Page 1 of 1
How to manage multiple public address with routerOS?
Posted: Tue Oct 03, 2006 11:59 am
Hi, this is my question....
Suppose to have a range of 64 or 128 public IP address available and a wireless network with pppoe authentication, can I assign a public address for every user connected? In other words can routerOS assign public address to user when he start connection?
Posted: Tue Oct 03, 2006 12:18 pm
Posted: Wed Oct 04, 2006 12:24 pm
Thank You janisk! Very helpful!!
I think the forum must help non-expert users like me, if I resolve problem with manual I dont ask help on the forum!
Thank You again for help!
Posted: Wed Oct 04, 2006 12:35 pm
you have asked if MikroTik can do that, and the answer is yes.
But depending on the setup of your network there could be multiple ways to achieve this. And you didn't write if you want to hand out static ip addresses to your customers.
In the simplest case you can just create an ip pool with the public ip addresses you want to hand out and use this ip pool in your pppoe server profile.
Posted: Thu Oct 05, 2006 12:43 pm
Hi Christian, Thank You for answer.
This is my problem: I have a range of public IP address assigned to my DSL connection and I use a MT (PPPoE server) for user authentication.
When some user start connection must obtain public IP address from MT.
Now I'm trying your suggestion but I'm sure to mistake something...
I've created a pool with public IP range (example from 100.100.100.150 to 100.100.100.200) then I've activated PPPoE server. My test MT have a wan card connected to DSL router and a wlan card for user access. The IP assigned of wan card is 100.100.100.99 and gateway is 100.100.100.98. When first user start connection PPPoE server assign it the 100.100.100.150 IP address, for the second user the IP it's 100.100.100.151 etc. but all users exit on the public network with same address 100.100.100.99 (wan card IP address). I need every user exit on network with assigned address, the first with 100.100.100.150, the second with 100.100.100.151 etc. I hope You understand what I want to say, my english isn't good. In other words, every user receive right address but don't exit on public network with this, every user have the same address on public network. There is a solution for my problem?
Thanks to anyone want help me and Thank You again Christian for answer.
Posted: Thu Oct 05, 2006 2:12 pm
If all users go out with your wan interface ip address, you must have a masquerading/src-nat rule in effect.
Look under "/ip firewall nat" what you have there (and post here, if unsure).
Posted: Thu Oct 05, 2006 2:57 pm
Yes, masquerading rule it's active, I need to remove it?
[tivuesse@MikroTik] > ip firewall nat
[tivuesse@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade
[tivuesse@MikroTik] ip firewall nat>
Posted: Thu Oct 05, 2006 3:01 pm
Yes, because this masquerading rule does exactly what you observe: replace the source address of every outgoing packet with the source address of the wan interface.
This is sensible/necessary when handing out private ip addresses to your customers, but unnecessary/wrong when you give them public ip addresses.
As I don't know your network setup, be careful what you do. If you still use private ip addresses for other customers on the same system, you will have to resign your masquerading rule instead of deleting it...
Posted: Thu Oct 05, 2006 4:31 pm
I've tryed to remove masquerading rule and users cannot browse in internet. I think there is some error in address settings..
I don't understand how to configure public address... now I've assigned to the wan card only 1 public IP address and I've created a pool with other address. This pool it's assigned to PPPoE profile. It's right?
P.S. I don't have other customers with private address, only PPPoE users.
And I'm trying with 3.0 beta version, You think this is a problem?
Posted: Thu Oct 05, 2006 6:28 pm
Well, the beta is the first 3.0 beta - I would be cautious with tests with that. I'd suggest using a current release version (like 2.9.31) to exclude possible 3.0 beta bugs.
Apart from that you will perhaps need to activate proxy-arp on your WAN ethernet interface.
Posted: Thu Oct 05, 2006 8:25 pm
Proxy-arp activated on wan card and all system work fine!!!!
Many Thanks Christian, I've received a great help from You!!!
Posted: Thu Oct 05, 2006 11:36 pm
Good to hear it's working!