I’m pretty new to Mikrotik but all looking very powerful so far. My test setup is an ADSL modem > RB751U on ether1 utilising a PPPoE connection to connect to the ADSL. The ADSL modem has a status page (192.168.1.1) that I would like to access - it also acts as a DHCP server, and the RB751U gets an IP on ether1 (192.168.1.10). This is the same physical connection the PPPoE link to my internet goes out on.
How do I view my modem status page whilst still being on the internet? I have tried a couple of things but not got anywhere. Many thanks for any assistance - I can post terminal outputs if required - just let me know what commands.
Here is the requested information; I hope it helps:
> ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 interface=bridge-local
actual-interface=bridge-local
1 D address=192.168.1.10/24 network=192.168.1.0 interface=ether1-gateway
actual-interface=ether1-gateway
2 D address=111.xx.xxx.xxx/32 network=111.xx.xx.xx interface=pppoe-out1
actual-interface=pppoe-out1
3 D address=192.168.88.1/32 network=192.168.88.21 interface=<pptp-test>
actual-interface=<pptp-test>
/ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=111.xx.xx.xx
gateway-status=111.xx.xx.xx reachable pppoe-out1 distance=1 scope=30
target-scope=10
1 ADC dst-address=111.xx.xx.xx/32 pref-src=111.xx.xx.xx gateway=pppoe-out1
gateway-status=pppoe-out1 reachable distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.10 gateway=ether1-gateway
gateway-status=ether1-gateway reachable distance=0 scope=10
3 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge-local
gateway-status=bridge-local reachable distance=0 scope=10
/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="wlan1" type="wlan" mtu=1500 l2mtu=2290
1 R name="ether1-gateway" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=4076
2 R name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028
3 name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028
4 name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028
5 R name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2028
6 R name="bridge-local" type="bridge" mtu=1500 l2mtu=1598
7 R name="pppoe-out1" type="pppoe-out" mtu=1480
8 DR name="<pptp-testing>" type="pptp-in" mtu=1460
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=output comment=PPTP_GRE disabled=no protocol=gre
add action=accept chain=input comment=PPTP_GRE disabled=no protocol=gre
add action=accept chain=input comment="default configuration - PPTP" disabled=\
no dst-port=1723 in-interface=pppoe-out1 protocol=tcp
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established disabled=no
add action=accept chain=input comment="default configuration" connection-state=\
related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no \
out-interface=pppoe-out1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061,50600 sip-direct-media=yes
set pptp disabled=no
Crude Network Diagram
ADSL --[telephone]-- MODEM ----[cat5]----Mikrotik-----LAN (+ Wifi)
And the Routes?
also try to disable
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=pppoe-out1
I have updated the code blocks above; apologies for the error. I disabled the suggested action but still no access to 192.168.1.1.
I am assuming I will have to setup an explicit direction, but am not sure how.
Thanks for the assistance.
Do you try to access the modem from your PC? Can you ping the modem from ping tool in mikrotik?
If yes (able to ping in mikrotik) you must add new NAT rule or change the existing rule. because you said the Mikrotik got IP from the Modem DHCP, It means the modem doesn’t have the MT as default gateway.
So the new NAT rule:
add action=masquerade chain=srcnat disabled=no out-interface=ether1-gateway
Many thanks. That worked, and now I will do some reading to fully understand SRC-NAT.
I’ve tried the steps above, but getting no joy, I am able to ping the modem from the Tools->Ping option.
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.1.50/24 network=192.168.1.0
interface=ether2-master-local actual-interface=ether2-master-local
1 D address=41.xxx.xxx.xxx/32 network=xxx.xxx.xxx.xxx interface=pppoe-out1
actual-interface=pppoe-out1
/ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx
gateway-status=xxx.xxx.xxx.xxx reachable pppoe-out1 distance=1 scope=30
target-scope=10
1 ADC dst-address=xxx.xxx.xxx.xxx/32 pref-src=xxx.xxx.xxx.xxx gateway=pppoe-out1
gateway-status=pppoe-out1 reachable distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.50
gateway=ether2-master-local
gateway-status=ether2-master-local reachable distance=0 scope=10
/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1-gateway" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074
1 R name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074
2 name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074
3 R name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074
4 name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074
5 R name="pppoe-out1" type="pppoe-out" mtu=1480
/ip firewall export
# mar/05/2012 09:56:57 by RouterOS 5.6
# software id = ZDRB-BFRV
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established disabled=no
add action=accept chain=input comment="default configuration" connection-state=\
related disabled=no
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
add action=masquerade chain=srcnat disabled=no src-address=192.168.1.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
you need a rule which srcnats for your connection to the modem only
so remove add action=masquerade chain=srcnat disabled=no src-address=192.168.1.0/24
and add
add action=src-nat chain=srcnat comment=“NAT access to adsl modem” disabled=no dst-address=192.168.1.1 out-interface=ether1-gateway to-addresses=192.168.1.10
before the main masquerade rule.
Nick.