i have read all over this forum for 3 days now and all i can find is terminal scripts explaining how to do this. all i have ever used is the GUI winbox. im sure i will learn the command line of this OS but for now im in trouble bc i have customers that need public ip's and cant pass them through to them. i made a net map of our network will all the info i can think of. i know this is a simple and common thing. but im at a lost. any help or direction is MUCH appreciated.
i have a small WISP (less than 100 customers)
all we have is a RB750GL for our router ( 5 ports usable and we are using 4 of them. eth 5 is for future use)
i have a block of public ip's from our ISP ( xxx.119.73.224/27 which is our network address; xxx.119.73.225/27 is from our ISP; xxx.119.73.226 is the public ip of the mikrotik and the gateway ip for our customers with public ip's; our public ip address range for our customers is xxx.119.73.227/27 through xxx.119.73.250/27)
our private lan side ip scheme is 10.10.0.xxx/24 (keep it simple and put the entire network on same scheme)
also gave the RB750GL the ip address of 10.10.0.1/24 for the private lan side gateway for customers
how would i set up the mikrotik to work with this setup.......
Need Help Passing Public IP's To Customers (New to the Tik)
You do not have the required permissions to view the files attached to this post.
-
-
greencomputing
Frequent Visitor
- Posts: 95
- Joined:
- Location: Italy
Re: Need Help Passing Public IP's To Customers (New to the T
Hello
with the condition that we want to preserve the current network configuration/design, I suggest you to use NAT on RB750GL.
The idea is to assign the public IPs to the RB 750GL and when receivng traffic , change dst nat to reach the real end client host that "own" the IP.
Lets say that the client 10.10.0.188 require a public IP and you decide to give him xxx.119.73.230/27.
First of all, add this IP to the WAN interface eth1.
After that, define a one-to-one relation between client private ip and public one using nat :
1) Everything coming from Client Host and outgoing on the Public Internet trough WAN ether1 interface will be mapped to public IP :
2) On the other hand, forward incoming traffic to the public IP xxx.119.73.230 assigned to user having IP 10.10.0.188.
This solution is manageable just for few tens of subscribers, after that a re-engineering of the network is needed introducing for example radius releasing public ip and having customer CPE connected in bridging way on the WAN backbone. this is another story and I wish you that soon you will need to think to it (this will mean that soon your customer base will increase so much and your business will grow so much ...)
Hoping that was helpful to you
Have a nice day
with the condition that we want to preserve the current network configuration/design, I suggest you to use NAT on RB750GL.
The idea is to assign the public IPs to the RB 750GL and when receivng traffic , change dst nat to reach the real end client host that "own" the IP.
Lets say that the client 10.10.0.188 require a public IP and you decide to give him xxx.119.73.230/27.
First of all, add this IP to the WAN interface eth1.
Code: Select all
/ip address add address=xxx.119.73.230/27 interface=ether1
1) Everything coming from Client Host and outgoing on the Public Internet trough WAN ether1 interface will be mapped to public IP :
Code: Select all
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 src-address=10.10.0.188 to-addresses=xxx.119.73.230Code: Select all
/ip firewall nat chain=dstnat action=dst-nat to-addresses=10.10.0.188 dst-address==xxx.119.73.230 in-interface=ether1
This solution is manageable just for few tens of subscribers, after that a re-engineering of the network is needed introducing for example radius releasing public ip and having customer CPE connected in bridging way on the WAN backbone. this is another story and I wish you that soon you will need to think to it (this will mean that soon your customer base will increase so much and your business will grow so much ...)
Hoping that was helpful to you
Have a nice day
Re: Need Help Passing Public IP's To Customers (New to the T
ok heres where i am now.....
i got the public ip addresses to work from inside our private network, but i cant access them from outside. i used netmap to do a 1:1 and i read that the only way it was supposed to work was to turn on arp-proxy on the interface. i created a bridge in the tik and added all of the eth ports to the bridge and turned on arp-proxy on inside the bridge. and sure enough i can type in the public ip from inside our LAN and they work. but the problem is that when i try to access them from outside of our network it times out like there is nothing there.
at our office we have a backup internet connection from a different isp so we can do testing like this. i made one of my laptops a simple web server running a bo-bo page for testing. assigned the laptop a public ip with the right SM and GW, and bridged the wireless CPE that it was connected to. when i use another laptop on the different isp network and try to go to the external ip of the laptop it wont work but i can see the web page from any other computer on our lan using the same ip.
does it take time to propagate across the internet with the arp tables or something.
im asking bc i have swung over MX records from a web based email server to a local MS exchange server and it took almost 20 hours for email to start coming in while the rest of the internet got the new ip address for the mail server from the MX records
just a thought might not have anything to do with it.
???????????????
stumped on this one.
i got the public ip addresses to work from inside our private network, but i cant access them from outside. i used netmap to do a 1:1 and i read that the only way it was supposed to work was to turn on arp-proxy on the interface. i created a bridge in the tik and added all of the eth ports to the bridge and turned on arp-proxy on inside the bridge. and sure enough i can type in the public ip from inside our LAN and they work. but the problem is that when i try to access them from outside of our network it times out like there is nothing there.
at our office we have a backup internet connection from a different isp so we can do testing like this. i made one of my laptops a simple web server running a bo-bo page for testing. assigned the laptop a public ip with the right SM and GW, and bridged the wireless CPE that it was connected to. when i use another laptop on the different isp network and try to go to the external ip of the laptop it wont work but i can see the web page from any other computer on our lan using the same ip.
does it take time to propagate across the internet with the arp tables or something.
im asking bc i have swung over MX records from a web based email server to a local MS exchange server and it took almost 20 hours for email to start coming in while the rest of the internet got the new ip address for the mail server from the MX records
just a thought might not have anything to do with it.
???????????????
stumped on this one.
Re: Need Help Passing Public IP's To Customers (New to the T
-------
hi, fren..
yes, you are correct idea when you will NAT go action=netmap, and it's public ip should be talk itself of your router.
regards,..
Hasbullah.com
-------
hi, fren..
yes, you are correct idea when you will NAT go action=netmap, and it's public ip should be talk itself of your router.
regards,..
Hasbullah.com
-------
i have .........0.1/24 for the private lan side gateway for customers
how would i set up the mikrotik to work with this setup.......
Who is online
Users browsing this forum: Google [Bot], Semrush [Bot] and 97 guests