newbie with microtik

lochesistemas · March 20, 2016, 4:05pm

Hi!

A previous technician purchased 2 microtik routerboard 750 routers (latest version) and couldn’t make it.
I’m newbie with microtik routeros and need to know how I can achieve this:
I have a 2 site network connected via a lan cable

site A:
ether1: 192.168.10.1 (dsl connection)
ether2: 192.168.0.1/24 (connected to the main switch)
ether3: 172.16.1.1/24 (connected to site B)

site B:
ether1: 192.168.10.1 (dsl connection)
ether2: 192.168.1.1/24 (connected to the main switch)
ether3: 172.16.1.2/24 (connected to site A)

I want to be able to connect both networks using ether3 so they can see each others computers/servers. what are the necessary steps to accomplish this?

thanks in advance!
Daniel

ZeroByte · March 20, 2016, 4:14pm

In site A router, create a static route for Site B’s lan:
/ip route add dst=192.168.1.0/24 gateway=172.16.1.2

In site B router, create a static route for Site A’s lan:
/ip route add dst=192.168.0.0/24 gateawy=172.16.1.1

That’s all it takes for the routing. Of course, your firewall rules need to be configured such that they do not block site-to-site traffic, or perform NAT on it. Your srcnat rule (usually a masquerade rule) should only match traffic going out to the ADSL connection at each site.
e.g.:
chain=srcnat out-interface=ether1 action=masquerade
(note that there are no IP addresses mentioned in this rule - only the interface)

For the filters forward chain, if you have a default drop rule, then before it, add an accept rule matching in-interface=ether3

That should get you going.

lochesistemas · March 21, 2016, 1:17am

Thanks!!

What is the default behaviour? Allow all traffic or deny it? If deny is the default one.. How to allow all traffic between internal subnets?

ZeroByte:

In site A router, create a static route for Site B’s lan:
/ip route add dst=192.168.1.0/24 gateway=172.16.1.2

In site B router, create a static route for Site A’s lan:
/ip route add dst=192.168.0.0/24 gateawy=172.16.1.1

That’s all it takes for the routing. Of course, your firewall rules need to be configured such that they do not block site-to-site traffic, or perform NAT on it. Your srcnat rule (usually a masquerade rule) should only match traffic going out to the ADSL connection at each site.
e.g.:
chain=srcnat out-interface=ether1 action=masquerade
(note that there are no IP addresses mentioned in this rule - only the interface)

For the filters forward chain, if you have a default drop rule, then before it, add an accept rule matching in-interface=ether3

That should get you going.

jarda · March 21, 2016, 6:00am

Default is to allow. But none knows what you already have set…

lochesistemas · March 21, 2016, 12:23pm

I just simply did the “quick set”. How can I send the info to you? is there any command to print all the configuration?

jarda · March 21, 2016, 1:55pm

There is much more. There is full documentation you should see first:
http://wiki.mikrotik.com/wiki/Manual:Configuration_Management (and other topics all around)

use export command

ZeroByte · March 21, 2016, 3:44pm

open a terminal window and issue the command:
/ip firewall export compact

Go through and obscure your public IP address and any other sensitive information, and post the results here (preferably in a

 block)

lochesistemas · March 21, 2016, 11:26pm

I finally was able to communicate each other. Seems there was a bridge set in both routers (default behaviour?).

I removed both bridges and everything is up and running (at last!)

thank you so much for your help!

ZeroByte:

open a terminal window and issue the command:
/ip firewall export compact

Go through and obscure your public IP address and any other sensitive information, and post the results here (preferably in a
 block)[/quote]

ZeroByte · March 22, 2016, 2:13pm

Bridges are okay, but when doing routing, you definitely want the various routed interfaces to be bridged together. Most likely you just needed to make sure that ether3 was not included in any bridge or switch group at both ends. Glad you got things rolling. Happy routing.