Despite all my attempts I still cannot get NAT to work between my wired and wireless connections on my RB411. I have read the basic guide and the FAQ on natting, and I fully understand the concept, I just can’t seem to get it working. Here is my setup:
ether1 - DHCP client, receives a dynamic IP in the range 134.219.138.1/24
wlan1 - Bridge mode, DHCP server, assigns correctly from the pool 192.168.0.1/24, though I always get 192.168.0.254 for some reason, not 192.168.0.1…
My ether1 connection ended up with the address 134.219.138.77, so I set up the NAT rules (though they didn’t work), but what if my assigned ether1 IP changes? I doubt I would have to reconfigure NAT each time…
Can anyone turn my description of my situation into some NAT rules that will let me access the net from my wireless please?!
This should work for dynamic ip on ether1
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1
And wlan1 should be in ap-bridge mode if you want more than one client to connect.
If you are assigning 192.168.0.1/24 with dhcp, what ip did you assign to wlan1? I normally use 192.168.0.1 for the localnet gateway (wlan1 in this case), and my dhcp issues 192.168.0.4-192.168.0.254
I tried ap-bridge, but it said my license didn’t permit it, seems odd that I can buy an expensive bit of hardware that doesn’t do what a cheap commercial router can. Is there no setting to make it act like a wireless router? I think I have a level 4 license.
I tried that masquerade rule, but I think I may have given it the wrong interface, so I will try again.
Routes:
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
The RB411 only comes with a Level 3 license which doesn’t support AP-Bridge mode. That takes a level 4 license. You can run Bridge mode with the level 3 license device which will only connect to a single wireless device at a time.
You can see the RouterBoard license with:
[admin@MikroTik] >/system license print
The RB411 is designed for wireless CPE not really as wireless router. At $49 it is not considered ‘expensive’ for Mikrotik.
I have since reset the whole configuration, and default routes were established, but I have a question. Should default routes point to the router or the public IP? Because I ran setup and it went to the public IP, I’m not sure that’s right..
For Mikrotik maybe not, but bear in mind that price is just the board. To make a fair comparison you have to add a case, wireless card and antenna. I paid just over 100GBP for mine, which is much more than the standard wireless routers for SOHO users, I just assumed I would be able to use it as an AP, which I imagine is the main reason people buy wireless hardware.
Anyway I digress. This thing still refuses to work, the wireless interface between my RB411 and my laptop works fine, hands out DHCP addresses and lets me login and configure the device. The wired interface between me and the campus DHCP server appears to work fine, it gets an address in the right subnet anyway. There is a single NAT rule, to masquerade all traffic on the srcnat chain on my wired connection. Still no joy.
I can post my config again if it helps, but essentially its the same as before, clearly whatever was wrong is still wrong.
Ok, here is the config. For some reason my ether1 DHCP address is coming back on an odd subnet, I think it’s the network authentication server, but I still get nothing in my browser.
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=ether1
[admin@MikroTik] >> /ip dhcp-client print
Flags: X - disabled, I - invalid
# INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS
0 ;;; added by setup
ether1 yes yes bound 10.0.33.169/22
[admin@MikroTik] >> /ip dhcp-server export
# jan/01/2000 00:21:04 by RouterOS 3.0
# software id = ####-###
#
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no \
interface=wlan1 lease-time=3d name="dhcp1"
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.0.0/24 comment="" gateway=192.168.0.1
[admin@MikroTik] >> /ip pool print
# NAME RANGES
0 dhcp_pool1 192.168.0.2-192.168.0.254
[admin@MikroTik] >> /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; added by setup
192.168.0.1/32 192.168.0.0 192.168.0.255 wlan1
1 D 10.0.33.169/22 10.0.32.0 10.0.35.255 ether1
[admin@MikroTik] >> /ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 unreachable 134.219.138.1 1
1 ADS 0.0.0.0/0 reachable 10.0.32.1 0 ether1
2 ADC 10.0.32.0/22 10.0.33.169 0 ether1
3 ADC 192.168.0.0/32 192.168.0.1 0 wlan1
[admin@MikroTik] >> /system routerboard print
routerboard: yes
model: "411"
serial-number: "185F01FF7865"
current-firmware: "2.12"
upgrade-firmware: "2.12"
If we assume that the DHCP server on the ether1 side of this router will provide DHCP services correctly AND that it provides a DNS server to your router, then this configuration looks like it should work. Your DHCP client (on your laptop or whatever) should be getting a dhcp assigned dns server address. Is that true?
you have access to this forum, i assume you have internet somewhere. just download the 3.30 packages, and then winbox them to your router (drag from your PC to files window in winbox). 3.0 is really buggy and could be part of your problem.
I tried to upgrade with the 3.30 combined package, over winbox the router disconnects after 31.5kb of upload, tried mutliple times with multiple re-downloads. Over FTP it doesnt allow me to connect even though 21 is open. I reset my configs, still no joy. I don’t have a serial interface, so it looks like i’m screwed right? I tried the upgrade over wired and wireless, and with the individual packages as well, no joy…
Ok, finally FTP played ball and I have 3.30 running, but little has changed. I still have no access, and I still get this mystery 10.x.x.x address assigned to ether1, so I will investigate.
0 ;;; added by setup
192.168.0.1/32 192.168.0.0 192.168.0.255 wlan1
Delete that, and add 192.168.0.1/24. Leave the network and broadcast fields blank and hit apply. It looks like there was a /24 and then it was changed to /32.
To test things, do a traceroute right from the router. “/tool traceroute 204.16.170.40”
Still no love with this, is there a way to tell the dhcp client which server you want it to use? Aside from this I really dont see anything wrong with the config.