Hello
I'm a beginner in Mikrotik, I've just started to learn it.
I work with Mikrotik RG751.
I setup hotspot correctly and it's working, after that I configure NAT and route for connecting Internet.
I have this configuration:
ether-local: 192.168.200.1/24 ,On port 2 of mikrotik
ether-gw: 192.168.10.1/24 ,On port 3 of mikrotik and also I tried it on PoE port

I setup NAT in firewall and set
Chain : srcnat
Out.Interface : ether-gw
Action : Masquerade

and also create Route
Dst.Address : 0.0.0.0/0
Gateway : 192.168.10.1
and next I connect a network cable from gw port to one of router ports.

but unfortunately I get an "unreachable" error!
why? What's the problem? Should I need to configure anything else?

please help
thanks.
Pink-hat

Can you post an export of your config?

Actually I work with winbox and without CLI!

No shame in using Winbox

Just open a terminal in Winbox and copy the following line

export hide-sensitive file=Config-Export

The you will have a file that is named Config-Export.rsc which you can open with a good text editor (not notepad!!!)
Copy that test in here.

However I’m confused. You have set 192.168.10.1/24 on ether-gw interface and when you add a default route with gateway 192.168.10.1 that means that you have added default route to your own interface IP. The gateway should be on the same subnet but a different IP. How do you communicate with the outside world and what is ether-gw connected to?

Yes, you can’t set the gateway to be the interface address. It needs to be the upstream gateway.

thanks but
My terminal is empty! How can I fix it?!
I can’t find a Config-Export.rsc file! where do I find it?

I change my ip for gw in route in 192.168.10.2 ,then I didn’t get unreachable error , it’s fixed but I still don’t have any internet for my user.

How are you suppose to get internet? What are you connected to on ether-gw?

I connected a network cable from ether-gw to my router!

Did you get a file under files in Winbox that you can drag to the desktop so we can see the config?
Also can you provide how the router that you are connecting to is configured?

I downloaded the file but it’s a long file!
Should I copy and paste everything here? Or I have to upload it somewhere?

Just copy in here by using code as forum option.
Also have a look over to verify that you don’t paste something that should not be here

