Joined: Tue Jan 06, 2009 7:37 am Posts: 23
Karma: 0
Hey guys... I recently purchased a new RB450 and RB450G and had the pleasure of working with Dmitry to configure one of these units. But I'm trying to configure the second unit on my own and I'm running into some trouble. Hopefully this isnt basic stuff that I just missed in the manual--if so, my apologies.
I have the following ip addresses: [admin@MikroTik] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.0.0.240/24 10.0.0.0 10.0.0.255 WAN-0 1 10.0.0.253/24 10.0.0.0 10.0.0.255 LAN-1 2 10.0.1.253/24 10.0.1.0 10.0.1.255 WiFi-2 3 D 10.0.0.46/24 10.0.0.0 10.0.0.255 WAN-0 [admin@MikroTik] /ip address>
but when I plug a cable into LAN-1 (1 being the port number...0-4) I'm unable to ping the ip or access ssh. The machine I'm working from does receive an ip from dhcp server though. How can I access ssh from the second port.. or any port for that matter?
I also cant get internet access even though I've added what I think is the right stuff, but I'll figure that out after I get access to the router from this side. I can post any more screens needs, but I'm new to this so not sure which are relevant.
What is the ip/netmask of the interface of the other router that is connected to WAN-0? That should be the gateway, and I need that ip to help you finish the route. I would have used 10.0.0.1/24
BTW, you have two interfaces with duplicate networks on them (WAN-0 and LAN-1). And a dynamic assignment on WAN-0 (bottom entry).
Joined: Tue Jan 06, 2009 7:37 am Posts: 23
Karma: 0
I knew i would leave info out... sorry.
The WAN is being connected to a comcast cable modem(DHCP) and has been configured with dhcp-client. the 10.0.0.46 port you see is reassigned(or is supposed to be) once i plug the unit into the cable modem. the 10.0.0.240 was just a static ip i set for configuring the unit. Is it possible for an interface to have 2 networks like that? I will remove that ip once I can figure out how to SSH into the unit from port2 (LAN-1)
On the LAN-1 interface, I went with 10.0.0.253 because my current router is .254 and I'll be changing that once this router is working successfully.
I assume the gatway will be assigned via dhcp on the wan side right?
On the LAN-1 interface, I went with 10.0.0.253 because my current router is .254 and I'll be changing that once this router is working successfully.
Good idea, but that presents routing problems. That interface needs: a separate localnet, or bridged to ether1, which means semi-public net on LAN-1, not private. 10.x.x.x net is all private.
If you change that interface to 10.0.2.1/24, and reassign your other router between the 10.0.0.254 and 10.0.2.254 as you move it from one net to the other, then it should work ok.
No problem as long as the interface networks are not identical. ether2 is ok for ssh into the router. It better be. That is what I use most of the time! Assign 10.0.2.1/24 to the LAN-1 interface. Then get on the LAN-1 interface with a 10.0.2.x/24 ip, and ssh admin@10.0.2.1.
Joined: Tue Jan 06, 2009 7:37 am Posts: 23
Karma: 0
SurferTim wrote:
No problem as long as the interface networks are not identical. ether2 is ok for ssh into the router. It better be. That is what I use most of the time! Assign 10.0.2.1/24 to the LAN-1 interface. Then get on the LAN-1 interface with a 10.0.2.x/24 ip, and ssh admin@10.0.2.1.
done and done. Thanks so much. Its working now on the LAN side. Now I just have to figure out how to setup NAT on the WiFi side. Is that even possible?
This will srcnat all localnet ips as 10.0.0.46. I normally would use "action=masquerade", but since there are two ips assigned to WAN-0 (ether1), that is unpredictable.
ADD: This applies only if 10.0.0.46/24 is a "persistent ip" (you always get that ip by dhcp).
This will srcnat all localnet ips as 10.0.0.46. I normally would use "action=masquerade", but since there are two ips assigned to WAN-0 (ether1), that is unpredictable.
ADD: This applies only if 10.0.0.46/24 is a "persistent ip" (you always get that ip by dhcp).
Alright, so I had already added "chain=srcnat action=maq..." and so on for what I thought was port 1 (of 0-4) only, but once I removed the static WAN ip, it looks like everything is working fine now.
So I have a dynamic WAN, and a LAN & WiFi with DHCP + NAT and all is able to get online now.
The last 2 questions I have are: can I set IP's based on MAC address? & how can i restrict access between the LAN and Wifi ports? or how can I allow traffic (for printing, etc) from the wifi port to the LAN?
I want to setup a hotspot but that can wait until I have more time tomorrow. Thanks again for all the help.
To make a dhcp lease static (not static ip assignment).
/ip dhcp-server lease print make-static X
Change X to the line number of the lease. Then that mac address will always be issued that ip. Some call this a "persistent ip".
If you want to restrict access, then you can do that with /ip firewall filter add chain=forward action=drop src-address=10.0.1.0/24 dst-address=10.0.2.0/24 add chain=forward action=drop src-address=10.0.2.0/24 dst-address=10.0.1.0/24
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
Login |
HOME
