First config

morina · September 12, 2019, 11:09am

Hi All
Im just in first steps on networking and im facing a situation that i need to solve.
I have 2 pc with different connection in the office with 2 separated networks:
-1 pc access on the internet IP 192.168.20.10/24
-2 pc access on the intranet with IP 192.168.100.40/24
I want to use just one laptop so i can access on both connections.

I configured IP 192.168.20.10 as WAN on mikrotik with ip lan 192.168.200.1/24 and i got internet connection on my laptop that has IP 192.168.200.254.

I need help to configure the intranet IP 192.168.100.40 on mikrotik so at my laptop i can use both : internet connection and intranet

Regards

morina · September 12, 2019, 2:49pm

Has anyone face this before? Cold some one give me some advice?

morina · September 13, 2019, 7:33am

Hi All ,
After some researches i did some configuration .
When i enable the firewall mangle rule i can access ip of intranet on web but i dont have internet connection on 192.168.200.254. If i disable the rule i just have internet connection
Cold someone take a look and give me advice at what part i mess.
Thank you.

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=
!192.168.200.0/24 new-routing-mark=wan2 passthrough=yes protocol=tcp
src-address=192.168.200.254
/ip firewall nat
add action=masquerade chain=srcnat out-interface= ether1
add action=src-nat chain=srcnat routing-mark=wan2 to-addresses=192.168.100.40
/ip route
add distance=1 gateway=192.168.100.40 routing-mark=wan2
add distance=1 gateway=192.168.20.10

mkx · September 13, 2019, 8:46am

You should post complete configuration as all of the details matter … run /export hide-sensitive and post it here inside [code] [/code] block.

morina · September 13, 2019, 9:33am

Hi mkx,
Thank your for your replay.
Here is my configuration.
I was making some test and if i put "dst-port=80" on mangle roule i could access some part form intranet through web on port 80 but no on another ports and i have internet connection on 200.240

jan/01/2002 22:14:02 by RouterOS 6.30.4

software id = H21S-MBQG

model = 951Ui-2HnD

/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=wan1
set [ find default-name=ether5 ] name=wan2
set [ find default-name=ether3 ] name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap group-ciphers=tkip,aes-ccm management-protection=allowed mode=
dynamic-keys name=profile1 supplicant-identity="" unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=profile1 ssid=MT
/ip dhcp-server
add disabled=no interface=bridge1 name=dhcp2
/ip pool
add name=dhcp_pool0 ranges=192.168.200.2-192.168.200.254
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=LAN
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether2
/ip settings
set rp-filter=loose
/ip address
add address=192.168.20.10/24 interface=wan1 network=192.168.20.0
add address=192.168.200.1/24 interface=bridge1 network=192.168.200.0
add address=192.168.100.40/24 interface=wan2 network=192.168.100.40
/ip dhcp-server lease
add address=192.168.200.240 client-id=1:d4:85:64:6c:4:c mac-address=D4:85:64:6C:04:0C server=dhcp2
add address=192.168.200.250 client-id=1:60:36:dd:ba:3c:fe mac-address=60:36:DD:BA:3C:FE server=dhcp2
add address=192.168.200.251 client-id=1:b8:d7:af:a1:bd:6b mac-address=B8:D7:AF:A1:BD:6B server=dhcp2
/ip dhcp-server network
add address=192.168.200.0/24 dns-server=8.8.8.8,192.168.20.1 gateway=192.168.200.1
/ip dns
set servers=8.8.8.8,192.168.20.1
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!192.168.200.0/24 new-routing-mark=wan2 passthrough=yes
protocol=tcp src-address=192.168.200.240
/ip firewall nat
add action=masquerade chain=srcnat
add action=src-nat chain=srcnat routing-mark=wan2 to-addresses=192.168.100.40
/ip route
add distance=1 gateway=192.168.100.40 routing-mark=wan2
add distance=1 gateway=192.168.20.1

set db-path=user-manager
[user@MikroTik] >

CZFan · September 14, 2019, 9:41am

If this device is directly connect the world wide web, I suspect you might have some bigger problems as the device might already be compromised. “jan/01/2002 22:14:02 by RouterOS 6.30.4”

Read up on netinstall, then apply at least 6.44.5 long term version with netinstall.

anav · September 14, 2019, 10:53pm

I feel dirty just looking at that OS…

morina · September 19, 2019, 2:08pm

Its ok now thanks for your device