I have a ROS with wireless clients, all natted... and i have more than 1 public IPs assigned to my MT.
how can i assign a public ip to one client without using nat (redirect)... assign directly the public ip to the client.
Is it possible?

of course you can assign ip addresses to your clients, but then all simple routing rules come into play with subnets, network addresses etc.

of course you can assign ip addresses to your clients, but then all simple routing rules come into play with subnets, network addresses etc.

Can you post a little example on how to do that? I've been looking for one but wasn't lucky..

yes, a little example will be appreciated

Create a public subnet on the LAN port of your router. Make sure the masquerade rule you have setup only applies to the private subnet(s). Use a static DHCP reservation or a manually configured IP on the client and you're done... So basically you'd be running two networks on one physical segment.

Here's the catch. You'll need a block of IP's large enough to subnet and route..

if you've only got a /29 from your ISP this would be difficult, because you'll only be able to subnet out two /30's.

Other than that you're stuck with doing 1:1 NAT, or Proxy-ARP. I'd recommend using the 1:1 NAT over Proxy-ARP.

I authenticate users on my network using PPPoE, most if not all residential subscribers get a private address (172.16.xx.xx) conserving the /22 we have from our ISP for static and business customers. Using PPPoE it's just a matter of changing the clients "Pool" or static IP assignment in the database, and a simple reset of the PPPoE connection to get them a public IP.

Here's some additional reference site(s):

http://www.cisco.com/warp/public/701/3.html

I authenticate users on my network using PPPoE, most if not all residential subscribers get a private address (172.16.xx.xx) conserving the /22 we have from our ISP for static and business customers. Using PPPoE it's just a matter of changing the clients "Pool" or static IP assignment in the database, and a simple reset of the PPPoE connection to get them a public IP.

this would be my reccomendation. we use the same method, except we always assign public IPs in our PPPoE Pool's. works great, and when a customer doesn't pay their bill, make a quick change to the database, reset the connection and they get assigned a private ip, which is not routable to anywhere but a splash page saying "please contact our billing department" most people pay the same day

Thanks for your replies But to get a bit down in details, how would you handle such a setup?

ISP CPE ---- ethernet ---- Mikrotik Routerboad ------ Wireless ----- Mikrotik Radio Hop ---- wireless ---- mikrotik AP with PPPoE server enabled -----wireless ---------> Costumers

Afaik, the first Mikrotik Routerboard (Local core router) must have a public IP assigned to the interface connecting to ISP CPE. Also, as you said, on that router you specify masquerade roules so you masquerade users with private IPs to get out on the internet with the router assigned public IP. That works fine

Now, regarding public IPs for costuemers (which isn't a large part of my network, but still..), how do you configure the equipment above in a routed environment? Not using WDS and such..

Two things. If your provider will not ROUTE you a public Block of IPS, i.e. the /28 or whatever it is is pointed at your mikoritk as the gateway, then their is two other methods, both sux, and I would note recommend either.

1. Proxy-ARP, sux, read up on it, sometimes works, sometimes don't.
2. Create a birdge, with your public interface, bridge in a EoIP or IPIP tunnel (v3 you can do L2TP etc), then put a mt on the other end, and bridge that connection with the ethernet. sux, yep.

I just read one of your messages here, and it helped me somehow.

So by "isp routing IP blocks to your MT" you mean them routing public IPs from their CPE to my first mikrotik routerboard (core router)?

Looking on the forum I've also found some similar question to ours, but it looks like none was explaining "how".

http://forum.mikrotik.com/viewtopic.php?f=2&t=19067

hello since you are using pppe server, just add to it ospfd (dynamic routing), and on MT (if your provider doesnt route all block) on Wan interface switch on proxy-arp. This will work certainly, as it works for me.Honbestly i can't imagine right now networking without dynamic routing. The redundancy it gives, and the peace of mind when nobody calls when one wireless link went down is something beautiful ;]

its more like this. You can have a /24 block of IPs, anywhere in the world, if someone wanted to route it there. So, you can say. 99.99.99.0/24 is here, and then by changing some routes, now it is somewhere else.

What you want is to have your ISP not TELL you where the /24 is. Most of them, put it on the LAN interface of the router on your site. What this does, is basically make the routed subnet /24 that they gave you have to reside on that LAN interface, right there.

If they Point your /24 to your router, then behind your router, you can do whatever you want with it. break it down to /30s if you wanted to.

OSPF is the way to go with this configuration, you can route a single public over multiple private hops.

Not trying to promote myself only, but you may want to contact a MT Consultant to get the configuration setup for you.

It can be done another way, like if you make a bridge with your public n local interface you can give real IP to your client end. and for bandwidth control just make a simple queue for that real IP.

Regards

It can be done another way, like if you make a bridge with your public n local interface you can give real IP to your client end. and for bandwidth control just make a simple queue for that real IP.

Regards

Do you mean, on the same router? The core one?

Please help, i try this:
/ ip firewall filter
add chain=forward in-interface=wlan1 out-interface=ether1 action=accept dst-address=88.*.*.4
add chain=forward in-interface=ether1 out-interface=wlan1 action=accept src-address=88.*.*.4
then set ip 88.*.*.4 on my laptop, set gw (88.*.*.3)public ip of my MT router

Where is problem?