Hello. Love the speed and efficiency of routerOS.

Ubuntu on local computer
Raspberry pi running Raspbian GNU/Linux 12 (bookworm) Architecture: arm

Mikrotik sxt assigned ip in 10.0.0.0 range by a community mesh network but local raspberry pihole assigned 192.168.60.xx range.
I can’t get them to work together.

The pihole runs dns querries for the local network in 192.168.60.xx range.

It was suggested to not change the internal local network to the 10.0.0.0 range because bad actors in the 10.0.0.0 range could potentialy gain access to internal network.

Suggestions on how to make them play nice together?

Thank you.

a picture is helpful got a network diagram.
also current config.

Duh!
Forgot to mention the most obvious and important piece of information: the mikrotik is not connected to the home network router - duh! and that’s why I’m in the beginner’s basic.

Clearly the mikrotik and pihole can’t play nice because they don’t know about each other. When I want to use the Mikrotik I hardwire the cable from the SXT on the roof to the computer - bypassing router. Whereas, the pihole is plugged into the router and the computer is plugged into the router when I do use the pihole succesfully.

Router: 192.168.20.1
Pihole: 192.168.20.2

When computer is plugged into roof cable:
10.101.24.142 netmask 255.255.255.192 broadcast 10.101.24.162

In Rouer:
I can Manually Assigned IP around the DHCP and manually assign dns servers.
I can manually enable NAT on/off
I can Enable DNSSEC support
I can forward local domain queries to upstream DNS
I can Enable DNS Rebind protection
I can enable on/off Validate unsigned DNSSEC replies
I can enable/disable DNS Privacy Protocol

Tell me what I can tell you to get this working.

Anyone? If not administrator please delete this post - I’ll look elsewhere.

thank you.

I don’t think anyone can understand fully your current setup from your description of it.
If you could post a simple network diagram (even a picture of a hand drawn one would do) and a copy of your current configuration on the MIkrotik, someone may be able to help you.
To post the configuration follow this:
http://forum.mikrotik.com/t/forum-rules/173010/1

Is the SXT the only Mikrotik device involved?
Is there a switch (managed or unmanaged) involved?
Which make/model is the device you call “router”?

Did I say I was not interested. I asked for more information to better understand what you attempted to describe.
Now that jaclaz is on the case, I am sure he will attempt to resolve your query. I tried, and was ignored.
Moving on to help others.

I think jaclaz is merely attempting to understand the problem and setup, from that to attempting to solve it there is a long way.
The risk of appearing ultracrepidarian[1] is not to be underestimated.

[1] You know, I’ve always liked that word… ‘ultracrepidarian’… so rarely have an opportunity to use it in a sentence.

Bollocks, I think it will become quite familiar in your repertoire!

Not knowing what it means, the sentence seems to imply “timid” which is not what I would have used to describe your qualities.

See attached image. The 10.x.x.x mikrotik range cannot be changed and I prefer not to change the router ip assignet as I use it to go back and forth between two sources of internet connectivity.

I hope the below helps:

