Community discussions

 
neilws
just joined
Topic Author
Posts: 7
Joined: Thu Jul 25, 2013 12:16 pm

DSL pppoe - how to assign public static IP?

Tue Jan 02, 2018 8:33 pm

Hi all, running ROS v6.41 on hEX.

Attempting to assign a public static IP from my ISP but failing miserably and cannot see the wood for the trees. Current setup is:
vigor 120 dsl modem--> pppoe-out1/eth1
eth2 is LAN
DHCP/src_nat setup.

At this stage internet connected and servicing LAN however I cannot see where I can now assign the /29 block I have been given by my ISP? The "local address" assigned to the pppoe-out1 interface is not part of the allocated /29.

Config export below.. any help gratefully received!!!
# model = RouterBOARD 750G r3
/interface ethernet
set [ find default-name=ether1 ] comment=Internet
set [ find default-name=ether2 ] comment=Lan
set [ find default-name=ether5 ] comment=Backup
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=60 \
    name=pppoe-out1 use-peer-dns=yes user=\
    "userhere"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool_ws ranges=192.168.11.100-192.168.11.254
add name=pool_backup ranges=192.168.200.10-192.168.200.20
/ip dhcp-server
add address-pool=pool_ws authoritative=after-2sec-delay disabled=no interface=\
    ether2 name=dhcp_ws
add address-pool=pool_backup authoritative=after-2sec-delay disabled=no \
    interface=ether5 name=dhcp_backup
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.11.1/24 interface=ether2 network=192.168.11.0
add address=192.168.200.1/24 interface=ether5 network=192.168.200.0
/ip dhcp-server lease
add address=192.168.11.80 mac-address=B8:27:EB:70:E5:A7 server=dhcp_ws
/ip dhcp-server network
add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=192.168.11.1
add address=192.168.200.0/24 dns-server=192.168.200.1 gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.11.0/24 list=LAN_NETS
add address=192.168.200.0/24 list=LAN_NETS
/ip firewall filter
add action=accept chain=input comment="Allow input established, related" \
    connection-state=established,related in-interface=pppoe-out1 protocol=tcp
add action=accept chain=forward comment="Allow forward established, related" \
    connection-state=established,related in-interface=pppoe-out1 protocol=tcp
add action=accept chain=input comment="Allow ping" in-interface=pppoe-out1 \
    protocol=icmp
add action=drop chain=input comment="Drop input invalid" connection-state=\
    invalid in-interface=pppoe-out1
add action=drop chain=forward comment="Drop forward invalid" connection-state=\
    invalid in-interface=pppoe-out1
add action=drop chain=forward comment="Drop DNS NOT local networks" dst-port=53 \
    log=yes log-prefix=";;Drop forward DNS if not local" protocol=udp \
    src-address-list=!LAN_NETS
add action=drop chain=input comment="Drop input DNS NOT local networks" \
    dst-port=53 log=yes log-prefix=";;Drop input not local DNS" packet-mark="" \
    protocol=udp src-address-list=!LAN_NETS
add action=drop chain=forward comment="Drop forward list drop!" log=yes \
    log-prefix=";;Drop forward llist" src-address-list=drop_list
add action=drop chain=input comment="Drop input list drop!" log=yes log-prefix=\
    ";;Drop input list" src-address-list=drop_list
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment="Dest Nat SW" dst-port=8888 \
    in-interface=ether1 protocol=tcp to-addresses=192.168.11.2 to-ports=8888
add action=dst-nat chain=dstnat comment="Dest Nat SW SSL" dst-port=8889 \
    in-interface=ether1 protocol=tcp to-addresses=192.168.11.2 to-ports=8889
add action=dst-nat chain=dstnat comment="Dest Nat UT TCP" disabled=yes \
    dst-port=26333 in-interface=ether1 protocol=tcp to-addresses=192.168.11.2 \
    to-ports=26333
add action=dst-nat chain=dstnat comment="Dest Nat UT UDP" disabled=yes \
    dst-port=26333 in-interface=ether1 protocol=udp to-addresses=192.168.11.2 \
    to-ports=26333
add action=dst-nat chain=dstnat comment="Dest Nat WS File" dst-port=7000 \
    in-interface=ether1 protocol=tcp to-addresses=192.168.11.3 to-ports=7000
add action=dst-nat chain=dstnat comment="Dest Nat WS File SSL" dst-port=7001 \
    in-interface=ether1 protocol=tcp to-addresses=192.168.11.3 to-ports=7001
add action=dst-nat chain=dstnat comment="Dest Nat WS Nas Admin" dst-port=30001 \
    in-interface=ether1 protocol=tcp to-addresses=192.168.11.3 to-ports=3001
add action=dst-nat chain=dstnat comment="Dest Nat 3CX SBC TCP" disabled=yes \
    dst-port=5090 in-interface=ether1 protocol=tcp to-addresses=192.168.11.80 \
    to-ports=5090
add action=dst-nat chain=dstnat comment="Dest Nat 3CX SBC UDP" disabled=yes \
    dst-port=5090 in-interface=ether1 protocol=udp to-addresses=192.168.11.80 \
    to-ports=5090
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=22
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/London
/system ntp client
set enabled=yes primary-ntp=192.146.137.13 secondary-ntp=185.114.227.160
/system routerboard mode-button
set enabled=no on-event=""
/tool graphing interface
add allow-address=192.168.11.0/24
/tool graphing queue
add allow-address=192.168.11.0/24
/tool graphing resource
add allow-address=192.168.11.0/24
[admin@MikroTik] > 
 
