Need help with setting up routing between 3 mikrotiks.

kameelperdza · December 15, 2009, 12:24pm

Hi can someone please help me with routing please. I have 2 rb433’s and one rb411.

IP setup is like this

Router1

eth1(192.168.0.10/24)
wlan1(192.168.2.1/24)

Router2

eth1(192.168.200.1/24)
wlan1(192.168.2.2/24)
wlan2(192.168.3.1/24)

Router1

eth1(192.168.160.1/24)
wlan1(192.168.3.2/24)

What i want to do is to enable users on any /24 network to ping each other and share data and so on.
The setup that i tried looks like this.

Router1 routelist= dst network = 0.0.0.0/0 gateway = 192.168.2.2
Router2 routelist= dst network = 0.0.0.0/0 gateway = 192.168.2.1
Router2 routelist= dst network = 0.0.0.0/0 gateway = 192.168.3.2
Router3 routelist= dst network = 0.0.0.0/0 gateway = 192.168.3.1

I have a computer on 192.168.0.10/24, i want everyone on my wan to connect to that server for dns requests. But only allow certian computers(mac addresses) to connect to the internet.

Can someone hrlp me?

mrz · December 15, 2009, 12:40pm

If Router2 is a gateway to internet then

R1 and R3 routes are correct

On R2 should be following routes

/ip route
add dst-address=192.168.0.0/24 gateway=192.168.2.1
add dst-address=192.168.160.0/24 gateway=192.168.3.2

add gateway=xx.xx.xx.xx

where xx.xx.xx.xx is your ISPs gateway.

SurferTim · December 15, 2009, 12:43pm

I modified this a little to show what each interface does. Is this correct?

kameelperdza · December 15, 2009, 12:56pm

Hi yes it is correct.for example what i want to do is allow computer on router3(eth1 = 192.168.160.4) to see computer on router1(192.168.0.22) and vise versa. Im starting a wireless group and will have alot of nodes conencting(mikrotik and non-mikrotik). That is why i need to allow anyone on any router to see each other.

Router1

eth1(192.168.0.10/24) internet gateway
wlan1(192.168.2.1/24) wireless to router2

Router2

eth1(192.168.200.1/24) localnet
wlan1(192.168.2.2/24) wireless to router1
wlan2(192.168.3.1/24) wireless to router3

Router3

eth1(192.168.160.1/24) localnet
wlan1(192.168.3.2/24) wireless to router2[/quote]

SurferTim · December 15, 2009, 1:02pm

No problem!

Insure the only NAT is in router1:
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1

In router1:
/ip route
add gateway=192.168.0.1
add dst-address=192.168.3.0/24 gateway=192.168.2.2
add dst-address=192.168.200.0/24 gateway=192.168.2.2
add dst-address=192.168.160.0/24 gateway=192.168.2.2

In router2:
/ip route
add gateway=192.168.2.1
add dst-address=192.168.160.0/24 gateway=192.168.3.2

In router3
/ip route
add gateway=192.168.3.1

kameelperdza · December 15, 2009, 2:00pm

Thank you very much, im unable to ping from 192.168.0.x/24 to 192.168.2.x. But im able to ping from 192.168.2.x/24 to 192.168.0.x/24.

SurferTim · December 15, 2009, 2:05pm

That is correct! The way you described your network, the 192.168.0.x net is your public interface. That is why there is a NAT there. Is there something else about your network I don’t know?

kameelperdza · December 15, 2009, 2:08pm

Yes on 192.168.0.0/24 there is also computers. I have a proxy server on 192.168.0.0/24 that i want to use as dns server for the wan.

SurferTim · December 15, 2009, 2:13pm

No problem there either. However, I may not be able to help with routing in a non-Mikrotik router.

Just continue the same routing pattern on the router that isolates your localnets from the internet, and remove the NAT from router1 and put it in that router (router0?).

kameelperdza · December 15, 2009, 2:23pm

Thank you. Sorry for asking can you please tell me what i must add so that i can ping from 192.168.0.0/24.

Or is it impossible?

SurferTim · December 15, 2009, 2:25pm

How is the 192.168.0.x/24 net separated from the internet? Is there another router or some other device that does a route/NAT for your localnet?

kameelperdza · December 15, 2009, 2:28pm

I have setup a firewall/proxy server(192.168.0.14) that filters all internet traffice and also controlls port mapping and firewall rules. The firewall conencts to a dsl router.

SurferTim · December 15, 2009, 2:34pm

I don’t know about that device, but if it was a Mikrotik router:
/ip route
add dst-address=192.168.2.0/24 gateway=192.168.0.10
add dst-address=192.168.3.0/24 gateway=192.168.0 10
add dst-address=192.168.200.0/24 gateway=192.168.0.10
add dst-address=192.168.160.0/24 gateway=192.168.0.10

…and remove the NAT from router1

kameelperdza · December 15, 2009, 2:39pm

Must i add that to router1?

Thanx for all the advice and answers. one more thing. i am able to ping wlan1/eth1 on router1 from router2 but cannot ping wlan1 or eth1(router2) from eth1 on router1.

i can ping router2 from router1 wlan1

SurferTim · December 15, 2009, 2:43pm

Nothing needs to be changed from what I gave you above for router1, router2, and router3. Only router0 needs those route additions. And router0 must do the srcnat to your public ip.

kameelperdza · December 15, 2009, 2:45pm

Ok thanx so what you telling me is that router0(eth1) wont be able to ping any of the interfaces on the other routers?

Becos im unable to ping wlan1 on router2 from eth1 on router1

SurferTim · December 15, 2009, 2:51pm

You cannot ping, or anything else, to any ip through router1 (like 192.168.2.1, 192.168.3.1, etc) from any 192.168.0.x/24 address until you install the new routes in router0 and remove the NAT from router1.

kameelperdza · December 15, 2009, 2:52pm

Thank you very much for that info. I have been searching everywhere for that answers and finally got it. Thanx you for helping me out my nightmares. Thanx again

SurferTim · December 15, 2009, 3:27pm

You are very welcome! I really like the name of your city. I am going to Google Earth it now!

kameelperdza · December 15, 2009, 4:29pm

yes its s nice place, about 80km from the sea. But it can get very hot here, about 41’c in the summer