Heyas!
I could really use some help from a well-experienced person.
We were trying to set up a Mikrotik Router OS with Router Board, to accept pppoe calls from users and to serve as a gateway. The config looks like the following:
We have a primary and a backup line, both comes with a set of public ip’s.
primary line: 89.132.144.160/28
primary line gw: 89.132.144.174
backup line: 217.22.230.13
backup line gw: 217.22.230.13
backup line public ip range: 217.22.230.40/29
The eth2 port holds the primary, the eth3 holds the backup line.
The eth1 port is reserved for the LAN.
router lan ip: 192.168.255.254
We have a mail server connected to the lan with the ip: 192.168.255.1. Ports are opened and forwarded from 217.22.230.13 to the server.
On the eth9 line a pppoe sever is listening. The ips are manually entered for all the users who connect through the pppoe, so the bandwith management could be set. (ip range: 3.3.3.0/24)
The configuration works, however we have some problems with it:
1. The users cant reach the mail server. The 25,110,80 ports are forwarded to the server, so they could access their email from anywhere, and it works from outside perfectly. But from inside tho’ the ping works ok, they cant access any service.
It doesnt matter if they use the internal or the external ip address. Is there any way to set up if a connection attempt comes from the 3.3.3.0/24 network it should be forwarded to the 192.168.255.1. If so, does it require any new route to set up?
**2.**How could we set up so some of the users should be able to get public ip’s?
I gave some pppoe users public ip through the Secrets tab, where you can set up local and remote ip addresses. Then i excluded the range of 89.132.144.160/29 ips from the nat rule (the router was using the 89.132.144.173 at that time).
It worked for the first time, the test user, who got the 89.132.144.165, according to the ip checking homepages really used that address. But if i changed the ip to any other in the 89.132.144.160/29 mask, it didnt work. No idea why. I was playing with the netmasks but couldnt get a better result.
To sum up, what’s the default procedure if you want to give public ips to a set of users through pppoe while the rest is going through masquarade?
**3.**We struggled with the failover for a while.
The netwatch is a good tool, but since you cant set up which gateway it should use, it’s useless if you are using both uplink for load balance issuses. If either line goes down, the netwatch shows that it is alive since it can ping through the other route. The only way i can think of would be putting 2 routers to the uplinks and ping the public ips of the routers, but normal broadband routers cant handle ip ranges, so we wouldnt be able to give some of our users public ips.
Is there any way to disable pinging of the local interface, so the ping should go through the gateway first. Right now if i check with traceroute, it goes with 1hop, directly to the interface. If i can disable it somehow, that should solve our problem.
That would be all. I would really appreciate some help.
Puding