Transparent Bridge, PPPoE server

Abdock · September 9, 2009, 5:04pm

Hello,

I tried to search the forum but could not get the specific answer i need, tried couple of configs but none worked.

I want to configure mikrotik, to be transparent bridge, and also be a pppoe server. User would dial in PPPoe server, get authenticated and move to internet. I do not want to use NAT, as the IP i have are all Public, 1.2.3.0/24. If anybody could help put down the steps for this, and waht IP to use on what interface, having 2 interfaces.

Many thanks.

Abdock · September 9, 2009, 6:52pm

After struggling, i was able to set the bridge, adding 1 interface, and second one from pppoe server, user gets authenticated and gets also Public IP address from DHCP server, but but, cannot surf, i can get to all https sites but not port 80.

can anybody help here ?

must be something to do with filters or web proxy.

Chupaka · September 11, 2009, 7:06pm

we don’t know your PPPoE server’s configuration

Abdock · September 11, 2009, 8:21pm

Thanks Chupaka for the reply.

The setup is a test setup, for the Transparent Bridge, having PPPOe server, so when a client logs in, will get either Public IP or Private IP.
I am not sure if this is how its to be done, Its working now as i want.

I have created
1 pool - DHCP, for clients. ( private not routed )
2 pool - public IP
3. another private pool, for the clients who do not need public IP.

Do i need all these pools ? as later on i want to have a central DHCP server having public pool, so we can keep track of the public IP released.

Chupaka · September 11, 2009, 8:59pm

if the problem is only with port 80, then is’t possibly wrong setup of transparent proxy

Abdock · September 13, 2009, 12:36pm

I did a reset and configured all options again, now its working fine.

Now I am little bit confused on the IP addresses, I have public IP on /27 /26 /25 ranges. How can I use them so the PPPoE client gets the correct IP with gateway from the DHCP ?

We do not do NAT, a client connects with the pppoe server having a normal private IP, upon successful auth he gets public IP via pppoe.

How can the client get the right subnet mask and the gateway ? as i can only define which pool the IP comes from on pppoe server, and on that pool there are no subnet / gateway definitions. Would creating the pools as 1.2.3.32-1.2.3.64 work ? without gateway / subnet definitions.

Thanks in advance for helping.

Chupaka · September 13, 2009, 3:10pm

PPPoE is point-to-point link, it doesn’t have network mask, it’s mask is /32. so simply add your addresses to the pool

Abdock · September 13, 2009, 4:26pm

Thank you Chupaka, will test and let you know.

Abdock · September 21, 2009, 9:07am

Hello,
tested with just adding IP on the pool and its working. One more thing, on the pppoe profile, there is a requirement to put local address, i used the itnernal IP, do i need to put external IP here ? its jut when i do trace route, the internal IP comes in between but the trace goes on. The idea is to give IP depending on the service name we put. If public then public and if private then we give private.

Hope i am not confuging more ! thanks for the help.

Chupaka · September 21, 2009, 9:45am

you may have any local address you want. it’s p2p =) and you don’t need to use different IPs depending on service name

Abdock · October 7, 2009, 7:47pm

Chupaka, do you have little time to check the configs, as i am getting little problem in getting people with routers online, the user is not able to surf. Can you help or suggest somebody who does a paid support. tried Networkpro but he is busy.

Chupaka · October 7, 2009, 8:06pm

you can describe your problem here =) with pieces of your config… we’ll try to help you =)

Abdock · October 7, 2009, 8:36pm

let me try and decsribe a whole screnario, i have a RB 1000 which i want to use it as a central DHCP leases, and hotspot also.

1x x86 for pppoe clients
4x rb 433ah for wireless clients with hotspot

i also have like 3x /24 public IP which i want to pass on to clients, if i can select that would be good if not then to all, so the RB 1000 has all the IP and the DHCP leases are being done from there, for any client who connects anywhere in the network.

how can i achieve this ?

Chupaka · October 7, 2009, 9:28pm

I think, you need to set up DHCP Relays on your RB433s to centralize DHCP leases on your x86, but… why do you need central DHCP in this setup?..

Abdock · October 8, 2009, 6:42am

The idea is to give Public IP to clients, trying to keep one DHCP server, but am not sure if this will work.

The second problem is the pppoe server, its setup to give either public or private IP depending on the service name, but i have seen some clients having routers do not work when we put the public service name, as public its suppose to bridge and private to nat.

as you can see above, i have set up first DHCP server, so the client gets an ip but without gateway. Just IP address, and when he establishes PPPoe connection he either gets public or private IP, depending on the service name he puts, if its private he gets a natted IP, and if its public its bridged, on the public side how do i configure the pppoe interface ? local IP ? ( remote ip is from public pool )

Thanks.

Chupaka · October 8, 2009, 11:15am

for pppoe to work, you don’t need DHCP for LAN Connection - it’s working on layer 2

and you can set almost any local IP for PPPoE server, even from other subnet - it will work

Abdock · October 9, 2009, 6:39am

Removed the DHCP server.

I have 2 pppoe services running, 1 giving private and another giving public, if its private its a nat ip and if its public, it gets to bridge. So the client gets public IP from the public pool.

Can i have this running ? as some say its not good idea to have 2 services running ?

Currently the Public IP are being bridged to us, would this not bring any problem ? or do i need to get them routed to the pppoe server ? although its a completely different range, example :

ether2, cisco router: pppoe server IP: 200.2.34.34
ether1, client side: the public IP range: 200.2.35.xx
bridge 1, ports added ether2, and pppoe upon authentication ( for public IP )

do i need to enable proxy arp ? ( i have this enabled on bridge interface, )

thanks for the help.

djromeo2009 · October 11, 2009, 11:24am

I’m not sure if i understand .. but i have a simple solutions . 2 interface card , one is the internet , from where you get your internet , ip’s , etc . and other that is the network card without any ip address .

You add on the 2 interface an pppoe-server then you configure the profile to have a remote address , and the local address you specify by dhcp pool or by setting the local address to the authentification filed .

Then add to your firewall a forward rule to forward your public ip’s to your provider .

And That is all !

sorry for my bad english .

I’m sory if i have not understand the meening of what you want to do .

Abdock · October 16, 2009, 5:55pm

Then add to your firewall a forward rule to forward your public ip’s to your provider .

thanks for the simple start, what would be the firewall rule here i need to make ? as these IP would not need any NAT.

int 1 — internet
int 2 — users

user dials, gets auth, gets a public IP, now how can i tell mikrotik not to NAT that IP and just bypass that ??

many thanks.

Chupaka · October 16, 2009, 8:38pm

/ip firewall nat add disabled=no src-address=your_public_ip_pool action=accept place-before=0