How to route this??

RouterOS General
1

Hi all, MrNewbie here again, and i came with another easy to solve problem for you but hard as rocket since for me.

This is it,
Port 1 is going to my ISP who broadcast DHCP to my port, all ports are connected to bridge 1, other ports are for my customers networks and they use the DHCP server of my ISP to get their IPs.
How can i do independent DHCP server for each port and keep them connected to my ISP (port 1) at the same time so i won’t run out of IPs eventually?

Thank you in advance.
Hussein.

2

Hello Hussein,

I’m confused. You say that all ports are “connected to bridge1” and “other ports are for customers”. How can you have “other ports for customers” and “all ports on bridge1”? :wink:

You can’t have it all. If you use the ISP’s DHCP, you can’t put your own DHCP for the customers while they’re using the ISP’s. For bridge1, that’s easy. Just assign that bridge an IP address and then create it’s DHCP Server. You’ll need a NAT (masquerade) rule for bridge1 (in-interface) going out the “X” interface (out-interface).

For the rest, please be more precise as to what you want to do. Again, your description is somewhat confusing, or maybe it’s “Friday’s” fault :smiley:

Regards,

3

Hello AlainCasault, and thank you for your reply.

This is what i have:

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12

So basically what i have here is a dumb switch and i have nothing to route.
What i want is to add DHCP server for each one of these ports and to use port 1 as WAN to these ports.

Regards.
Hussein

4

That is not possible unless you stop bridging and start routing those ports.

5

Ya, you’re almost there.

Remove ether1 from bridge1 and give it (ether1) a dhcp-client. It’ll get an address from the ISP. Don’t forget to have the dhcp-client add a default route, otherwise no Internet routing.

Then, as per my last post, give bridge1 an IP address and a DHCP server (use the setup button for that!! Don’t do it manually).

Add a NAT (schain=srcnat, action=masquerade) rule with ether1 as “out-interface”.

From there, you’re good to go!

Of course, at this point you have NO security. So you must implement a firewall. After, you can configure your router with the desired functions and security features (such as disabling not needed IP services and packages). So yes, you still have to do your due diligence for the rest.

Cheers,

6

Oups.

Just re-read your post.

Remove all ports from the bridge and give each an ip address and dhcp server.

Extra firewall rules will have to be made to prevent each client from going to the other clients.



Sent from Tapatalk

7

It didn’t work, please have a look at the script to see what’s wrong. Note that i use ether12 instead of ether1 for my ISP.

/ip pool
add name=dhcp_pool10 ranges=10.10.10.2-10.10.10.254
/ip dhcp-server
add address-pool=dhcp_pool10 disabled=no interface=ether10 name=dhcp10 relay=10.10.10.1
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether12
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether12
8

I couldn’t get an IP address from DHCP server of ether10.

9

It worked this way:

/ip pool
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether10 name=dhcp1
/ip address
add address=10.102.100.6/24 interface=ether12 network=10.102.100.0
add address=192.168.10.1/24 interface=ether10 network=192.168.10.0
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set servers=109.224.14.2,109.224.14.3
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.10.0/24
/ip route
add distance=1 gateway=10.102.100.1

Now, i need to access the IP address of my clients from ether11, can any of you guys help me solve this please?

10

OK,

First of all, you’re learning. Stop improvising or stop asking for advice.

/
ip dhcp-server
add address-pool=dhcp_pool10 disabled=no interface=ether10 name=dhcp10 relay=10.10.10.1

Why are you using a relay? You’re sending your DHCP requests elsewhere. That’s why it doesn’t work.

/ip address
add address=10.102.100.6/24 interface=ether12 network=10.102.100.0
add address=192.168.10.1/24 interface=ether10 network=192.168.10.0

Why are you trying to get IP addresses on ether11? You have no IP addresses on it, and no DHCP server. It’ll never work. Why didn’t you show us the IP addresses in the first code capture. That would have been useful. I can only assume you didn’t have one or are using the 192.168.10.1/24, in which case you had a totaly misconfigured router.

/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether12

Why a distance of 0?? That’s for local interfaces. Leave the defaults unless you know why you’re doing it. Otherwise, this setup was good.

Notes:

  • Your first masquerade was good, use that one.
  • Your second masquerade will only be useful for traffic coming from 192.168.10.0/24. Don’t use it. Other subnets won’t go out.

Last piece of advice. Grab a basic MT router (RB700’s, RB900’s) with it’s default config and analyse it. It’ll become clear what needs to be done.

11

I couldn’t understand why are you saying this and where did i improvised!! is it the way how i talk or compose words that made you think so? (Totally confused)
Anyway, I’m not trying to hide something here and i wrote the IPs when i needed them otherwise i only had a basic switch setup and that was the first code i showed you.

