Hi, I have this network configuration:



I am trying to forward to some of my customers public IPs, in the Mikrotik x86 I use the following rule to forward to one of the hotspots the Public IP:

add action=dst-nat chain=dstnat comment=Pruebas disabled=no dst-address=\
189.204.xx.xx to-addresses=172.165.16.7

In the hotspot I regsiter the Adress in IP adresses and forward again the ip to the customer:

add action=dst-nat chain=dstnat comment=Pruebas disabled=no dst-address=\
189.204.xx.xx to-addresses=172.165.20.5

With this if I try to access 189.204.xx.xx from the internet I can reach the customer, the problem I have is that the customer goes out through any of the 5 wans on the load balancing mikrotik, and this gives a lot of problems for example dyndns doesn't detect the clients ip, the download sites don't detect the public ip and the customers gets the already downloading retry later nessage. If I try to add on the hotspot the following rule:

add action=src-nat chain=srcnat disabled=no src-address=172.165.20.5 \
to-addresses=189.204.xx.xx

The customer no longer has internet access. I have searched the forums and the wiki but I haven't been able to find a way to do this.

Please help, best regards.

Someone please?

Add a static rule before the PCC ones to mark routing for the customer as required, or just accept packets from that IP address to use the main routing table. That effectively exempts the user from PCC.

Add a static rule before the PCC ones to mark routing for the customer as required, or just accept packets from that IP address to use the main routing table. That effectively exempts the user from PCC.

Sorry for not replying earlier but I was trying to fix this with no luck, the solution you gave me fewi is ok for the main router itself but there isn't where I have the problem, the problem I have is in the secondary routers that are behind the main router. In the main router if I want to give a customer a public IP I add his local IP to an adrress list that forces him to go to an especific gateway and then I add in IP/firewall/NAT the rule to forward the Public IP to the ocal one, I have no problem there.

My problem is how to do the same thing on the secondary routers, what I have done is forward the public IP to the secondary router and there in IP/firewall/NAT redirect the public IP to the local IP from the customer, the problem is that I can't force him to go through the gateway that has the public IP in the main router and all the services don't see the public IP I assigened to him they see any of the ips from the PCC load balancing instead of the one I assigned him.

If you got a block of IPs you could also make a PPPoE server and Public IPs assigned for specific users...

Or change your network to fully routed network ...

If you got a block of IPs you could also make a PPPoE server and Public IPs assigned for specific users...

Or change your network to fully routed network ...

I don't understand what you mean by "Or change your network to fully routed network ..." How would that be?

Thanks.

Maybe I missunderstood but I thought clients behind hotspots (on picture) are NAT-ed..
if they are not I would make an PPPoE server on the main router.
The client then has an username/Password (PPP-Secrets on main router, there you also specify remote adress = customer PublicIP) and gets the PublicIP just like xDSL connection..

I am unsure how would this react in PCC enviroment, but if you mark all connections it should work..

I have working PPPoE setups like this but with only 1 WAN interface (not PCC)...