Community discussions

MikroTik App
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

PPPoe server gateway ip

Tue Oct 25, 2016 3:05 pm

Hello all, I have strange problem which I noticed yesterday.
I will try to explain :)

Ip address of CCR1016-12G is 82.2xx.1xx.2
I have setup PPPOE server on my CCR1016-12G which works ok but connected clients gets the same ip 82.2xx.1xx.2 when they check on whatsmyip.org/ , but in the client connection status I see the public ip from ppoe-pool.
ip.JPG
All pppoe connected clients gets the ip of router 82.2xx.1xx.2 when they check on whatsmyip.org

Why they don't get the ip from the pppoe pool ? In this case end user can't forward ports in home router.

Here is the config
/interface bridge
add name=pppoe-bridge
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pppoe-pool ranges=82.xx4.xx4.3-82.xx4.xx4.14
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add change-tcp-mss=no local-address=82.xx4.1xx.2 name=profile1 remote-address=pppoe-pool use-compression=no \
    use-encryption=no use-mpls=no use-vj-compression=no
/interface bridge port
add bridge=pppoe-bridge interface=ether8
add bridge=pppoe-bridge interface=ether9
add bridge=pppoe-bridge interface=ether10
add bridge=pppoe-bridge interface=ether11
/interface pppoe-server server
add authentication=pap,chap default-profile=profile1 disabled=no interface=pppoe-bridge max-mru=1480 max-mtu=1480 mrru=\
    1600 service-name=service1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether2 network=192.168.88.0
add address=10.10.14.1/24 interface=pppoe-bridge network=10.10.14.0
add address=10.11.14.1/24 comment=Radius interface=ether12 network=10.11.14.0
add address=82.xx4.1xx.2/24 comment="WAN " interface=ether1 network=82.xx4.1xx.0
/ip dns
set servers=81.xx.xx.5,xx.17.xx.5
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat protocol=tcp src-address=10.11.14.0/24
add action=dst-nat chain=dstnat dst-port=443 in-interface=ether1 protocol=tcp to-addresses=10.10.14.15 to-ports=443
/ip route
add distance=1 gateway=82.xx.xx4.1
add distance=1 gateway=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/ppp aaa
set interim-update=2m use-radius=yes
/ppp secret
add name=test password=test profile=profile1 remote-address=82.xxx.1xx.13 service=pppoe
/radius
add address=10.11.14.10 secret=xxx service=ppp,login,hotspot,wireless
/radius incoming
set accept=yes
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR
thank you all.
You do not have the required permissions to view the files attached to this post.
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 170
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: PPPoe server gateway ip

Tue Oct 25, 2016 3:25 pm

Hello,

You're using NAT Masquerade without exceptions:
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
Try adding in this rule an specific src-address or a src-address-list, to masquerade more specifically:
/ip firewall nat
add action=masquerade src-address=10.x.x.0/24 chain=srcnat out-interface=ether1
With this NAT rule, you'll only masquerade the IP range 10.x.x.0/24, and not the public addresses.
 
Mazyaar
newbie
Posts: 27
Joined: Tue Oct 18, 2016 3:47 am

Re: PPPoe server gateway ip

Tue Oct 25, 2016 3:33 pm

Your mistake is in your firewall rules
Is not need to nat src ip valid to gateway.

Write this in ip routes dst: 0.0.0.0/0 gateway: your gateway


Sent from my iPhone using Tapatalk
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: PPPoe server gateway ip

Tue Oct 25, 2016 4:13 pm

If I add
/ip firewall nat
add action=masquerade src-address=10.10.14.0/24 chain=srcnat out-interface=ether1
Clients don't have internet.

ip routes dst: 0.0.0.0/0 gateway: your gateway -> same problem nothing change.
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: PPPoe server gateway ip

Tue Oct 25, 2016 10:10 pm

Tried different nat rules with public pool but i have the same problem. My pppoe pool is with public ip range.
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: PPPoe server gateway ip

Wed Oct 26, 2016 2:44 pm

I forgot to mention that PPPOE bridge is directly connected to QRT antenna bridge. I don't have any nat rules in QRT, only WLAN bridge and ip route
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: PPPoe server gateway ip

Thu Oct 27, 2016 2:27 am

I forgot to mention that PPPOE bridge is directly connected to QRT antenna bridge. I don't have any nat rules in QRT, only WLAN bridge and ip route
Hi,

You should not need a NAT rule for those clients since they have public IPs.

I see your public IP space is on the ether1 interface. If ether1 is your upstream interface, perhaps the upstream router is trying to resolve the pppoe client IP via ARP and failing because they are not on that subnet. If this is the case, configuring proxy ARP on the MikroTik should fix it.
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: PPPoe server gateway ip

Thu Oct 27, 2016 1:17 pm

yes, maybe is arp problem, what I need to put in ARP list ?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: PPPoe server gateway ip

Thu Oct 27, 2016 6:17 pm

yes, maybe is arp problem, what I need to put in ARP list ?
http://wiki.mikrotik.com/wiki/Manual:IP/ARP#Proxy_ARP

In interface ether1 properties, enable "proxy ARP"

After doing so you should be able to change your NAT rule back to /ip firewall nat add action=masquerade src-address=10.10.14.0/24 chain=srcnat out-interface=ether1

The clients should still be able to get on the Internet and should show up as their public IPs once those changes are made.
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: PPPoe server gateway ip

Fri Oct 28, 2016 10:39 pm

@mducharme: thank you ARP do the job. works good!!
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: PPPoe server gateway ip

Sat Oct 29, 2016 4:24 am

@mducharme: thank you ARP do the job. works good!!
Great. One other thing - please note that this is not the optimal way to set things up. It is better to get the /24 routed *through* your router (rather than ether1 sitting on the /24), and a smaller subnet like a /30 on ether1 to connect it to the upstream router. Then you do not need to do proxy ARP. However, if that is not possible, proxy ARP will work as a workaround.
 
User avatar
stefki
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Mon Aug 29, 2016 2:13 pm

Re: PPPoe server gateway ip

Sat Oct 29, 2016 5:57 pm

@mducharme: I found out that ISP provider gives me the netmask /28, do I should set /28 on ether1 and pppoe-bridge ( pppoe server) on all my clients ?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: PPPoe server gateway ip

Sat Oct 29, 2016 7:07 pm

@mducharme: I found out that ISP provider gives me the netmask /28, do I should set /28 on ether1 and pppoe-bridge ( pppoe server) on all my clients ?
I don't actually understand why you have the private IP addresses on pppoe-bridge at all, unless you are offering hotspot to the customers as an alternative to PPPoE authentication (or to help them with it). Otherwise, it seems strange that you would have addresses on that bridge at all.

That being said, the netmask for your public and private subnets do not need to match. You should change /28 on ether1, but I see no need to do the same for your private subnet on pppoe-bridge.

Who is online

Users browsing this forum: No registered users and 19 guests