I am sharing my internet with a few customers and now I need to have one more joined and I am needing a bit of help on how to do it. My current setup is not like what i have below. What i have below is how i prefer to have it setup.
My current setup i do have some of them double nat and my vpn's are setup in Router1 and Router1 is doing most of the work for all of them. But because of how i am adding my latest customer i cant do the setup the way i have it now and must result in something like below to keep their networks separate.
Router1 – Rogers Fibre Internet
Some ptp devices
Router2 – My Own Local Network
Router3 – Customer1 Local Network
Router4 – Customer2 Local Network
Router5 – Customer3 Local Network
Router2-5 are plugged into Router1 either directly or with ptp in between and I don’t want them double nat
Router2 has vpn site to site with some other mikrotiks in the world.
Router3 has vpn site to site with some other mikrotiks in the world.
So my question is can I setup Router1 so that it has my config in there to connect to my rogers fiber but no firewall\nat so that its like the child routers (Router2-5) are directly connected to internet?
And so that the vpn configs are in the child routers not Router1
I will also have PBX Phone systems behind the child routers and those will have lots of problems if I have double nat.
Basically I would want Router1 to be the ISP router giving dynamic addresses to child routers but leave everything else to child router.
I own all the equipment and have full control over all of them.
Thank you
-
-
knowledgemonster
just joined
- Posts: 24
- Joined:
- Location: Ontario Canada
- Contact:
Re: ISP Router Setup
I would keep NAT on R1 (ie. the WAN router) and disable NAT on all other routers.
Yes, you can reduce firewall on R1 and do it on the other routers.
(FYI: you can have firewall anywhere, even on PCs)
For automatic IP/gateway assignment for clients (ie. for their "WAN" side), you can have DHCP-server enabled on R1, and DHCP-client on the other routers
(Instead of DHCP you can also assign static local IPs, plus static routes to the other routers, if necessary. Another alternative is operating a PPPoE server on R1).
For the 2 VPN servers on the client routers you would need to do port-forwarding on R1, ie. 2 different ports on R1.
Ie. since the WAN-link is shared. your clients would need to ask you for doing such port-forwardings on the WAN router.
I don't know if you can overcome that restriction by operating the WAN-router in bridge modem mode with your ISP, but I doubt,
Yes, you can reduce firewall on R1 and do it on the other routers.
(FYI: you can have firewall anywhere, even on PCs)
For automatic IP/gateway assignment for clients (ie. for their "WAN" side), you can have DHCP-server enabled on R1, and DHCP-client on the other routers
(Instead of DHCP you can also assign static local IPs, plus static routes to the other routers, if necessary. Another alternative is operating a PPPoE server on R1).
For the 2 VPN servers on the client routers you would need to do port-forwarding on R1, ie. 2 different ports on R1.
Ie. since the WAN-link is shared. your clients would need to ask you for doing such port-forwardings on the WAN router.
I don't know if you can overcome that restriction by operating the WAN-router in bridge modem mode with your ISP, but I doubt,
-
-
knowledgemonster
just joined
- Posts: 24
- Joined:
- Location: Ontario Canada
- Contact:
Re: ISP Router Setup
Hi,
Thank you for the reply.
I ended up setting up PPPoE server and having client routers connect to that and it works great.
So once i am finished then all my customers will be off of main router and have their own routers without double nat.
Thank you for the reply.
I ended up setting up PPPoE server and having client routers connect to that and it works great.
So once i am finished then all my customers will be off of main router and have their own routers without double nat.
Who is online
Users browsing this forum: Bing [Bot], infabo and 148 guests