Community discussions

MikroTik App
 
th0r
just joined
Topic Author
Posts: 8
Joined: Sat Feb 04, 2012 11:30 pm

RB751U-2HnD PPPoE client and NAT not working

Sat Feb 04, 2012 11:45 pm

Hi,

I bought MikroTik RB751U-2HnD because I wanted more serious router. But now I have problems setting it up. I successfully connected my router to internet (PPPoE client) and I can ping sites from it, but I have no idea how to set up NAT correctly so my local devices would have access to internet. It just seems that everything I do is wrong.

Please help me, here is some info that you probably need:
[admin@MikroTik] /ip hotspot service-port>> /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 interface=bridge-local
actual-interface=bridge-local

1 D address=90.157.193.99/32 network=212.18.32.174 interface=pppoe-out1
actual-interface=pppoe-out1

2 address=212.18.32.174/32 network=212.18.32.174 interface=pppoe-out1
actual-interface=pppoe-out1
[admin@MikroTik] /ip hotspot service-port>> /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=212.18.32.174
gateway-status=212.18.32.174 reachable via pppoe-out1 distance=1
scope=30 target-scope=10

1 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge-local
gateway-status=bridge-local reachable distance=0 scope=10

2 ADC dst-address=212.18.32.174/32 pref-src=90.157.193.99 gateway=pppoe-out1
gateway-status=pppoe-out1 reachable distance=0 scope=10

[admin@MikroTik] /ip hotspot service-port>> /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 R ether1 ether 1500 1600 4076
1 R ether2 ether 1500 1598 2028
2 ether3-slave-local ether 1500 1598 2028
3 ether4-slave-local ether 1500 1598 2028
4 ether5-slave-local ether 1500 1598 2028
5 wlan1 wlan 1500 2290
6 R bridge-local bridge 1500 1598
7 R pppoe-out1 pppoe-out 1480

[admin@MikroTik] /ip hotspot service-port>> /ip firewall export
# jan/02/1970 00:14:59 by RouterOS 5.12
# software id = XD8N-S2L6
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1
add action=src-nat chain=srcnat disabled=no src-address=192.168.0.0/24 \
to-addresses=212.18.32.174
add action=dst-nat chain=dstnat disabled=no dst-address=212.18.32.174 \
to-addresses=192.168.0.2-192.168.0.254
add action=src-nat chain=srcnat disabled=no src-address=\
192.168.0.2-192.168.0.254 to-addresses=212.18.32.174
add action=dst-nat chain=dstnat disabled=no dst-address=212.18.32.174 \
to-addresses=192.168.88.2-192.168.88.254
add action=src-nat chain=srcnat disabled=no src-address=\
192.168.88.2-192.168.88.254 to-addresses=212.18.32.174
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1
add action=src-nat chain=srcnat disabled=no src-address=192.168.0.0/24 \
to-addresses=212.18.32.174
add action=dst-nat chain=dstnat disabled=no dst-address=212.18.32.174 \
to-addresses=192.168.0.2-192.168.0.254
add action=src-nat chain=srcnat disabled=no src-address=\
192.168.0.2-192.168.0.254 to-addresses=212.18.32.174
add action=dst-nat chain=dstnat disabled=no dst-address=212.18.32.174 \
to-addresses=192.168.88.2-192.168.88.254
add action=src-nat chain=srcnat disabled=no src-address=\
192.168.88.2-192.168.88.254 to-addresses=212.18.32.174
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

[admin@MikroTik] /ip hotspot service-port>> /ip hotspot export
# jan/02/1970 00:15:08 by RouterOS 5.12
# software id = XD8N-S2L6
#
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip hotspot service-port
set ftp disabled=no ports=21
Thank you so much!
 
rjscomms
Member Candidate
Member Candidate
Posts: 132
Joined: Fri Jan 28, 2011 12:22 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Sat Feb 04, 2012 11:54 pm

G'day,

just had a quick look through your setup.

In your firewall NAT rule, change your out-interface from ether1 to pppoe-out1

D2.
 
th0r
just joined
Topic Author
Posts: 8
Joined: Sat Feb 04, 2012 11:30 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Sun Feb 05, 2012 12:01 am

sorry, I'm a total n00b in that, what's the command? thanks.
 
rjscomms
Member Candidate
Member Candidate
Posts: 132
Joined: Fri Jan 28, 2011 12:22 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Sun Feb 05, 2012 1:24 am

G'day,

if you are using winbox, then go to IP->firewall->NAT.

Double click on the entry that has masq - src-nat - ether1. Then change ether1 (in the out-interface area) to pppoe-out1

If using CLI, then try
/ip firewall nat
set 0 out-interface=pppoe-out1
The
set 0
part means change rule zero. If your nat rule relating to the out-interface is a different number (displayed when you do
/ip firewall nat pr
) then change zero to whatever number is shown next to the rule.

Have a look at http://wiki.mikrotik.com for info on cli.
 
th0r
just joined
Topic Author
Posts: 8
Joined: Sat Feb 04, 2012 11:30 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Sun Feb 05, 2012 11:26 am

hm, that did nothing for me :( any more suggestions?
 
Pilgrim
Member Candidate
Member Candidate
Posts: 265
Joined: Sun Mar 30, 2008 1:04 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Sun Feb 05, 2012 12:08 pm

Keep the out-interface to pppoe-out1. This is for sure the right setting in NAT.

If you by local devices mean your own devices on your LAN i.e. use the router as a home router. The that is exactly what I do too in order to have a better router at home and have more control.

However, for that purpose it seems to me that your setup is too complicated in terms of routing and then not sufficient in terms of firewall.

when you have NAT action=masquerade enabled then you do not need the other scr-nat settings. just check "add default route" and "use peer dns" in your PPPoE connection.

