Configure Mikrotik transparent router

Mark2012 · October 16, 2012, 1:13pm

Hello,

I have a question about how to configure a Mikrotik so that it routes transparent without NAT from the 192.168.1.0/.24 network to the 10.0.0.0/24 network. So it can connect to the internet through the 10.0.0.0/24. (See the picture)

What I have done so far. I have add the network 10.0.0.0/24 to ether2 and 192.168.1.0/.24 to ether3. And create a route Dst. Address 0.0.0.0/0 gateway 10.0.0.1 to ether2

But this doesn’t work. Can’t ping from 192.168.1.0/.24 network to 10.0.0.0/24. Anyone any idea what I’m missing or do wrong?

Regards,

Mark

(using model: 450 and firmware 2.41)

francois · October 16, 2012, 1:33pm

I believe that your 10 network does not have a route back to your 192.168 network. I probably sees a ping coming from 192.168 and then sends a reply out to the internet side.

mrz · October 16, 2012, 1:35pm

Start from here
http://wiki.mikrotik.com/wiki/Manual:Simple_Static_Routing

Mark2012 · October 17, 2012, 7:45am

Thanks, it works now. I was forgotten the static route in the second router.

Mark2012 · November 28, 2012, 1:32pm

It works but I have a small problem. When I do a tracert from the 192.168.1.0/24 network to for example forum.mikrotik.com I see only the first gateway (192.168.1.1).

Tracing route to forum.mikrotik.com [159.148.147.201]
over a maximum of 30 hops:
  1   <1 ms   <1 ms   <1 ms  192.168.1.1
  2     *        *        *     Time-out bij opdracht.
  3     *        *        *     Time-out bij opdracht.
  4     *        *        *     Time-out bij opdracht.
  5     *        *        *     Time-out bij opdracht.
  6     *        *        *     Time-out bij opdracht.
  7     *        *        *     Time-out bij opdracht.
  8     *        *        *     Time-out bij opdracht.
  9     *        *        *     Time-out bij opdracht.
 10     *        *        *     Time-out bij opdracht.

Can someone tell me why I don’t see the other routers?
I can access the forum without any problem on my internet browser

janisk · November 28, 2012, 1:33pm

do you have NAT set up, so that your local addresses can pass to global network and know the path back?

Mark2012 · November 28, 2012, 1:41pm

Router 2 (10.0.0.1) use NAT. Router 1 (192.168.1.1) does not use NAT

Mark2012 · December 12, 2012, 8:44am

Because trace still doesn’t work I have cleared the complete mikrotik. And configured the router as described on http://wiki.mikrotik.com/wiki/Manual:Simple_Static_Routing.
But then still trace route doesn’t work. I get the same result as described above. When I replace the mikrotik through different brand router it works perfect.

Has anybody any idea what I’m doing wrong?

janisk · December 12, 2012, 11:51am

if your setup is as follows

RouterB → RouterA → NAT (on routerA) → INternet

on routerB you have to have default route set via RouterA

on RouterA you have to have link to network behind routerB and default route pointed to gateway. And you have to have NAT that will masquerade all packets that what to go outside of your local network. something along these lines:

/ip firewall nat add chain=src-nat action=masquerade out-interface=

Mark2012 · January 8, 2013, 8:06am

Sorry for my late reaction (family circumstances).

Yes I have everything as you described. And router A works perfect without any problem. If I replace the mikrotik (router B) with a different brand router it works perfect. So I think I have not configured router B correct.

This must be done on router A if I’m correct.

janisk · January 10, 2013, 11:56am

yes, you have to do masquerade at the border of your network and inside it - use routing. Check if RouterA can ping hosts on behind RouterB and vice versa. then check src-nat rules (mentioned masquerade or src-nat)

Mark2012 · January 16, 2013, 1:16pm

Thanks. It works now. The src-nat rules were not correct