Hi, as a Mikrotik beginner I would like to learn how to set up on my 750G
. 2 WAN ports that runs OSPF between them.
. 1 LAN port that has a local ADSL internet link available on it, so devices on the WAN can web proxy to the mikrotik
. If someone can point out the steps that I need to work on I’d be happy with that e.g Set IP address, set static routes, set NAT/MANGLE etc etc..
But if someone can be in depth on the A-Z I’d appreciate that
Attached is a picture of what I want to do..
The WAN side is part of a bigger local Wireless city network!!
Hi Killersoft,
For OSPF I’d recommend you confirm some details with the other people running the wireless network before setting anything up, but if the configuration they’re using is simple (running on the default OSPF backbone and requiring no neighbour authentication) then you should simply be able to do the following.
The only pre config will be putting the IP’s on your 2 wireless-facing ethernet interfaces.
You’ll also need to correct the IP in your diagram (10.10.66.80.1 
)
Setup:
- Head to routing → ospf → networks
- add 2 networks to the backbone: 10.10.65.0/28 and 10.10.66.80/28 (i’m assuming this based on the bad IP, you’ll need to fix/confirm)
This will then allow dynamic creation of the interface broadcast settings and distribute any routes received on one interface back out the other.
Thanks for the tip omega-00I. I have fixed my diagram!
I think OSPF is generally working correctly as I am obtaining routes from other nodes now.
What is the best way of controlling access to the WAN from the LAN side e.g ability to http/ftp to devices on the WAN side, while blocking the majority of WAN - > LAN traffic ( happy to allow icmp, dns(maybe!), ftp only ). ?
You should change the second network to 10.10.66.0/28 (based on the new IP address you’ve listed).
As for allowing traffic in, you’re not actually advertising your own range out to the network at the moment so you’ll either want to nat traffic out those wireless interfaces or change your home segment to an unused network and advertise that back out to the network (I would highly suggest you talk to the people running the wireless network before doing this thou as otherwise you’re likely to overlap on someone else’s range).
Then simply either dst-nat traffic in to your shared services or if you end up setting up ospf for your lan, they should be able to access devices directly (so you’ll need to create filter rules instead).
Thank you again omega-00.
The WAN network address spacing was allocated to me by the people who run the Wireless WAN network. The WAN is broken up into /28 per IP block request. I was allocated the 10.10.66.80/28 block (80(network) - 96(broadcast), 81 to 95 usable). The other WAN on my link is from someone elses assignment, they staticéd me 10.10.65.3/28, and the default gateway for there ospf was 10.10.65.1/28
Yes I’m not advertising nor plan too that of my own LAN side via OSPF, so yes I think I will look further into dst-nat as a solution to pass those basic traffic types..
Cheers.
Lol ok, your updated network diagram was confusing me.. I thought it was just .8 on the end sorry. 