You may have connection to the internet (have you tried to ping af specific IP addr) but your browser does not find anything because the DNS is not set right. In windbox go to ip/dns and the window should be empty and then click on the settings tap and make sure that "allow remote request" is checked.

In the wiki there are some good examples on a complete standard set up and then search the board here for min. firewall settings.

rgs Pilgrim

http://www.mikrotik.com/testdocs/ros/2. ... /basic.php
http://klseet.com/index.php?option=com_ ... &Itemid=49
http://wiki.mikrotik.com/wiki/802.11n_Setup_Guide

Greg Sowell is a great source too. Here is his tutorial video on Mikrotik Basics.

http://gregsowell.com/?p=957
 
th0r
just joined
Topic Author
Posts: 8
Joined: Sat Feb 04, 2012 11:30 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Sun Feb 05, 2012 10:28 pm

Thanks for your reply. Link from Greg Sowell was very helpful. I have a running connection on all computers via LAN (connected with cable).

The only problem now is configuring wireless AP connection. Problem is, for instance my iPhone doesn't get local IP and therefore no internet connection. Please, look at the printscreen and tell me what I got wrong. Thanks.

Image
 
Pilgrim
Member Candidate
Member Candidate
Posts: 265
Joined: Sun Mar 30, 2008 1:04 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Mon Feb 06, 2012 1:15 am

I asume that you use ether 2 as your LAN 192.168.1.xxx interface where your devices are connected. If you want your wireless devices to connect to the same LAN 192.168.1.xxx and act as any other device that you have connected to your LAN then you should not give your wlan1 any IP address. You just need to create a bridge and where you bridge your ether 2 and wlan1. I have a simple AP set up at home with this configuration.
Clipboard01.png
Clipboard02.png
If you want the other physical interfaces to ether 3, 4, etc. to connect to your LAN too you could in pricible just add them to the bridge too. But for the physical interfaces it is better to use the swich function and use ether 2 as your master port and ether 3, 4 .. as slaves.

in the interface list you double click on the interface and under the general tap there is a "master port" box for the master interface you select none and for the slaves you select the interface you use as master e.g. ether 2.
You do not have the required permissions to view the files attached to this post.
 
th0r
just joined
Topic Author
Posts: 8
Joined: Sat Feb 04, 2012 11:30 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Mon Feb 06, 2012 11:27 pm

So I made a bridge, but ether2 has role of "designated port" and wlan1 has the same role, but you have wlan1 "disabled port" (edit: I figured that one out, if some is trying to connect will say "designated port" otherwise "disabled port")

But my wlan clients are still not getting local IP addresses. Please help me further. Thanks!
You do not have the required permissions to view the files attached to this post.
 
Pilgrim
Member Candidate
Member Candidate
Posts: 265
Joined: Sun Mar 30, 2008 1:04 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Tue Feb 07, 2012 4:45 pm

I think it may be because that your DHCP server is still just handing out IPs to the ether2. You have to put in the Bridge.

check ip/dhcp server and clik on the DHCP server listed and check the interface set. Must be the bridge, I think.

rgs Bjarne
 
User avatar
eszaknet
just joined
Posts: 18
Joined: Tue Oct 18, 2011 11:56 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Tue Feb 07, 2012 6:37 pm

Hi!

If I understand you problem, you can not create internet access.
This is an easy scenario for internet connection with pppoe:


Interface ip address
/ip address add address=192.168.1.1/24 interface=ether1
NAT privat IP-s to pppoe-out
/ip firewall nat add chain=src-nat src-address=192.168.1.0/24 action=masquerade
DHCP Pool
/ip pool add name=dhcp-pool ranges=192.168.1.2-192.168.1.254
DHCP Server
/ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1 dns-server=192.168.1.1 //or any dns
/ip dhcp-server network add name=default interface=ether1 address-pool=dhcp-pool
It is just an example, all of settings you can set up easily with winbox
 
th0r
just joined
Topic Author
Posts: 8
Joined: Sat Feb 04, 2012 11:30 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Wed Feb 08, 2012 3:52 pm

I think it may be because that your DHCP server is still just handing out IPs to the ether2. You have to put in the Bridge.

check ip/dhcp server and clik on the DHCP server listed and check the interface set. Must be the bridge, I think.

rgs Bjarne
That was exactly what it was :) I just changed my DHCP server to "bridge1" and now everything works! Thank you so much! :)

One question: Does anyone has any idea why is wireless dropping? Not constantly, but here and there.
You do not have the required permissions to view the files attached to this post.
 
Pilgrim
Member Candidate
Member Candidate
Posts: 265
Joined: Sun Mar 30, 2008 1:04 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Wed Feb 08, 2012 4:52 pm

@Th0r, just a word of caution. I think I mentioned it already, but you should be sure that you have the min needed rules in your firewall. Check for example:

http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling
http://wiki.mikrotik.com/wiki/Home_Firewall (complete script for home firewall) to install the script you just open a new terminal window in winbox and paste the script.

rgs Pilgrim
 
th0r
just joined
Topic Author
Posts: 8
Joined: Sat Feb 04, 2012 11:30 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Wed Feb 08, 2012 5:04 pm

@Pilgrim thanks, but I didn't forget and set some basic rules :)

Do you have any thoughts why is wireless occasionally dropping? Thanks.
 
Pilgrim
Member Candidate
Member Candidate
Posts: 265
Joined: Sun Mar 30, 2008 1:04 pm

Re: RB751U-2HnD PPPoE client and NAT not working

Fri Feb 10, 2012 12:32 am

@th0r

No, I would not be the right one to answer that and I am also not sure how the problem could be investigated. I hope that someone else on the board can help. I am also interested in knowing more about this problem.

rgs Pilgrim

Who is online

Users browsing this forum: No registered users and 41 guests