Best regards.
Is it possible to run a NAT-free PPPOE server with a local pool on one router and a NAT and public address for that pool on the next router?
Thank you.
Re: Separate NAT and PPPOE server.
Of course this is possible.
Simply create proper routes in the routing table on both devices and configure each to do their job
Simply create proper routes in the routing table on both devices and configure each to do their job
Re: Separate NAT and PPPOE server.
Thank you.Of course this is possible.
Simply create proper routes in the routing table on both devices and configure each to do their job
Do you have any examples?
Re: Separate NAT and PPPOE server.
What kind of example would you like to see?
The outer router (closer to the Internet) has a WAN interface and a LAN interface; the WAN of the inner router (acting as PPPoE server) is connected to the LAN of the outer one. There is an interconnect subnet between the two, such as 10.0.0.0/30, where the outer router uses 10.0.0.1 and the inner router uses 10.0.0.2.
The outer router's default route goes via some gateway in its WAN subnet, a route towards 100.64.0.0/10 goes via 10.0.0.2 as a gateway. In the NAT table, there is a rule /ip firewall nat add chain=srcnat src-address=100.64.0.0/10 out-interface=WAN action=src-nat to-addresses=range.of.public.ips-used.to.nat.the.shared.ones
On the inner router, there is the PPPoE server which assigns to clients addresses from a pool within the "shared range" 100.64.0.0/10. The default route goes via 10.0.0.1, i.e. via the outer router. Don't forget about firewall filter rules preventing the PPPoE clients running on addresses from the shared range from sending data to each other.
That's all what is related to the PPPoE and NAT functionality separation to two boxes if you don't need the inner one to assign public addresses to some clients. If it does, the clients who get addresses from the shared range should be able to establish connections to those running on public addresses but still be NATed. So either you need a NAT rule also on the inner router, which you don't want to do, or you need to use two interconnection subnets between the routers and policy routing (in the elementary form of an /ip route rule) forcing the data between the two groups to run through the outer router rather than directly.
The outer router (closer to the Internet) has a WAN interface and a LAN interface; the WAN of the inner router (acting as PPPoE server) is connected to the LAN of the outer one. There is an interconnect subnet between the two, such as 10.0.0.0/30, where the outer router uses 10.0.0.1 and the inner router uses 10.0.0.2.
The outer router's default route goes via some gateway in its WAN subnet, a route towards 100.64.0.0/10 goes via 10.0.0.2 as a gateway. In the NAT table, there is a rule /ip firewall nat add chain=srcnat src-address=100.64.0.0/10 out-interface=WAN action=src-nat to-addresses=range.of.public.ips-used.to.nat.the.shared.ones
On the inner router, there is the PPPoE server which assigns to clients addresses from a pool within the "shared range" 100.64.0.0/10. The default route goes via 10.0.0.1, i.e. via the outer router. Don't forget about firewall filter rules preventing the PPPoE clients running on addresses from the shared range from sending data to each other.
That's all what is related to the PPPoE and NAT functionality separation to two boxes if you don't need the inner one to assign public addresses to some clients. If it does, the clients who get addresses from the shared range should be able to establish connections to those running on public addresses but still be NATed. So either you need a NAT rule also on the inner router, which you don't want to do, or you need to use two interconnection subnets between the routers and policy routing (in the elementary form of an /ip route rule) forcing the data between the two groups to run through the outer router rather than directly.
Re: Separate NAT and PPPOE server.
Thank you.What kind of example would you like to see?
The outer router (closer to the Internet) has a WAN interface and a LAN interface; the WAN of the inner router (acting as PPPoE server) is connected to the LAN of the outer one. There is an interconnect subnet between the two, such as 10.0.0.0/30, where the outer router uses 10.0.0.1 and the inner router uses 10.0.0.2.
The outer router's default route goes via some gateway in its WAN subnet, a route towards 100.64.0.0/10 goes via 10.0.0.2 as a gateway. In the NAT table, there is a rule /ip firewall nat add chain=srcnat src-address=100.64.0.0/10 out-interface=WAN action=src-nat to-addresses=range.of.public.ips-used.to.nat.the.shared.ones
On the inner router, there is the PPPoE server which assigns to clients addresses from a pool within the "shared range" 100.64.0.0/10. The default route goes via 10.0.0.1, i.e. via the outer router. Don't forget about firewall filter rules preventing the PPPoE clients running on addresses from the shared range from sending data to each other.
That's all what is related to the PPPoE and NAT functionality separation to two boxes if you don't need the inner one to assign public addresses to some clients. If it does, the clients who get addresses from the shared range should be able to establish connections to those running on public addresses but still be NATed. So either you need a NAT rule also on the inner router, which you don't want to do, or you need to use two interconnection subnets between the routers and policy routing (in the elementary form of an /ip route rule) forcing the data between the two groups to run through the outer router rather than directly.
I need something like the example in the picture. I need multiple pppoe servers and only one output nat.
Re: Separate NAT and PPPOE server.
Hi, I need to setup my network as per the picture, may you please kindly share the scripts for your configuration.
Re: Separate NAT and PPPOE server.
I think that you have to route all the traffic from the pppoe server to the mikrotik that do nat without going to /ip firewall so without doing scrnat whit the pppoe server.
In the mikrotik nat put in /ip firewall the ip's of your pppoe client and done you have your setup.
I have the same setup, here is my mikrotik that do the pppoe server
In the mikrotik nat put in /ip firewall the ip's of your pppoe client and done you have your setup.
I have the same setup, here is my mikrotik that do the pppoe server
You do not have the required permissions to view the files attached to this post.