Hello everybody,
I am new to this forum as I am stuck pure internal routing to avoid double natting. I was able to set up another MikroTik router succesfully but there it is double natting.
As I have searched already through this forum and even on the Internet, but was not able to find a solution, I try to figure out here what I am doing wrong.
So, let me describe my situation:
I do have a fully working ISP-DSL router doing the NAT. Now I want to set up several internal networks behind it that, depending on future firewall rules, may access each other or not. In any case all of them should be able to access the Internet.
Here my rough network overview:
Internet <-> ISP-DSL router doing NAT (fully working) 192.168.252.1/24 <-> 192.168.252.1/24 Mikrotik 3011 (ether2) <-/PROBLEM/-> 192.168.100.254/24 (ether3) <-> 192.168.100.253 PC via DHCP from Mikrotik
(sorry I am not good in drawing)
My system is a:
System description:
Mikrotik RouterBOARD 3011UiAS
Firmware: 6.44
Packages: 6.44
In order to reproduce my situation / What I did:
Preparation:
Reset-Configuration without setting default-configuration
Then set:
/ip address
add address=192.168.100.254/24 interface=ether3 network=192.168.100.0
add address=192.168.252.1/24 interface=ether2 network=192.168.252.0
/ip pool
add name=dhcp_pool0 ranges=192.168.100.1-192.168.100.253
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether3 name=dhcp1
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=8.8.8.8 gateway=192.168.100.254
/ip route
add distance=1 gateway=192.168.252.254
Then checking the routes:
/ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.252.254 1
1 ADC 192.168.100.0/24 192.168.100.254 ether3 0
2 ADC 192.168.252.0/24 192.168.252.1 ether2 0
up to now, everything looks fine, as far as I can see, doesn't it?
When pinging from the RB itself Internet connection is fine:
ping
address: 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 122 7ms
1 8.8.8.8 56 122 5ms
2 8.8.8.8 56 122 6ms
3 8.8.8.8 56 122 6ms
4 8.8.8.8 56 122 6ms
5 8.8.8.8 56 122 6ms
sent=6 received=6 packet-loss=0% min-rtt=5ms avg-rtt=6ms max-rtt=7ms
Now to my problem:
When doing the same from the connected PC (at the same moment used to access the router via WinBox):
C:\Users\xxx>ping 8.8.8.8
Ping wird ausgeführt für 8.8.8.8 mit 32 Bytes Daten:
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Ping-Statistik für 8.8.8.8:
Pakete: Gesendet = 4, Empfangen = 0, Verloren = 4
(100% Verlust)
=> 100% LOSS!
Just to note: This happens whatever ether ports I use.
And finally: If I use the default configuration of the RB, connection is no problem at all but then there is double NAT active. Which is the point I want to avoid.
Anybody out there who may help me?
Thank you in advance.
Best regards