jan/02/1970 00:09:17 by RouterOS 5.8

software id = IJ84-XILK

/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600
mac-address=00:0C:42:E4:82:5C mtu=1500 name=ether-gw speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:E4:82:5D
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:E4:82:5E
master-port=none mtu=1500 name=ether-local speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:E4:82:5F
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:E4:82:60
master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers=
aes-ccm group-key-update=5m interim-update=0s management-protection=
disabled mode=none name=default radius-eap-accounting=no
radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=
disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=
none static-sta-private-algo=none static-transmit-key=key-0
supplicant-identity=MikroTik tls-certificate=none tls-mode=
no-certificates unicast-ciphers=aes-ccm
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0
antenna-mode=ant-a area="" arp=enabled band=2ghz-b basic-rates-a/g=6Mbps
basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz compression=
no country=no_country_set default-ap-tx-limit=0 default-authentication=
yes default-client-tx-limit=0 default-forwarding=yes dfs-mode=none
disable-running-check=no disabled=yes disconnect-timeout=3s distance=
dynamic frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower
frequency-offset=0 hide-ssid=no ht-ampdu-priorities=0 ht-amsdu-limit=8192
ht-amsdu-threshold=8192 ht-basic-mcs=
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any
ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,
mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,
mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" ht-txchains=0
hw-fragmentation-threshold=disabled hw-protection-mode=none
hw-protection-threshold=0 hw-retries=7 mac-address=00:0C:42:E4:82:61
max-station-count=2007 mode=station mtu=1500 name=wlan1
noise-floor-threshold=default nv2-cell-radius=30 nv2-noise-floor-offset=
default nv2-qos=default nv2-queue-count=2 nv2-security=disabled
on-fail-retry-time=100ms periodic-calibration=default
periodic-calibration-interval=60 preamble-mode=both
proprietary-extensions=post-2.9.25 radio-name=000C42E48261
rate-selection=legacy rate-set=default scan-list=default
security-profile=default ssid=MikroTik station-bridge-clone-mac=
00:00:00:00:00:00 supported-rates-a/g=
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=
1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default
update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=
none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled
wireless-protocol=unspecified wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9M
bps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:
17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,H
T40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-
7:17"
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=
3200 framer-policy=none
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no
use-radius=no
add dns-name=mahdis.hotspot hotspot-address=192.168.200.1 html-directory=
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=
cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0
split-user-domain=no use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=
1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m
name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.200.40-192.168.200.100
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=
static disabled=no interface=ether-local lease-time=3d name=dhcp1
/ip hotspot
add address-pool=dhcp_pool1 addresses-per-mac=2 disabled=no idle-timeout=5m
interface=ether-local keepalive-timeout=none name=hotspot1 profile=
hsprof1
/ppp profile
set default change-tcp-mss=yes name=default only-one=default use-compression=
default use-encryption=default use-mpls=default use-vj-compression=
default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=
default use-compression=default use-encryption=yes use-mpls=default
use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=
5
set only-hardware-queue kind=none name=only-hardware-queue
set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=
multi-queue-ethernet-default
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no
ignore-as-path-len=no name=default out-filter="" redistribute-connected=
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=
auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=
default
/snmp
set contact="" enabled=no engine-id="" location="" trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-protocol=MD5 encryption-protocol=
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0
syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=
400MHz force-backup-booter=no silent-boot=no
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=
400MHz force-backup-booter=no silent-boot=no
/tool user-manager profile
add name=First name-for-users="" override-shared-users=unlimited price=0
starts-at=now validity=0s
/tool user-manager profile limitation
add address-list="" download-limit=20000B group-name="" ip-pool="" name=
limit1 transfer-limit=20000B upload-limit=0B uptime-limit=0s
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w
eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa
ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,
winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
/interface ethernet switch port
set ether2 vlan-header=leave-as-is vlan-mode=fallback
set ether-local vlan-header=leave-as-is vlan-mode=fallback
set ether4 vlan-header=leave-as-is vlan-mode=fallback
set ether5 vlan-header=leave-as-is vlan-mode=fallback
set switch1_cpu vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=
default enabled=no keepalive-timeout=60 mac-address=FE:12:FA:C8:2A:6A
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=
disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.200.1/24 disabled=no interface=ether-local network=
192.168.200.0
add address=192.168.10.1/24 disabled=no interface=ether-gw network=
192.168.10.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.200.0/24 gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 servers=4.2.2.4,8.8.8.8
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network"
disabled=no src-address=192.168.200.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether-gw
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add disabled=no name=mahdis profile=default
/ip neighbor discovery
set wlan1 disabled=yes
set ether-gw disabled=no
set ether2 disabled=no
set ether-local disabled=no
set ether4 disabled=no
set ether5 disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0
parent-proxy-port=0 port=8080 serialize-connections=no src-address=
0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.10.2 scope=
30 target-scope=10
/ip service
set telnet disabled=no port=23
set ftp disabled=no port=21
set www disabled=no port=80
set ssh disabled=no port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set forwarding-enabled=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0
use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set wlan1 queue=wireless-default
set ether-gw queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether-local queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set all disabled=no interface=all interval=0.2sec min-rx=0.2sec multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m
gateway-selection=no-gateway origination-interval=5s preferred-gateway=
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=no redistribute-ospf=no redistribute-static=no
routing-table=main timeout-timer=3m update-timer=30s
/store
add disabled=no disk=system name=user-manager1 type=user-manager
add disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=
"jan/01/1970 00:00:00" time-zone=+00:00
/system health
set
/system identity
set name=MikroTik
/system leds
add disabled=no leds=wlan-led type=wireless-status
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set (unknown) disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no
/tool sniffer
set file-limit=1000KiB file-name="" filter-stream=yes interface=all
memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=
no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin parent=admin
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no time-zone=-00:00
/tool user-manager profile profile-limitation
add from-time=0s limitation=limit1 profile=First till-time=23h59m59s
weekdays=sunday,monday,tuesday,friday,saturday
/tool user-manager user
add customer=admin disabled=no first-name=Guest last-name=1 location=Guest
name=guest_user shared-users=1 wireless-enc-algo=none wireless-enc-key=""
wireless-psk=""
add customer=admin disabled=no name=mamad shared-users=1 wireless-enc-algo=
none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no name=mamad1 shared-users=unlimited
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no

What device is connected to ether-gw? What is IP address of that device?

For example if that device has IP address 192.168.9.1, you need to setup address on ether-gw 192.168.9.2/24 and your gateway needs to be 192.168.9.1.

Thank you Locodog
It’s working . I got it.