Get an internet connection + Hotspot

RouterOS Beginner Basics
1

Hello!

First, I’m sorry for my bad English… I’m from Austria.

I’m sitting here in front of a Routerboard 750.
Winbox works great, but I’m not able to configure the device, to getting Internet Access on ether2.

An overview:

Router #1 (4port, DHCP Server, Internet Access) - this device is already configured.
Now I want to connect Router #1 to the Mikrotik RB750 on ether1. On ether 2 I want to connect to an Linksys WRT54g (Wlan).

The aim of my project is to set up an Hotspot.

I have found a lot of Tutorials to set up an Hotspot, but before I have to get Internet working on ether2?!

Please help me!

Thanks!

PS: Is there somebody, who speaks German?

2

While there are Germans (hi!) and Austrians on the forum, the forum language is English so that everyone can benefit from questions and answers.

Configure IP addressing (often a /30) between router 1 and router 2 so they can talk to one another and can ping one another. Then setup ether2 as a separate network and use the AP to bridge traffic to it, and set up a Hotspot on ether2. How exactly you configure NAT depends on how router 1 (the one that already has Internet access) is set up.

If you want more specific help, you’ll have to give more specific details - like what is router 1, how is configured, etc.

3

Thanks for your answer!

Ok… I want to do these thing step by step, please…

Configure IP addressing (often a /30) between router 1 and router 2 so they can talk to one another and can ping one another.

What does is mean: “often a /30”?

At this time I have not configured a bridge.
The other configurations can you see here:

http://img843.imageshack.us/g/routelist.jpg/

Please help me to get an internet access!

Thanks!

4

Let’s start at the beginning: “Router #1 (4port, DHCP Server, Internet Access) - this device is already configured.” - what is router 1 (make, model) and do you have full administrative access to it?

5

Hello!

Router One is a Thomson Speedtouch 546, 4port Modem. On this device runs a DHCP Server, and it is directly connected to the Internet (PPTP). On Port 1 there is connected the Admin PC. On Port 2 I want to connect with the Mikrotik RB750.

IP: 192.168.1.1
Subnet: 255.255.255.0
DNS: ISP
The connected PC of this device gets the following IP’s: 192.168.1.2 - 192.168.1.100

And yes, I have full Admin access!

Thanks!

//edit: Overview
Hotspot.png

6

On the RB750, remove the 192.168.88.1/255.255.255.0 IP address by selecting it and clicking the “-” (minus) button in the list. Then add a new IP address on ether1, I would suggest 192.168.1.254/255.255.255.0. Then go to IP > Routes and add a route for 0.0.0.0/0 with a gateway of 192.168.1.1.

At this point the RB750 should have Internet access and you should be able to ping hosts on the Internet.

7

Hello!

Thanks for the perfect instruction :slight_smile:

On Mikrotik I’am able to ping 192.168.1.254 and 192.168.1.1. But I’m not able to ping 192.168.1.1 or 192.168.1.254 from my Laptop (Port 2)

I’m connected with Mikrotik on Port 2 and Port 1 is connected with Speedtouch 546.
new.jpg

8

Navigate to IP > Hotspot and click the “Hotspot Setup” button and follow the wizard. Use an IP address other than what you have on ether1 - something like 172.16.0.1/255.255.255.0 is probably a good idea. At that point you can plug your laptop into ether2, you will receive an IP on that network and will get a Hotspot splash page when firing up your browser. To distribute via wireless, make sure that the AP is bridged to that network.

9

Hallo!

I’m able to ping 192.168.1.1, 192.168.1.254 and 172.16.0.1.

I’ve got a IP from the DHCP Server (172.16.0.1)

But, when I go to google.com → Error, Server not found!

When I go to 172.16.0.1 a Login Form appears. I have given in the admin password, and there only came a statistic?!

The only thing, which doesn’t work, is the internet ?!
new.jpg

10

In the Hotspot wizard, what did you fill out for a DNS server? You can also do an “ipconfig /all” on your Windows laptop behind ether2 and look at the DNS server listed there.

What is that IP? If it’s 172.16.0.1, you will need to go to IP > DNS > Settings and fill out the ISP’s DNS servers, and check “Allow Remote Requests”.

11

Hello!

The result of ipconfig /all:
DNS: 172.16.0.1, 195.3.96.67 (ISP, true) and 213.33.98.136 (ISP, true)

How can I remove the 172.16.0.1?

But, in spite of this… For every site, the login form appears. If I type in the right user… → server not found.

What’s wrong?

Thanks!!

12

If it’s 172.16.0.1, you will need to go to IP > DNS > Settings and fill out the ISP’s DNS servers, and check “Allow Remote Requests”.

and fill out 195.3.96.67 and 213.33.98.136 as the servers.

Without valid DNS, you will see weird Hotspot behavior. First fix DNS as above, then try again.

13

Hello!

Overview: At this time: I get IP and DNS from the DHCP Server. But If I want to go to google.com, an error (Server not found) appears. If I type in an certain IP Adress, the Login Site appears - After typing in the username and password → again Server not found.

