I have been trying to setup my CCR1009 routerboard to replace the Cisco RV180 I have currently. I am a software engineer who works from a home office, with a decent amount of network devices. I chose this router because I believed it would be able to handle the bi-directional workload required.
However, I have run into a lot of frustration trying to get this router online with my Comcast bradband internet. There seems to be a lack of any tutorial or documentation that allows for someone to quickly set up a basic broadband configuration with a dynamic IP broadband ISP service.
What I need this router to be able to do at a minimum:
Obtain an IP address and DNS servers from my ISP/cable modem (SB6141)
Serve the internet to the network (NAT)
Provide a DHCP server
Provide a basic routing table for incoming data to point to a particular IP (rack server that needs to be accessible from the internet on multiple ports)
I have installed winbox and gotten this router working from behind my Cisco, but it needs to replace it. So I need to understand how to get the routerboard to obtain the assigned IP and DNS data from my ISP automatically. I’ve been trying every few weeks to get this running and have consistently gotten frustrated and turned the Cisco router back on.
I do have an IT admin past, networking isn’t all that difficult of a subject for me and especially not at a basic level, I just seem to not be able to find what I need or understand the routerboard concepts. I’d love to make use of this router and not have a $400 paperweight.
Thanks a million for anyone who takes the time to explain what I need to do.
Well like any good tech geek, I figured it out through a lot of trial and error.
The only piece I was missing was adding a DHCP client on the WAN interface. If your cable modem doesn’t serve your public ISP address to the router after that, you might need to log into it directly and reset it’s config so it forgets any previous router or PC MAC address.
Also, keep your WAN interface OUT of your bridge that contains all the client ports. That caused some really weird problems for me, like my modem detecting my laptop through the router as the client MAC.
These may seem like really newbie mistakes, but RouterOS is a unique thing in my opinion.
If I can remember to, I’ll do a comprehensive writeup of the process to get a Routerboard from box to running in a typical home/SOHO environment. We really need a howto that creates a drop-in replacement of today’s common residential routers on a residential broadband ISP.
First of all, congratulations on getting it running.
I’ve never had my hands on a CCR, so I can’t say what might be different about its out-of-the-box configuration, but the SOHO models I’ve used all come with a configuration that should literally be plug-and-play with Comcast. (or any other dhcp-based provider)
By default, the router uses the first ethernet port as WAN and uses dhcp-client on it, and has a “outbound good / inbound BAD” firewall policy, and a bridge / switch group covering all remaining ethernet interfaces.
Perhaps there isn’t a Quick Set menu on CCR - this is a good tool for beginners to use during the first time setup.
I actually have run into a lot of your responses elsewhere on these forums that shed useful light on some topics.
I realized I have one remaining config oddity that I will try my best to explain. I believe it has to do with my NAT hairpin setup, which thanks to your advice elsewhere I got working for most of my internal services.
However, in spite of this success, I notice I have one remaining problem. If I attempt to traceroute out of my network onto the public internet, my second hop (which I believe would be my public IP/gateway address) fails to resolve.
So my tracert on a Windows box looks like this:
Tracing route to 199.91.189.45 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.2.0.1
2 * * * Request timed out. <------------- PROBLEM HOP
3 48 ms 39 ms 7 ms te-8-1-sr01.mtvernon.nh.boston.comcast.net [68.85.185.125]
4 127 ms 42 ms 43 ms te-7-1-ur01.londonderry.nh.boston.comcast.net [68.87.145.133]
5 13 ms 12 ms 14 ms be-31-ar01.needham.ma.boston.comcast.net [68.85.106.93]
6 13 ms 14 ms 13 ms 4.68.71.217
7 85 ms 194 ms 146 ms ae-11-11.car2.montreal2.level3.net [4.69.141.1]
8 76 ms 40 ms 38 ms ae-11-11.car2.montreal2.level3.net [4.69.141.1]
9 36 ms 38 ms 37 ms ormuco-comm.car2.montreal2.level3.net [4.59.178.74]
10 119 ms 58 ms 37 ms 192.34.76.10
11 40 ms 39 ms 38 ms 199.91.189.242
12 187 ms 142 ms 42 ms 199.91.189.45
I noticed trying to use pathping it causes that tool to fail at hop 2, probably because it can’t resolve that hop.
C:\Users\USER>pathping 199.91.189.45
Tracing route to 199.91.189.45 over a maximum of 30 hops
0 OBSIDIAN.axisofwin.lan [10.2.0.199]
1 10.2.0.1
2 * * *
Computing statistics for 25 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 OBSIDIAN.axisofwin.lan [10.2.0.199]
0/ 100 = 0% |
1 0ms 0/ 100 = 0% 0/ 100 = 0% 10.2.0.1
Trace complete.
and here’s some relevant NAT info, I included one internal service for reference:
My modem is paired to my SFP1 port. My CCR on my LAN is 10.2.0.1. Everything on my internal network is 10.2.0.xxx.
could you share your settings? I have Routerboard 750, and I recently move to Comcast, no static IP. I am at lost on what I need to do to hookup to comcast. I want to do almost exactly what you were trying to do.
I assume that hop 2 would be the default GW of the CCR - the ISP’s router?
Maybe the device just doesn’t reply to traceroute/ping packets.
That’s my read on things - I don’t think your configuration is to blame.
If you traceroute from the CCR itself, does hop 1 fail to answer?
I’m betting so…
For Comcast, you really only need dhcp-client on the WAN interface, with the WAN interface (usually ether1) not being a member of any bridge or switch master/slave group. You need a masquerade rule for out-interface=ether1. That’s all it takes to get rolling on Comcast, wan-wise.
LAN-wise, if your router has a hardware switch, then you want ether3, ether4, and ether5 set master-port=ether2
Then put the LAN IP and DHCP server on ether2
That will be enough to get started - then make sure the firewall filter rules are what you want - usually a policy of:
Input Chain:
accept established,related
accept in-interface=ether2
accept icmp
drop
Forward chain:
fasttrack-connection connection-state=established,related
accept connection-state=established,related
accept out-interface=ether1
drop
After that works, if you need to set up NAT pinholes, look at how szalkerous configured his rules - these work well for dynamic IP when you want to use hairpin NAT. If you don’t need hairpin, then just use in-interface=ether1 instead of the dst-address=!private.ip.address and dst-address-type=local things…
Good luck!
Oh - and after that, you should get IPv6 working - Comcast supports it natively.