Help needed in configuration

mjemshy · April 19, 2013, 2:28pm

Hi All,

I am trying to configure mikrotik routeros for the below scenario, but I am not getting things on my way.If some one can guide or help me out to provide the solution then that would be a great help.

Scenario:-
the RouterOS PC has 2 network interface card installed
one is connected to ISP (to connect the Internet), Second interface is connected to my home Switch (connects private network).
Ip address on the mikrotik PC interface which connects ISP router is 192.168.1.100/24
IP address on the mikrotik PC second interface which connects LAN switch is a trunk interface with multiple vlan IPs.
Interface Vlan 10 ( 10.10.10.1 /24)
Interface Vlan 20 (10.20.20.1/24)
Interface vlan 30 (10.30.30.1/24)

Default gateway of ISP router is 192.1681.1

The objective is to have all these three user vlans need to be NATed through 192.168.1.100 to have Internet access.

I appreciate your help and thanks

samehsallam · April 19, 2013, 7:35pm

What is the system that you want to work؟
Fixed or pppoe …its

mjemshy · April 19, 2013, 9:42pm

Hi, I think pppoe for dsl . I am not using dsl I am using 3G router, which gets dhcp ip from ISP. I am connecting LAN interface of 3G router to my outside interface of the routeros 3G router LAN ip is 192.168.1.1. My routeros ip is 192.168.1.100

yuridee · April 20, 2013, 3:43am

I would do something like this, where:
queue simple - is to limit speed on each network to 1 mbps up/down
ip firewall filter - is to make each network private

Note: I didn’t go to the extend of testing the following code in the lab, but I used similar configuration in a few offices

/interface ethernet
set 0 name=Eth1-gateway
set 1 name=Eth2-trunk

/interface vlan
add interface=Eth2-trunk l2mtu=1594 name=vlan10 vlan-id=10
add interface=Eth2-trunk l2mtu=1594 name=vlan20 vlan-id=20
add interface=Eth2-trunk l2mtu=1594 name=vlan30 vlan-id=30

/ip address
add address=10.10.10.1/24 interface=vlan10
add address=10.20.20.1/24 interface=vlan20
add address=10.30.30.1/24 interface=vlan30

/ip dhcp-client
add disabled=no interface=Eth1-gateway

/ip pool
add name=pool10 ranges=10.10.10.100-10.10.10.254
add name=pool20 ranges=10.20.20.100-10.20.20.254
add name=pool30 ranges=10.30.30.100-10.30.30.254

/ip dhcp-server
add address-pool=pool10 disabled=no interface=vlan10 name=dhcp10
add address-pool=pool20 disabled=no interface=vlan20 name=dhcp20
add address-pool=pool30 disabled=no interface=vlan30 name=dhcp30

/ip dhcp-server network
add address=10.10.10.0/24 dns-server=10.10.10.1 gateway=10.10.10.1
add address=10.20.20.0/24 dns-server=10.20.20.1 gateway=10.20.20.1
add address=10.30.30.0/24 dns-server=10.30.30.1 gateway=10.30.30.1

/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
    8.8.4.4,8.8.8.8

/ip firewall filter
add action=drop chain=forward dst-address=10.20.20.0/24 src-address=\
    10.10.10.0/24
add action=drop chain=forward dst-address=10.30.30.0/24 src-address=\
    10.10.10.0/24
add action=drop chain=forward dst-address=10.30.30.0/24 src-address=\
    10.20.20.0/24

/ip firewall nat
add action=masquerade chain=srcnat src-address=10.10.10.0/24 to-addresses=\
    0.0.0.0
add action=masquerade chain=srcnat src-address=10.20.20.0/24 to-addresses=\
    0.0.0.0
add action=masquerade chain=srcnat src-address=10.30.30.0/24 to-addresses=\
    0.0.0.0

/queue simple
add max-limit=1M/1M name=queue10 target-addresses=10.10.10.0/24
add max-limit=1M/1M name=queue20 target-addresses=10.20.20.0/24
add max-limit=1M/1M name=queue30 target-addresses=10.30.30.0/24

mjemshy · April 20, 2013, 6:35am

Thank you boss, let me try this and get back to you.

mjemshy · April 20, 2013, 6:38am

Hi, does this configuration not contain routing , do
I need to add default route ?

yuridee · April 20, 2013, 12:59pm

routing are in “/ip firewall nat” and with “/ip dhcp-client” enabled system will create route automatically

from wiki page - http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Client
The MikroTik RouterOS DHCP client may be enabled on any Ethernet-like interface at a time. The client will accept an address, netmask, default gateway, and two dns server addresses. The received IP address will be added to the interface with the respective netmask. The default gateway will be added to the routing table as a dynamic entry. Should the DHCP client be disabled or not renew an address, the dynamic default route will be removed. If there is already a default route installed prior the DHCP client obtains one, the route obtained by the DHCP client would be shown as invalid.

also check basic routing examples here - http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

mjemshy · April 22, 2013, 6:42am

Thankyou boss, it is working only thing i need to add were “default gteways for the vlan interfaces and the DNS addresses”.