1 .
create an address lists for your public IPs that you have.then change your mangles to work except dst-address-list=“your created list” then your problem will be solved.
hmm let me get this straight… you have 3 Adsl connections and want to assign public ip to clients of yours?
Theres a lot of IP public on your pool, how did u go these with ADSL? if the ISP only give us one public ip per connection..
