RB150Router / Migrating from D-Link / N00b Warning ;)

Oh crap…

I am a GUI guy. What is not thoroughly explained in the visible Interface, I will most likely never bother to use, or find out how to use. Call it the Microsoft effect or whatever. Sorry, but true. So far.
After looking around a bit I decided upon some (IMO) heavy stuff to control my home network. I also need to learn so I figure that while I learn setting up my net, I will have use for at work. A common and simple approach that has served me well so far.

So I got this router and downloaded Winbox. Then I downloaded the manual. And started Winbox. Hmmm…“where can I do this”…“where do I do that”…“must be a simpler explanation”…“manual only refers to commands!!!”…HOKAY. I am in waaaay over my head.

Eventually I will figure it out, but I find so many features and functions that I do not know anything about (and I seriously mean ZERO knowledge) that I do not even dare touch the stuff. I am happy the internet is working. Maybe I should rephrase “happy” with “lucky”…

As you can see I have two options:

• reinsert my D-Link Router (which basically sucks but I can do some stuff in it knowing what I am doing)
• start a flak fire of questions here and require explanations that imply [Click there, fill in that value there and hit that button]

I am giving the latter a chance. Sorry Mikrotik. Do not mean to bother you with my incompetence, but your manual and interface approach asks for it.

Task 1
Change the default gateway and IP range of my network
Why? Cause I want to.
The default gateway is 192.168.88.1. The distributed IP’s range is a mystery. I do not understand why it says 192.168.88.1/24. What does the /24 stand for?
So how do I change the default to 192.168.99.100 with a range up to 192.168.99.110? Under DHCP Server? So what is IP ARP? Should I set my default values there instead? What does broadcast mean in that context?

Task 2
Port forwarding to DDNS and firewall ruling.
This should be pretty simple. After all I have done it many times. On the D-Link. But when I look it up, again, 90% stuff I do not understand or even know whether I should use it or not. I read the Firewall and QoS chapters several times but I cant figure it out. Service ports? Well, yes I grasp the basic concept, but does it mean that if I list one port there it would be open for the entire network? And why so many options…?

Quick Setup Guide
To add a firewall rule which drops all TCP packets that are destined to port 135 and going through the router, use the following command:

/ip firewall filter add chain=forward dst-port=135 protocol=tcp action=drop

To deny acces to the router via Telnet (protocol TCP, port 23), type the following command:

/ip firewall filter add chain=input protocol=tcp dst-port=23 action=drop

To only allow not more than 5 simultaneous connections from each of the clients, do the following:

/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

That above is pretty clear and I managed to find the correct settings in the Firewall to actually believe it was correctly set up, but what if I want to specify that all connections from a certain local IP via the port 4455 are to be trusted regardless of protocol?
The DDNS has its own little application, it seems. But I can not find it. The tool dns-update command works, but I fail to see if it stores any information to be used by the router anywhere.

sigh…I rest for now. So who votes for my D-Link?

Welcome to the complicated but exciting world of Mikrotik Routing! As you have just thrown yourself into the deep end of the swimming pool, let’s see if we can help you before you drown!

Configuring the Mikrotik is nothing like setting up a Dlink, where everything has already been designed for you and they then leave you with a very simple interface to just change a few settings or switch some things on and off. With the Mikrotik OS, you really are setting up everything yourself.

Out of the box, new routerboards are supplied with a default setup with the IP address and subnet range of 192.168.88.1/255.255.255.0 on ether1. Or 192.168.88.1/24 (same thing, just a different way of writing it). This enables ‘noobies’ to get connected and start having a look around the settings.

When you ran Winbox, it pop ups with the information above and offerred you the chance to delete those settings and return the routerboard to a truly blank setting. What you want to do is up to you! You chose to leave the settings alone. The settings are actually configured by a script that runs when it booted. You could have also chosen to delete that script and truly make the settings blank on your next reboot. I suggest that you do that once you’ve got a plan together of what you what to do with it. I.e. which ether port will be for what, which ether port will have a dhcp server, what the network IP addresses will be etc. IP addresses of DNS servers, default gateways etc.

I am guessing you want a router/firewall/dhcp server? I am also assuming you already have a further upstream ADSL or cable modem which actually does the authenticated connection to the internet?

In which case, I suggest you read up on the wikis. These may help.

