Hello,
I have a question about routing.
I have 2 wireless mikrotik routers + 1 wired mikrotik router.
Wireless routers are working well connected between each other.
How to make route that, if i whant to get to internet in like 192.168.0.12 machine, it most send the data to ether1 to get acces to the internet. Can anybody tell me how to make the route, i have tryd many ways, but can’t get it work.
Sorry for my bad english and thanks for answers.
hilton
July 22, 2008, 10:01am
2
I think you need to add a masquerade rule (src-nat) to give internet access to all the local PCs.
Something like this;
chain=srcnat action=masquerade out-interface=ether1
Try this and let me know.
hilton:
I think you need to add a masquerade rule (src-nat) to give internet access to all the local PCs.
Something like this;
chain=srcnat action=masquerade out-interface=ether1
Try this and let me know.
It dosent work, i can’t even ping the ether1 ip.
Currently i have set:
ether1 = 192.168.0.12
client cannot ping even 192.168.0.12 ip.
hilton
July 23, 2008, 9:37am
4
Please post your config so we can see what’s what.
Hello,
Here’s the config:
[admin@MikroTik] > export
# jan/02/1970 23:55:31 by RouterOS 3.0rc6
# software id = 16E1-PTT
#
/ip ipsec proposal
add auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name="default" pfs-group=modp1024
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes mac-address=00:0C:42:21:09:2A mtu=1500 name="ether1" speed=100Mbps
set 1 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes mac-address=00:0C:42:21:09:2B mtu=1500 name="ether2" speed=100Mbps
set 2 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes mac-address=00:0C:42:21:09:2C mtu=1500 name="ether3" speed=100Mbps
/ppp profile
set default change-tcp-mss=yes comment="" name="default" only-one=default use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name="default-encryption" only-one=default use-compression=default use-encryption=yes use-vj-compression=default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no ignore-as-path-len=no name="default" out-filter="" redistribute-connected=no redistribute-ospf=no \
redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name="backbone" type=default
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name="default" rate-limit="" \
smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set default advertise=no idle-timeout=none keepalive-timeout=2m name="default" open-status-page=always shared-users=1 status-autorefresh=1m transparent-proxy=yes
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" group-key-update=5m interim-update=0s mode=none name="default" radius-eap-accounting=no \
radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none \
static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity="MikroTik" tls-certificate=none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key=""
/ip pool
add name="dhcp_pool1" ranges=192.168.5.2-192.168.5.254
add name="dhcp_pool2" ranges=192.168.6.2-192.168.6.254
/port
set 0 baud-rate=115200 data-bits=8 flow-control=hardware name="serial0" parity=none stop-bits=1
/queue type
set default kind=pfifo name="default" pfifo-limit=50
set ethernet-default kind=pfifo name="ethernet-default" pfifo-limit=50
set wireless-default kind=sfq name="wireless-default" sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name="synchronous-default" red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name="hotspot-default" sfq-allot=1514 sfq-perturb=5
add kind=pfifo name="default-small" pfifo-limit=10
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=DES name="public" read-access=yes security=none
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name="memory" target=memory
set disk disk-lines=100 disk-stop-on-full=no name="disk" target=disk
set echo name="echo" remember=yes target=echo
set remote name="remote" remote=0.0.0.0:514 target=remote
/user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,!ftp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=FE:25:DB:37:6E:18 max-mtu=1500 mode=ip netmask=32 \
port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway origination-interval=5s preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 metric-default=1 metric-rip=20 metric-static=20 redistribute-bgp=no redistribute-connected=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no redistribute-connected=no \
redistribute-ospf=no redistribute-static=no timeout-timer=3m update-timer=30s
/routing rip network
add disabled=no network=192.168.0.12/32
add disabled=no network=192.168.5.1/32
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether2 lease-time=3d name="dhcp1"
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether1 lease-time=3d name="dhcp2"
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.6.254 client-id="1:0:d0:9:d4:9b:ce" comment="" disabled=no mac-address=00:D0:09:D4:9B:CE server=dhcp2
add address=192.168.5.254 client-id="1:0:10:dc:90:8d:c6" comment="" disabled=no mac-address=00:10:DC:90:8D:C6 server=dhcp1
add address=192.168.5.253 client-id="1:0:13:8f:b7:30:32" comment="" disabled=no mac-address=00:13:8F:B7:30:32 server=dhcp1
/ip dhcp-server network
add address=192.168.5.0/24 comment="" dns-server=192.168.0.12 gateway=192.168.0.12
add address=192.168.6.0/24 comment="" dns-server=192.168.0.12 gateway=192.168.0.12
/ip hotspot service-port
set ftp disabled=no ports=21
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no streaming-max-rate=0 \
streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp enable-jumper-reset=yes enter-setup-on=any-key
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-vlan=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.0.12/24 broadcast=192.168.0.255 comment="" disabled=no interface=ether1 network=192.168.0.0
add address=192.168.6.1/24 broadcast=192.168.6.255 comment="" disabled=yes interface=ether1 network=192.168.6.0
add address=192.168.5.1/24 broadcast=192.168.5.255 comment="" disabled=no interface=ether2 network=192.168.5.0
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB primary-dns=0.0.0.0 secondary-dns=0.0.0.0
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward comment="" disabled=no dst-address=192.168.0.12 src-address=192.168.5.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ether1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no
set pptp disabled=no
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
/ip proxy
set cache-administrator="webmaster" cache-drive=system cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none max-fresh-time=3d maximal-client-connections=600 \
maximal-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
/radius incoming
set accept=no port=1700
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term="vt102"
/system health
set fan-mode=manual use-fan=main
/system identity
set name="MikroTik"
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from="<>" server=0.0.0.0
/tool graphing
set store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=yes interface=all memory-limit=10 \
only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/user
add address=0.0.0.0/0 comment="system default user" disabled=no group=full name="admin"
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
[admin@MikroTik] >
hilton
July 25, 2008, 4:10pm
6
Can you not upgrade to 3.11?
you mean can i upgrade to 3.11?
normis
July 28, 2008, 7:20am
8
please upgrade to v3.11, you have a REALLY OLD (!!!) version
I cannot upgrade i dont have the console cable and ethernet dosent work, when i put files it say 1000bytes and crashes the connection.
normis
July 30, 2008, 7:42am
10
in that case you are in much bigger problems. get a console cable, and reinstall the system.
eneimi
July 30, 2008, 4:14pm
11
While you go looking for that console cable, i think you’re config isn’t quite right.
You have 2 IP pools: 192.168.5.2-192.168.5.254 (pool1) and 192.168.6.2-192.168.6.254 (pool2)./routing rip configured, did you really intend to use /ip route ?
Here’s what.
Set a static ip for ether1 (your WAN; you’ve used 192.168.0.12 here) within the subnet of the primary router of course, or setup dhcp-client on the ether1 interface.
Set ip addresses for ether2 and ether3 (outside subnet of ether1).
Run dhcp-server setup for ether2 and ether3 and when it asks whether to use masquerading, answer yes.
By now your pc should have a dynamically assigned ip and you should be able to ping ether1 as well as the primary router - after authentication (hotspot, radius etc).
Regards.