Community discussions

MikroTik App
 
loma
just joined
Topic Author
Posts: 20
Joined: Thu Aug 21, 2014 11:49 am

Please help with this :(

Wed Oct 15, 2014 11:10 am

Hi,

Here is my situation, it's really urgent for me so pleas help.

I have 2 routers:
Router1 - 192.168.4.0/24 which is doing NAT and other stuff...
Router2 - Handles multiple IP ranges 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24

These two routers are connected. Situation is that all the computers from 192.168.0.0/24 range I see as one IP address on this Router1.
I would like to see each device individual IP address on the Router1.

Can anyone help me on how to do that?
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: Please help with this :(

Wed Oct 15, 2014 11:20 am

Probably you are making some nat on Router2. Remove it so it only routes.
 
loma
just joined
Topic Author
Posts: 20
Joined: Thu Aug 21, 2014 11:49 am

Re: Please help with this :(

Wed Oct 15, 2014 4:38 pm

I'm not sure you understood my question. Maybe I didn't described my network config and what I want properly.

Here it is...

Main router with 2 WAN connections:
Router1 - 192.168.4.0/24


Router2 - which is connected to Router1 and has IP 192.168.4.X
Router2 manages 3 different IP ranges on 3 different interfaces.
ETH1 192.168.0.0/24
ETH2 192.168.1.0/24
ETH3 192.168.2.0/24

Both of these routers and many servers are connected to one switch and all the servers have IPs 192.168.4.X

Behind ETH1 (192.168.0.0/24) interface I have a lot of devices (computers, phones, etc).
The problem is that for ex. one of these computers is accessing for my domain server (192.168.4.X) and I can't see his real IP of that PC (ex. 192.168.0.55), but I see him/all of them as 192.168.4.X.

How can I make it so that I see individual IP of every computer connecting to my server on my Router1?
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 947
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Please help with this :(

Wed Oct 15, 2014 4:49 pm

I second CyberTods suggestion.
Post a compact export of your configs (of both routers) and we will have a look.
It still seems that router2 is connected to your 192.168.0.0/24 subnet on ether1 with some default settings active, i.e. NAT/masquerading.
This would explain your observations.
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
loma
just joined
Topic Author
Posts: 20
Joined: Thu Aug 21, 2014 11:49 am

Re: Please help with this :(

Thu Oct 16, 2014 10:17 am

Ok here are the configs.
I've removed all the information that public shouldn't see.
You do not have the required permissions to view the files attached to this post.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: Please help with this :(

Thu Oct 16, 2014 10:24 am

I am assuming central.rsc is your 2nd router.
You have this rule :
add action=masquerade chain=srcnat out-interface=ether12-WAN
This is exactly the nat you must disable. Otherwise everything leaving the router through ether12-WAN is masquaraded with the router's ip.
 
loma
just joined
Topic Author
Posts: 20
Joined: Thu Aug 21, 2014 11:49 am

Re: Please help with this :(

Thu Oct 16, 2014 11:13 am

OK. So when I disable this rule I will see individual IP from all the PCs (172.20.0.0/24) connecting to my domain controller (172.20.4.4) ?
 
loma
just joined
Topic Author
Posts: 20
Joined: Thu Aug 21, 2014 11:49 am

Re: Please help with this :(

Thu Oct 16, 2014 12:35 pm

I've tried this and it's not working.

So again... All I want is to see on ma Router1 computers connecting from Router2 with their real IP addresses.

Router1 - 172.20.4.254

Router2 IP address - 172.20.4.31
Router2 manages 3 subnets (172.20.0.0/24 , 172.20.1.0/24 , 172.20.2.0/24)

Computers connecting from 172.20.0.0/24 that are connecting to my DC...I can't see their individual IPs like 172.20.0.10, 172.20.0.11... etc.. but I see all the PCs coming from one IP 172.20.4.31. That is the IP of my Router2.

How can I see all the PCs with their individual IP address???

Thank you in advance.
 
loma
just joined
Topic Author
Posts: 20
Joined: Thu Aug 21, 2014 11:49 am

Re: Please help with this :(

Thu Oct 16, 2014 4:12 pm

Please, please is there anyone that can give me a solution on this.
I think I managed to describe what I want.
If somebody didn't understand me or something please ask so we can talk more on this.
I really really need the solution.

Thank you in advance.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: Please help with this :(

Thu Oct 16, 2014 5:04 pm

Create a neutral net between the routers and route the traffic both ways thru it without using nat or masquerade.
 
flipk12
newbie
Posts: 35
Joined: Mon Oct 06, 2014 5:49 pm
Location: Asturias/Spain

Re: Please help with this :(

Fri Oct 17, 2014 12:43 am

It's easy ...

You have a rule on router 2 (core firewall) that masquerade all traffic that goes to router 1 (internet gateway). Disable it.
You must also put 3 static routes on router 1 ponting to router 2 gateway, one for each subnet behind it.

.......

I've readen your rsc and I can't undesrtand what are you trying to do with all this nat rules. I supose that you're working on someone's else cfg files and you want us to do the same for you, but I'm so sorry, it is not easy without a draw of the whole network and more knowledge about the project.

It looks like you are trying to do a two firewalls schema, with dmz to core firewall and inernet to dmz IP napt, two gateways and a Ipsec VPN to somewhere, but I'm not sure .....
 
loma
just joined
Topic Author
Posts: 20
Joined: Thu Aug 21, 2014 11:49 am

Re: Please help with this :(

Fri Oct 17, 2014 12:00 pm

flipk12 thank you for your reply very much. I will give it a try and let you guys know.

I'm not doing configuration for someone else. These are actually configs from company's routers where I work.
My colleague that usually does the administering Mikrotik is not here and I need to do this.
I'm a newbie to network and Mikrotik in general, but I'm learning about networks and hopefully I won't ask these kind of questions in future.
I'm sorry for asking some trivial question, please be patient with me because as I said I'm new to computer networks.

Thank you very much for the help.

Regards
 
flipk12
newbie
Posts: 35
Joined: Mon Oct 06, 2014 5:49 pm
Location: Asturias/Spain

Re: Please help with this :(

Sat Oct 18, 2014 2:32 am

No, it is not a trivial question ..... so we have to know the whole problem to be able to help you.
Yes, your college is someone else, not you, is that i'm trying to say. You're trying to change a cfg that you don't understand, but you know the network, what you are trying to do and we don't.
Don't worry, ask all what you want.
 
loma
just joined
Topic Author
Posts: 20
Joined: Thu Aug 21, 2014 11:49 am

Re: Please help with this :(

Mon Oct 27, 2014 3:16 pm

Just to inform you guys that I've solved this by following your instructions.
Thank you all very much, you have been very helpful!
 
flipk12
newbie
Posts: 35
Joined: Mon Oct 06, 2014 5:49 pm
Location: Asturias/Spain

Re: Please help with this :(

Mon Oct 27, 2014 9:05 pm

Congratulations! :D

Who is online

Users browsing this forum: timotei, tinka and 59 guests