I have a fiber modem at my house, and there’s a physical server, too.
On this server, I installed ESXi, and I created a Mikrotk VM on this server.
I’m going to do this:
This VM should be a LAN client in my fiber modem.
So, my Mikrotik is going to have two interfaces, if I’m correct.
Then, this Mikrotik should act as a normal router and assigns IP to the other VMs in the ESXi (some VMs are like Ubuntu, CentOS and Windows)/
The connection status I’m going to have, should be like this:
LAN cable from modem connects to WAN interface in the Mikrotik. Then a LAN cable from Mikrotok should be connected to my VMs and all the machines should have internet access now.
I mean I think there should be a route between WAN and LAN.
Depends on Mikrotik device model either there’s default config (selectable between different templates, those depend on type of WAN connection, e.g. “plain” DHCP vs. PPPoE) which does exactly what you’re asking about (one WAN port, other wired ports are LAN and switched between). Or some MT devices (CRS, CCR, RB1100) come with empty default config and in this case they have to be configured manually entirely.
Beware that some devices, running RouterOS, are esentially switches … so their routing capacity is poor.
And then there are switches (CSS model family) which run SwitchOS (or SwOS) … those can’t route at all.
Thanks, how can I find my MT model? That’s not a physical router. I installed an MT as a VM on ESXi.
Is it OK to give you my Software ID? I didn’t find any websites to hint how to find the device type.
OK, so it’s a CHR. Comes without default config as well. Unfortunately it’s not the best thing to start learning ROS. Perhaps you could purchase yourself the cheapest ROS device you can find (or not the very cheapest, it would be great if you started with ROS v7 and some tiny devices simply don’t have resources to comfortably run ROS v7). The beauty of ROS is that functionality is in principle identical no matter the device type (apart from differences in hardware), so you can learn to administer ROS on a very cheap device and then apply your knowledge on a different beast. The beauty of the small MT devices is that they come with default config and you can then copy-paste the config (with minor tweaks) into devices which don’t have default (e.g. your CHR).
I’m sure you can find many people here on this forum that could spit out the config for your CHR in a blink of an eye (possibly including myself ) but you may want to learn something on this journey of yours.
Right. I guess minimum amount of RAM for v7 is 64MB (hAP lite has only 32MB which is pretty tight) … and 16MB of storage space for architectures other than ARM (and ARM64) is almost enough … if one doesn’t plan to install many optional packages.
So we’re talking about devices with MSRP of 30 USD.
Honestly, from the learning point of view, I cannot see a big difference between starting from the actual default configuration of a mAP that one gets inside the actual mAP and starting from a “default configuration of a mAP” one copy-pastes from the forum to an empty CHR.
So @inna, if you want to take this path, just say so.
If one owns a ROS device which comes with default config, then one has always access to defaults (even if they change with ROS versions) … but when somebody posts default config on the forum, then there’s trust (towards a stranger) involved. Where’s your paranoia hiding now?
In addition: full default config depends on optional packages installed. With access to ROS device (with enough storage space) one can always install another package and check default config which comes with that package. Not so easy with config, posted by some stranger.
FWIW
I know tangent is working on his own wiki page collecting as much as much possible default configs from various devices.
He even made a page describing in detail what one of those default configs does and why it’s implemented that way.
Rather good material for a beginner.
Sure you have a point here, but I’d love to be so clever that I could hide a backdoor into ~50 lines of a very basic Mikrotik configuration in such a way that no one here on the forum would spot it in 5 seconds
I mean, most people assume that using opensource software is safe because anyone can read the code. Anyone can read it indeed, but in most cases, only a chosen few understand what they are reading and are able to spot a security flaw. So it is both easier and more useful for the bad guys to hide a flaw into some kind of security related software than into a basic firewall configuration.
But there’s another point - posting an otherwise useful configuration with a security hole in it here on the forum could be dangerous because many people copy-paste from here without understanding what the copy-pasted piece of code actually does. Just think about the infamous misinterpretation of dst-address-type=local that recurs in too many topics dealing with policy routing.
Well… yes, but in case of CHR, there is no actual wireless, and the use case description does not suggest the CHR would be used to act as a CAPsMAN any time soon.
) but you may want to learn something on this journey of yours.
