Hallo,
Iti is possible to implement the diagram attachet to this message? I need to push an public IP to an computer in my network, I mean to have that IP on computer's NIC, not using PAT.
Thanks.

If you have a public IP block from your ISP and you want to route it to another Router take a look here viewtopic.php?f=2&t=159417&p=783308#p783308

I do not have a block of IP's from ISP, instead, I have 2 subscritbtions with 2 PPOE acounts, ant my goal is to send the second PPOE to my 4th computer in my network, without PAT. I want to use the ppoe conection direct on my computers NIC.
Thanks.

I want to use the ppoe conection direct on my computers NIC.

If so, you have to bridge the WAN Ethernet port of the router with the Ethernet port to which the 4th computer is connected, and use bridge filter rules to only allow mac-protocols pppoe and pppoe-discovery to get to/from that interface. But then the Mikrotik will provide no IP firewall functionality for the computer. Is that OK?

Since there is no other Router between the computer and the first Router, then you need a Layer 2 path between the port the ISP router is connected and the Computer port...
Since i don't like the idea of 2 bridges, VLANs would be an option, although i don't know what your hardware is...

But then the Mikrotik will provide no IP firewall functionality for the computer. Is that OK?

Responding to myself - if that's not OK, there is an ugly way to keep the PPPoE client for the 2nd public address on the Mikrotik and nevertheless still have that address up on the other computer and let Mikrotik route the traffic for this address to that computer rather than terminating it locally.

@sindy why are you calling it ugly...
Isn't that the reason why policy routing exists ?
So its a nice option too..

You cannot prevent the packets towards own IP addresses of the router from being grabbed by the router itself by means of the usual tools of policy routing. You have to combine several rarely used techniques to achieve that. So it's "ugly" because of this rarity and the associated confusion potential.

Why would we prevent them in the first place ?

Why would we prevent them in the first place ?

Because to allow the IP firewall of the router handle them, and thus provide some firewalling, you need the packets to be decapsulated from PPPoE at the router, so the PPPoE client must run at the router. If you do that, the public IP is assigned to the router itself. So you need to tell the router not to treat them as packets for itself and handle them as any packets towards external addresses, but at the same you cannot change their dst-address using dst-nat because if you did, you would have to dst-nat them back to the original public dst-address somewhere later on so that the actual destination could have the public IP address on its own interface. You cannot dst-nat them one more time after routing, and you cannot let them pass twice through the same router because you would fall to the same trap.

@sindy to me its an obvious case of 1:1 NAT ...
I don't see any problem on that ...

A 1:1 NAT is fine if you accept that the destination device has a private IP, or that it has the original public one but on some other interface than the uplink one and it can do dst-nat itself. But that's not always the case, some appliances don't allow you to do networking tricks on them, and thus you need them to have the public IP directly on themselves in order that they worked properly, e.g. some PBXes.

I found this:https://youtu.be/H4uaO8nDE4Q
It is going to work?
Thanks.

What the video shows obviously works.. but it is different with the requirements of your first post...

Why not terminate both IP addresses on the router, let firewall do its thing and reserve the second connection solely for the PC ?
Is that too simple ?

What the video shows obviously works.. but it is different with the requirements of your first post...

In my opinion is the same scenario...I can send a public IP (in my case a Ppoe conexion) directly to a computer Nic.
Thanks.

In my opinion is the same scenario...I can send a public IP (in my case a Ppoe conexion) directly to a computer Nic.

Indeed it is "the same scenario as in the video" in terms that you bridge together the WAN interface with the interface to which the "fourth calculator" is connected. But unlike in the video, both the Mikrotik and the "fourth calculator" must have a PPPoE client on themselves to get their respective IP addresses. So my only question in my first response was whether you are OK with the fact that the Mikrotik will not act as an IP firewall for the "fourth calculator".

@Zacharias had a good suggestion regarding offloading the bridging from the CPU to a switch chip, but you haven't answered what routerboard model you use so hard to say whether that is possible in your case.

Hallo,
I just bought an RB1100AHx4.
Thanks.