Hi,
I’m trying for more than 6 hours to make my config work, but it doesn’t…
I’v got a PPPoE Client (named pppoe-client) on ether2, which is connected (fixed ip, 85.14.x.y)
I can ping FROM pppoe-client to an external IP address (here : 208.67.222.222 : DNS IP).
Ether 3 and 4 are switched, a dhcp server is running on them. This part works fine. Gateway for DHCP clients is 192.168.1.1. I’ve defined this address on interface ether3.
From a client on ether3, I can ping 192.168.1.1, and 85.14.x.y.
Now I want my clients to be able to go on the WAN via the pppoe-client interface. I’m making srcnat :
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=src-nat to-addresses=85.14.x.y src-address=192.168.1.0/24 dst-address=0.0.0.0
1 chain=srcnat action=masquerade src-address=192.168.1.0/24 dst-address=0.0.0.0 out-interface=pppoe-client
but pings still doesn’t pass through.
What am I doing wrong ?
Here is the other important things of my config :
[admin@MikroTik] > ip export
# oct/21/2009 15:32:57 by RouterOS 4.1
# software id = 0FCG-W53L
#
/ip pool
add name=dhcp_pool1 ranges=192.168.1.10-192.168.1.20
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether3 lease-time=3d name=\
dhcp-eth3-data src-address=192.168.1.1
/ip address
add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no interface=ether3 network=192.168.1.0
add address=85.14.x.y/32 broadcast=85.14.162.255 comment="" disabled=yes interface=pppoe-client network=85.14.x.y
/ip dhcp-server config
set store-leases-disk=5m[admin@MikroTik] > ping interface=ether3 address=85.14.162.129
85.14.162.129 ping timeout
2 packets transmitted, 0 packets received, 100% packet loss
/ip dhcp-server network
add address=192.168.1.0/24 comment="" dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=\
208.67.220.220
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=output comment="" disabled=no
add action=accept chain=forward comment="" disabled=no
add action=accept chain=input comment="" disabled=no
/ip firewall nat
add action=src-nat chain=srcnat comment="" disabled=no dst-address=0.0.0.0 src-address=192.168.1.20 to-addresses=85.14.x;y
add action=masquerade chain=srcnat comment="" disabled=no dst-address=0.0.0.0 out-interface=pppoe-client src-address=192.168.1.0/24
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-client scope=30 target-scope=10
[admin@MikroTik] >
thanks for the help !
Rico
Edit : ping works partially ??? :
[admin@MikroTik] > ping address=208.67.222.222 interface=pppoe-client
208.67.222.222 ping timeout
208.67.222.222 ping timeout
3 packets transmitted, 0 packets received, 100% packet loss
[admin@MikroTik] > ping address=208.67.222.222
208.67.222.222 64 byte ping: ttl=56 time=45 ms
208.67.222.222 64 byte ping: ttl=56 time=46 ms
208.67.222.222 64 byte ping: ttl=56 time=46 ms
208.67.222.222 64 byte ping: ttl=56 time=45 ms
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 45/45.5/46 ms
[admin@MikroTik] >
Don’t understand… Works with winbox interface (tools > PING)