export hide-sensitive

jun/03/2024 12:56:32 by RouterOS 6.49.14

software id = 0QCX-3X33

model = RouterBOARD SXTsq G-5acD

serial number = 899008273C63

/interface bridge
add fast-forward=no name=local
add fast-forward=no name=mesh protocol-mode=none
add fast-forward=no name=wds protocol-mode=none
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=dynamic-keys name=bostonmeshnet supplicant-identity=bostonmesh
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee comment="uses bostonmesh-1025-omni via mesh bridge" country="united states3" disabled=no frequency=9584 installation=
any mode=station-bridge radio-name=bostonmesh-9584-sxt security-profile=bostonmeshnet ssid=bostonmesh-48-omni wireless-protocol=802.11 wps-mode=disabled
/interface wireless manual-tx-power-table
set wlan1 comment="uses bostonmesh-1025-omni via mesh bridge"
/interface wireless nstreme
set wlan1 comment="uses bostonmesh-1025-omni via mesh bridge"
/ip pool
add name=local ranges=10.101.24.134-10.101.24.185
/ip dhcp-server
add address-pool=local disabled=no interface=local name=localdhcp
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-1 router-id=10.69.52.118
/interface bridge filter
add action=drop chain=forward in-bridge=mesh
add action=drop chain=forward in-bridge=wds
/interface bridge port
add bridge=local interface=ether1
add bridge=mesh interface=wlan1
add bridge=wds interface=dynamic internal-path-cost=100 path-cost=100
/interface bridge settings
set use-ip-firewall=yes
/interface wireless connect-list
add allow-signal-out-of-range=3s disabled=yes interface=wlan1 security-profile=bostonmeshnet signal-range=-75..120
add connect=no disabled=yes interface=wlan1 security-profile=bostonmeshnet signal-range=-120..-75
/ip address
add address=10.101.24.129/26 interface=local network=10.101.24.128
add address=10.69.52.118/16 interface=mesh network=10.69.0.0
add address=10.68.52.118/16 interface=wds network=10.68.0.0
/ip dhcp-server network
add address=10.101.24.128/26 dns-server=10.10.10.10,10.101.24.129 gateway=10.101.24.129 netmask=26
/ip dns
set allow-remote-requests=yes servers=10.10.10.10,1.1.1.1
/ip firewall address-list
add address=10.0.0.0/8 list=meshaddr
add address=199.167.59.0/24 list=meshaddr
add address=199.170.132.0/24 list=meshaddr
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=53 protocol=udp
add action=accept chain=input connection-state=established,related
add action=drop chain=input src-address-list=!meshaddr
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/routing filter
add chain=ospf-in set-bgp-communities=65000:110 set-distance=205
/routing ospf interface
add interface=mesh network-type=ptmp
add cost=30 interface=wds network-type=ptmp
/routing ospf network
add area=backbone network=10.69.0.0/16
add area=backbone network=10.68.0.0/16
/snmp
set enabled=yes
/system clock
set time-zone-name=America/Boston
/system identity
set name=bostonmesh-9584-sxt
/system ntp client
set enabled=yes primary-ntp=10.10.10.123 server-dns-names=0.pool.ntp.org

diagram.jpg1359×3471 542 KB

Good, now your setup is more clear.
The Sxt is basically setup as a switch/bridge, right?
The device “router” is where the “magic” should happen if you cannot or don’t want to change configuration on the Sxt.
So, which make/model is the “router”?
Which device is running the DHCP server on the LAN (192.168.x.x) and which DNS address is provided?

Thank you so much.

Asus Dual Band issuing dhcp to pc and raspberry pi.

Local pc running Ubuntu with network manager also allows setting dns.

I currently set the dns in network manager to the raspberry pi pihole.

Maybe the problem lies with this PC network manager, then?
Or the pihole getting its address from the Asus DHCP server?
AFAIK normally the running DHCP server on the LAN would provide the pihole address as DNS and the pihole would have a static IP configured.
If the router was a Mikrotik there could be more options, see:
http://forum.mikrotik.com/t/how-to-configure-mikrotik-for-pi-hole-with-automatic-failover/175498/1
But I think you have only option 1 available in your setup with the Asus.
From what I understand, in a situation like yours it would be possible (if we are freed of the limitation/costraints) and simpler to use the Sxt as a router and the Asus as a switch (or replace it with a switch) still it should work also “as is” with an appropriate configuration of the Asus and of the pihole.

wouldn’t the problem be that you have two different networks using one router.

I haven’t yet tried to see if pluging the 192.x.x.x. network (which has the pihole) into the router TOGETHER WITH the 10.x.x.x sxt plugged into the router simultaneously knowing that they are seperate asisgnments/IPs ranges. . . and therefore will not communicate - isn’t that so?

Re: current pihole settings - I have to input into the network manager that my dns is the pihole device otherwise it won’t ad block. And if I do, then revert the network manager back to say 1.1.1.1 I still get working connections just with the advertisments. So network manager seems to be doing it’s job.

Then I am completely missing what the problem is.
You have a 10.x.x.x network which is WAN and a 192.168.x.x which is LAN connected to a router, which should allow LAN to access WAN and internet (i.e. route between the two) It seems normal to me.

Yes! SOLVED!

Thanks for everyone’s input.

Good.
It would be interesting to know how it was solved, but the main thing is that it works now.

As a side and more generic note , for anyone coming here in search of a solution for similar problems, sometimes even the mere acts of downloading (and checking) the configuration, drawing a network schematics and describing the setup, explaining and discussing it, are enough to understand where an issue might be.