Hi, new to mikrotik. Just got a 750g and need real basic NAT and internet routing setup on it. I got DHCP and local network setup but can't get online.
Setup:
ATT Uverse VDSL Modem/Router with DMZ setup for 750g router.
DHCP local network: 200.1.1.0/24
750g Prints:
[admin@MikroTik] > /ip address print details
expected end of command (line 1 column 19)
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=200.1.1.1/24 network=200.1.1.0 broadcast=200.1.1.255
interface=ether2-local-master actual-interface=bridge1
1 D address=99.90.186.206/22 network=99.90.184.0 broadcast=99.90.187.255
interface=ether1-gateway actual-interface=bridge1
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=99.90.184.1
gateway-status=99.90.184.1 reachable bridge1 distance=1 scope=30
target-scope=10
1 ADC dst-address=99.90.184.0/22 pref-src=99.90.186.206 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
2 ADC dst-address=200.1.1.0/24 pref-src=200.1.1.1 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10
[admin@MikroTik] > /ip firewall export
# jan/02/1970 02:22:55 by RouterOS 4.11
# software id = VW1Q-477J
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
connection-type="" disabled=no dst-address=0.0.0.0 out-interface=\
ether1-gateway src-address=200.1.1.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU
0 R ether1-gateway ether 1500 1524
1 R ether2-local-master ether 1500 1524
2 ether3-local-slave ether 1500 1524
3 ether4-local-slave ether 1500 1524
4 R ether5-local-slave ether 1500 1524
5 R bridge1 bridge 1500 1524
What am i missing? Thanks in advance!
Re: New basic Setup Help!
Why are you introducing a bridge if you're trying to route?
Move the DHCP client to the ether1-gateway port, move the inside IP address to the ether2-local-master port, remove the two interfaces from bridge1, and then delete the bridge. At that point things will start working, though you may have to power cycle your modem and the RouterBOARD.
Any specific reason that you're using public IPs on your LAN?
Move the DHCP client to the ether1-gateway port, move the inside IP address to the ether2-local-master port, remove the two interfaces from bridge1, and then delete the bridge. At that point things will start working, though you may have to power cycle your modem and the RouterBOARD.
Any specific reason that you're using public IPs on your LAN?
Re: New basic Setup Help!
no real reason for public ips on LAN. Is it better for private?
Port 1 is default for DHCP client. Port 2 is default for DHCP server. Took out the bridge. Still nothing. New prints below:
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=200.1.1.1/24 network=200.1.1.0 broadcast=200.1.1.255
interface=ether2-local-master actual-interface=ether2-local-master
1 D address=99.90.186.206/22 network=99.90.184.0 broadcast=99.90.187.255
interface=ether1-gateway actual-interface=ether1-gateway
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=99.90.184.1
gateway-status=99.90.184.1 reachable ether1-gateway distance=1
scope=30 target-scope=10
1 ADC dst-address=99.90.184.0/22 pref-src=99.90.186.206
gateway=ether1-gateway gateway-status=ether1-gateway reachable
distance=0 scope=10
2 ADC dst-address=200.1.1.0/24 pref-src=200.1.1.1 gateway=ether2-local-master
gateway-status=ether2-local-master reachable distance=0 scope=10
[admin@MikroTik] > /ip firewall irewall export
bad command name irewall (line 1 column 15)
[admin@MikroTik] >> /ip firewall export
# jan/02/1970 00:20:14 by RouterOS 4.11
# software id = VW1Q-477J
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
connection-type="" disabled=no dst-address=0.0.0.0 out-interface=\
ether1-gateway src-address=200.1.1.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] >> interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU
0 R ether1-gateway ether 1500 1524
1 R ether2-local-master ether 1500 1524
2 ether3-local-slave ether 1500 1524
3 ether4-local-slave ether 1500 1524
4 R ether5-local-slave ether 1500 1524
Port 1 is default for DHCP client. Port 2 is default for DHCP server. Took out the bridge. Still nothing. New prints below:
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=200.1.1.1/24 network=200.1.1.0 broadcast=200.1.1.255
interface=ether2-local-master actual-interface=ether2-local-master
1 D address=99.90.186.206/22 network=99.90.184.0 broadcast=99.90.187.255
interface=ether1-gateway actual-interface=ether1-gateway
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=99.90.184.1
gateway-status=99.90.184.1 reachable ether1-gateway distance=1
scope=30 target-scope=10
1 ADC dst-address=99.90.184.0/22 pref-src=99.90.186.206
gateway=ether1-gateway gateway-status=ether1-gateway reachable
distance=0 scope=10
2 ADC dst-address=200.1.1.0/24 pref-src=200.1.1.1 gateway=ether2-local-master
gateway-status=ether2-local-master reachable distance=0 scope=10
[admin@MikroTik] > /ip firewall irewall export
bad command name irewall (line 1 column 15)
[admin@MikroTik] >> /ip firewall export
# jan/02/1970 00:20:14 by RouterOS 4.11
# software id = VW1Q-477J
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
connection-type="" disabled=no dst-address=0.0.0.0 out-interface=\
ether1-gateway src-address=200.1.1.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] >> interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU
0 R ether1-gateway ether 1500 1524
1 R ether2-local-master ether 1500 1524
2 ether3-local-slave ether 1500 1524
3 ether4-local-slave ether 1500 1524
4 R ether5-local-slave ether 1500 1524
Re: New basic Setup Help!
Any sample config prints of similar setup?
Re: New basic Setup Help!
holly crap, i figured it out. Had to add static route to 192.168.1.254 which is the default gateway of my Uverse router. But shouldn't the route to my DMZ assigned IP of 99.90.186.206/22 gone through?
-
-
ciphercore
Member Candidate
- Posts: 155
- Joined:
Re: New basic Setup Help!
http://www.faqs.org/rfcs/rfc1918.html
Also you have a double NAT going on. See if you can change your modem into bridge mode.
Also you have a double NAT going on. See if you can change your modem into bridge mode.
Re: New basic Setup Help!
If you're new to AT&T U-Verse service, you will learn to hate their modem/router. If you're not new, you probably already do!
It doesn't do bridge mode and you must use it as the gateway router to access their network. And forget about setting anything up with public static IPs as it never works correctly.
Rant over...
It doesn't do bridge mode and you must use it as the gateway router to access their network. And forget about setting anything up with public static IPs as it never works correctly.
Rant over...