pe1chl
Forum Guru
Forum Guru
Posts: 5048
Joined: Mon Jun 08, 2015 12:09 pm

Re: DSL pppoe - how to assign public static IP?

Tue Jan 02, 2018 9:04 pm

Just put the allocated /29 on your LAN interface (taking one address out of it as the router address).
The remaining addresses will be routed to your LAN.
Of course you should change your src-nat rule so this range is not NATted (e.g. set src address to 192.168.0.0/16)
and it would be normal to make a separate network for this purpose, not the normal LAN.
 
neilws
just joined
Topic Author
Posts: 7
Joined: Thu Jul 25, 2013 12:16 pm

Re: DSL pppoe - how to assign public static IP?

Wed Jan 03, 2018 9:42 am

Many thanks for the reply. Ok so that makes sense routing for use in the LAN but issue I'm having is how to assign one of the allocated /29 addresses to the router and presenting this as the WAN IP instead of the automatically allocated one via the pppoe client interface.

Normally I would simply apply the IP address to the interface and voila however its the addition of the pppoe-client interface that's stumping me.

Hope that makes sense!

thx
 
pe1chl
Forum Guru
Forum Guru
Posts: 5048
Joined: Mon Jun 08, 2015 12:09 pm

Re: DSL pppoe - how to assign public static IP?

Wed Jan 03, 2018 11:28 am

This will work just fine. I have a comparable setup running with 2 WAN addresses assigned to the router (for a total of 3) and there is no issue.
Any address you put on LAN or WAN can be used by the router.
 
User avatar
16again
newbie
Posts: 43
Joined: Fri Dec 29, 2017 12:23 pm

Re: DSL pppoe - how to assign public static IP?

Fri Jan 05, 2018 12:22 am

If those /29 address range is fixed (and it has to be as it isn't pushed on pppoe login), you can use all of these 8 addresses in NAT rules without assigning them to any interface !
You can use them in both src and dst NAT rules.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5048
Joined: Mon Jun 08, 2015 12:09 pm

Re: DSL pppoe - how to assign public static IP?

Mon Jan 14, 2019 4:51 pm

Just read above what was already answered.

Who is online

Users browsing this forum: No registered users and 41 guests