Community discussions

MikroTik App
 
leixe
just joined
Topic Author
Posts: 2
Joined: Mon May 10, 2021 9:24 pm

DNS LAN<->(WAN)

Mon May 10, 2021 11:55 pm

Hey guys,
today i got my first Mikrolink Router and I'm happy to be part of the family. I knew before that this device is capable of doing great things and that's way i wanted to try and learn some new stuff in networking. So I set up the Router behind my Fritzbox(192.168.178.1). The WAN Interface of the Mikrolink is set on DHCP and get a proper IP Address (192.168.178.48) from the Fritzbox. Because the Fritzbox is still my main router there a few devices connected, like a synology nas(192.168.178.10).

I connected my PC to the LAN Interface and set a static IP-Address (192.168.88.9). I can browse the Internet and also reach the NAS and the Fritzbox. But just with their IP-Addresses and not by the hostname. I played around with some nat rules but unfortunately, it didnt work.

So i went to the IP->DNS Settings on the Mikrotik and made a static entry for the NAS(192.168.178.10). I can ping via Hostname from the Mikrotik Terminal but not from my Windows machine(192.168.88.9)?

Network Fritzbox: 192.168.178.0/24
Network Mikrotik: 192.168.88.0/24
NAS---->Fritzbox: 192.168.178.10
User-PC: 192.168.88.9
# may/10/2021 22:52:11 by RouterOS 6.48.2
# software id = 0KIL-HJRX
#
# model = RB750Gr3
# serial number = xxxxxxxxxxx
/interface bridge
add admin-mac=ff:ff:ff:ff:ff:ff auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=192.168.178.10 name=nas
add address=192.168.178.1 name=fritz.box
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=reject chain=forward comment="Drop port 80 traffic" dst-port=80 \
    protocol=tcp reject-with=icmp-network-unreachable src-port=""
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Berlin
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool traffic-monitor
add interface=ether1 name=tmon1
Please help

EDIT: I did run the packet sniffer to see whats going on. Maybe it helps to understand where the problem is, because i don't.
You do not have the required permissions to view the files attached to this post.
 
DeJoe
newbie
Posts: 26
Joined: Thu May 31, 2018 4:26 pm

Re: DNS LAN<->(WAN)

Fri May 14, 2021 5:58 pm

Hi.

There are several things that make your config doesn't work.

First: Your Fritzbox (normaly) is giving your clients a hostname in the form of: client1.fritz.box
So your NAS has most likely a DNS name nas.fritz.box. If your clients are searching a name like "NAS" or "nas.someotherdomain.tld" they won't find your NAS.
A Solution would be to tell the Mikrotik to give you client a hostname in the form of client1.fritz.box. You can do that by changing the DHCP Server of your Mikrotik. There you can add a DNS-Suffix for your Clients. Add the suffix "fritz.box" there and your clients will get a hostname in the form of client1.fritz.box. If you then try connecting to your nas by typing "ping nas", your client will use its own suffix "fritz.box" to the dns query. It will search for "nas.fritz.box" and will get the correkt IP-Adress of your nas.

Second: Your DHCP-Server is giving your Clients the following DNS-Server: "8.8.8.8". This is a google DNS-Server and it doesn't know anything about your network.
One easy solution would be to give out your Fritzbox as DNS-Server. So if you change "8.8.8.8" to the IP-Adress of your Fritzbox, your clients will be able to search for "nas.fritz.box" on their given DHCP-Server.

By fixing both problems, you should be able to navigate to "nas" in your browser.

Greetings.
 
leixe
just joined
Topic Author
Posts: 2
Joined: Mon May 10, 2021 9:24 pm

Re: DNS LAN<->(WAN)

Sat May 15, 2021 3:19 pm

Hey DeJoe,
thanks for your time to answer.

A Solution would be to tell the Mikrotik to give you client a hostname in the form of client1.fritz.box. You can do that by changing the DHCP Server of your Mikrotik. There you can add a DNS-Suffix for your Clients. Add the suffix "fritz.box" there and your clients will get a hostname in the form of client1.fritz.box. If you then try connecting to your nas by typing "ping nas", your client will use its own suffix "fritz.box" to the dns query. It will search for "nas.fritz.box" and will get the correkt IP-Adress of your nas.
After some research about the domain "thing" with the Fritzbox, i had another look in the web interface of the Fritzbox. And somehow the Nas device was labeled as PC-192-168-178-10. After rename it with NAS, i was able to ping it via hostname(nas.fritz.box). But still its pretty odd that it worked before in the 192.168.178.0/24 subnet without renaming it.

I will try your hint with dns suffix.

Your DHCP-Server is giving your Clients the following DNS-Server: "8.8.8.8". This is a google DNS-Server and it doesn't know anything about your network.
One easy solution would be to give out your Fritzbox as DNS-Server. So if you change "8.8.8.8" to the IP-Adress of your Fritzbox, your clients will be able to search for "nas.fritz.box" on their given DHCP-Server.
I already set it up before with the address of the fritzbox. But it didn't worked as well. So it had to be something to do with name issue on the Fritzbox.

Thanks again, DeJoe

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], Google [Bot] and 34 guests