I’ve filled out the DNS (click on Settings) and further I’ve created an static entry…

If I uncheck “Allow Remote Requests” the result of ipconfig /all is: DNS Server: 195.3.96.67, 213.33.98.136
And if this is checked, 172.16.0.1 is also a DNS Server…

I’ve tried to type the DNS Servers manual, but it also doesn’t work.

Probaly I have to change config on Speedtouch 546? Must I add a static route, or must I change RIP direction?

But I don’t think that the DNS is the problem. Because I’m not able to ping an external Website (72.14.221.103 (google.com)) from the RB750. And if even the RB750 has no internet connection… or its a Firewall Problem?!

Here the config:
new.jpg
Here the Firewall (NAT) config:
fw2.jpg
fw1.jpg
Thanks for your efforts!!!

14

Has nobody a solution for my problem?

Thanks

15

up

16

Instead of pictures, post the command line output of the below (you can click on the New Terminal button in Winbox please copy and paste the results and put them into (code) tags - but instead of () - rather than posting screenshots):

/ip address print detail
/ip route print detail
/ip dns export
/ip firewall export
/ip hotspot export
/ip pool export
/ip dhcp-server export
17

Hello fewi!

Yesterday, I resetted the system config and tried again all steps…
Result: I’m not able to ping an external website from RB750. But ping on 192.168.1.1 is no problem!
Maybe I have to config 192.168.1.1 ?! (RIP or a static route?)

Hotspot works only with IP Adresess. That means, the login screen only appear, if I want to go to e.g. 192.168.1.1. If I want to go to google.com → Server not found.

Thanks!


adress print detail:

[admin@MikroTik] /ip>> address print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   address=192.168.1.254/24 network=192.168.1.0 broadcast=192.168.1.255 
     interface=ether1 actual-interface=ether1 

 1   ;;; hotspot network
     address=172.16.0.1/24 network=172.16.0.0 broadcast=172.16.0.255 
     interface=ether2 actual-interface=ether2

route print detail

[admin@MikroTik] /ip>> route print detail 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 A S  dst-address=0.0.0.0/0 gateway=ether1 gateway-status=ether1 reachable 
        distance=1 scope=30 target-scope=10 

 1 ADC  dst-address=172.16.0.0/24 pref-src=172.16.0.1 gateway=ether2 
        gateway-status=ether2 reachable distance=0 scope=10 

 2 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.254 gateway=ether1 
        gateway-status=ether1 reachable distance=0 scope=10

dns export:

[admin@MikroTik] /ip>> dns export 
# jan/02/1970 00:14:23 by RouterOS 4.9
# software id = AL3N-4QV8
#
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=195.3.96.67,213.33.98.136

firewall export:

[admin@MikroTik] /ip>> firewall export 
# jan/02/1970 00:14:47 by RouterOS 4.9
# software id = AL3N-4QV8
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=172.16.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

hotspot export:

[admin@MikroTik] /ip>> hotspot export 
# jan/02/1970 00:15:29 by RouterOS 4.9
# software id = AL3N-4QV8
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=\
    default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name="" hotspot-address=172.16.0.1 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=\
    hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot
add address-pool=hs-pool-2 addresses-per-mac=2 disabled=no idle-timeout=5m \
    interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 \
    status-autorefresh=1m transparent-proxy=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=admin profile=default

pool export:

[admin@MikroTik] /ip>> pool export 
# jan/02/1970 00:16:18 by RouterOS 4.9
# software id = AL3N-4QV8
#
/ip pool
add name=hs-pool-2 ranges=172.16.0.2-172.16.0.254

dhcp-server export:

[admin@MikroTik] /ip>> dhcp-server export 
# jan/02/1970 00:16:39 by RouterOS 4.9
# software id = AL3N-4QV8
#
/ip dhcp-server
add address-pool=hs-pool-2 authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=ether2 lease-time=1h name=dhcp1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=172.16.0.0/24 comment="hotspot network" gateway=172.16.0.1
18

Edit the route with a destination of 0.0.0.0 and set the gateway IP to 192.168.1.1, and edit the DHCP server network and add a DNS server IP of 172.16.0.1

If it doesn’t work at that point, there’s probably something wrong with 192.168.1.1.

19

@fewi
Thanks very much for your help!!! :smiley:

Now its works.

One question: (I have installed Usermanager) Is it possible to save the surfing log of the users?

And the Log should be sent per mail.

Does it works?

Thanks

20

Look at Proxylizer. http://wiki.mikrotik.com/wiki/Proxylizer
It will collect the logs for the RouterOS Proxy and generate reports…

Fewi…
Correct me if I am wrong.. (Would NOT be the 1st time !!)
The hotspot eather does NOT use the “same” proxy or uses none at all (firewall rules), so there would be no proxy logs generated..

That being said, a DestNAT rule could be added at the end of the chain forcing web traffic thru the onboard proxy, and then the logs shipped off to the proxylizer for reporting.

Another way of obtaining logs via email is “syslog2odbc”… http://sourceforge.net/projects/syslog2odbc/
You send the logs to syslog2ODBC, it stores them on a SQL server, then generate a “job” on the SQL server to email the log data at the desired schedual..

Proxylizer is probably the way to go for “caned data”..