Hi!
I have set my MikroTik as the router instead of the one my ISP gave me.
The configuration is as follows:
[admin@MikroTik Oficina] > export
# jun/14/2017 10:06:43 by RouterOS 6.39.2
# software id = Y8RE-6U8W
#
/interface bridge
add fast-forward=no name=bridgeInvitados
add fast-forward=no name=bridgePrivado
/interface ethernet
set [ find default-name=ether1 ] comment=HGU name=ether1-gateway
set [ find default-name=ether2 ] comment=TIGER name=ether2-master
set [ find default-name=ether3 ] comment="WiFi TP-Link" master-port=ether2-master
set [ find default-name=ether4 ] comment="CRS MikroTik" master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] comment=HT-701 name=ether6-master
set [ find default-name=ether7 ] comment=HT-502 master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] comment="PowerBeam M5" master-port=ether6-master
set [ find default-name=ether10 ] comment="NanoStation M5"
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway keepalive-timeout=60 name=pppoe-out1 password=adslppp user=auser
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC disabled=no frequency=2432 mode=ap-bridge ssid=guestswifi vlan-id=20 wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=-------------
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=passXXXX wpa2-pre-shared-key=-------------
/interface wireless
add disabled=no mac-address=E6:8D:8C:03:0A:1F master-interface=wlan1 name=wlanXXXX security-profile=passXXXX ssid=XXXX wds-cost-range=0-150 wps-mode=disabled
/ip pool
add name=poolprivado ranges=10.0.0.100-10.0.0.254
add name=poolInvitados ranges=192.168.1.100-192.168.1.254
/ip dhcp-server
add address-pool=poolprivado authoritative=after-2sec-delay disabled=no interface=bridgePrivado name=dhcpserver
add address-pool=poolInvitados authoritative=after-2sec-delay disabled=no interface=bridgeInvitados name=dhcpserverInvitados
/interface bridge port
add bridge=bridgePrivado interface=ether6-master
add bridge=bridgeInvitados interface=wlan1
add bridge=bridgePrivado interface=ether10
add bridge=bridgePrivado interface=ether2-master
add bridge=bridgePrivado interface=wlanACSdesk
/ip address
add address=10.0.0.3/24 interface=bridgePrivado network=10.0.0.0
add address=192.168.1.3/24 interface=bridgeInvitados network=192.168.1.0
add address=192.168.0.2/24 interface=ether1-gateway network=192.168.0.0
/ip dhcp-server lease
add address=10.0.0.1 comment=HGU mac-address=D8:FB:5E:1B:97:87 server=dhcpserver
add address=10.0.0.5 always-broadcast=yes client-id=1:24:5e:be:4:75:e3 comment=KasabiaNAS mac-address=24:5E:BE:04:75:E3 server=dhcpserver
add address=10.0.0.6 client-id=1:24:5e:be:4:75:e4 comment="KasabiaNAS 2" mac-address=24:5E:BE:04:75:E4 server=dhcpserver
add address=10.0.0.11 comment=TIGER mac-address=98:DE:D0:02:87:4D server=dhcpserver
add address=10.0.0.2 comment=ArcherC7 mac-address=14:CC:20:E5:94:C6 server=dhcpserver
add address=10.0.0.4 comment="MikroTik Sal\F3n" mac-address=E4:8D:8C:AF:3D:BF server=dhcpserver
add address=10.0.0.3 comment="MikroTik Oficina" mac-address=E4:8D:8C:03:0A:1A server=dhcpserver
add address=10.0.0.10 comment="Epson WF-3520" mac-address=B0:E8:92:04:D5:3E server=dhcpserver
add address=10.0.0.21 comment="OnePlus 3T" mac-address=C0:EE:FB:ED:A2:E0 server=dhcpserver
add address=10.0.0.22 always-broadcast=yes comment="OnePlus One" mac-address=C0:EE:FB:25:E8:61 server=dhcpserver
add address=10.0.0.30 comment=HT-502 mac-address=00:0B:82:39:4D:71 server=dhcpserver
add address=10.0.0.31 comment=HT-701 mac-address=00:0B:82:88:22:68 server=dhcpserver
add address=10.0.0.41 always-broadcast=yes comment=KasabianKast mac-address=F4:F5:D8:0D:67:2E server=dhcpserver
add address=10.0.0.13 comment=WinTIGER mac-address=08:00:27:D2:1D:CB server=dhcpserver
