Two seperate newtorks Both DHCP.

molesza · March 9, 2014, 8:10am

The scenario is as follows.

A mikrotik with DHCP server 192.168.0.1 in one building.
A mikrotik without DHCP on 192.168.0.21 in another building with multiple PC’s connected to it.

All the PC’s connected to 192.168.1.21 get there ip address from 192.168.1.1. So effectively its one big network on the 192.168.0.0

Ubiquiti Wireless nanobridge (192.168.1.11) is connected via lan to 192.168.1.21 in port 2 and is wirelessly connected to 192.168.1.1 via another ubiquiti nanobridge also in port 2.

What I would like to do is create a different subnet and have the 192.168.1.21 mikrotik change to 10.0.0.2 and provide DHCP to all of the devices directly connected to it via ports 3-5.

I dont want 192.168.1.0 range to be able to talk or broadcast to the 10.0.0.0 range. EXCEPT that all PC’s should be able to access a ONE pc on the new subnet. This device IP will be 10.0.0.52. This device should also be able to reach ALL 192.168.1.0 devices.

Both mikrotiks have their own DSL connection and dial out over PPPOE to a bridged modem.

So basically I would like to have the 10.0.0.0 range seperate from the 192.168.0.0 range except for allowing access to 10.0.0.52 and if the internet should fail on 10.0.0.0 range then it should failover to the 192.168.1.1 gateway. Although if someone cant answer the load balancing I would very much like to just get the two subnets working and solve the gateway issue later.

Thanks!

efaden · March 9, 2014, 12:26pm

Setup a bridge with the ports you want, add your dhcp server to it.. Use a firewall to block the traffic you don’t want, and then configure your routes such that you have your main default and then a backup default.

Sent from my SCH-I545 using Tapatalk

molesza · March 9, 2014, 8:58pm

Without trying to sound disrespectful, all you have done is explained my answer in English. I could do the same. I need someone to explain it in mikrotik. You have answered my question perfectly with everything required without helping me through the language of mikrotik. I thank you for your reply but need help implementing it on my rb750.

efaden · March 10, 2014, 11:36am

I can fill it out when I get on my laptop. I just can’t type that much on my phone. When I get to my laptop this afternoon I’ll post some more details.

Post your export so I can see exactly what your starting with.

Sent from my SCH-I545 using Tapatalk

molesza · March 11, 2014, 9:35am

Thanks. I appreciate your help. I have attached the export file.

edit : removed because of sensitive information

efaden · March 11, 2014, 3:08pm

This is a start… this doesn’t load balance or anything… just uses pppoe out as its internet connection and the firewall allows everything. You can modify to do exactly what you want.
/interface bridge
add name=bridge-remote
add name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-remote
set [ find default-name=ether3 ] name=ether3-slave-master-local
set [ find default-name=ether4 ] master-port=ether3-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether3-master-local name=ether5-slave-local

/interface bridge port
add bridge=bridge-local interface=ether3-master-local
add bridge=bridge-local interface=wlan1

add bridge=bridge-remote interface=ether2-remote

/ip pool
add name=local-pool ranges=10.0.0.100-10.0.0.254

/ip dhcp-server
add address-pool=local-pool disabled=no interface=bridge-local name=local-dhcp

/interface pppoe-client
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2
default-route-distance=1 dial-on-demand=no disabled=no interface=ether1-gateway
keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=disabled name=
pppoe-out1 password=*********** profile=default service-name=“”
use-peer-dns=yes user=***************

/ip address
add address=10.0.0.1/24 interface=bridge-local network=10.0.0.0
add address=192.168.1.21/24 interface=bridge-remote network=192.168.0.0

/ip dhcp-client
add dhcp-options=hostname,clientid interface=pppoe-out1

/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1 dns-server=10.0.0.1 netmask=24

/ip dns
set allow-remote-requests=yes servers=196.41.139.189

/ip firewall filter
add chain=input comment=“ICMP” protocol=icmp
add chain=input comment=“Established” connection-state=established
add chain=input comment=“Related” connection-state=related
add action=drop chain=input comment=“Invalid” connection-state=invalid
add action=drop chain=input in-interface=pppoe-out1

add chain=forward comment=“Established” connection-state=established
add chain=forward comment=“Related” connection-state=related
add action=drop chain=forward comment=“Invalid” connection-state=invalid

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1

molesza · March 11, 2014, 4:58pm

Thanks for taking the time to create the script.

