I just received my first 951G-2HnD as a replacement for my old WRT54 router.
So far everything works, but I have a setup question which I cannot solve.
I have a settopbox which requires direct internet access, this device needs to be connected directly to the ISP’s cable modem. Thus this device gets a public IP address in a sepparate IP range from the ISP.
On my old WRT54G with custom ddwrt, I managed to put 1 port in the same VLAN as the WAN port, in this way the settopbox got an IP directly from the ISP.
I want to do the same on my routerboard, but I’m a but stuck in the many configuration possibilities. Can someone give me a push in the right direction ?
To get a public ip you could create a bridge int. Add the wan interface to that, setup your dhcp client for your internet connection (assuming this is how you need to do it)on the bridge. Then just add the interface your settop box is connected to into that same bridge and it will be a part of the same l2 segment as your wan
Subnet => really don’t know. The settopbox just needs an IP provided my the ISP’s DHCP server. This IP is in another subnet than the normal IP’s.
I’ve tried to make a new brigde, and putting the eth1 (gateway) and the eth5 in it. This causes the local traffic to stop, but the settopbox does receive his IP.
You will need to make sure your dhcp-client is now running on the bridge and not ether1. If you have a static from your provider make sure it is on the bridge and not ether1. Also check your masquerade rule in /ip firewall nat. Make sure it is using the bride interface.
Config, where “digibox port” is the port where the settopbox is connected to.
This is the default config without any changes that I tested (which didn’t work).
make a new bridge, put both the wan and the required interface in it
adjust the NAT so that the Natting is done on the new bridge instead of the wan interface.
Strange things.
Today, I did an update to the latest version, but thuis broke my setup in a very strange way.
When I connect an enabled device to eth5 (db port)
I cannot reach the external network anymore.
If I disable the eth5 or disconnect the network cable, normal traffic resumes.
It seems that the update that I did earlier today, broke some things but I am unable to solve this.
I’ve tried to reset & restore the config, but that didn’t help.
In the meanwhile, I’ve also upgraded the OS to the latest version, but no solution yet.
I have rebuild the config instead of restoring one, but the config that has worked in the past, does not work anymore.
[admin@MikroTik] > export compact
# oct/04/2013 19:24:04 by RouterOS 6.4
# software id = PRRI-T8EG
#
/interface bridge
add l2mtu=1598 name=bridge-dbox
add admin-mac=D4:CA:6D:9A:39:F1 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=\
indoors frequency=2452 ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=\
ap-bridge ssid=dd-wrt wireless-protocol=802.11
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 name=ether5-slave-dbox
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys wpa-pre-shared-key=xxxxxxxxxxxxxxxxxxxx wpa2-pre-shared-key=\
xxxxxxxxxxxxxxxxxxxx
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp ranges=192.168.100.10-192.168.100.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-dbox interface=ether5-slave-dbox
add bridge=bridge-dbox interface=ether1-gateway
/ip address
add address=192.168.100.254/24 comment="default configuration" interface=\
wlan1 network=192.168.100.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.100.0/24 comment="default configuration" dns-server=\
192.168.100.254 gateway=192.168.100.254 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=bridge-dbox to-addresses=0.0.0.0
/ip service
set api disabled=yes
/system clock
set time-zone-name=Europe/Brussels
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=85.10.246.226 secondary-ntp=\
193.225.118.163
/system routerboard settings
set silent-boot=yes
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-dbox
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-dbox
add interface=wlan1
add interface=bridge-local
The intention is to get eth5 as a sepparate interface, which receives a wan IP.
Using the cfg from above, the dhcp server does not receive an IP address. I can change a few things, but the problem is that I don’t really know what I’m dooing …
If there should be other, simplier ways to achief this, I would be glad to hear them.
I think I changed the internal IP, but still the same issue, from the moment there is an active interface on eth5, the traffic stops (but its working as expect on eth5)
[admin@MikroTik] > export compact
# oct/05/2013 08:56:38 by RouterOS 6.4
# software id = PRRI-T8EG
#
/interface bridge
add l2mtu=1598 name="bridge dbox"
add admin-mac=D4:CA:6D:9A:39:F1 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=\
indoors frequency=2452 ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=\
ap-bridge ssid=dd-wrt wireless-protocol=802.11
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 name=ether5-slave-dbox
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys wpa-pre-shared-key=xxxxxxxxxxxxxxx wpa2-pre-shared-key=\
xxxxxxxxxxxxxxxxxx
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp ranges=192.168.100.10-192.168.100.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge="bridge dbox" interface=ether5-slave-dbox
add bridge="bridge dbox" interface=ether1-gateway
/ip address
add address=192.168.100.254/24 comment="default configuration" interface=\
bridge-local network=192.168.100.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server config
set store-leases-disk=35m
/ip dhcp-server network
add address=192.168.100.0/24 comment="default configuration" dns-server=\
192.168.100.254 gateway=192.168.100.254 netmask=24
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.222.220
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface="bridge dbox" to-addresses=0.0.0.0
/ip service
set api disabled=yes
/system clock
set time-zone-name=Europe/Brussels
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=85.10.246.226 secondary-ntp=\
193.225.118.163
/system routerboard settings
set silent-boot=yes
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-dbox
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-dbox
add interface=wlan1
add interface=bridge-local
…