Hi,
Im very new to Mikrotik so I apologize in advance if this is an obvious thing.
Basically Im working with a microtik in the following configuration (Ive just done a reset and only done a few changes).:
Ether1 - has the IP 10.0.0.222 (I can ping this on the network, its not setup for DHCP or anything, its just an IP for another network so I can manage the device)
Ether2 - blank
Ether3 - blank
Ether4 - blank
Ether5 - 192.168.88.1 with DHCP (basically the management port).
I am on network 10.0.0.x
Now I am able to ping and manage the Microtik router from my network when 10.0.0.222 is set to ether1.
But I want to move 10.0.0.222 to another ether port as I want to use ether1 for a PPPoE connection.
If I try change it to ether2 through to ether4, this (ability to ping or connect with winbox) stop workings (and its not the cabling, I make sure the cable is in the right port).
Im just curious as to why it works on ether1 and not the other ports and how can I correct this?
Thanks in advance.
Learn to provide all the details.
We are not fortune tellers and we cannot access your apparatus to see what you have configured in it.
You force those who want to help you to ask you ten thousand questions and wait for your answers.
Do an “/export” of the configuration from terminal, and paste it on the forum after removing the serial number and any sensitive data.
Sorry about that, I shook the magic 8 ball and this is what came out.
# jul/22/2022 13:00:47 by RouterOS 6.49.6
# software id = ACPD-ELS5
#
# model = 750G
# serial number = XXXX
/interface bridge
add admin-mac=XXXX auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=10.0.0.222 interface=ether1 network=255.255.255.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=2m
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment=winbox dst-port=8291 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=192.168.88.69 dst-port=80 protocol=tcp src-address=10.0.0.222 src-port=80 to-addresses=192.168.88.69 to-ports=80
/system clock
set time-zone-name=Africa/Johannesburg
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Paste this on terminal, for fix old settings and do not forget /24 after the IP…
/interface bridge
set bridge protocol-mode=none
/ip address
set [find where address=10.0.0.222] address=10.0.0.222/24
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,!dude,tikapp"
Is not a good idea leave winbox open to the world… but if your provider give you 10.x… not mind…
And this is for what?
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.88.69 dst-port=80 protocol=tcp src-address=10.0.0.222 src-port=80 to-addresses=192.168.88.69 to-ports=80
= if the TCP packet is from 10.0.0.222:80 directed to 192.168.88.69:80, change destination to 192.168.88.69:80
but the original destination and the end destination is the same…
When you move the 10.x address from ether1 the only valid alternative are the bridge, because all other interfaces are bridge dependences.
If you want 10.x to be only on ether2, for example, you must remove ether2 from the bridge, but you must change all settings accordingly.