Community discussions

MUM Europe 2020
 
Ghassan
Member Candidate
Member Candidate
Topic Author
Posts: 213
Joined: Mon May 29, 2006 11:08 pm
Location: Lebanon
Contact:

Assign public ip directly to Private Interface

Tue Aug 05, 2014 6:23 pm

Hello everyone,

I have /28 public subnet by my isp [WAN-Inetrafce]. I would like to assign 1 public ip address directly to one of my customers through [Private-Interface] and I do not want him to use the rest public ips .


How can I allow my customer to use one of my public ip addresses through Private interface ?.

Thanks in advanced.
 
thasser
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Mon Sep 23, 2013 8:28 pm

Re: Assign public ip directly to Private Interface

Tue Aug 05, 2014 7:56 pm

You would assign the IP address to the [private-interface]. Either that or assign the address to the customers gateway device.

To make sure they stay inside their own IP address, create a masquarade rule. Give this wiki a shot: http://wiki.mikrotik.com/wiki/How_to_co ... ome_router.
 
Ghassan
Member Candidate
Member Candidate
Topic Author
Posts: 213
Joined: Mon May 29, 2006 11:08 pm
Location: Lebanon
Contact:

Re: Assign public ip directly to Private Interface

Wed Aug 06, 2014 1:11 pm

You would assign the IP address to the [private-interface]. Either that or assign the address to the customers gateway device.

To make sure they stay inside their own IP address, create a masquarade rule. Give this wiki a shot: http://wiki.mikrotik.com/wiki/How_to_co ... ome_router.
Hello again,

Thank you for your reply

My customer already has a private ip address and I would like to give him a public ip address so he would be able to use directly one of my public ip addresses that i got from my isp.

For example ;
WAN IP : x.100.210.14/28
Gateway Address : x.100.210.13/28

All I know is that If I add an address to private interface as x.100.210.17/30 then my customer would be able to use only x.100.210.18 as an ip and .17 as gateway .

I still think it is a fake ip for him . There must be a way to pass it to him as public .
 
User avatar
Kickoleg
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Mar 11, 2014 3:13 pm
Location: Yverdon-les-Bains, Suisse

Re: Assign public ip directly to Private Interface

Wed Aug 06, 2014 2:41 pm

Maybe you need use your router as switch and give him real ip from your IP pool ?
Simple add user interface as slave to master port WAN.
MTCNA, MTCUME, MTCRE, MTCWE, MTCTCE certified
 
Ghassan
Member Candidate
Member Candidate
Topic Author
Posts: 213
Joined: Mon May 29, 2006 11:08 pm
Location: Lebanon
Contact:

Re: Assign public ip directly to Private Interface

Sat Aug 09, 2014 11:53 am

Maybe you need use your router as switch and give him real ip from your IP pool ?
Simple add user interface as slave to master port WAN.
I think switching is the same like bridging . Right ?

I guess the customer would get his real ip and he can also use my ips which i dont want him to use my ips at all .

How do big isps assign subnets for customers without allowing customers to hack their rest ips ?.
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1069
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: Assign public ip directly to Private Interface

Sat Aug 09, 2014 1:20 pm

-Toni-
Don't crash the ambulance, whatever you do
 
Ghassan
Member Candidate
Member Candidate
Topic Author
Posts: 213
Joined: Mon May 29, 2006 11:08 pm
Location: Lebanon
Contact:

Re: Assign public ip directly to Private Interface

Sat Aug 09, 2014 11:50 pm


I think with the solution that you provided let the customer to use only private ip assigned but linked to a public ip address.

I still want the customer to just add his public ip address on his router .


It seems that I am asking a really hard question . I'm very sure that big isps know how to give customers real ips .

I only have /28 subnet and I would like to share one of them only without allowing the customer to hack or uses other real ips .
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Assign public ip directly to Private Interface

Sun Aug 10, 2014 1:10 am

You haven't said if the /28 is presented as a /28 on your WAN link or routed to you via another link network. That plus information on what the network elements are between your main router and the customer's router would probably allow a better answer describing the options.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
Ghassan
Member Candidate
Member Candidate
Topic Author
Posts: 213
Joined: Mon May 29, 2006 11:08 pm
Location: Lebanon
Contact:

Re: Assign public ip directly to Private Interface

Mon Aug 11, 2014 11:39 am

You haven't said if the /28 is presented as a /28 on your WAN link or routed to you via another link network. That plus information on what the network elements are between your main router and the customer's router would probably allow a better answer describing the options.

The subnet is presented as /28 on my WAN interface (WAN LINK) and not routed to me by another network.

I have a virtual ptmp link between my station and my customers and all are using MikroTik routerboards . For example ; I have RB433AH as ap-bridge connected to my main router directly through a dedicated interface and my customers are using SXT device connecting to RB433AH as station-bridge.

Whats the best solution for me please?

Thank you
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1069
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: Assign public ip directly to Private Interface

Mon Aug 11, 2014 12:00 pm

I think with the solution that you provided let the customer to use only private ip assigned but linked to a public ip address.

I still want the customer to just add his public ip address on his router .
But it works the same, when from internet someone requests that public IP, it will connect to the customer router with private IP.

If you need to assign the public IP directly on the customer interface you need to bridge your network, but if further more you want to prohibit the user to change the IP you would need pppoe server, or setup arp in reply only.
-Toni-
Don't crash the ambulance, whatever you do
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1220
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: Assign public ip directly to Private Interface

Mon Aug 11, 2014 10:34 pm

Actually it is simple, just do plain routing for that address:
- configure the customer's computer with the given IP and gateway the router private IP (netmask should not be important)
- in the router add a route to the customers IP with netmask /32 via the needed LAN interface
- add forward rules to and from the customers IP from/to the WAN interface
- on WAN NAT except the customers IP from NAT (do NAT only from LAN private IPs)

That should do it.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Assign public ip directly to Private Interface

Tue Aug 12, 2014 8:46 am

........but do remember that the ISP expects to ARP for the the IP number on the WAN interface so the router will have to provide proxy-arp for the address on the WAN interface.

The other niggle is that many consumer/small business routers want to have a nice neat WAN network with a subnet addressable gateway etc. Routing a /32 doesn't really provide that. PPPoE to the server holding the actual IPs can be a useful workaround.

The best solution is to ask how much you are charging the customer for the static IP, how many other customers will buy such a service and then obtain a suitable block of routed IPs which can be used to service the requests in a more sensible manner.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

Who is online

Users browsing this forum: CZFan, Google Feedfetcher, ingdaka, McSee, roeschlo and 118 guests