Page 1 of 1

Port to interfacing

Posted: Tue Apr 12, 2016 12:07 am
by skullzaflare
Hey guys, new here, and new to mikrotik.
So i am programming Cambium radios for our WISP network, and programming one at a time is a bit slow..Though i have starting using 2 computers to do so, speeding it up, however i had the idea, i should be able to do 3 at a time through a router.

I am sitting here with a few mikros, and i am curious if there is a way to port forward per interface. So DHCP is off as programming starts at 0.2 then progresses to 10.1.
Is there a way to forward say eth2 to port 222 example. eth3 to 223 etc
So programming i can go 192.168.0.2:223 192.168.0.2:223 etc and do multiple at a time

Any ideas? Assuming it is possible

Re: Port to interfacing

Posted: Tue Apr 12, 2016 12:11 am
by pukkita
How are the radios provisioned? What protocol do you want to forward?

Re: Port to interfacing

Posted: Tue Apr 12, 2016 3:43 pm
by skullzaflare
TCP/IP Port 80
All through the browser

RB941-2nD
RB951-2nD
RB952Ui-5ac2nD-US

Are routers available for this. Will not need internet access, so wan is not important, Ideally would like to be able to program 3-4 at same time if possible

Re: Port to interfacing

Posted: Tue Apr 12, 2016 4:11 pm
by pukkita
I 'm afraid I don't understand why would you need port forwarding, are the Cambium radios programmed interactively through a web browser?

Re: Port to interfacing

Posted: Tue Apr 12, 2016 4:40 pm
by skullzaflare
The radios are accessed via web at 192.168.0.2 for programming, simply, one at a time takes forever, would like to be able to do multiple at once. They all can only be accessed by 0.2. After first programming, they are all finished via 192.168.10.1.

Aside from using multiple computers to do multiple, or setting up a computer with multiple nics running several VM's, was looking to assign a direct access directly per interface

Re: Port to interfacing

Posted: Tue Apr 12, 2016 9:47 pm
by Sob
You can do something like this:
[PC](192.168.1.10/24) -+- (192.168.1.11/24)[Router1](192.168.0.1/24) --- (192.168.0.2/24)[Radio1]
                       |
                       +- (192.168.1.12/24)[Router2](192.168.0.1/24) --- (192.168.0.2/24)[Radio2]
                       |
                       +- (192.168.1.13/24)[Router3](192.168.0.1/24) --- (192.168.0.2/24)[Radio3]
                       |
                       ...
Each router would have "WAN" with 192.168.1.x and internal LAN 192.168.0.0/24 (same on all routers, but it would be ok, because all would be separated). From PC, you'd connect to 192.168.1.x and on each router, you'd forward 192.168.1.x:80 to internal 192.168.0.2:80. If you need to access also the new address 192.168.10.1, just add another 192.168.10.x/24 to internal interfaces and forward e.g. 192.168.1.x:81 to 192.168.10.1:80.

If some of your routers can run MetaROUTER (I'm not sure), you could probably connect radios to all ethernet ports and do the same configuration using virtual routers. If not, it's just one radio per router.

Re: Port to interfacing

Posted: Tue Apr 12, 2016 10:51 pm
by Sob
Better way, it is possible to use all ports on router, each with different radio:
/ip address
add address=192.168.1.11/24 interface=ether1 network=192.168.1.0
add address=192.168.1.12/24 interface=ether1 network=192.168.1.0
add address=192.168.0.1 interface=ether2 network=192.168.0.1
add address=192.168.0.1 interface=ether3 network=192.168.0.1
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=192.168.1.11 new-connection-mark=port1
add action=mark-connection chain=prerouting dst-address=192.168.1.12 new-connection-mark=port2
add action=mark-routing chain=prerouting connection-mark=port1 new-routing-mark=port1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=port2 new-routing-mark=port2 passthrough=no
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.1.11 dst-port=80 protocol=tcp to-addresses=192.168.0.2
add action=dst-nat chain=dstnat dst-address=192.168.1.12 dst-port=80 protocol=tcp to-addresses=192.168.0.2
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=ether2 routing-mark=port1
add distance=1 dst-address=192.168.0.0/24 gateway=ether3 routing-mark=port2
This config uses only two, because I tested it on three-port RB433AH.

