Mikrotik Router Multi IP address set up
Last updated on by Freeola Support
This guide was supplied by a Freeola customer, and used with their full permission.
This guide is a simple outline for altering a default Mikrotik routerboard configuration, in order to serve and route public IP addresses from a /29 allocation delivered over a PPPoE session. The last usable IP of the subnet will be used by the router as the gateway (our ISP returns this IP on PPPoE connection), and NAT for the private subnet allocation.
This configuration will serve the public IPs to devices over DHCP after they have been set as static leases (and thus will not default to serve them).
There are no firewall rules that apply to devices which are assigned public IP addresses. Keep that in mind when configuring your device, as it will be fully exposed to the internet.
This configuration is based on the default router configuration from Mikrotik, therefore the following assumptions have been made:
A network bridge exists for your private traffic, named bridge.
A DHCP server exists on the bridge, named defconf.
We're using the default interface groups, WAN and LAN.
We can pass on traffic as the 2nd rule in the firewall (after the counter entry).
Your Network Address is 192.168.1.16. If not, you should adjust the values in the table below accordingly.
IP Address | Purpose |
---|---|
192.168.1.16 | Network address |
192.168.1.17 | Usable address for device |
192.168.1.18 | Usable address for device |
192.168.1.19 | Usable address for device |
192.168.1.20 | Usable address for device |
192.168.1.21 | Usable address for device |
192.168.1.22 | Gateway (router) |
192.168.1.23 | Broadcast address |
We need to create a PPPoE profile, plus a client. You will need to set your own username and password (replace myusername and mypassword with the appropriate information).
/ppp profile
add change-tcp-mss=yes name=ISP use-compression=no use-encryption=no use-ipv6=no use-mpls=no
/interface
pppoe-client add add-default-route=yes disabled=no interface=ether1 name=isp-pppoe profile=ISP user=myusername password=mypassword
/interface
list member add interface=isp-pppoe list=WAN
We need to set-up our IP range in a few places:
The router itself needs to be given the last address.
The DHCP server needs to be aware of the range in order to know how to serve information such as the gateway and DNS server. We do not need to define a pool since we're not going to freely allocate these addresses.
We need to create an IP list in the firewall for the usable subnet (excluding the router and IP itself) in order to tell the firewall to simply pass on traffic.
These figures are using the addresses from the table above, if you changed these then you should adjust accordingly.
/ip address
add address=192.168.1.22/29 interface=bridge network=192.168.1.16
/ip dhcp-server network
add address=192.168.1.16/29 dns-server=192.168.1.22 gateway=192.168.1.22 netmask=29
/ip firewall address-list
add address=192.168.1.17-192.168.1.21 list=public-range
/ip firewall filter
add action=accept chain=forward comment="Allow all traffic to public IP range" dst-address-list=public-ip-range place-before=*1
Finally, we just need to tell the DHCP server how to map these IP addresses to local client devices.
Just replace the IP with one from the usable range and the MAC address with the local client device.
/ip dhcp-server lease
add address=192.168.1.20 mac-address=A0:B1:C2:D3:E4:F5 server=defconf
Live Chat is offline
Live Chat is available:
9:30am to 5:30pm Monday to Friday (excluding bank holidays).
It appears you are using an old browser, as such, some parts of the Freeola and Getdotted site will not work as intended. Using the latest version of your browser, or another browser such as Google Chrome, Mozilla Firefox, Edge, or Opera will provide a better, safer browsing experience for you.