Community discussions

MikroTik App
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Help with this configuration.

Thu Apr 23, 2015 7:42 pm

I am trying to setup the following:

3 networks:
10.160.250.0/24 - Public Network
10.160.251.0/24 - Private Network
10.160.252.0/24 - Front Network

I have everything setup and it is all working except I am not getting internet access on any of the networks!

eth1: Comcast switch/modem its ip is 10.1.10.1
eth2: Public Network
eth3: Private Network
eth4: Front network

Here is my config file:
# apr/22/2015 17:51:56 by RouterOS 6.28
# software id = 8XY6-SF8M
#
/ip pool
add name=dhcp_pool1 ranges=10.160.250.100-10.160.250.254
add name=dhcp_pool2 ranges=10.160.251.100-10.160.251.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=3d name=\
Public-Network
add address-pool=dhcp_pool2 disabled=no interface=ether3 lease-time=3d name=\
Private-Network
/port
set 0 name=serial0
/ip address
add address=10.160.250.0/24 interface=ether2 network=10.160.250.0
add address=10.160.251.0/24 interface=ether3 network=10.160.251.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1
/ip dhcp-server network
add address=10.160.250.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.160.250.1
add address=10.160.251.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.160.251.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
10.160.250.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
10.160.151.0/24
/ip route
add distance=1 gateway=10.1.10.1
/romon port
add disabled=no
/system clock
set time-zone-name=America/Detroit


Thanks for the help!
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Thu Apr 23, 2015 10:24 pm

Note: I have not yet added the 3rd network (front network) thats why its not in the config.
 
evince
Member
Member
Posts: 329
Joined: Thu Jul 05, 2012 12:11 pm
Location: Weiswampach - Luxemburg
Contact:

Re: Help with this configuration.

Thu Apr 23, 2015 10:29 pm

Hello,

Can you post the configuration of your firewall rules please?
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Thu Apr 23, 2015 10:46 pm

 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Help with this configuration.

Thu Apr 23, 2015 11:07 pm

I'm assuming that this is an artifact of your IP address sanitization - but your configuration shows the interface IPs as 10.160.25x.0/24 -- that's the network prefix and is an invalid IP address. Perhaps you're really configured with 10.160.25x.1/24 on each interface. . .

I would also shorten the masquerade rule - you only need the masquerade rule once, and don't specify the source.
It's enough (and automatically works for any future LAN segments you may create later) to simply say masquerade if out-interface = ether1. No more rules are required.

Can the Mikrotik itself ping to internet hosts?
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
bkuhn
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Fri Oct 15, 2010 12:17 am

Re: Help with this configuration.

Fri Apr 24, 2015 7:56 am

Is your DHCP client on ether1 receiving an IP address from the Comcast modem?
 
Atifrererrrr
just joined
Posts: 1
Joined: Fri Apr 24, 2015 9:28 am

Re: Help with this configuration.

Fri Apr 24, 2015 9:39 am

You need to realign the antenna. Same hapened to me but I moved it left to right a lot until the signal was good. The antenna has lobes and you align them on that lobes. Also the signal must be identical +-3dbi. The link must have ~ -60dbi.
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Fri Apr 24, 2015 5:31 pm

Is your DHCP client on ether1 receiving an IP address from the Comcast modem?
Yes
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Fri Apr 24, 2015 5:32 pm

You need to realign the antenna. Same hapened to me but I moved it left to right a lot until the signal was good. The antenna has lobes and you align them on that lobes. Also the signal must be identical +-3dbi. The link must have ~ -60dbi.
This box does not have WiFi radios.
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Fri Apr 24, 2015 5:34 pm

I'm assuming that this is an artifact of your IP address sanitization - but your configuration shows the interface IPs as 10.160.25x.0/24 -- that's the network prefix and is an invalid IP address. Perhaps you're really configured with 10.160.25x.1/24 on each interface. . .

I would also shorten the masquerade rule - you only need the masquerade rule once, and don't specify the source.
It's enough (and automatically works for any future LAN segments you may create later) to simply say masquerade if out-interface = ether1. No more rules are required.

Can the Mikrotik itself ping to internet hosts?
It can bing the interwebs through port 1
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Help with this configuration.

Fri Apr 24, 2015 5:42 pm

It can bing the interwebs through port 1
Change your rules from this:
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=10.160.250.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=10.160.151.0/24
To just this:
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
Your config shows no rules for filter or masquerade.
Is this true? If you have filter or masquerade rules - try disabling them all and if that allows traffic to the Internet, then you can start to re-enable them one at a time until you find which one breaks stuff.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Fri Apr 24, 2015 5:59 pm

Changed that to:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

Maybe my gateway is wrong here?
http://prntscr.com/6xmho7
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Help with this configuration.

Fri Apr 24, 2015 6:45 pm

In your posted configuration, I see this:
/ip address
add address=10.160.250.0/24 interface=ether2 network=10.160.250.0
add address=10.160.251.0/24 interface=ether3 network=10.160.251.0
This is actually invalid.
.0 = the network prefix address, and is not a usable address in this case.

change these to be 10.160.250.1/24 and 10.160.251.1/24
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Fri Apr 24, 2015 6:51 pm

I am getting this when I attempt to do that.
http://prntscr.com/6xn3ki
 
User avatar
noyo
Member Candidate
Member Candidate
Posts: 114
Joined: Sat Jan 28, 2012 12:25 am
Location: Mazury - Poland
Contact:

Re: Help with this configuration.

Fri Apr 24, 2015 7:01 pm

I am getting this when I attempt to do that.
http://prntscr.com/6xn3ki
Address: 10.160.250.0/24 - is a network
netmask: 24
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Fri Apr 24, 2015 7:06 pm

I know this, ZeroByte told me to use 250.1/24 so I was replying to him.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Help with this configuration.

Fri Apr 24, 2015 9:56 pm

I know this, ZeroByte told me to use 250.1/24 so I was replying to him.
Not in the network - that is the correct value for the network prefix.
Set the IP address.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
alexwoellhaf
just joined
Topic Author
Posts: 12
Joined: Thu Apr 23, 2015 7:33 pm

Re: Help with this configuration.

Mon Apr 27, 2015 6:33 pm

I was working on this all weekend. Still nothing!

Screenshot: http://prntscr.com/6ysa5a

Who is online

Users browsing this forum: equaraMikro, solar77 and 40 guests