I hava an RB450G.
Unfortunately I did not manage to make it work. I’ll tel you a few things about what I want to do and about the ISP that will be used, so you’ll make an idea.
Requirements: NAT for 2 PCs, each one getting IPs via DHCP, each PC in each own separate private network, so that they’ll be completely isolated.
ISP: My ISP uses an authentication software developed by them inhouse. Some people that have seen the linux script that they offer for linux users say that they programmed it very silly.
The program can be tricked, many have done it on budget routers like Dlink DI-524.
The program connects to a DHCP server and receives IP,Subnet Mask, Gateway, DNS addresses.
In order to trick it I have to use 10.x.x.x local addresses instead of 192.x.x.x
Another aspect is that the ISP sends packets with TTL=1 so that entry level routers without TTL incrementing will not work.
Now let me tell you what I did:
1)I’ve set the WAN, LAN interfaces and TTL incrementing via terminal
2)I’ve set the DHCP server , the DNS server and NAT exacly as shown in this tutorial, for the first LAN(ether2), and then everything again, for the second LAN(ether3). http://wiki.mikrotik.com/wiki/Internet_Sharing
The problem is that the ISP’s application doesn’t connect, it says “comunication error with the server”
Ping from WAN(ether1) to the gateway 85. … works.
But ping from WAN(ether1) to LAN(ether2, ether3) timeouts.
ARP ping from WAN(ether1) to LAN(ether2, ether3) works but with around 25% packet loss.
Sounds like you are using the wrong ISP. You probably need an ISP that does not mind allowing more than one computer to connect on your account. That does seem to be the point of all that, doesn’t it?
They’re going to remove the program soon, but this isn’t the issue here because using a simple router with TTL incrementing NAT will work without any problems.
IMHO I’ve set something wrong since I cannot ping from ether1 to ether2 or ether3.
If you use a srcnat or masquerade, you will not be able to ping ether2 or ether3 from ether1 if all is working correctly. You would need to forward a public ip to those private ips to do that.
Let’s assume that there wasn’t that authentication program, and the router would still not work.
What would you check in order to make sure that everything was set correctly?
I would set up my spare router as a fake “internet gateway” and connect it to that. If I can ping the ip assigned to the “gateway” on the spare router, and ping only the public ip on the test router from the spare router, then all should be ok. That will not test dns tho.
Something is wrong.
I’ve put one PC on ether1, as a fake gateway(just by setting the gateway address and the mask), and pinging the fake gateway from another PC connected to ether2 gives only timeouts.
Please post “/ip firewall nat print” and “/ip dhcp-server network print”.
Can you ping ether2’s ip (gateway on that network) from a computer connected to ether2? If not, please post “/ip address print”. You may x out the first three numbers in any public ip if you feel security is a challenge.
ADD: Just to be sure…in “/ip address”, insure the correct ip/netmask is assigned to ether1.
ADD: And if you want the dhcp clients to use domain names, I would insure you set the dns servers in
“/ip dhcp-server network”. Then have all dhcp clients renew their lease.
It still doesn’t ping on the fake gateway. I’ve deleted those 2 NAT commands and added the general one that you told me.
Haven’t tried to isolate the local networks.
Can you ping the public ip on ether1? 85.xx.xx.134
Looks like the gateway on that public net should be 85.xx.xx.129, correct?
On the fake gateway you have 85.xx.xx.129/27 on that interface, correct?
Yes, I can ping from the fake gateway on ether1, and also from ether1 to fake gateway.
Yes I’ve used this command to add the gateway: /ip route add gateway=85.x.x.129
Yes, on the fake gateway I have 85.x.x.129 /27 or 255.255.255.224
LE: What about the Routes?
LE2: Please tell me what screenshots do you need.
I’m using WinBox and I will post all the needed screenshots no matter how many they are.
