puplic IP over PPPoE (via NAT) ?

mikrotik75 · December 19, 2015, 10:16am

Hello friends,

How can I distribute three public IP via PPPoE? But I do not have a whole subnet to public IP, only a part. My idea was to allocate the three clients via PPPoE a private IP, and then assign each fixed to public IP NAT (no masquarade). Both IPs are 1:1 translated.

PPPoE-LAN <==> WAN
10.0.0.1 <==> 77.88.99.111
10.0.0.2 <==> 77.88.99.112
10.0.0.3 <==> 77.88.99.113

PPPoE-LAN works fine, but I search only for a NAT-Rule which translate that for- and backward.

How can I do that?

mikrotik75

troffasky · December 19, 2015, 2:19pm

Proxy ARP:

http://forum.mikrotik.com//viewtopic.php?p=2010 [just one of many threads about this]

mikrotik75 · December 20, 2015, 3:04pm

Thank you for your reply. I don’t understand this, but I’ve found another site in wiki:

http://wiki.mikrotik.com/wiki/How_to_link_Public_addresses_to_Local_ones

This way I’ve understand and it works great.

mikrotik75

troffasky · December 20, 2015, 7:38pm

OK, re-read your post, you were asking for 1:1 NAT Well, if your customers start demanding actual public IPs, you know where to start anyway.

mikrotik75 · December 22, 2015, 7:24am

This night I’ve tested my configuration on our real system. Now I know what you mean:

This is functionally:

client internet connection via PPPoE
public IP for specific LAN-client via NAT (LAN=private IP <==> WAN=public IP)

Problems:

the LAN-client get only a private IP like 10.0.0.1 via PPPoE, but on WAN-site a public IP like 77.0.0.1
the LAN-client should have the public IP direct (without NAT), because IPSec makes problems

How I can give the PPPoE-LAN-clients a public IP direct? I mean how I can route it?

Thanks
mikrotik75

troffasky · December 22, 2015, 2:05pm

Scroll up?

mikrotik75 · December 22, 2015, 4:11pm

Hhmm, moment, I should read the lines careful. I try to understand the thread…

mikrotik75 · December 22, 2015, 5:16pm

I’ve activate “proxy-arp” on eth1 (WAN) and eth2 (LAN) and deactivated NAT. It looks like good. The first tests on my dummy-system works fine. Should it really so easy?

This night I can test in our real system and I would see if also works fine…

mikrotik75

mikrotik75 · December 23, 2015, 8:59am

This night I tested the config on our real-ISP-system again.
Unfortunately this config works not on our real-system. I don’t know why. Now I have built a better dummy-system with the same environment-IPs like the real-ISP-system.

What I have done?

set interface ether1 (WAN 77.x.x.192/27) to proxy-arp
set interface ether2 (LAN 10.0.0.0/24) to proxy-arp
disable any NAT rules

For me it is not clear whether the PPPoE-client is assigned a private or public? If the client become a private IP, I should route the public to the private IP? Is it not the same like NAT?

My problem is the topic-translation to german. I think I’ve understand some points wrong of instructions.
A example source code would be great.

Thanks for all help!
mikrotik75

P.S.: I given up first before. I do not know how to continue.

mikrotik75 · December 24, 2015, 6:45am

Now I’ve found this: http://wiki.mikrotik.com/wiki/OSPF_and_PPPoE_Setup.

With this configuration I can give the LAN-clients a real public IP. And the LAN-clients can get internet. The outgoing connection worked good. But a IPSec-connection (from PPPoE-LAN-client with public IP to a remote router) runs not really. The time by ipsec / remote peer runs (initiator) and the peer-router says also connected, but the connection time on peer there is not run. Also no data transfer is possible.

I think there is no lack much. Maybe a firewall rule or route entry?
I am grateful for any information!

Merry Christmas
mikrotik75

troffasky · December 24, 2015, 12:50pm

If the clients get internet access then it’s probably not a routing issue. Is there any NAT involved? When a client browses to the web, what public IP do they get? If it’s not NAT or routing then perhaps it’s a firewall rule.

mikrotik75 · December 24, 2015, 8:54pm

The clients gets internet with the right ip. NAT is not used there. I should search for a right firewall rule. I think I need a forward rule from WAN to LAN interface (backward rule ).

Thanks for your reply
mikrotik75

mikrotik75 · December 26, 2015, 3:38pm

Just I have seen that still a NAT rule was working for the public IP pool and the public IP was not the right one. Browsing are possible, but with the natted IP address (wrong IP). I guess, thats why the IPSec transfers fails.

Now I’ve deactivated the NAT masquerade rule. Now the client have no internet connection. The LAN-client get via PPPoE the right public IP, but only with the OSPF-routing the thing isn’t running. The LAN-client with the public IP isn’t visible on the WAN-site. What can I do now?

Thanks for all reply.
mikrotik75

mikrotik75 · December 30, 2015, 7:01am

I’ve found out, how to get a working PPPoE connection with public IPs. The trick is an own bridge with own public IP of ISP-range for the WAN interface. The bridge is needed for the PPPoE-Profile. The router use then two public IPs for working. One for NATted-connections and one for PPPoE-connections with public IPs.

Only a small mistake the system have:

If I like to use the connection with a public IP via PPPoE, I need a initial-connection with an local IP via PPPoE (NAT). Then I can close this connection and the new connection with public IP over PPPoE runs fine. I think the system is needed an established connection, but why?

I think it’s only a little step by firewall rules. Have someone an idea?

mikrotik75