Public Ips

johnsonnetwork · April 20, 2012, 6:19pm

Hello,

I have searched for hours looking to a way to had out public Ip to my end users. but for the life of me I cant get my CPEs to have a public address, I have tried

“I first added the block to IP>Addresses. Then I added the individual Public IPs to IP > Hotspot> IP Binding on both address and to address.”

I want a IP address pool that I can hand out that doesn’t go though my firewall or NAT rule.

Any I will take any in site any one has.

Feklar · April 20, 2012, 7:02pm

You have two ways of assigning a user a real public IP address.

The first, best, and recommended method is to have a public subnet routed to you by your ISP. This means your ISP gives you a /30 address, and sets up a route to your larger subnet over that /30. You can then assign your larger subnet to the LAN and hand it out however you wish.

The second method is an ugly hack that has the potential to cause a lot of problems. It is using proxy-arp to get the router to respond for each IP address on a given interface and assign routes for those IPs to interfaces. Before doing this you MUST call your ISP and make sure that your turning on of proxy-arp will not cause them problems. Then you will likely not want to have other devices on the WAN side of your router since proxy-arp can cause arp-conflicts (remember that the router will respond for each arp-request).

Assuming both of those situations are fine, what you do is enable proxy-arp on your WAN interface. You then proceed to set up routes in your routing table that tell the router where those IP addresses are located.

/ip route
add dst-address=11.22.33.44 gateway=LAN
add dst-address=11.22.33.45 gateway=LAN
add dst-address=11.22.33.46 gateway=LAN
add dst-address=11.22.33.47 gateway=LAN
....

You can then assign people those “public” IP addresses on your LAN.

johnsonnetwork · April 20, 2012, 10:42pm

Feklar,
I like the first options but can you so me an example of what that would look like. Sorry I am a visual kind of guy.

Thanks so much for your post

Feklar · April 22, 2012, 1:16pm

Basically your ISP would assign you a /30 of addresses and rout them to you over that /30.

So lets say they assigned you 1.1.1.0/30 as the new subnet with 1.1.1.1 as your default gateway, and your bigger subnet is 2.2.2.0/24.

First assign the IP to your wan, and set up your default route

/ip address add address=1.1.1.2/30 interface=WAN
/ip route add dst-address=0.0.0.0/0 gateway=1.1.1.1

Since the ISP is setting up the route, they will advertise it to the world that 2.2.2.0/24 can be reached over 1.1.1.2 and route the traffic to you appropriately. Then hand out the subnet however you want just like any other private subnet. Just don’t have firewall rules that will prevent people from using it, and do not NAT that subnet and the world can talk to those IPs that are active.