You may have seen my previous postings asking for assistance with proxy-arp, well they went un-answred but hey as usual I solved it and thought I would share:
It’s really if you have a NAT setup and want to set some public IP’s inside the NAT for whatever reason.
It’s pretty simple when you know but can be difficault to setup due to lack of resources especially when applied to MikroTik because authough it’s essentially a Linux based router it’s fairly proprietry in terms of setup compared to normal Linux.
1/ enable proxy-arp on both Public and Private interfaces.
2/ Choose a public IP in your Public block that is not used yet
3/ Go to the IP Routes in MT and add an entry as follows:
Destination = the Public IP you want to use
Gateway = the IP address of your MT private interface
Pref Source = the IP address of your MT private interface
4/ In the PC you want to have the Public IP now set it up as if it was in the Public side of the router with the gateway and DNS of your main ISP but using the new IP.
Simple queues only need to have the IP entered and work like normal so does mangle just as if it were a private IP which is good.
Destination = the Public IP you want to use
Gateway = the IP address of your MT private interface
Pref Source = the IP address of your MT private interface
We’re doing this and don’t have any proxy-arp turned on. And it works.
Also it doesn’t work on Linksys routers(well, the befsr41 anyway).[/quote]
I have followed the example and got it to work, but when I go to http://www.whatismyip.com it displays the public IP from the router. How do I get it to report the IP that I have assigned to the customer?
I think you need to do a src-nat rule, not sure if it’s masquerade or nat from the action tab, I think forum user Cameron had this problem earlier and used this to solve it.
All you need to do is create a src-nat rule.. choose the src-nat chain and add a new rule that says everythign from this local ip (10.10.10.10) NAT to this public IP (24.32.3.220)
ex (2.8.x):
/ ip firewall src-nat add src-address=10.10.10.10/32 action=nat to-src-address=24.32.3.220
That basically say’s all traffic coming from local IP 10.10.10.10 Translate to 24.32.3.220…
Is there going to be any way to have the traffic transparently bridge? That way existing customers with static real address wouldnt need to make any configuration changes.
I used 2.8 for my setup. Still the fact you have the address set and it’s working must mean your masquaradeing everything still for some reason.
Check your source NAT rules and enter the source addresses of the private network so it will only masquarde them and not the public address.
I know the MT docs tell you to just specify 0.0.0.0/0 which will masqurade everything to the WAN address. Use like 192.168.1.0/24 (or whatever your local range is?) instead so it will only masquarde private addresses.
That should sort it dude… If you do the 1 to 1 NAT you can’t give customers a real IP and authough they will have the working setup they will think it’s inferior to ADSL or something because it has a private address??? Also some stuff still wont work right with 1 to 1 NAT.
I hate it when you are right!!! )
I was masquerading the IPs all along, thus http://www.whatismyip.com reported the public IP from the router.
That said, and to help some poor soul from spending too much time on the same issue I will show you how I did in v2.9.6.
If I try to connect to a computer behind hotspot (which has a public IP), the connection goes into the machine but the machine can not respond back. I can see the incoming connection with personal firewall on this machine. The syn request gets sent in.
What rule do I need to add in order to allow this machine behind hotspot (with public IP) to reply back?
We only have a few users who need to see a specific PC on the hotspot side of the router, I use MAC authorization for them to login, which eliminates them having to fill in the login screen.
)