I am new to Mikrotik and RouterOS as I only using Ubiquity hardware (ER-X model).
Came across a RB750Gr3 and wanted to sit down and look at the thing and how it works.
So I started with reading a lot and watching videos on how to set the thing up and running.
But I would not be posting here if I did not run in to issues now would I ?
The Setup.... ALL DONE BY WINBOX and NOT the Terminal
Reset Configuration --> No Default Configuration
Did not use the Quick Set function as I have read and heard this may at times set configurations settings in the background that may/could cause issues with once own setup.
What I have done so far is the following
1 ) Interfaces --> Interface tab
- Rename the interfaces so that they make more logical scene to me.
- Create WAN and LAN
- Assign Interfaces to Lists
- LAN -> bridge, eth4, eth5
- WAN-> eth1
- Created a bridge
- Assign eth2 and eth3 to the created bridge. With the understanding that eth2 and eth3 will be seen as ONE eth from now one.
- Created my three Addresses and assign them to an Interface
- Address -- Network -- Interface
- 192.168.1.254/24 -- 192.168.1.0 -- bridge
- 192.168.10.1/24 -- 192.168.10.0 -- eth4 Pi
- 192.168.0.254/24 -- 192.168.0.0 -- eth5 Admin
- Added eth1 as for testing this router will get its internet from DHCP from my main router.
- Created only one called dhcp
- Created three networks
- 192.168.0.0/24 -- 192.168.0.1
- 192.168.1.0/24 -- 192.168.1.254
- 192.168.10.0/24 -- 192.168.10.1
- Added 192.168.10.2 and 126.96.36.199
- Created dhcp with a IP range
Here is where I am getting stuck THE FIREWALL rules.
Seeing I started from scratch there are no rules to speak off.
Taking a WORKING configuration from one of my ERX routers I tried to convert them to work with the Mikrotik but to no avail.
Basically the rules should be as follow
- ALLOW UDP and TCP traffic on port 53 to get to the PI on eth4.
- DROP ALL traffic to the PI on eth4
- ALLOW UDP and TCP traffic on port 53 to get to the Network gateway on bridge.
- DROP ALL traffic to the bridge. So doing blocking the Network from accessing the Router Configuration being it via WinBox or Browser
- Any DNS UDP and TCP requests on port 53 should be directed to the PI on eth4
- Any rogue DNS UDP and TCP requests on port 53 should be directed to the PI on eth4
The results are as follows,
Client connects to the router being it eth2 or eth3, gets an IP in the correct range and Gateway.
Try and access a website, can see the counter of the UDP packets increase and I can see in the logs that the DNS requests are hitting the PI but the websites are not being displayed.
Giving the client a static IP and DNS nothing happens
Attached is a screenshot of my Rules.
I tried to upload a Config file but not sure how.....
Any help would be appreciated in resolving this.