I have just built a pc based mikrotik router running v2.9.10. What i intend to do is put it between my dsl modem/router and my access point to trottle down p2p file sharing. My dsl modem hands out ip’s between 192.168.1.100/199, my ap has a static address of 192.168.1.73. both have the same subnets. What i am confused about is what ip addresses to give my local and public cards. Many thanks
I would investigate setting the box up as a bridge. That way you don’t need to worry about changing your existing IP scheme, the box just needs a management address on your existing network.
Regards
Andrew
I am still configurating this pc based router to work, but now i am trying to set up a NAT rule on it. I am doing what is says on the website word for word, but when i try to enter the following command…look what happens
Terminal xterm detected, using multiline input mode
[admin@MikroTik] > /ip firewall dst-nat
no such command or directory (dst-nat)
[admin@MikroTik] >
What am i doing wrong?
What website did you use for configuration? Try this: http://www.mikrotik.com/docs/ros/2.9/guide/basic
Yes this it the site i have tried and followed by the book. Thanks
When I look to basic setup guide from link that I have sent to you, I am not able to find commands that you describe in your post (ip firewall dst-nat). Have you succeeded with installation?
That command line works on my routers. Maybe you do not have all required packages installed?
i have managed to input in the firewall command to set up masquerading…finally. Now i am trying to ping the mt router to check that all is working by connecting my pc directly into the local ethernet card on the mt router via x-cable. Am i doing this wrong? it is coming up on my status as limited or no connectivity, it is not giving me an ip address, should it? i have also inputed the address of the mt router into my gateway settings on my pc. my mt router has an ip address in the local side of 192.168.10.0, would this be an invalid ip, shoud the 0 at the end be a different number?
A x-over cable is correct for connecting a PC directly to the router. Check the link to be sure, there should be a link light on both interfaces which comes on when you plug the cable in.
The “limited or no connectivity” message is what windows reports when you have an interface configured as a DHCP client and it was not able to obtain an IP address from a DHCP server. You need to specifically configure a DHCP server on the router as described here:
http://www.mikrotik.com/docs/ros/2.9/ip/dhcp
For now, I would set up a static address on the PC for testing purposes. Also, the static address you have assigned on the router is a network address i.e. addresses the whole network. You will need a host address between 192.168.10.1 and 192.168.10.254 on both the router local interface and the PC (different addresses on each) assumming you are using a subnet mask of 255.255.255.0 or /24. You should now be able to ping from the PC to the router and from the router to the PC with the command /ping <ip_address_of_PC>.
Then try to ping from the router to the device connected the other side of the router (dsl modem?) . If this works, you have configured the router to sit between two different networks. You then need masquerading and a default route to provide routing from the PC to the dsl modem and the outside world. The default route simply describes where to send packets that have a destination address which is not on the two networks directly connected to the router. In this case we will want to send them out of the dsl modem to your ISP. So the default route would be configured like this:
[admin@mymt] ip route> add dst-address=0.0.0.0/0 gateway=ip_address_of_dsl_modem
The 0.0.0.0/0 address and subnet mask just signifies “any packet we don’t know what to do with from the other routing table entries”. Because the router knows that the ip address of your dsl modem is directly connected to a certain interface, it will send all the packets out of that interface. You’ll notice that you have two other routing table entries (/ip route print) that were added automatically when you added IP addresses to the two interfaces of the router. These entries tell the router what to do with packets that are destined for the two directly connected networks.
'Hope that helps.
Great! Thanks GJS i will try what you said. I am crazy to get this working just to see what sort of job it can do on trottleing down p2p on my network. Btw i have tried to disable nat on my router and other various things for the purpose of this but lost internet connectivity. If i leave the router alone for the moment until i get the mt working will it pass internet traffic for the moment until i get it half up and going?
Thank’s.
Yes, don’t worry about the NAT on the dsl router for now. It just means you will have a total of three networks and be doing double NAT, something like this:
(Public IP, Net 1)-DSL Router-(private IP, Net 2) — (Private IP, Net 2)-MT Router-(private IP, net 3)-----(private IP, net 3)-(PC)
So you see that the MT will translate the PC’s net 3 address to the net 2 address on the other side of the MT and then the DSL router will translate the net 2 address to the public address of net 1, then out to the Internet.
P2P throttling has worked quite well for me with MT. My wireless ISP operation would be fairly stuffed without it.
Good Luck!
Ok, I have done all of the above. I have gave the router a static address of 192.168.10.3 in /SETUP. I have gave my pc, which is connected directly to the router via x-cable, the address of 192.168.10.5. I am able to ssh into the router via my pc and also winbox into it. I can ping the router from my pc, but i cannot ping the pc from the router. What could be wrong?
Forget that last post, i managed to get it working, turns out it was a firewall problem. I have given my public interface the address of 192.168.1.217. I have setup dhcp client in the instructions in the link given by GJS. When i connect up my dsl router which gives out leases in the range of 192.168.100-199, it does not obtain one although it says it is searching. Also i have set up dhcp server on the local interface which has an ip of 192.168.10.3, i have it a pool of 172.16.0.10-20. this also does not work, anyone see what im doing wrong??? Many Thanks for all your help 
im finally getting places with this router, at last. I have managed to set it all up, have it give me an ip address with not problem, but when i plug the public card into a dsl router it just gives the message “searching”. It does not seem to be able to obtain an ip address. Is there anything i could try?
Have you tried it with a static address on the public interface? This would then prove that it’s a DHCP problem rather that the address or other data that’s coming from the DSL modem.