Couldn't do WAN Port

sarpkaya · March 9, 2008, 7:22am

Hello I am trying to make my one port to WAN but I was unsuccessful how can I make it WAN port I couldn’t see any gateway address and so on.

Letni · March 9, 2008, 7:36am

Does your ISP require PPPoE authentication?
http://wiki.mikrotik.com/wiki/How_to_Connect_your_Home_Network_to_xDSL_Line

Or do you just need to setup DHCP Client?
/ip dhcp-client add interface=ether1 disabled=no

-Louis

sarpkaya · March 9, 2008, 7:58am

i am using cable internet I am manually entering cable internet IPs
for example
ip: 195.174.206.5
subnetmask: 255.255.224.0
gateway: 195.174.192.1

Letni · March 9, 2008, 8:23am

I would suggest using the DHCP client so that you do not have to worry about mistypings.

If you need more help, you will need to be more specific on what you can not do and what tests you have done to diagnose the issue. ex. Your config, ping results, etc.

-Louis

sarpkaya · March 9, 2008, 9:01am

but I need to add ip addresses dhcp gives only 1 ip address

abab_rafiq · March 9, 2008, 9:56am

you can easily add ip address by putting commands

/ip address add address=195.174.206.5/19 interface=ether1

Explanation :
If you already know about /19 prefix then its need not to describe here. If not plz search for CIDR or IP addressing and subnet masking.

Interface=ether1 : It is that interface on which you would like to put the IP address. You may also change/changed the Interface Name as Lan/Wan or something.

But for everything use winbox to assign and make all your task in graphically. That is much easier than else.

Rafiq…

SurferTim · March 9, 2008, 12:47pm

Greetings!

Are you certain that netmask is not 255.255.255.224? Just a thought. That is the netmasks most of the cable companies around here issue.

EDIT: My bad. Yours must be correct. Otherwise you would not be able to reach that gateway.

Just out of curiosity, what are you trying that is not working?
Can you ping an IP address?
Can you ping a domain name?

sarpkaya · March 9, 2008, 4:17pm

I want to use more than 1 ip address
something like I want to use
195.174.206.9
195.174.206.10
I want to use both ips. First one is going to shared with everybody second one is going to be only mine.

SurferTim · March 9, 2008, 4:26pm

You can add the second address to that interface. I use CLI.

/ip address add address=195.174.206.9/24 interface=ether1
/ip address add address=195.174.206.10/24 interface=ether1

At this point, your wan port should respond to a request for either IP.

If you want one routed to a local address (195.174.206.10/24 to 192.168.0.3/24 as an example):
/ip firewall nat add chain=dstnat action=dst-nat dst-address=195.174.206.10 to-addresses=192.168.0.3

sarpkaya · March 9, 2008, 4:29pm

What about subnetmask and gateway? /24 means 255.255.255.0? isn’t it? and how can I enter gateway address to that addresses?

SurferTim · March 9, 2008, 4:38pm

The subnet mask is the /24 part. My bad. I remember you are 255.255.224.0. Yours is /19.
The gateway is in the route:
/ip route add gateway=195.174.192.1

sarpkaya · March 10, 2008, 7:08pm

Hi, I couldn’t do NAT thing.

SurferTim · March 10, 2008, 7:21pm

So I presume the two IPs go to the same box now.

Why can’t you do the NAT thing?
Does it refuse to take the command?
Or doesn’t go where you expect?

BTW, the difference in the chain and action is not a typo. They are different: dstnat and dst-nat

sarpkaya · March 10, 2008, 7:50pm

I wrote that nat command but It still uses default ip not an ip that is in nat command.

SurferTim · March 10, 2008, 9:52pm

Take a look in
/ip address
and insure the address you are forwarding to has a network assigned there. For example, if you are trying to forward a wan IP to 192.168.0.2 in your nat, insure you have a 192.168.0.1/24 assignment on ether2. Some way to reach 192.168.0.2. And insure there is not two or more.

Try pinging the IP from the MT box.
/ping 192.168.0.2

sarpkaya · March 10, 2008, 11:18pm

195.174.206.6
this is my WAN ip
I also have
195.174.206.5
and
195.174.206.7

I am trying to forward 195.174.206.6 to 192.168.0.252
I can ping at

195.174.206.6 64 byte ping: ttl=64 time<1 ms
195.174.206.6 64 byte ping: ttl=64 time<1 ms
195.174.206.6 64 byte ping: ttl=64 time=1 ms
195.174.206.6 64 byte ping: ttl=64 time<1 ms
195.174.206.6 64 byte ping: ttl=64 time<1 ms
5 packets transmitted, 5 packets received, 0% packet loss

I can ping

192.168.0.252 64 byte ping: ttl=128 time=1 ms
192.168.0.252 64 byte ping: ttl=128 time=1 ms
192.168.0.252 64 byte ping: ttl=128 time=1 ms
192.168.0.252 64 byte ping: ttl=128 time=1 ms
192.168.0.252 64 byte ping: ttl=128 time=1 ms
192.168.0.252 64 byte ping: ttl=128 time=1 ms
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 1/1.0/1 ms

I have written:

[admin@MikroTik] >> /ip firewall nat add chain=dstnat action=dst-nat dst-address
=195.174.206.6 to-addresses=192.168.0.252
but it still aren’t working.

