I bought a RB750GL, connected the Mikrotik routerboard from my ISP (where I got admin access) to Port 1.
By default (DHCP 192.168.88.1) it works fine (the ISP routerboard is on 192.168.1.1).
I want to change RB750GL to 192.168.1.1 (DHCP, etc as several devices have already a static IP in that range) and firewall off the ISP router board and just get internet access from it.
I tried this, see screenshot of my settings - WebFig Quick Set: https://ibb.co/bS8z35
current:
ISP (WiFi-WAN) ↔ Mikrotik router provided by ISP (DHCP 192.168.1.1/24) ↔ my LAN (192x168.1.x)
What works:
ISP (WiFi-WAN) ↔ Mikrotik router provided by ISP (DHCP 192.168.1.1/24) ↔ Mikrotik RB750GL (DHCP 192.168.88.1/24) ↔ my LAN (192x168.88.x)
What I want:
ISP (WiFi-WAN) ↔ Mikrotik router provided by ISP (DHCP 192.168.x.x ??) ↔ Mikrotik RB750GL (DHCP 192.168.1.1/24) ↔ my LAN (192x168.1.x)
Obviously I want my LAN shielded off, and just access internet.
(I have some network knowledge with Cisco ios, Linksys routers and some limited experience with the routerboard from my ISP)
I run “/export”, that’s the “What works” I listed above
[admin@MikroTik] > /export
# apr/16/2017 10:44:31 by RouterOS 6.38.5
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master name=defconf
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
ether1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master
Changing through UI all IP from 192.168.88.x to 192.168.1.x (aka “What I want works”) didn’t work - I can’t access the internet.