Page 1 of 1

Can't configure MikroTik

Posted: Tue Nov 01, 2016 2:24 pm
by dmb

I bought MiktoTik hex Lite over a week ago, and since then I was unable to configure it the way I needed it, even after the long communications with MikroTik official support.
I had old D-link DIR-100 previously, and it was configured as a switch with 2 vlans. See the screenshot: ... 2.png?dl=0
Since this DIR-100 is old, it stops working sometimes, so I found a temporary replacement for it (a simple home router from ZyXel - Keenetic), and I was able to configure it in 5 minutes.
Then I bought this MikroTik, as it was advertised as a reliable and advanced router, but whatever I tried, I couldn't configure it to work in my network.

Here's my network configuration.
There's a router with 5 ports.
port1: has the cable from my ISP plugged in, my ISP provides 2 external IP addresses - I had 2 servers in the past, and they both needed to be accessible from the outside;
port2: connected to server1, this server uses 1 external IP address, it has an internal IP address and it has DNS and DHCP running on it - other computers in the LAN use it as the gateway and as the main DNS server;
port3: it was connected to server2, but it's now gone, so it is simply connected to a computer or another router in our LAN;
port4 and port5 are both connected to routers inside our LAN.

The setup with DIR-100 was a bit complex, since DIR-100 didn't work as DHCP server. Basically what I need is:
- server1 available by external IP,
- Internet on all devices in LAN.

Current server1 configuration (/etc/network/interfaces) is:
# The primary network interface
iface eth0 inet static
auto eth0

iface vlan2 inet static
address <external IP 1 here>
gateway <ISP gateway address here>
vlan-raw-device eth0
auto vlan2

Please help!

Re: Can't configure MikroTik

Posted: Tue Nov 01, 2016 8:41 pm
by end
i can help you with port 1,2,3 but 4,5 i dont understend. maybe this will help you maybe dont but did work for me.

on port 1 that is connected to your isp. go to IP-DHCPclient-AddNew select interface port 1 that is connected to isp router click on enable default route, click on enable peer dns and peer ntp and click ok. now you see on port 1 subnet of your isp you will be assigned new ip from dhcp. this first.

then for port 2 where is your server.

first add address to port 2 under Addresses, but add it this way make shure last number in ip addres be 1 like this XX.XX.XX.1 and network XX.XX.XX.0. beacouse DHCP server can add some strange input.

go to DHCP server its under DHCP client open and find tab DHCP setup when you click it you will see DHCP interface select port 2 where is your server connected . you can yust go next next in DHCP server after interface select. you can add your dns there. but live pulls default.

then go to your isp router and find port forwarding forward ports for your server like this. on port 1 DHCP client assigned you ip with same subnet as isp. put that ip as input address in port forwarding and put port where of server 80 if is web server.

then back to mikrotik router.

telnet to mikrotik.
/ip firewall nat

chain=dstnat action=dst-nat dst-address=XX.XX.XX.XX protocol =tcp dst-port=80 to-address=YY.YY.YY.YY
XX.XX.XX.XX is port 1 ip your isp subnet that you get with dhcp client
YY.YY.YY.YY is port 2 ip your server it can be what evey you whant.

but remember you need port forward on your isp router to work.

what about your public ip. nothing :). i meen when you port forward on your isp to port 1 ip mikrotik when you enter public ip in browser with help of dstnat you will be redirected to your server. for second public you yust add another ip on port 1 and do port forwarding ip in isp router with that ip on port 1. and repet above steps.

when you setup above run dhclient on server to get ip from dhcp server on port 2.

what severs do you run so i can give you mor firewall commands, but dont put anything in input or output or forward at this point. above dst-nat rule should be enought for start to reach a server. so later post for more commands. but first reach your server.

i hope you can follow this.

i youst setup this way vpn server behind mikrotik and my isp. so this should work.

good luck

Re: Can't configure MikroTik

Posted: Tue Nov 01, 2016 9:36 pm
by Sob
If I understand it correctly, you don't really need a router at all (unless you want to change something from previous setup), just managed switch with vlans (one default untagged on all ports except port1, and then vlan2 tagged on port2-3 and untagged on port1). It should be very simple. Unfortunately, I've never used vlans with hardware switch in RouterOS, I just remember that I found the documentation a little confusing. It would be easy to do it in software using bridges, but you'd be losing performance that way, so it's probably worth it to first try to understand hw switch documentation.

Re: Can't configure MikroTik

Posted: Wed Nov 02, 2016 11:41 am
by cutedrummerboy
is that kind of complex setup really required?? how your isp deliver internet and external ip to you??

Re: Can't configure MikroTik

Posted: Wed Nov 02, 2016 3:05 pm
by dmb
Thank you for your replies.

Even before my message was posted here, I finally managed to set this up.
It appeared to be very simple, much simpler than anything suggested by the support.

I created vlan on ether2. Then I created bridge on ether1 and vlan. And that's it - it works now!

Re: Can't configure MikroTik

Posted: Thu Nov 03, 2016 8:08 pm
by cutedrummerboy
glad to listen it works that but you must buy another lan card for your servers wan side for this kind of setup.

Re: Can't configure MikroTik

Posted: Mon Nov 07, 2016 9:07 am
by dmb
Actually I don't need another network adapter, it works properly with the current setup. The whole thing with vlan is to make it work without an extra network adapter.