It’s very possible that this question has a simple answer but I probably didn’t use the correct search terms so I couldn’t find anything appropriate.
I have the following configuration:
Internet -> Cable Router (third party) @192.168.0.1 -> DMZ entry pointing to Mikrotik Router @192.168.0.240 ->Mikrotik Router external IP 192.168.0.240, internal IP 192.168.1.1
Mikrotik is set up in Router mode. Its address is 192.168.1.1, DHCP-Server on it is set up and is supposed to serve from the pool 192.168.1.10-192.168.1.254.
But for some strange reason, all machines within the Mikrotik LAN are getting DHCP leases from the cable router at 192.168.0.1 in the 192.168.0.0/24 range.
How is this even possible when I didn’t open up any ports on the firewall (such as UDP 67/68 in this case)? What am I missing here?
Sure. No mistake there. It’s not actually internet but the wired connection to the other subnet (192.168.0.0/24) which in turn is connected to the internet.
I didn’t export anything because it’s all default configuration, with updated packages and firmware. No special firewall rules, no NAT rules (except the standard masquerade). I can post it here tomorrow but I don’t think it will show anything interesting. Any specific configs you had in mind?
InoX wrote:
You know that internet must enter in the WAN port…
It’s not actually internet but the wired connection to the other subnet (192.168.0.0/24) which in turn is connected to the internet.
As far as your Mikrotik is concerned it is the “internet” for all intents and purposes. Just like your ISP’s provided router connects in to your ISPs network and not the “greater internet.” This is really semantics.
What InoX was getting at is that: have you ensured that your WAN link from your ISPs modem is connected to the WAN port on your Mikrotik router?
Currently it sounds more like your “WAN” port is configured as a switch port and is basically in bridge mode, thus your devices connected to a switched interface would receive an IP from your ISPs modem versus your Mikrotik.
You want to ensure that your WAN port is configured as a routed port. You will then need a mangle/NAT in place to allow traffic to traverse your Mikrotik LAN → WAN.
Sorry, I am not at home in front of my CCR to give you specific commands, and I come from a very strong Cisco Engineering background so I don’t know the commands for Mikrotik off of the top of my head yet.
Whatever port has the internet modem on it, say ether1… go into interfaces → ethernet and edit the interface. Make sure that master port is set to none.
Then if you have any bridges configured, make sure that ether1 is not included on any of them.
DHCP relies on a layer 2 broadcast to get its job done, so if your LAN devices are able to send a DHCP request that the modem is able to see, then there is a bridge between your LAN and your WAN - period.
(unless you configured dhcp relay, but then you’d know good and well that you configured this, so obviously, that’s not the issue)
If your router isn’t doing this, then some other switch is plugged into your WAN and your LAN.