I’m a 22 year old student from Slovenia. I volunteered to setup the network in our dorm. I found out about MikroTik couple of hours ago, so I don’t have any clue how to setup MikroTik OS. So I was hoping I could turn to you guys on the forum to help me out?
Here’s the thing. We have one DSL connection and three buildings (all three filled with pissed students w/o an internet connection) . We actually have a wireless network (a bunch of linksys APs), but that’s not the point right now.
Each building has it’s own (i don’t know what’s it called) subnet. Imagine that buildings have a lot of LAN switches inside:
Building 1 - 192.168.0.xxx
Building 2 - 192.168.1.xxx
Building 3 - 192.168.2.xxx
… and i want each building to have it’s own gateway.
I think the scheme below is pretty much self explanatory.
Now here are the main questions:
can buildings see each other; will the windows sharing work between buildings; would ping 192.168.1.123 work if I was in “Building 1”; would UT2004 work …
How to limit user’s connection speed; can I create a special group of users with different speed (punks: 128kbps; good students: 256kbps … me 1024kbps) ?
I read that RouteOS can limit P2P connections; is it possible to limit user’s max. connections (only 100 ports can be opened by a single user at once)?
Is it possible to setup a Radius server (for WiFi authentication) and how?
I already got the machine (i think it’s) 1000MHz AMD, 128MB RAM, 4GB HDD and 5 (five) ethernet adapters. I downloaded the ISO and burned it on a CD.
If someone can help me and give me some basic instructions on how to setup the machine, i’d be very thankful!
First of all, have to say hello to my neighbour form ex Yugoslavia
If You have elementar knowlege of routing it sholudn’t be so hard to setup MTK. Just follow the manual. And now sone answers:
you can ping each computer in network (except if it is firewalled). Also there is no limit in playing UT2004, but the windows sharing and My Network Places is still mistery to me because I have same situation with different subnets.
the limiting is very simple and it is explained in manual under “simple queue”
the limiting of P2P TCP packets is posibile, but P2P UDP is problem because UDP have no connections
haven’t played with radius
that kind of machine (CPU) is more than enough. It is Linux based Router, not Microsoft
When doing different subnets, do I have to change the subnet mask to? (16 bit / 255.255.0.0) ?
I’m not really that concerned about windows sharing. I’ll probably setup a FTP server somewhere and collect money to buy a big HDD. Every one that contributes will have an access to the FTP
Not much to really add, other than RADIUS can do all that you have requested with regards to the bandwidth controll. FreeRadius is really easy to setup with MT.
Depends on the netmask you use. If you used a /22 which includes 4 class C’s then yes. But then you would have to add a bridge and bridge all the building into one big network which can be mess. I would stick to your ip address scheme but use /24 which is just a single class C per building.
If someone can help me and give me some basic instructions on how to setup the machine, i’d be very thankful!
I can configure the basics for you remotely if you got the router online, I can even through in some useful firewall rules. let me know.
Perhaps you have midunderstood PPPoE here: There should be no need to run DHCP on your WAN side - you get your ip address assigned by means of the PPPoE protocol. So your ISP won’t be running a DHCP server on the WAN, and your DHCP client of course will not get anything (thus showing “searching”… constantly).
When PPPoE connection is up, do a “/ip address print” to see if you have a dynamically assigned ip address on you pppoe-out interface.
dwright: your help would be really appriciated. If you could configure the machine remotely, be my guest. I can give you my current IP and administrator password.
You can’t assign the same IP to different interfaces. Also, you can’t assign (even different) IPs from the same subnet to different interfaces.
Your setup should be like this (rough setup, no firewalling, no queueing, just to get you up and running!):
Don’t set a default gateway manually (remove it!), just set the parameters “use-peer-dns” and “add-default-route” for your pppoe-client interface to “yes”. This will assign correct values during PPPoE session handshake.
How do you want to assign IPs to the clients in the buildings? Static, DHCP, PPPoE? In any case they should get an IP address from their appropriate subnet, and use the ip address of “their” interface in your MikroTik as default gateway and DNS server address.
This should give you a basically operating system. Remember: No firewall security (even for connections to your MikroTik from the internet), no queuing/bandwidth shaping etc. with this config.
You could start by setting the address parameter for all service under “/ip service” to a single address (like 192.168.0.10/32) or a subnet (like 192.168.0.0/24) from your internal address space. So you can only access your MikroTik from this address or subnet. Apart from that you should do some firewall filtering in the input chain, which is documented in some how-tos in the docs: http://www.mikrotik.com/docs/ros/2.8/howto/howto
How can you pass DNS and gateway settings to users, when they are getting the assigned IP.
And when i turn on the “Obtain an ip automatically” in WinXP, it doesn’t work (first screenshot). But when i manually set the ip address, gateway and DNS settings, it works (second screenshot).
Here is the configuration i have to set manually:
IP: 192.168.0.177
SM: 255.255.255.0
GW: 192.168.0.1
DNS1: 193.189.160.11 or 164.8.10.10
DNS2: 193.189.160.12 or 164.8.100.100
Weird is, if i leave subnet mask on 255.255.255.0, i can ping other IPs (from 192.168.0.177 to 192.168.1.10). But if i change subnet mask settings to 255.255.0.0 i can’t even reach them. And i saw that DHCP server configures my subnet mask to 255.255.0.0
Finally. I configured the router the way I wanted, but there are still some features i whish the routerOS would have.
It’s probably not possible, but i’ll ask anyway: is it possible to disconnect someone with a specific MAC address? Here are a couple of students, trying to piss me off. They are manually configuring their IP addresses to ones where a wirelles routers should be - causing IP conflicts.
Some wireless routers have this feature which gives a user a specefic IP address - by looking his MAC address.
Router would allow a person using only his own IP. This would be my dream come true, if RouterOS had this feature.
yeah, i got the IP, alright. Thanks!