Upgrade to latest software
http://wiki.mikrotik.com/wiki/Upgrading_RouterOS

Firewall / Securing router
http://wiki.mikrotik.com/wiki/Securing_New_RouterOs_Router

Setting up a DHCP Server for clients on private LAN side
http://www.mikrotik.com/testdocs/ros/2.9/ip/dhcp.php

Setting up masquerading so that internal users can connect to the internet
http://www.mikrotik.com/testdocs/ros/2.9/ip/nat_content.php#6.36.3.2
http://wiki.mikrotik.com/wiki/How_to_link_Public_addresses_to_Local_ones


Have fun playing and use the backup/restore facility! (Files Menu) Then you can backup as you go along and if something stops working or you make a mistake, you can roll it back to a previous backup very easily.

Ron

I have been through some of the Wikis as well. When an applications manual in a PDF exceeds 20 pages, I get worried. RouterOS is astonishing 700+ pages.

Let me check versions…Webbox is 3.20, Winbox is 2.2.14 (the loader) and Winbox 3.20. There is no information indicating anything else that I can find.

When you ran Winbox, it pop ups with the information above and offerred you the chance to delete those settings and return the routerboard to a truly blank setting.

No it did not.
That may of course be due to many things, among others that I run it on WXP Pro 64-bit. Any compatibility issues there?

Your assumptions are correct. I foresee some frustration in the near future and intermittent internet connections failures. (And my family urging me to reimplement the D-Link…).

Nest. Your answer is good and very well written. Just the right tone. No, I will not hire you.

WXP Pro 64-bit. Any compatibility issues there?

Nope!

No, I will not hire you

Wasn’t suggesting you would/should!

The manual is 700+pages because you are ‘playing with’ a very complex piece of software that requires some good knowledge of TCP/IP and more importantly, routing.

You may also find the following training materials useful
http://training.mikrotik.com/course/view.php?id=2
and how about a little test of your knowledge of TCPIP?
http://training.mikrotik.com/course/enrol.php?id=6

Re: Versions. You only need to download the latest package for your Routerboard, see http://www.mikrotik.com/download.html. Currently it is v3.22

Ron.

the version will not change so much, for a simple setup. v3.20 is good enough.

Actually I downloaded and tried an upgrade to 3.22 but Winbox claimed that was no upgrade.

Did I mention I am a software upgrade freak, always looking for latest stable newer versions…

download the right package type (routerboard 100 series probably). just drag the one package (routeros) to the winbox files menu. that’s all. then reboot.

Small correction, when I said Winbox I meant Webbox. The web interface of the Router.

Use winbox for upgrading, not webbox. See the training materials I gave you the links to.

Ron

So when I came home a few minutes ago Internet was down. AFAIK there was nothing that could have affected it during my absence at work.

Quickest solution turned out to be plugging in the D-Link again. Everything worked fine within minutes.
Please note the Mikrotik router was running default. Nothing changed. A poweroff and reboot did not help.

Hey, welcome to the dark side! It’s exciting to see people are willingly getting into this just for the fun of it!

The router you have just bought has a very nice GUI which fools you into believing it’s a simple Next>Next>Next>Finish type of platform… that’s very far from the truth. It’s an extremely powerful piece of networking equipment which has been growing over the years…and is still growing now! It is built to compete with the likes of Cisco (the big, ugly, noisy expensive stuff, not Linksys! ) and in fact most of the features you will find in RouterOS can only be found on very expensive ISP network equipment. You can’t even begin to compare RouterOS with your D-Link

I hope I didn’t put you off. Once you get the hang of what’s going on, it’s surprisingly very easy to use. But reading your original text asking…

… tells me you do need a little bit of training to get you around the basics. You’ll find a lot of us geeks helping you out here, but you need to help yourself first. Go to http://training.mikrotik.com and participate in one of the Essentials training courses to get started (At your level I would avoid the online training, as you seem to need some hand holding), then use the documentation and experiment around to get used to the more advanced features.

Finally, if the D-Link suits your needs at home, by all means keep using it, but don’t give up on RouterOS as knowing how to use it well opens up all sorts of possibilities career-wise.

Good luck!

No you do not put me off. I need to readup to solve this. That much I realize.

as you seem to need some hand holding

MUMMY!?

Jokes aside, theory and practice does not go very well hand in hand. I co-manage one of northern Europes largest corporate networks, for one of the worlds largest car manufacturers, but in front of the RouterOS I realize how little I really now. A lesson in humility.

Happens to me each time I see a Linux prompt…

I co-manage one of northern Europes largest corporate networks

What software/hardware do you use?
I work with linux and routerOS and there is many similarities. It was easy to get the point on routerOS after linux.

Windows/Java on HP/Cisco hardware environment. 100%.
But this issue is not related to that.

Its for home and as useful training. There I use a mix of hardware and Microsoft OS.