Now, why i need IPs on ether11 is might be not exactly what i want because i don’t have an idea so far on how or what must be done to get what i want. I need to use ether11 for management and to access my customers from it because most of them are connected by wireless CPEs and i need to access their devices periodically to add or change frequencies and to monitor my APs as well because now they are located after the DHCP servers of each port. (Notice that i only made a test for now on ether10 only to see how this setup will work)

12

For now, from the costumers side i can get an IP and the ad page of my ISP is pop up as usual but broadband connections are not working.
I can ping to my ISP DNS servers with no problems but no internet connection is possible due the lack of establishing broadband connection.

13

It has nothing to do with your writing style, that’s good. But I don’t understand why you change values that you shouldn’t touch like relay in dhcp-server and distance in static routes. Also, on ether10 you change from 10.10.10.0/24 to 192.168.10.0/24. That is totaly confusing (and frustrating) to me because you’re asking for help and changing stuff as you go along.

Now, why i need IPs on ether11 is might be not exactly what i want because i don’t have an idea so far on how or what must be done to get what i want.

But I wrote it all down yesterday!

OK, let’s recap.

If required, backup current config and flush it to make sure you have no leftover ghosts in there.

You have ether12 on ISP
You have ether10 on one subnet
You want ether11 on another subnet

Here’s a summary of what needs to be done.

  • ether10, 11 and 12 should not be in any bridge
  • Have NAT rule with ether12 as out-interface and action=masquerade, chain=srcnat

ether12
(If your ISP has it’s own DHCP-SERVER)

  • add dhcp-client with default parameters for now
    As you click OK, validate that you get an IP address on it. Validate that in /ip routes, you have your default route with the gateway’s value being the IPS’s router’s address. Distance should be “1”

(If your ISP doesn’t have it’s own DHCP-SERVER)

  • add an ip address to ether12 from the pool provided by the ISP
  • add the default route with the gateway’s value being the IPS’s router’s address. Distance should be “1”

At this point, ping 8.8.8.8. It must work. If not, go no further, it will be pointless. Check the NAT rule, the routing table, your IP address on ether12.

ether10

  • add IP
  • add DHCP-Server using “DHCP Setup” button. Use default parameters for now

ether11

  • add IP
  • add DHCP-Server using “DHCP Setup” button. Use default parameters for now

At this point, plug your PC in ether11. You should get an IP address. Surf the Internet to validate connectivity and proper routing.
At this point, you have no firewalls. So go to my earlier posts on that and read it over again.

14

Now i see your meaning of improvised. Please check #9 post, i mentioned that it worked this way, i watched a video on YouTube and repeated the steps and it worked but the only one problem was that i could’t establish PPPOE conecction. As to why i used the Youtube method is because your way did not work.
As to the relay and why i added it is because it was there by default when i was setting the DHCP server, i might be confused about this but this is what i can remember from yesterday, i even don’t know what does it do to the DHCP server.
As to pinging to 8.8.8.8 is not possible without establishing a broadband connection (PPPOE), but when i used the setup in post #9 i could ping the DNS servers of my ISP, but now after doing exactly what you have told me to do i could no longer ping to the DNS servers (109.224.14.2, 109.224.14.3).
This is a full code of my current setup as to what you told me to do:

[admin@RouterOS] > export 
# jan/02/1970 00:11:33 by RouterOS 6.37
# software id = 1FTG-KLJQ
#
/ip pool
add name=dhcp_pool1 ranges=10.10.11.1-10.10.11.254
add name=dhcp_pool2 ranges=10.10.10.1-10.10.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether11 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=ether10 name=dhcp2
/ip address
add address=10.10.11.0/24 interface=ether11 network=10.10.11.0
add address=10.10.10.0/24 interface=ether10 network=10.10.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether12
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.0
add address=10.10.11.0/24 gateway=10.10.11.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether12
/system identity
set name=RouterOS
/system routerboard settings
set protected-routerboot=disabled
[admin@RouterOS] >
15

Hum, that’s the first time you mentionned PPPOE connection to your ISP. And you wonder why my way doesn’t work?

Well, I wish you all the best.

16

I’m happy I am not your “customer”!
And I advise you to hire a networking consultant…
Establishing an ISP requires a bit more than buying a shiny box and doing some forum posts.

17

Thank you all for the efforts you spent with me.

I’m trying my best to learn as possible as i could in matter of routing and switching (I’m well good with wireless).
I learned today not to ask professionals because they would not be patience with starters guys like me and possibly they would make fun of me and that wasn’t nice for sure.
Also i would like to say that i picked the name MrNewbie for a reason, and that is i wanted to learn from you.

Thank you and i wish all the luck for you.