Proxy ARP necessary?

Wibernet · April 4, 2017, 9:10am

Hi Guys,

Firstly I am a Mikrotik and networking novice. I am hoping you can help me.

My basic setup.

I have a CCR with the IP address of ether2 being - 165.50.0.1/16, this is my NAT router and has the masquerade rule that gives it internet.

I have another Mikrotik with the IP address of the WAN port 165.50.0.2/16. This router has internet access, I can ping google no problem. This Mikrotik is running as a PPPoE server and the clients are all running on a 165.50.X.X/16 range.

I want all the PPPoE clients on the second Mikrotik to have internet access, but I want them to maintain their IP address when they hit the core router.(all PPPoE clients are given static IP’s) I have only managed to get this to work with proxy-arp however I would prefer not to use proxy-arp.

Is this possible and am I making a simple error?

Thanks in advance.

idlemind · April 5, 2017, 4:37am

It likely is. How is the core router and the PPPoE MikroTik connected? That said maybe the pieces can be assembled in a way that doesn’t require it.

Proxy-ARP is typically seen as a crutch in the best of light and horrid security practice in the worst of light so I’d agree with your assessment of not wanting to use it if you don’t have to.

Wibernet · April 5, 2017, 5:58am

I managed to get it working when manually adding static routes and addresses, I was just hoping not to have to do it for over 300 clients. I guess doing it for 300 clients individually is still better than proxy-arp.

idlemind · April 5, 2017, 3:47pm

Yes, both solutions raise eyebrows. Showing a diagram to show what it looks like will help us give you a recommendation on a way to do it better.