routing not succeeding

RouterOS Beginner Basics
1

I have installed my router on my existing network to learn how to set it up.

My normal LAN is 192.160.0.0 and the routers address is 192.168.0.1

The mikrotik router interface 1 is set up as “WAN” 192.168.0.200/24 and connected to my network. on interface 2 “LAN_1” is defined a second network 192.168.10.0 router address 192.168.10.254

From my normal network I am able to ping the mikrotik router on 192.168.0.200. However, from a PC connected to the mikrotik router fixed IP 192.168.10.10 I can see anything behind the router. scrnat is setup as descriped in the quick set up guide and I thought the logic were:

the scrnat would route everything to the interface 1 “WAN” and give me access to my normal LAN and the GW 192.168.0.1 would give me access to my internet.

I can’t figure out what’s missing so I will be my LAN and the internet from the pc on 192.168.10.10 through my first router 192.168.0.1

Please give me a hand.

rgs Pilgrim
Clipboard01.jpg

2

Greetings!

The router at 192.168.0.1 is a separate router? Is it also MikroTik?
The challenge is the 192.168.10.x net. Your core router (mom) does not know how to find that network.
If the core router was a MikroTik router, then on that router:
/ip route add gateway=192.168.0.200 dst-address=192.168.10.0/24
Do a
/ip route print
and hopefully it will show a ’ r ’ and not a ’ u ’ in front of the gateway IP.

EDIT: My bad. I see you have the 192.168.10.x net masqueraded as WAN. Let me check further…maybe NOT! Is that an “X” in front of the nat rule?

3

Thanks :slight_smile:

The mother router is a D-Link 624.

The X in front of the scrnat is not exactly an X it's kind of symbol I am not sure what it means. Maybe it is an X, but it just don't look like a normal X.

I tried the the setup using telnet.

rgs Pilgrim


[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.0.200/24 192.168.0.0 192.168.0.255 WAN
1 192.168.10.254/24 192.168.10.0 192.168.10.255 LAN_1

[admin@MikroTik] ip route> print
Flags: B - blackhole, U - unreachable, P - prohibit, X - disabled, A - active,
D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf

DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE

0 A S 0.0.0.0/0 r 192.168.0.1 1 WAN
1 ADC 192.168.0.0/24 192.168.0.200 0 WAN
2 ADC 192.168.10.0/24 192.168.10.254 0 LAN_1

[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=scrnat action=masquerade out-interface=WAN

4

Can you ping from the localnet (192.168.10.10) through the MikroTik router to the D-Link (192.168.0.1)?
Can you ping from localnet to your public IP?
Do you have dns set up?
Do you have a dhcp server on localnet?

5

from 192.168.0.100 I can ping 192.168.0.200 (the mikrotik router interface 1 “WAN”)

I can’t ping anything on 192.168.0.X from 192.168.10.10 (pc connected to the interrface 2 “LAN_1”)

rgs Pilgrim

6

How did the computer at 192.168.10.10 get its IP/gateway/dns info?
Insure your gateway on that computer is set to 192.168.10.254

7

I havn’t tried to set up the DHCP yet, so I set up the network connection in the pc with a fixed IP 192.168.10.10 sn 255.255.255.0 and gw 192.168.10.254

rgs Pilgrim

8

You CAN ping 192.168.10.254, right?
Are there any entries in
/ip firewall filter
or
/int bridge

9

No problem to ping 192.168.10.254 from 192.168.10.10

I have no entries firewall rules eller brigde

rgs Pilgrim

10

I presume this is an RB450? A five ethernet port device anyway.
The first port on the router is LAN_1, connected to your computer.
The second is WAN, connected to the D-Link.
The rest are empty?

11

Correct it is the miniRouter board RB 450.

Interface 1: Is the “WAN” port connected to the D-link over a switch (my pc 192.168.0.100 is on the same switch)
Interface 2: Is the “LAN_1” port connected to PC 2 (192.168.10.10)
Interface 3 through 5: not in use

rgs Pilgrim

12

No. That is NOT what your setup says. Your setup says you should have your computer in port 1 and the D-Link in port 2!

13

:open_mouth: please help me to check again.

The interface is marked on the cabinet as ether 1 through ether 5. When I print the addresses it looks like this:
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.0.200/24 192.168.0.0 192.168.0.255 WAN
1 192.168.10.254/24 192.168.10.0 192.168.10.255 LAN_1

I don't know if I interpretate the print our correctly from telnet but I figured interface # 0 is the marked "ether 1" on the cabinet and Interface #1 is "Ether 2"

My structure looks like in attached (applogies for the quality - I made it in a rush)

rgs Pilgrim

lan structure.jpg
lan structure.jpg489×355 13.5 KB

14

I just checked looking at the interfaces live in winbox and the pulling the cables out. D-Link is for sure on the interface named “WAN”

I winbox I just discovered another thing. The X we talked about before I could remove by cliking on # above and it now looks like this.

rgs Pilgrim
Clipboard01.jpg

15

All is well if your computer is in port 1 and the D-Link is in port 2, and th rest are empty. That is what your WinBox Interface List says above ^

16

I think it is just looks this way in because in my winbox the list is sorted in alphabetic order. I tried to rename ether 5 to A_renmae_ether 5 and it jumped from bottom to the top of the list. It attached I have disconnected all cables except the cable from the D-Link in port 1 (interface named “WAN”) and it is the only on active.

Just to be sure I tried to switch around the cables D-link in port 2 and pc in port 1. I didn’t help and I am also not able to ping the mikrotik router from 192.168.0.100 anymore.

The problem must be somewhere around your first assumption concerning the scrnat. I am not sure it is active.

rgs Pilgrim
Clipboard01.jpg

17

My bad on the list. That is why I don’t use WinBox. CLI is much more reliable for list order.