MikroTik

Posted: **Fri Feb 15, 2013 2:58 am**

Hi, i need to set a router to manage a /24 publics ip address, but in the clients don't work... help.

From my ISP...
Network: AA.BB.CC.100/30
Gateway: AA.BB.CC.101

Public IP Pool: DD.EE.FF.0/24

In my Mikrotik...

[admin@gate] > ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                           
 0   AA.BB.CC.102/30   AA.BB.CC.100   ether1                            
 1   DD.EE.FF.1/24     DD.EE.FF.0     ether2                            
[admin@gate] >

[admin@gate] > ip route print 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0   S  0.0.0.0/0                          AA.BB.CC.101              1
 1 ADC  AA.BB.CC.100/30    AA.BB.CC.102    ether1                    0
 2 ADC  DD.EE.FF.0/24      DD.EE.FF.1      ether2                    0
[admin@gate] >

[admin@gate] > ip firewall nat print 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade src-address=DD.EE.FF.0/24 out-interface=ether1 
[admin@gate] >

And, in the client configure:

IP: DD.EE.FF.2
Mask: 255.255.255.0
Gateway: DD.EE.FF.1
DNS: 8.8.8.8, 8.8.4.4

but i can't go outside, ping don't respond... ping google.com and timeout...

Posted: **Fri Feb 15, 2013 9:45 am**

And what about connection tracking? You have to set it to enable.

[admin@Domek] > ip firewall connection tracking print
                   enabled: yes
      tcp-syn-sent-timeout: 5s
  tcp-syn-received-timeout: 5s
   tcp-established-timeout: 1h
      tcp-fin-wait-timeout: 10s
    tcp-close-wait-timeout: 10s
      tcp-last-ack-timeout: 10s
     tcp-time-wait-timeout: 10s
         tcp-close-timeout: 10s
               udp-timeout: 10s
        udp-stream-timeout: 3m
              icmp-timeout: 10s
           generic-timeout: 10m
             tcp-syncookie: no
               max-entries: 481448
             total-entries: 26

Posted: **Fri Feb 15, 2013 2:54 pm**

Can you ping the ISP gateway? Which DNS servers are you using - are lookups working?

Do you have any NAT rules active?

Output from /export compact would be useful.

Posted: **Fri Feb 15, 2013 3:04 pm**

Hi!

Since you are routing a public IP-Range, you don't need "masquerade".
Everything else looks good.

First thing you should check is, if your RB is able to ping your GW, which is AA.BB.CC.101 in your example. If this isn't possible your problem lies between your RB and your ISP.

If you've got networking problems, please try to ping IP addresses instead of domain names.

- Mat

Posted: **Fri Feb 15, 2013 7:47 pm**

but i can't go outside, ping don't respond... ping google.com and timeout...

Maybe your ISP has not got that /24 setup to route to your router, so return traffic is not making it to you...

Posted: **Sat Feb 16, 2013 1:14 am**

Thanks, was the nat rule :/ jeje. This is the best way to routing public ip range?

Posted: **Sat Feb 16, 2013 11:57 am**

Thanks, was the nat rule :/ jeje. This is the best way to routing public ip range?

Well, it's the correct way of routing... What would you change?

MikroTik

Public IP's

Public IP's

Re: Public IP's

Re: Public IP's

Re: Public IP's

Re: Public IP's

Re: Public IP's

Re: Public IP's