A company near me was getting new fiber cable run from ISP and I jumped at the opportunity to get it too, as they were digging in front of my house so I got a good price.
The “gotcha” turns out to be using my own router, they charge a lot per month for theirs but told me I can use my own with no problem.
Today info on IP addresses shows up in mail, and ummmmm… I don’t know how to set it up.
Tho old ISP was something like this ISP IP → MY PUBLIC IP ON PFSENSE WAN → MY LAN PRIVATE IPs.
The new one shows up with 3 IP addresses, and I’m not sure what to do with the third one?
So hardware is Fiber cable → Fiber media converter → Ethernet cable → PF Sense (can be MikroTik too, I have Hap AC serving access point duty).
New ISP doc says, I quote (made up IPs, but following the same pattern):
WAN block 93.83.73.68/30
ISP port: 93.83.73.69
Your port: 93.83.73.70
Subnet mask 255.255.255.252
LAN block: 77.67.57.215/32
Subnet: 255.255.255.255
WAN block is used for interconnection between our network and the device at your location and can’t be used for Internet access, LAN block is given to you, registered in your name and is used for Internet access.
ISP port I can ping from anywhere (used my phone hotspot), “Your port” is supposed to be my router WAN port? I tried that and I can’t ping it using 4G hotspot.
What do I do with LAN block? I expected it to be a private IP range, but this is single public IP?
Do media converters need an IP address? I expect not, but I don’t know for sure.
ISP can set it up, but will charge through the nose
Thank you for the help, but this is what I don’t get. I tried setting up on MikroTik to avoid breaking the active connection.
I went to their website and doc said Source nat to specific address and it looked like what I need to do.
So I’ve connected ether1 to media converter and gave it IP 93.83.73.70/30, gateway IP 93.83.73.69 and 1.1.1.1 DNS for now.
Gateway is on the list and says reachable via ether1.
LAN is standard 192.168.88.1/24 on MikroTik.
Than via SSH I pasted in
add chain=srcnat src-address=192.168.88.0/24 action=src-nat to-addresses=77.67.57.215 out-interface=ether1
and src-nat appeared on the list.
Is that all? Do I need to assign 77.67.57.215/32 to some interface or virtual IP?
I’ve noticed that pinging the gateway from the router will timeout with NAT rule enabled, and sprinkle in “host unreachable” without it.
I tried the same thing on pfSense, but no luck there either.
Same drill, configure the interface, add the gateway, add outbound NAT entry with source network 192.168.1.0/24, any destination, translation to 77.67.57.215/32, turn on combined NAT mode (manual + auto rules).
On pfSense i tried translation to “other subnet” and adding a virtual IP 77.67.57.215 and translating to that but still nothing.
Yes, someone on superuser.com helped me narrow down the issue to ISP, and after stepping on their neck with MikroTik /tool/sniffer dump and proving that gateway is not responding they fixed their issue.
Configuration on my end as per @mutation666 suggestion was fine to begin with.
