Hi

I'm new to MikroTik, just got a hap ac2 yesterday and I have been trying to set some static routes.
I have setup static routes on OpenWRT before, by can't seem to figure out how to do it in RouterOS.
Image bellow is from OpenwWRT that I would like to replicate in RouterOS.


Please advise on how to do this?

Thanks

It's the same, e.g.:

Hi

Thank you very much for your reply.
I'm not familiar with script code, still learning. I have added the routes through winbox terminal, routes are created but still having some issues.
Basically I'm trying to setup the router for smartdnsproxy streaming services.

hAP ac2 6.46.4 Default quick set home ap dual config
LAN: 192.168.7.1
I have PPPoE connection, disabled use peer DNS.
Added IP-> DNS-> DNS1: 154.127.57.224 DNS2: 129.232.164.26, Allow remote routes
Added IP-> DHCP Server->Networks-> set as same DNS servers as above.

/ip route
add dst-address=8.8.8.8 gateway=192.168.7.1 distance=1
add dst-address=8.8.4.4 gateway=192.168.7.1 distance=1
add dst-address=45.57.62.0/24 gateway=192.168.7.1 distance=2
add dst-address=45.57.63.0/24 gateway=192.168.7.1 distance=2

Does the code above mean the same as below?

Destination IP Address: 8.8.8.8
IP Subnet Mask : 255.255.255.255 (or /32)
Gateway IP: 192.168.7.1
Metric: 1
Interface: any other than WAN (preferably LAN)

Destination IP Address: 8.8.4.4
IP Subnet Mask : 255.255.255.255 (or /32)
Gateway IP: 192.168.7.1
Metric: 1
Interface: any other than WAN (preferably LAN)

Destination IP Address: 45.57.62.0
IP Subnet Mask : 255.255.255.0
Gateway IP: 192.168.7.1
Metric: 2
Interface: any other than WAN (preferably LAN)

Destination IP Address: 45.57.63.0
IP Subnet Mask : 255.255.255.0
Gateway IP: 192.168.7.1
Metric: 2
Interface: any other than WAN (preferably LAN)

When I ping IP 8.8.8.8 & 8.8.4.4 i still get a reply, it supposed to get a reply from 192.168.7.1: Destination host unreachable.

Also had these configured in OpenWRT
Port Forward:


Traffic Rule:


Can you please advise on how to configure these as well?

Thank you

I checked what's smartdnsproxy and it looks like they just provide DNS servers and you configure your devices to use them. I don't see why would you need to do anything with routes. Correct me if you have some other info.

If it's like I think, then this is correct (if those addresses are their servers):

Added IP-> DNS-> DNS1: 154.127.57.224 DNS2: 129.232.164.26, Allow remote routes

And then you can either have this:

Added IP-> DHCP Server->Networks-> set as same DNS servers as above.

Or you can put only 192.168.7.1 (router's address) there and get a tiny little speedup, because if one client already requested some record, another client will get it from router's cache if it needs it.

And if you want to prevent clients from bypassing this and using other DNS servers, you can use dstnat and redirect all queries to router:
This will apply to all servers, but if you'd want to do this only for selected ones, you would add dst-address or dst-address-list option.

@sob

Thank you for clarifying on the DNS settings.
The reason for static routes is described in the links below.
https://support.smartdnsproxy.com/categ ... oubleshoot
https://support.smartdnsproxy.com/artic ... uter-modem

Without the static routes working properly, when I watch USA Netflix on my nVidia Shield TV, I get error message complaining about proxy or VPN.
My understanding, some android apps have hard coded DNS settings that need to be blocked or redirected.

That's what those dstnat rules I posted will do. If such device tries to send DNS query to 8.8.8.8, router will redirect it to itself (DNS cache running on router) and it will forward this query to DNS servers configured in IP->DNS.

Their explanation about static routes doesn't make sense to me. According to my quick test, RouterOS doesn't seem to like gateway being its own address and route is not active. But even if it was active, it would work only as unusual way to block the query. It would not redirect it anywhere without other config. One way would be same dstnat as I posted. Another would be to assign 8.8.8.8 to router as another address.

@sob

Okay, thank you very much, I will try these settings and see how it works.

IP-> DNS-> DNS1: 154.127.57.224 DNS2: 129.232.164.26, Allow remote routes
IP-> DHCP Server->Networks-> DNS: 192.168.7.1

/ip firewall nat
add chain=dstnat protocol=udp dst-port=53 action=redirect
add chain=dstnat protocol=tcp dst-port=53 action=redirect

I'm guessing that I don't need the settings below, right?;
/ip route
add dst-address=8.8.8.8 gateway=192.168.7.1 distance=1
add dst-address=8.8.4.4 gateway=192.168.7.1 distance=1
add dst-address=45.57.62.0/24 gateway=192.168.7.1 distance=2
add dst-address=45.57.63.0/24 gateway=192.168.7.1 distance=2

Right, no extra routes should be necessary. If you have them, they should show as inactive anyway.

@sob

Still some issues with Netflix, It works fine on PC but not on my NV Shield TV.
Can you please provide me with an example of this that you mentioned, "Another would be to assign 8.8.8.8 to router as another address."

You could simply assign the address to some interface on router, LAN, empty bridge, whatever:
And router would see it as local address and wouldn't send packets with that destionation anywhere else. But don't do that, it's ugly trick, it's not your address. And it's not really needed anyway, dstnat rules can't be fooled, if there's packet going to 8.8.8.8:53, they will catch it. But maybe the device does not use regular DNS on port 53. In that case you can block access using:

@sob

Finally got it to work with this;
/ip firewall address-list
add address=8.8.8.8 list=GOOGLE_DNS
add address=8.8.4.4 list=GOOGLE_DNS
/ip firewall filter
add action=drop chain=forward dst-address-list=GOOGLE_DNS place-before=0

/ip firewall address-list
add address=45.57.62.0/24 list=NETFLIX
add address=45.57.63.0/24 list=NETFLIX
/ip firewall filter
add action=drop chain=forward dst-address-list=NETFLIX place-before=1

Thank you very much for your time and assistance Sob.
Next up on my list to look into is QoS and Bufferbloat issues...Getting C/D ratings on dslreports speedtest...

Hello
That is the question that has been disturbing me about few days.
Basically I'm trying to set up the router for smart DNS proxy streaming services.

@ryan74,

I am also trying to get the same provider to work. did you also have a NAT rule for port 53?
Where did you get your netflix ip list from?

is it working on android tv?