I reset my mikrotik and told it to restore your script on next boot.
I plugged everything into the correct ports but it is not connecting to the internet on either wan or giving me ip’s on local lan. Not sure what to do now?

efaden · March 11, 2014, 5:02pm

It’s not 100% complete… It was just a starting point.. but it should at least give an IP on ports 3-5… can you export whats loaded and post it in code tags?

molesza · March 12, 2014, 3:21pm

I decided after looking at your script that I was not going to learn anything just copying and pasting. So I reset my router with no default config and setup a working load balancing mikrotik setup.

Ether1 - Wan1
Ether2 - Wan2
Ether3 - Lan
Wlan - Bridged with Lan

Took me a while but I learnt a lot in the process!

Only one issue remains. I need PC’s that are behind WAN1 to be able to connect to 192.168.2.52 on Lan. This is basically a network with DHCP and not just a DSL modem. Everything on WAN1 needs access to 192.168.2.52 on LAN and vice versa.

The strawberry on top the cake would be having the mikrotik behind WAN1 have a similar setup to this mikrotik in that it would use it as a WAN connection too. I am hoping this is possible but guessing that VLANS would need to be created as there is only one wireless ubiquiti link between the two networks. Or EOIP? Lots of new networking ideas to discover and hopefully implement. These little mikrotiks are quite something! Like a kid on christmas day yesterday setting this all up.

Here is my current export

# mar/12/2014 17:17:55 by RouterOS 6.9
# software id = 8I1D-X0J9
#
/interface bridge
add l2mtu=1598 name=BRIDGE
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
    20/40mhz-ht-above country="south africa" disabled=no distance=indoors \
    l2mtu=2290 mode=ap-bridge ssid=Macaulay wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ISP1
set [ find default-name=ether2 ] name=ISP2
set [ find default-name=ether3 ] name=LAN
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \
    wpa-pre-shared-key=****** wpa2-pre-shared-key=******
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.2.100-192.168.2.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=BRIDGE name=dhcp1
/interface bridge port
add bridge=BRIDGE interface=LAN
add bridge=BRIDGE interface=wlan1
/ip address
add address=192.168.2.1/24 interface=BRIDGE network=192.168.2.0
add address=192.168.1.21/24 interface=ISP2 network=192.168.1.0
add address=192.168.3.11/24 interface=ISP1 network=192.168.3.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall mangle
add chain=prerouting dst-address=192.168.3.0/24 in-interface=BRIDGE
add chain=prerouting dst-address=192.168.1.0/24 in-interface=BRIDGE
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ISP1 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ISP2 new-connection-mark=ISP2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BRIDGE new-connection-mark=ISP1_conn \
    per-connection-classifier=both-addresses:2/0
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
    in-interface=BRIDGE new-routing-mark=to_ISP1
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
    in-interface=BRIDGE new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=ISP1_conn \
    new-routing-mark=to_ISP1
add action=mark-routing chain=output connection-mark=ISP2_conn \
    new-routing-mark=to_ISP2
add chain=prerouting dst-address=192.168.3.0/24 in-interface=BRIDGE
add chain=prerouting dst-address=192.168.1.0/24 in-interface=BRIDGE
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ISP1 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ISP2 new-connection-mark=ISP2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BRIDGE new-connection-mark=ISP1_conn \
    per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BRIDGE new-connection-mark=ISP2_conn \
    per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
    in-interface=BRIDGE new-routing-mark=to_ISP1
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
    in-interface=BRIDGE new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=ISP1_conn \
    new-routing-mark=to_ISP1
add action=mark-routing chain=output connection-mark=ISP2_conn \
    new-routing-mark=to_ISP2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP1
add action=masquerade chain=srcnat out-interface=ISP2
add action=masquerade chain=srcnat out-interface=ISP1
add action=masquerade chain=srcnat out-interface=ISP2
/ip route
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=192.168.3.1
add check-gateway=ping distance=1 gateway=192.168.3.1
add check-gateway=ping distance=2 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.1.1
/ip upnp
set allow-disable-external-interface=no
/system clock
set time-zone-name=Africa/Johannesburg
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=159.148.60.2

molesza · March 13, 2014, 3:59pm

Starting to think with the lack of replies that this may not be possible.

Hope I did not offend by not using your script. I tried to use and troubleshoot the the issues I was having and realised I did not really understand the script. That is why I started from scratch.