Help with 3.10 routerOS! 2 Nics Gateway

rednetwifi · July 7, 2008, 10:32am

Hello.
Please can someone help me or point me in the correct direction as i am very new this this. I want to have a machine was acts as a gateway for my network.

Can someone post instructions on how i would do this.

I have a machine with 2nics

Nic 1 192.168.0.251
Nic 2 192.168.9.100
ADSL modem: 192.168.9.1
Squid: 192.168.0.2
DNS server: 192.168.0.3

Customers IP: 192.168.0.x/24 -------> MicroTick 192.168.0.251 ---------> Squid 192.168.0.2 --------> Adsl Modem ----> 192.168.9.1

I want to make a gateway where all my clients will use 192.168.0.251 and then be routed off to 192.168.9.1 for the ADSL modem we have.

From winbox i can ping all the places but i am guessing i need a NAT rule or a routing rule… i dont know.

Once i have this working i want to add Squid in transparant mode in to the mix and redirect all web traffic to that my squid ip is 192.168.0.2, so when a customer looks on the internet it checks the cache..

Is there anyone out there who can help with getting this done.

Help i am so stuck! Time for Coffee…

Thanks in advance.

ashish · July 7, 2008, 11:14am

have a machine with 2nics

Nic 1 192.168.0.251
Nic 2 192.168.9.100
ADSL modem: 192.168.9.1
Squid: 192.168.0.2
DNS server: 192.168.0.3

What i understand is
NIC2-192.168.9.100 is connected to ADSL Modem &
NIC1-192.168.0.251 is connected with your Local Network - to you customer.

You have already configured IP address.
add Default route

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.9.1 comment"Defaulf gateway connected to ADSL Modem"

add firewall nat rule
/ip firewall nat
add chain=srcnat src-address=192.168.0.0/x action=src-nat to-address=192.168.9.100

Pl check this and if it work than we will go further to make MT as a cache server.

rednetwifi · July 7, 2008, 12:07pm

Thank you.

I have tried it and it did not work? Going to reset it and try agian, in case i have made a mistake

Would i need to add a DHCP server to the internat network

rednetwifi · July 7, 2008, 12:52pm

Ok i have added a DCHP server, and this is what is happening.

I have a DHCP address which has been assigned:

IP 192.168.0.98
SUBNET: 255.255.255.0
GATEWAY: 192.168.0.251

i can ping 192.168.0.251, and i can ping 192.168.9.100

however i can not ping 192.168.9.1 - destination is unreachable.

jwcn · July 7, 2008, 1:04pm

Umm. Shouldn’t this:
add chain=srcnat src-address=192.168.0.0/x action=src-nat to-address=192.168.9.100

be this:

add chain=srcnat src-address=192.168.0.0/x action=masq

??

rednetwifi · July 7, 2008, 1:49pm

Going to try it now. Thanks for the input

rednetwifi · July 7, 2008, 3:40pm

here is the parts on the export

/ip address
add address=192.168.0.251/24 broadcast=192.168.0.255 comment=“local Lan” disabled=no interface=ether1 network=192.168.0.0
add address=192.168.9.100/24 broadcast=192.168.9.255 comment=WAN disabled=no interface=ether2 network=192.168.9.0
/ip dhcp-server network
add address=192.168.0.0/24 comment=“” dns-server=80.58.0.33 gateway=192.168.0.251
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=0.0.0.0 secondary-dns=0.0.0.0
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no src-address=192.168.0.0/24
/ip route
add comment=“Gateway to modem” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.9.1 scope=30 target-scope=10

jwcn · July 7, 2008, 3:50pm

ip add pr
ip fire nat pr
ip route pr

rednetwifi · July 7, 2008, 3:52pm

ADDRESS NETWORK BROADCAST INTERFACE

0 ;;; local Lan
192.168.0.251/24 192.168.0.0 192.168.0.255 ether1
1 ;;; WAN
192.168.9.100/24 192.168.9.0 192.168.9.255 ether2

Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=192.168.0.0/24

DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE

0 A S ;;; Gateway to modem
0.0.0.0/0 reachable 192.168.9.1 1 ether2
1 ADC 192.168.0.0/24 192.168.0.251 0 ether1
2 ADC 192.168.9.0/24 192.168.9.100 0 ether2

rednetwifi · July 7, 2008, 10:18pm

Still Stuck… can anyone post me a step by step sheet to get this working? PLEASE i am pulling my hair out!!!

Please can some one save the day… This must be something i am doing wrong as i would imagine this is one of the most basic funcations… Thought it would not be this hard.

Had enough for today 11 hours of trying and got no where quickly…

Good Night, hopefully some more luck in the morning.

jwcn · July 8, 2008, 1:17am

Delete you current NAT rule.
Add this in:
ip firewall nat
add chain=srcnat action=masquerade
Delete your current route rule.
Add this in:
ip route
add dst-address=0.0.0.0/0 gateway=192.168.9.1

Make sure you can ping 192.168.9.1 from within winbox or the CLI

rednetwifi · July 8, 2008, 5:03am

Excellent news… it worked! Thank you so much for your assitance, why did the other rules not work? Now just got to get redirected traffic to squid on 192.168.0.2 and my project is almost done…

Time to backup the system.

Thanks again!!!

jwcn · July 8, 2008, 5:45am

http://forum.mikrotik.com/t/setting-up-squid-on-2-9-51/21156/1

rednetwifi · July 8, 2008, 6:35am

Thank you.