Community discussions

MikroTik App
 
DarkNate
Forum Veteran
Forum Veteran
Topic Author
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Making use of /31 public IP addresses assigned via PPPoE

Thu May 13, 2021 11:58 am

So I have an ISP whereby they use PPPoE to delegate and they are willing to give me to public IPs (one for the Router itself where I would src NAT for LAN) and an extra public IP which I would like to use on a separate server in my network.

Before I make payments to my ISP, I would like to know how would the routing be handled for the extra IP that's assigned through a PPPoE client interface and manually configured on a different physical machine?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: Making use of /31 public IP addresses assigned via PPPoE  [SOLVED]

Thu May 13, 2021 2:54 pm

The big problem is on the other machine. Let's say you get (public) IP addresses 10.20.30.40 and 10.20.30.41 and you use 10.20.30.40 for router's own WAN address (bound to pppoe-out1 interface). If you configure another box with 10.20.30.41/32 ... you need to tell it which IP address has its upstream router (that's your mikrotik) and configure ethernet in a point-to-point manner. It can be done, but I'm not sure what's to benefit by having end device set up with public address.

I'd use the extra address as another possible IP address in NAT process while keeping server on private address. If server uses address 192.168.13.13, then NAT rules would be something like this:
/ip firewall nat
add chain=srcnat action=netmap src-address=192.168.13.13 to-addresses=10.20.30.41 out-interface-list=WAN
add chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
add chain=dstnat action=netmap dst-address=10.20.30.41to-addresses=192.168.13.13 in-interface-list=WAN

Could be, that rule order is not important, but it doesn't hurt to have srcnat netmap above srcnat masquerade in case that rule search strategy is same as in the rest of firewall (top to botton, first one matching executes).

In this case you probably don't have to anything else with regard to the extra IP address (pppoe means that packets are routed towards to your router and it's not necessary to play games with proxy-arp or some such).

Who is online

Users browsing this forum: dmconde and 54 guests