SurferTim · March 11, 2008, 4:03pm

I just did a test for another post, and found an interesting thing about dns. I use version 2.9.46 (it comes loaded in the units I buy), and it has a challenge with dns if you change any of the /ip address settings. I had to reset my MT box (/system reset) and start over.

It must be done in this order on my box (edit):

1 - All IP addresses for all interfaces
2 - gateway
3 - dns
4 - dhcp
5 - nat

Test for valid dns by pinging a domain name:
/ping email.prolectron.net
If it has been corrupted, you will get a message like “invalid argument”.

sarpkaya · March 11, 2008, 7:05pm

[admin@MikroTik] > ping email.prolectron.net
68.99.58.115 64 byte ping: ttl=238 time=200 ms
68.99.58.115 64 byte ping: ttl=238 time=200 ms
68.99.58.115 64 byte ping: ttl=238 time=198 ms
68.99.58.115 64 byte ping: ttl=238 time=199 ms
68.99.58.115 64 byte ping: ttl=238 time=197 ms
68.99.58.115 64 byte ping: ttl=238 time=205 ms
68.99.58.115 64 byte ping: ttl=238 time=201 ms
68.99.58.115 64 byte ping: ttl=238 time=200 ms
68.99.58.115 64 byte ping: ttl=238 time=198 ms
68.99.58.115 64 byte ping: ttl=238 time=199 ms
68.99.58.115 64 byte ping: ttl=238 time=197 ms
68.99.58.115 64 byte ping: ttl=238 time=217 ms
68.99.58.115 64 byte ping: ttl=238 time=201 ms
68.99.58.115 64 byte ping: ttl=238 time=198 ms
68.99.58.115 64 byte ping: ttl=238 time=219 ms
68.99.58.115 64 byte ping: ttl=238 time=211 ms
68.99.58.115 64 byte ping: ttl=238 time=210 ms
68.99.58.115 64 byte ping: ttl=238 time=211 ms
68.99.58.115 64 byte ping: ttl=238 time=199 ms
68.99.58.115 64 byte ping: ttl=238 time=198 ms
68.99.58.115 64 byte ping: ttl=238 time=204 ms
68.99.58.115 64 byte ping: ttl=238 time=205 ms
68.99.58.115 64 byte ping: ttl=238 time=204 ms
68.99.58.115 64 byte ping: ttl=238 time=200 ms
68.99.58.115 64 byte ping: ttl=238 time=201 ms
68.99.58.115 64 byte ping: ttl=238 time=210 ms
68.99.58.115 64 byte ping: ttl=238 time=200 ms
68.99.58.115 64 byte ping: ttl=238 time=217 ms
68.99.58.115 64 byte ping: ttl=238 time=206 ms
68.99.58.115 64 byte ping: ttl=238 time=199 ms
68.99.58.115 64 byte ping: ttl=238 time=198 ms
68.99.58.115 64 byte ping: ttl=238 time=200 ms
68.99.58.115 64 byte ping: ttl=238 time=197 ms
68.99.58.115 64 byte ping: ttl=238 time=200 ms
68.99.58.115 64 byte ping: ttl=238 time=204 ms
68.99.58.115 64 byte ping: ttl=238 time=201 ms
68.99.58.115 64 byte ping: ttl=238 time=207 ms
68.99.58.115 64 byte ping: ttl=238 time=219 ms
68.99.58.115 64 byte ping: ttl=238 time=205 ms
68.99.58.115 64 byte ping: ttl=238 time=198 ms
68.99.58.115 64 byte ping: ttl=238 time=207 ms
68.99.58.115 64 byte ping: ttl=238 time=201 ms
68.99.58.115 64 byte ping: ttl=238 time=198 ms
68.99.58.115 64 byte ping: ttl=238 time=202 ms
68.99.58.115 64 byte ping: ttl=238 time=200 ms
68.99.58.115 64 byte ping: ttl=238 time=238 ms

SurferTim · March 11, 2008, 7:53pm

I am running out of options.
Is there any other entries in /ip firewall nat?

The only thing I can suggest after that is: save your current setup and reset your box.
That is what I had to do. I did not need to load the backup tho. The box worked after the reset and reconfigure.

sarpkaya · March 11, 2008, 8:44pm

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.0.0/24

2 chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=0-65535
dst-address=195.174.206.10

3 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=0-65535
dst-address=195.174.206.10

4 chain=dstnat action=dst-nat to-addresses=192.168.0.253 to-ports=0-65535
dst-address=195.174.206.10

5 chain=dstnat action=dst-nat to-addresses=192.168.0.253 to-ports=0-65535
dst-address=195.174.206.10

6 chain=dstnat action=dst-nat to-addresses=192.168.0.252 to-ports=0-65535
dst-address=195.174.206.6

7 chain=dstnat action=accept src-address=195.174.206.6
dst-address=192.168.0.252