Help: CCR-1036 for mall

mati83 · August 27, 2014, 9:35pm

Hi guys,

I’m trying to configure a Mikrotik CCR-1036 for a shopping mall but this is my first time working with Mikrotik and I really need your help

I need three interfaces configured like this:

ether1: Access for management.
I configured it to run with the IP 172.50.0.1/30 and I’m accessing the router with a fixed IP of 172.50.0.2.
Is working great.

ether2: WAN. This is my connection to the ISP so has to be my gateway.
It is working as DHCP client, receiving all the configuration correctly (ip, gateway, dns, etc.).
Is working great because when I’m connected to ether1 I have internet

ether3: DHCP server.
This is where I have the problem because is not working
I want the DHCP server to start with the IP 172.50.0.26 and use 255.255.252.0.

When I connect my computer or any device to the ether3, looks like is not getting a proper IP address. I’m not sure if the problem is in the configuration of the DHCP or some other conflict…

Since I know is easier for all of you, I’m including screenshots with all my configurations, I think all the relevant information is going to be there (I’m including also the screenshot of the Leases tab with one device connected).
add firewall.PNG
Of course, if you need anything else to help me, please let me know and I’ll send you whatever data you need.

Thanks A LOT!!!

agehall · August 28, 2014, 8:05am

I think your masquerade rule looks a bit fishy. Normally, you only want to do masquerading on packets exiting via your WAN uplink.

What other firewall rules do you have?

joegoldman · August 28, 2014, 11:57am

Under the ‘Networks’ tab, the ‘Address’ should be the full subnet, so 172.50.0.0/22.

Also change your srcnat masquerade rule out-interface from ‘all ethernet’ to just ‘ether2’, since that’s your WAN.

Remember, you are using a /22 which is quite large - and Mikrotik DHCP server will start at the top (172.50.3.254).

mati83 · August 28, 2014, 2:03pm

I changed the NAT Out. Interface to ether-WAN but still not working.
(agehall - this is my only firewall rule)

About the Network tab of the DHCP Server, I can’t enter 172.50.0.26/22 in ‘Address’ because is returning an error (“IP expected”) so I’m using the Netmask field where after inserting 255.255.252.0, it was automatically converted to ‘22’.

But still not working…

mati83 · August 28, 2014, 2:08pm

Also, when connecting to ether3 (the one with the DHCP server), this is the configuration I’m getting, with wrong Subnet Mask and no Gateway:

mati83 · August 28, 2014, 4:57pm

Good news, I found the problem!
The gateway was not on the complete range of the DHCP!!
Thanks for your help!