i know this is probably no brainer for someone but cannot figure out how to get this to work, i cant fifure out how to split the internet access between the 3 network cards
1 for personal / family network
for my " server"
for wireless network
computer/router with 5.2 3 network cards
i had someone else setup the YES …currently running network on 192.168.1.0 net for family personal use…
but for the life of me cant figure out how to setup the other 2 network cards
is 192.168.1.1/24 gateway 192.168.1.1
is 192.168.100/24
is 192.168.2.1/24
how do i setup mikrotik 5.2 so they all have access to the internet ( giving servers priority if that’s not too hard to do ) but NOT have access to each others networks …i dont want someone to " accidentally access servers and mess it up … i " only " want ports open for the usual suspects… ftp, mail port 80, 25 26 imap, pop3 etc…
Try to be more specific with the question(s) and ask discrete questions which other users can easily answer in a minute or so.
In broad terms:
a) You need to masquerade traffic heading to the ISP from your various LAN segments
b) You control traffic among the LANs and to/from the ISP using the forwarding table in IP Firewall.
c) You should have a look at the Wiki entries concerning securing our router. e.g. : http://wiki.mikrotik.com/wiki/Securing_New_RouterOs_Router
Most of us are very busy and (not to be condescending) the nature of your question meant that you would not understand the answer. If someone had replied it would have been more posts back and forth until we basically quoted you the manual.
Understand that MikroTik (and the RouterOS software product) are very nice and come with an easy to use GUI. However, the nature of routing is very specific to the environment and setup. You need more than a how-to or a simple answer, you need understanding. This forum cannot give you that.
i kinda expected some kinda answer … " even " one like yours
i said straightup i didnt know how and was willing to pay someone to do it FOR ME … $$$$
in the meantime i purchased a routerboard 1100 and need someone to configure it for me …
i realize you guys are busy making $$$ ( hopefully ) and i am willing to pay you $$$ to set it up asap… basically take the old configuration off my old puter/router and install it on my routerboard 1100 deal ???
frankly i dont see how i could be more specific than that … i have a old puter/ turned router with 3 network cards … one is currently being used for general internet access, i wanted to utilize the other 2 " idling " cards for network access for my servers & the other for wirrless hotspot
you currently have only 1 network and try to expand your network into 3 networks.
192.168.1.0/24 is currently your home network, you are trying to add 192.168.100.0/24 as server network and 192.168.2.0/24 as wifi network. you don’t want host in the wifi network ease to access server network. You only need that server can server general purpose for wifi network as webserver, mail server or FTP server.
suggest solution:
Let’s say you have configured 192.168.1.1 on eth0 as network gateway.
you will configure the other networks on another network interface (eth1 and eth2).
put 192.168.100.0/24 on eth1, and you can put 192.168.2.0/24 in eth2
you can give 192.168.100.1 as IP Add of eth1 and 192.168.2.1 as IP Add of eth2
add 2 action masquarade in ip->firewall->nat chain src-nat src address 192.168.100.0/24 and src address 192.168.2.0/24
add action accept src address 192.168.2.0/24 and dst address 192.168.100.1/24 in ip->firewall->filter (specified ports you want to open on the server for user hotspot)
add action drop src address 192.168.2.0/24 and dst address 192.168.100.1/24 in ip->firewall->filter (will drop other packet unspecified on the firewall rule above)
if you need further complex configuration for network security, bandwidth management, I suggest you to read the wiki first then floor it in here when you don’t really understand what wiki/manual have told you.
This question should have very simple answer but you made it too ambiguous, so it became more complex and spend more time for professionals to explain it to you. Hope this answer can ring the bell on your head.
I’ve asked the same question a long time ago, but haven’t had time yet to understand it, but check it out, if you haven’t made a plan yet …if you sorted it out, please post your solution
