Help with this configuration.

alexwoellhaf · April 23, 2015, 4:42pm

I am trying to setup the following:

3 networks:
10.160.250.0/24 - Public Network
10.160.251.0/24 - Private Network
10.160.252.0/24 - Front Network

I have everything setup and it is all working except I am not getting internet access on any of the networks!

eth1: Comcast switch/modem its ip is 10.1.10.1
eth2: Public Network
eth3: Private Network
eth4: Front network

Here is my config file:

apr/22/2015 17:51:56 by RouterOS 6.28

software id = 8XY6-SF8M

/ip pool
add name=dhcp_pool1 ranges=10.160.250.100-10.160.250.254
add name=dhcp_pool2 ranges=10.160.251.100-10.160.251.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=3d name=
Public-Network
add address-pool=dhcp_pool2 disabled=no interface=ether3 lease-time=3d name=
Private-Network
/port
set 0 name=serial0
/ip address
add address=10.160.250.0/24 interface=ether2 network=10.160.250.0
add address=10.160.251.0/24 interface=ether3 network=10.160.251.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no
interface=ether1
/ip dhcp-server network
add address=10.160.250.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.160.250.1
add address=10.160.251.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.160.251.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=
10.160.250.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=
10.160.151.0/24
/ip route
add distance=1 gateway=10.1.10.1
/romon port
add disabled=no
/system clock
set time-zone-name=America/Detroit

Thanks for the help!

alexwoellhaf · April 23, 2015, 7:24pm

Note: I have not yet added the 3rd network (front network) thats why its not in the config.

evince · April 23, 2015, 7:29pm

Hello,

Can you post the configuration of your firewall rules please?

alexwoellhaf · April 23, 2015, 7:46pm

Screenshot: http://prntscr.com/6xcosd

ZeroByte · April 23, 2015, 8:07pm

I’m assuming that this is an artifact of your IP address sanitization - but your configuration shows the interface IPs as 10.160.25x.0/24 – that’s the network prefix and is an invalid IP address. Perhaps you’re really configured with 10.160.25x.1/24 on each interface. . .

I would also shorten the masquerade rule - you only need the masquerade rule once, and don’t specify the source.
It’s enough (and automatically works for any future LAN segments you may create later) to simply say masquerade if out-interface = ether1. No more rules are required.

Can the Mikrotik itself ping to internet hosts?

bkuhn · April 24, 2015, 4:56am

Is your DHCP client on ether1 receiving an IP address from the Comcast modem?

Atifrererrrr · April 24, 2015, 6:39am

You need to realign the antenna. Same hapened to me but I moved it left to right a lot until the signal was good. The antenna has lobes and you align them on that lobes. Also the signal must be identical ±3dbi. The link must have ~ -60dbi.

alexwoellhaf · April 24, 2015, 2:31pm

Yes

alexwoellhaf · April 24, 2015, 2:32pm

This box does not have WiFi radios.

alexwoellhaf · April 24, 2015, 2:34pm

It can bing the interwebs through port 1

ZeroByte · April 24, 2015, 2:42pm

Change your rules from this:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=10.160.250.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=10.160.151.0/24

To just this:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

Your config shows no rules for filter or masquerade.
Is this true? If you have filter or masquerade rules - try disabling them all and if that allows traffic to the Internet, then you can start to re-enable them one at a time until you find which one breaks stuff.

alexwoellhaf · April 24, 2015, 2:59pm

Changed that to:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

Maybe my gateway is wrong here?
http://prntscr.com/6xmho7

ZeroByte · April 24, 2015, 3:45pm

In your posted configuration, I see this:

/ip address
add address=10.160.250.0/24 interface=ether2 network=10.160.250.0
add address=10.160.251.0/24 interface=ether3 network=10.160.251.0

This is actually invalid.
.0 = the network prefix address, and is not a usable address in this case.

change these to be 10.160.250.1/24 and 10.160.251.1/24

alexwoellhaf · April 24, 2015, 3:51pm

I am getting this when I attempt to do that.
http://prntscr.com/6xn3ki

noyo · April 24, 2015, 4:01pm

Address: 10.160.250.0/24 - is a network
netmask: 24

alexwoellhaf · April 24, 2015, 4:06pm

I know this, ZeroByte told me to use 250.1/24 so I was replying to him.

ZeroByte · April 24, 2015, 6:56pm

Not in the network - that is the correct value for the network prefix.
Set the IP address.

alexwoellhaf · April 27, 2015, 3:33pm

I was working on this all weekend. Still nothing!

Screenshot: http://prntscr.com/6ysa5a