very first post here and it’s a question whether it’s doable or not.
Scenario:
I’m connected to my ISP via a cable modem providing me 1 fastethernet port.
If i just place a simple switch behind this port I can get up to 4 dynamic public IP addresses for my computers/stuff by DHCP from the cable modem (which is managed by the provider)
This provider also registered a few mac-addresses which they need assign specific private ip-addresses for them so I can watch interactive digital tv (using their CPE)
I was wondering if with a mikrotik RB2011UAS-RM it would be possible to have it set up for a NAS, Wifi with 2 ESSID, port-forwarding, VPN access using it’s own DHCP and yet still be able to let the CPE receive their private addresses from the provider via DHCP from the provider (off course without conflicts :p)
Right now i’m using a switch and just use VLANs to eliminate a tiny switch. was wondering if I could do something similar on a Mikrotik. (seeing that they have 2 switches in the RB2011UAS-RM)
I am very interested in your configuration.
If I read correctly you have some ether ports slaved to one another and did dhcp-client on the ether port connected to your ISP modem. But how did you manage to have internet connection from the second set of ether ports?
The ports are slaved to a master port.
The Cable Modem from the ISP is giving out public IP-addresses via DHCP
My ether1(Master) I set up as a DHCP-Client and is able to get a public IP-address, is reachable from the outside and updates DynDNS using the script
My ether2 and 3 (Slave) ports are connected to STB’s I have to rent from the ISP : They use some kind of multicasting to receive their private IP-address from the Cable Modem but seeing that it is a Switch now that is no problem.
Tried ether4 as a slave connected to my old wifi-router and it is also getting a public IP-address (as it is still on the Switchports)
Then for testing I created a bridge called LAN and placed ether6-10 inside the bridge
assigned a DHCP-pool to the bridge and create a simple NAT Rule :
Added my NAS into a separate network on ether5 and enabled igmp-proxy for ether 5 and the “LAN”-Bridge (for DLNA on my LG TV connected through the LAN) after installing the multicast package.
Still very new to routerOS so I haven’t applied filters in my firewall yet and all networks are automatically routed together as they are directly connected to the same router.
So will still have to configure which traffic can go where but this shouldn’t be a problem to my desired setup or the current setup.
Tips and tricks on how to does this best are greatly appreciated.
Here is some info about ‘default’ firewall rules.
If you have no special requirements, the following firewall rules are advised.
/ip firewall filter
add action=drop chain=input comment=“Drop invalid connections” connection-state=invalid
add chain=input comment=“Accept established connections” connection-state=established
add chain=input comment=“Accept related connections” connection-state=related
add chain=input comment=“Allow access from local network” in-interface= src-address=x.x.x.x/24
add action=log chain=input comment=“Log everything else” disabled=yes log-prefix=“IPv4 Drop input:”
add action=drop chain=input comment=“Drop everything else”
add action=drop chain=forward comment=“Drop invalid connections” connection-state=invalid
add chain=forward comment=“Accept established connections” connection-state=established
add chain=forward comment=“Accept related connections” connection-state=related
add chain=forward comment=“Allow traffic from Local network” in-interface= src-address=x.x.x.x/24
add action=log chain=forward comment=“Log everything else” disabled=yes log-prefix=“IPv4 Drop forward:”
add action=drop chain=forward comment=“Drop everything else”