add address=10.0.0.20 comment="iPad Air 2 Sergio" mac-address=04:69:F8:1A:E1:80 server=dhcpserver
add address=10.0.0.23 comment="iPad Mini 4 Annais" mac-address=34:12:98:0F:62:17 server=dhcpserver
add address=10.0.0.54 comment="Odoo Server" mac-address=08:00:27:22:39:1E server=dhcpserver
add address=10.0.0.40 comment="LG 49LH570V-ZD" mac-address=14:C9:13:62:5A:A6 server=dhcpserver
add address=10.0.0.12 comment="Linux Station KasabiaNAS" mac-address=02:00:00:85:D7:90 server=dhcpserver
add address=10.0.0.14 client-id=1:44:6d:57:2b:91:4d comment="Windows Annais WiFi" mac-address=44:6D:57:2B:91:4D server=dhcpserver
add address=10.0.0.15 client-id=1:4:7d:7b:6e:ed:94 comment="Windows Annais Cable" mac-address=04:7D:7B:6E:ED:94 server=dhcpserver
add address=10.0.0.16 client-id=1:78:e4:0:5a:5f:a5 comment="Acer Windows WiFi" mac-address=78:E4:00:5A:5F:A5 server=dhcpserver
add address=10.0.0.7 client-id=1:44:d9:e7:a0:84:6 comment="Ubiquiti NanoStation 1" mac-address=44:D9:E7:A0:84:06 server=dhcpserver
add address=10.0.0.8 client-id=1:4:18:d6:f2:c5:d4 mac-address=04:18:D6:F2:C5:D4 server=dhcpserver
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=208.67.222.220,208.67.222.222 gateway=10.0.0.3 netmask=24
add address=192.168.1.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=192.168.1.3
/ip dns
set servers=208.67.222.220,208.67.222.222
/ip firewall filter
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface=pppoe-out1
add action=drop chain=forward disabled=yes dst-address=192.168.1.0/24 src-address=10.0.0.0/24
add action=drop chain=forward disabled=yes dst-address=10.0.0.0/24 src-address=192.168.1.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=10.0.0.17 to-ports=80
add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-out1 protocol=udp to-addresses=10.0.0.17 to-ports=80
add action=dst-nat chain=dstnat dst-port=8080 in-interface=pppoe-out1 protocol=tcp to-addresses=10.0.0.5 to-ports=80
add action=dst-nat chain=dstnat dst-port=7547 in-interface=pppoe-out1 protocol=tcp to-addresses=10.0.0.17 to-ports=7547
add action=dst-nat chain=dstnat dst-port=7547 in-interface=pppoe-out1 protocol=udp to-addresses=10.0.0.17 to-ports=7547
add action=dst-nat chain=dstnat dst-port=20-22 in-interface=pppoe-out1 protocol=tcp to-addresses=10.0.0.5 to-ports=20-22
add action=dst-nat chain=dstnat dst-port=55000-55539 in-interface=pppoe-out1 protocol=tcp to-addresses=10.0.0.5 to-ports=55000-55539
/ip proxy
set max-cache-size=none parent-proxy=0.0.0.0 port=80 src-address=0.0.0.0
/ip route
add distance=1 gateway=10.0.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=pppoe-out1 type=external
add interface=bridgePrivado type=internal
/lcd
set backlight-timeout=never default-screen=stats time-interval=hour
/lcd interface pages
set 0 interfaces=sfp1,ether1-gateway,ether2-master,ether3,ether4,ether5,ether6-master,ether7,ether8,ether9,ether10
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name="MikroTik Oficina"
/tr069-client
set acs-url=http://10.0.0.17:7547/ enabled=yes periodic-inform-interval=10s
At 10.0.0.5 there’s a QNAP
At 10.0.0.17 there’s a statically assigned IP (by itself) VirtualBox guest machine, in Debian, with an ACS server (that’s why I want to redirect to port 7547)
There’s a webserver at 10.0.0.17 and I can access it via LAN, but not outside. I can ping to the MikroTik in the outside but I don’t know exactly what is failing in order to the MikroTik to not forward the packets.
One thing I’ve noticed is that tr069-client is not working in LAN. I’ve connected some TR069-clients in LAN and they are connecting to the server at 10.0.0.17, but I can’t get the MikroTik to reach 10.0.0.17 (although I can ping to 10.0.0.17 from the mikrotik itself)
Thank you!
EDIT: Forwarding is not working to 10.0.0.5 either