Hi,
I have wisp and all customers have been working on a single public IP address so far. Now I have a customer who requires a static IP address. I have used the next available IP address with the same gateway but not sure what else I need for this one customer. Because they will have a public IP there is no need for NAT or masquerade in their case right? Do I need to make a bridge or route from LAN1(where are all the customers are connected) to my WAN port? Down stream they are on the same wireless bridge as other customers. Any help is appreciated.
PUBLIC IP1 PUBLIC IP2
wireless customers on private LAN One customer with public IP statically configured on their router, wireless bridge to MikroTik
Thanks!
Re: Static IP for WISP Customer
I assume by "next available IP address with the same gateway ", you mean you have paid for it and it is available to you. Because that is what you need.I have used the next available IP address with the same gateway but not sure what else I need for this one customer.
that is correctBecause they will have a public IP there is no need for NAT or masquerade in their case right?
exact set up depends on your network. how is your current customers authenticated? PPPoE? Hotspot? I assume you have some way of manage bandwidth, data usage ( or Package, in ISP terms).
Re: Static IP for WISP Customer
Yes that is correct next available public IP that is already assigned to me. My setup is very simple right now.
Ether1 is my WAN connection
Ether2 is my LAN which EVERYTHING is connected to via a switch. The series of radios connected to the switch is my back haul. There is an AP that the customers connect to. They all have private LAN addresses. I'm trying to pass the one public WAN IP through to one customer which will be statically configured on his router.
I have added the address to IP addresses .19 in this case. Do I need a bridge between Eth1 and Eth2 to make that .19 address available to the end user who is "plugged into" Eth2? I have seen some tutorials that will do that with say Eth3 but because this is wireless network everything is running over a shared wireless bridge/back haul. Please help.
Best
Ether1 is my WAN connection
Ether2 is my LAN which EVERYTHING is connected to via a switch. The series of radios connected to the switch is my back haul. There is an AP that the customers connect to. They all have private LAN addresses. I'm trying to pass the one public WAN IP through to one customer which will be statically configured on his router.
I have added the address to IP addresses .19 in this case. Do I need a bridge between Eth1 and Eth2 to make that .19 address available to the end user who is "plugged into" Eth2? I have seen some tutorials that will do that with say Eth3 but because this is wireless network everything is running over a shared wireless bridge/back haul. Please help.
Best
Re: Static IP for WISP Customer
ooh forgot to answer your question about authentication. right now that his handled on the radio side so no ppoe or anything like that.
Re: Static IP for WISP Customer
OK I believe this is what you need:
https://wiki.mikrotik.com/wiki/Manual:I ... ic_address
so NAT role to bring the public IP address to the Internal private address (which is the customer's router)
going forward, you probably want to consider using PPPoE (your main Mikrotik as the PPPoE server and client router is the PPPoE client), then your control is much more flexible and you can easily given public IP address on the PPPoE profile.
https://wiki.mikrotik.com/wiki/Manual:I ... ic_address
so NAT role to bring the public IP address to the Internal private address (which is the customer's router)
going forward, you probably want to consider using PPPoE (your main Mikrotik as the PPPoE server and client router is the PPPoE client), then your control is much more flexible and you can easily given public IP address on the PPPoE profile.
Re: Static IP for WISP Customer
Thanks for the response solar77. I'll give that a try so to summarize your suggesting they still get a static LAN ip address but I make a rule using the below commands so all traffic to/from that static LAN address uses the specified public IP address. Is that about right?
I'll look into the PPPoe also. Seems like the next growth step.
Best
Source nat to specific address
Destination NAT
Forward all traffic to internal host
If you want to link Public IP 10.5.8.200 address to Local one 192.168.0.109, you should use destination address translation feature of the MikroTik router. Also if you want allow Local server to initiate connections to outside with given Public IP you should use source address translation, too.
Add Public IP to Public interface:
/ip address add address=10.5.8.200/32 interface=Public
Add rule allowing access to the internal server from external networks:
/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \
to-addresses=192.168.0.109
Add rule allowing the internal server to initate connections to the outer networks having its source address translated to 10.5.8.200:
/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \
to-addresses=10.5.8.200
I'll look into the PPPoe also. Seems like the next growth step.
Best
Source nat to specific address
Destination NAT
Forward all traffic to internal host
If you want to link Public IP 10.5.8.200 address to Local one 192.168.0.109, you should use destination address translation feature of the MikroTik router. Also if you want allow Local server to initiate connections to outside with given Public IP you should use source address translation, too.
Add Public IP to Public interface:
/ip address add address=10.5.8.200/32 interface=Public
Add rule allowing access to the internal server from external networks:
/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \
to-addresses=192.168.0.109
Add rule allowing the internal server to initate connections to the outer networks having its source address translated to 10.5.8.200:
/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \
to-addresses=10.5.8.200
Re: Static IP for WISP Customer
Yeah that's it. give it a try on a test router connected to your main router.
Re: Static IP for WISP Customer
Ok, so I put in the ip address and the two firewall NATs. Changed my laptop to the static LAN address and checked my public ip. It still shows as .18 and not .19. Anything else I need to do?
/ip address add address=10.5.8.19/28 interface=Public
Add rule allowing access to the internal server from external networks:
/ip firewall nat add chain=dstnat dst-address=10.5.8.19 action=dst-nat \
to-addresses=192.168.0.109
Add rule allowing the internal server to initate connections to the outer networks having its source address translated to 10.5.8.19:
/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \
to-addresses=10.5.8.19
Thanks,
/ip address add address=10.5.8.19/28 interface=Public
Add rule allowing access to the internal server from external networks:
/ip firewall nat add chain=dstnat dst-address=10.5.8.19 action=dst-nat \
to-addresses=192.168.0.109
Add rule allowing the internal server to initate connections to the outer networks having its source address translated to 10.5.8.19:
/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \
to-addresses=10.5.8.19
Thanks,
Re: Static IP for WISP Customer
Sorry, you will need a route in IP, route
make sure you can ping 10.5.8.19 from your router
Code: Select all
dst-address=0.0.0.0/0 gateway=10.5.8.19