internet sharing

googerdi · May 22, 2011, 7:27pm

Hi

I use freeradius as my radius server.
I have a routerboard 450G that i use it as NAS.
I setup pppoe server on rb.

I did all above jobs fine and a pppoe client can connect to pppoe server and get authenticated by freeradius and get ip address but user cannot ping any internet ip.

pppoe ip pool :192.168.x.x
network ip range:10.1.1.x
radius:10.1.1.1
Internet box : 10.11.12.1

Here is what i want to do.

I want to connect Internet box directly to ethernet 1 port(WAN port) so just routeros can access Internet . Is it possible?
How can i tell routeros to get internet from WAN port.
Do I have to connect 192.168.x.x to 10.1.1.x. If yes how.

Thanks.

fewi · May 22, 2011, 8:49pm

Connect the “Internet box” (whatever that means) and the 450G on a shared network. They have to have IPs on a network they both share, in other words. Then add a static default route by adding a route to a destination of 0.0.0.0/0 with a gateway equal to the IP of the “Internet box” on the network it shares with the 450G.

googerdi · May 23, 2011, 4:08am

I did that before but I didn’t success.When I connect “Internet box” and mikrotik on a switch i can ping internet ip from inside of mikrotik. But when i connect “Internet box” directly to one ethernet ports i cannot ping. By the way pppoe clients in both case cann’t ping internet ip.

fewi · May 23, 2011, 4:27am

So troubleshoot the link. I have no idea what this “Internet box” is, and you’re not being very forthcoming with details. Maybe you need a crossover cable for a direct connection? Once your 450G uses whatever Internet router you have as a default route, and PPPoE clients use the 450G as a default route, things should work.
What is this “Internet IP” that you’re pinging? If you want help, post details. The more details you post the more specific the help you get is. People aren’t clairvoyant, we don’t know what your network looks like unless you tell us.

googerdi · May 24, 2011, 6:03pm

Ok here is what i’ve done!

/ip address print detail

0 address=10.1.1.100/8 network=10.0.0.0 broadcast=10.255.255.255 interface=2 - LAN actual-interface=2 - LAN

1 address=192.168.1.1/16 network=192.168.0.0 broadcast=192.168.255.255 interface=2 - LAN actual-interface=2 - LAN

2 address=10.10.10.1/8 network=10.0.0.0 broadcast=10.255.255.255 interface=1 - WAN actual-interface=1 - WAN

/ip route print detail

0 A S dst-address=0.0.0.0/0 gateway=10.11.12.1 interface=1 - WAN gateway-state=reachable distance=1 scope=30 target-scope=10

1 ADC dst-address=10.0.0.0/8 pref-src=10.10.10.1 interface=1 - WAN distance=0 scope=10

2 DC dst-address=10.0.0.0/8 pref-src=10.1.1.100 interface=2 - LAN distance=0 scope=10

3 ADC dst-address=192.168.0.0/16 pref-src=192.168.1.1 interface=2 - LAN distance=0 scope=10

My internet gateway ip is 10.11.12.1

/ping 10.11.12.1

10.11.12.1 ping timeout
10.11.12.1 ping timeout
10.11.12.1 ping timeout
.
.
.

/ping 10.11.12.1 interface=“1 - WAN”

10.11.12.1 with hw-addr 00:1C:F0:96:CA:04 ping time<1 ms
10.11.12.1 with hw-addr 00:1C:F0:96:CA:04 ping time<1 ms
10.11.12.1 with hw-addr 00:1C:F0:96:CA:04 ping time<1 ms
10.11.12.1 with hw-addr 00:1C:F0:96:CA:04 ping time<1 ms
.
.
.

/ping 8.8.8.8"

8.8.8.8 64 byte ping: ttl=52 time=252 ms
8.8.8.8 64 byte ping: ttl=52 time=267 ms
8.8.8.8 64 byte ping: ttl=52 time=321 ms
8.8.8.8 64 byte ping: ttl=52 time=242 ms
8.8.8.8 64 byte ping: ttl=52 time=249 ms
.
.
.
I connect internet gateway(10.11.12.1) directly to “1 - WAN” port
I connect “2 - LAN” to a switch and that switch is connected to the network

If I forget something please tell me to mention it.

fewi · May 24, 2011, 6:34pm

You have two different interfaces with IP addresses within 10/8. You can’t do that.

googerdi · May 24, 2011, 8:13pm

Are you telling me the problem that clients cann’t ping internet ip is because of this.

Can I solve this issue without changing ip addresses?

fewi · May 24, 2011, 8:20pm

No, you cannot. TCP/IP simply doesn’t work that way. Fix your IP addressing. You may want to read up on TCP/IP fundamentals.

googerdi · May 27, 2011, 10:04am

Here is new ip addresses :

/interface print

NAME TYPE MTU L2MTU

0 R 1 - WAN ether 1500 1526
1 R 2 - Local ether 1500 1524
2 R 3 - Public ether 1500 1524
3 4 - Ethernet ether 1500 1524
4 5 - Ethernet ether 1500 1524

/ip address print detail

0 address=10.11.12.2/24 network=10.11.12.0 broadcast=10.11.12.255 interface=1 - WAN actual-interface=1 - WAN

1 address=10.1.1.100/16 network=10.1.0.0 broadcast=10.1.255.255 interface=2 - Local actual-interface=2 - Local

2 address=172.16.1.1/12 network=172.16.0.0 broadcast=172.31.255.255 interface=3 - Public actual-interface=3 - Public

/ip route print

DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE

0 A S 0.0.0.0/0 reachable 10.11.12.1 1 1 - WAN
1 ADC 10.1.0.0/16 10.1.1.100 0 2 - Local
2 ADC 10.11.12.0/24 10.11.12.2 0 1 - WAN
3 ADC 172.16.0.0/12 172.16.1.1 0 3 - Public

What i should do to link between them so when a user is connected to public network can ping internet ip

Thanks

googerdi · May 27, 2011, 4:01pm

When a pppoe client is authenticated and connected, can ping 10.11.12.2 ip and 10.1.1.x ip range but it can not ping any internet ip . I can ping internet ip from inside of routeros.

heviejob · May 28, 2011, 4:39am

Do you have any firewall (NAT) rules that masquerade (srcnat) the local IP addresses?
It could be the problem.

googerdi · May 29, 2011, 5:52pm

Yes
Thanks that was the problem.