I have followed various posts on this forum, but am now stuck. I currently have:
ISP (1.2.3.1/24) - switch - Mikrotik eth1 1.2.3.2/24 - Mikrotik eth2 pppoe server using 10.1.1.1/16 pool - pppoe clients with 10.1.x.y/32 ip; src-nat'ed
I have a free public IP pool 1.2.3.2-1.2.3.200 (others are used internally) which I provide to some clients.
Till now I assigned those IPs to eth1 and dst-nat'ed all ports to the specific 10.1.x.y IP. However, I would like to assign the public IPs directly to the end-users and switch (route ?) instead. I have:
- set up a new ip pool for 1.2.3.2-1.2.3.200
- set up a new pppoe profile using this pool
- set specific client IPs to use this pppoe profile
- enable proxy-arp on eth1 and eth2
- clients log in via pppoe and get their public IP
- clients are able to ping 1.2.3.1 and 1.2.3.2
- setting a computer to 1.2.3.201 and connecting it to the switch allows me to ping the client's public IP
My configuration:
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] name=ether1-isp arp=proxy-arp
set [ find default-name=ether2 ] name=ether2-lan arp=proxy-arp
/ip pool
add name=pool-pppoe-private ranges=10.1.1.2-10.1.255.254
add name=pool-pppoe-public ranges=1.2.3.3-1.2.3.200
/ppp profile
add local-address=10.1.1.1 name=pppoe-private remote-address=pool-pppoe-private
add local-address=1.2.3.2 name=pppoe-public remote-address=pool-pppoe-public
/interface pppoe-server server
add disabled=no interface=ether2-lan service-name=pppoe
/ip address
add address=1.2.3.2/24 interface=ether1-isp network=1.2.3.0
add address=10.1.1.1/24 interface=ether2-lan network=10.1.0.0
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.1.0.0/16
/ip route
add distance=1 gateway=1.2.3.1
/ppp secret
add name=private_user password=password profile=pppoe-private
add name=public_user password=password profile=pppoe-public
My issue is that clients are not able to ping beyond 1.2.3.1. I think the missing piece is that there is no instruction setting as the default gateway 1.2.3.1 for client traffic
I'm not quite sure if what I have in mind is possible and if so, what the missing settings are ?
Thank you for your time