Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

0.0.0.253 ip

Locked
 
triki
just joined
Topic Author
Posts: 18
Joined: Fri Aug 25, 2017 5:32 am

0.0.0.253 ip

Thu Apr 18, 2019 11:49 pm

So if i reboot first 1 min he work good but after all new users take this bad ip pool (0.0.0.2-0.0.0.255)
Deafault config. on 6.44.2 i change only port from ethernet1 to sfp1.
Top
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 767
Joined: Mon May 27, 2013 2:05 am

Re: 0.0.0.253 ip

Fri Apr 19, 2019 12:40 am

post your config (/export hide-sensitive) in code tags and we may be able to help.
Top
 
triki
just joined
Topic Author
Posts: 18
Joined: Fri Aug 25, 2017 5:32 am

Re: 0.0.0.253 ip

Fri Apr 19, 2019 11:57 am

post your config (/export hide-sensitive) in code tags and we may be able to help.
Code: Select all
[admin@MikroTik] > /export hide-sensitive
# apr/19/2019 15:54:51 by RouterOS 6.44.2
# software id = SKN4-0GV1
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 83060844E7F2
/interface bridge
add admin-mac=CC:2D:E0:2B:63:30 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
    MikroTik-2B6336 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=kpst18630 \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf disabled=yes interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=sfp1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=\
    192.168.88.0
/ip arp
add address=192.168.88.246 interface=bridge mac-address=18:31:BF:BD:2E:7E
add address=192.168.88.247 interface=bridge mac-address=18:31:BF:DF:8C:C2
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=sfp1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=185.60.44.131 dst-port=10999 \
    in-interface=sfp1 protocol=tcp to-addresses=192.168.88.246 to-ports=10999
add action=dst-nat chain=dstnat dst-address=185.60.44.131 dst-port=10000 \
    in-interface=sfp1 protocol=tcp to-addresses=192.168.88.246 to-ports=10000
add action=dst-nat chain=dstnat dst-address=185.60.44.131 dst-port=9014 \
    in-interface=sfp1 protocol=tcp to-addresses=192.168.88.246 to-ports=9014
add action=dst-nat chain=dstnat dst-address=185.60.44.131 dst-port=2106 \
    in-interface=sfp1 protocol=tcp to-addresses=192.168.88.246 to-ports=2106
add action=dst-nat chain=dstnat dst-address=185.60.44.131 dst-port=7777 \
    in-interface=sfp1 protocol=udp to-addresses=192.168.88.246 to-ports=7777
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Krasnoyarsk
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Top
 
tesme33
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Mon May 26, 2014 10:25 pm

Re: 0.0.0.253 ip

Sat Apr 20, 2019 10:32 pm

Hi
i had the same issue. The problem should disappear if you switch back to 6.43. Alternativly you can try to switch off DHCP completly, after this step in my case this pool appeared in the pool list and i could delete the pool.

For me this looks like an issue with the new DHCP package.

Yours
Top
 
sid5632
Long time Member
Long time Member
Posts: 554
Joined: Fri Feb 17, 2017 6:05 pm

Re: 0.0.0.253 ip

Sat Apr 20, 2019 11:25 pm

Ignore post #4.
Remove sfp1 from bridge.
Put IP address on bridge instead of ether1.
Top
 
tesme33
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Mon May 26, 2014 10:25 pm

Re: 0.0.0.253 ip

Sun Apr 21, 2019 9:47 am

Hi
have a look on my test in my todays post: viewtopic.php?f=13&t=147553

Ups i just fogort to add. ignore post 5 :-). On the other side did it help ?

One remark in addtion: the interface used as the external interface should never be on a bridge. It should always be a routed interface.
And on the bridge the SFP1 is even disabled.
Top
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3297
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: 0.0.0.253 ip

Sun Apr 21, 2019 11:07 am

the interface used as the external interface should never be on a bridge. It should always be a routed interface.
Why?

Lets say you hva 16 public IP and you would like to use a group of interface as a outside switch , to connect to other stuff, I would have used bridge.
Top
 
tesme33
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Mon May 26, 2014 10:25 pm

Re: 0.0.0.253 ip

Sun Apr 21, 2019 11:33 am

the interface used as the external interface should never be on a bridge. It should always be a routed interface.
Why?

Lets say you hva 16 public IP and you would like to use a group of interface as a outside switch , to connect to other stuff, I would have used bridge.
In case your external IPs are all in one range you could add them to the same external interface and only expose the ports you want via NAT. In case you have a complete net and you have several IPs then you can have them on an internal bridge. In order to stay save the external interface should be routed. There might be situations where this doesnt make sense. But this is something everybody has to decide on its own.
In a normal ISP setup you anyhow have a own network for routing of your IPs(network). Then i would have the external routing IP on a dedicated IF and the other IPs on an own bridge (in case needed) but it might also be that you have internaly an ethernetswitch with VLAN etc. Then the config is anyhow more complicated.
Top
 
sid5632
Long time Member
Long time Member
Posts: 554
Joined: Fri Feb 17, 2017 6:05 pm

Re: 0.0.0.253 ip

Tue Apr 23, 2019 2:35 am

This tesme33 person is an ignorant idiot. There were obvious configuration errors in the export provided, which is why I said to fix them.
Just ignore post #6 and anything else he posts.
Top
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3297
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: 0.0.0.253 ip

Tue Apr 23, 2019 8:19 am

Just some of what is wrong with the posted config.

You should NOT add outside interface to inside bridge, even if disabled. Should be removed.
Code: Select all
add bridge=bridge comment=defconf disabled=yes interface=sfp1
Inside IP should be connected to inside bridge, same way as DHCP Server etc.
Code: Select all
/ip address add address=192.168.88.1/24 comment=defconf interface=ether1 network=192.168.88.0
should be
Code: Select all
/ip address add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
You should not post your public IP 185.60.44.131. (if this is your public IP)
Top
 
triki
just joined
Topic Author
Posts: 18
Joined: Fri Aug 25, 2017 5:32 am

Re: 0.0.0.253 ip

Sat Apr 27, 2019 5:07 pm

I find problem, it is second microtik(he work like switch).thaks all for ur attention.
P.S I just did not expect that the second can interfere the first
Top
Locked

Who is online

Users browsing this forum: Bing [Bot] and 62 guests
  4. RouterOS
  5. Beginner Basics