Re: Port to interfacing

Posted: Wed Apr 13, 2016 6:12 pm
by skullzaflare
Ok so we took the config and did a slight modification.
/ip address
add address=192.168.88.1/24 interface=bridge network=192.168.88.0
add address=192.168.88.12/24 interface=ether1 network=192.168.88.0
add address=192.168.88.13/24 interface=ether1 network=192.168.88.0
add address=192.168.88.14/24 interface=ether1 network=192.168.88.0
add address=192.168.88.22/24 interface=ether1 network=192.168.88.0
add address=192.168.88.23/24 interface=ether1 network=192.168.88.0
add address=192.168.88.24/24 interface=ether1 network=192.168.88.0
add address=192.168.0.10/24 interface=ether2 network=192.168.0.0
add address=192.168.0.10/24 interface=ether3 network=192.168.0.0
add address=192.168.0.10/24 interface=ether4 network=192.168.0.0
add address=192.168.10.10/24 interface=ether2 network=192.168.10.0
add address=192.168.10.10/24 interface=ether3 network=192.168.10.0
add address=192.168.10.10/24 interface=ether4 network=192.168.10.0
add address=192.168.88.100/24 interface=ether1 network=192.168.88.0
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=192.168.88.12 new-connection-mark=port2
add action=mark-routing chain=prerouting connection-mark=port2 new-routing-mark=port2 passthrough=no
add action=mark-connection chain=prerouting dst-address=192.168.88.13 new-connection-mark=port3
add action=mark-routing chain=prerouting connection-mark=port3 new-routing-mark=port3 passthrough=no
add action=mark-connection chain=prerouting dst-address=192.168.88.14 new-connection-mark=port4
add action=mark-routing chain=prerouting connection-mark=port4 new-routing-mark=port4 passthrough=no
add action=mark-connection chain=prerouting dst-address=192.168.88.22 new-connection-mark=port2
add action=mark-routing chain=prerouting connection-mark=port2 new-routing-mark=port2 passthrough=no
add action=mark-connection chain=prerouting dst-address=192.168.88.23 new-connection-mark=port3
add action=mark-routing chain=prerouting connection-mark=port3 new-routing-mark=port3 passthrough=no
add action=mark-connection chain=prerouting dst-address=192.168.88.24 new-connection-mark=port4
add action=mark-routing chain=prerouting connection-mark=port4 new-routing-mark=port4 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat out-interface=ether4
add action=dst-nat chain=dstnat dst-address=192.168.88.12 dst-port=80 protocol=tcp to-addresses=192.168.0.2
add action=dst-nat chain=dstnat dst-address=192.168.88.13 dst-port=80 protocol=tcp to-addresses=192.168.0.2
add action=dst-nat chain=dstnat dst-address=192.168.88.14 dst-port=80 protocol=tcp to-addresses=192.168.0.2
add action=dst-nat chain=dstnat dst-address=192.168.88.22 dst-port=80 protocol=tcp to-addresses=192.168.10.1
add action=dst-nat chain=dstnat dst-address=192.168.88.23 dst-port=80 protocol=tcp to-addresses=192.168.10.1
add action=dst-nat chain=dstnat dst-address=192.168.88.24 dst-port=80 protocol=tcp to-addresses=192.168.10.1
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=ether2 routing-mark=port2
add distance=1 dst-address=192.168.10.0/24 gateway=ether2 routing-mark=port2
add distance=1 dst-address=192.168.0.0/24 gateway=ether3 routing-mark=port3
add distance=1 dst-address=192.168.10.0/24 gateway=ether3 routing-mark=port3
add distance=1 dst-address=192.168.0.0/24 gateway=ether4 routing-mark=port4
add distance=1 dst-address=192.168.10.0/24 gateway=ether4 routing-mark=port4
Leaving the router on a 88.1, we can access only one at a time. seems ARP does not like 2 devices with the same IP, and the 2nd device does not pull MAC, only first connected.
As a note, the 0.2 and 10.1 is static in the radios, does not pull from DHCP

Re: Port to interfacing

Posted: Wed Apr 13, 2016 8:19 pm
by Sob
What's the bridge for? You don't have any ports bridged together, do you? They must be completely independent, no bridge, no switch, nothing.

Here ARP does not complain about duplicate addresses, as long as they are on different interfaces:
ip arp print 
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published, C - complete 
 #    ADDRESS         MAC-ADDRESS       INTERFACE                                                     
 0 DC 192.168.80.10   00:27:0E:xx:xx:xx ether1   // my computer
 1 DC 192.168.0.2     D4:CA:6D:xx:xx:xx ether3   // test device #1          
 2 DC 192.168.0.2     00:0C:42:xx:xx:xx ether2   // test device #2

Re: Port to interfacing

Posted: Thu Apr 14, 2016 12:20 am
by skullzaflare
After removing the bridge its working great! Both the 10.1 and 0.2
Thanks a mil!