Ive got a hotspot with many users. Most of them are happy with NAT’ed addresses, but some want public IPs. Ive experimented and found a couple different ways to accomplish this but they are kind of a pain to set up. Firewall rules, Static DHCP entries, etc…
What is the easiest and best way to handle this? I also want to explore scripting if that will help.
I found one method here that is quite nice:
http://forum.mikrotik.com/t/proxy-arp-solution-solved-howto/3130/1
This method uses IP Routes. The only problem here is that if the DHCP server gives out a differnt private IP to them, then the route is broken. So it requires the DHCP static private IP to be set, then the IP Route. Slightly easier than doing the same thing with NAT though.
The way I’ve gotten it to work is to sub-subnet the public IP’s you have.
For example, use the bottom of a /26 for the router, and the first ip in the top half of the /27 that occupies the /26.
Provide ip’s from the /27 to all public devices behind the hotspot.
Allow them through the hotspot with IP binding.
Ugly, but it works.
I’ve got masquerading happening, and that’s the only successful way I’ve gotten it to work without tweaking the routing tables.