Dear Mikrotik Community,
I need your help with this issue:
my WAN router (TP-Link) has no more available network port to use for additional TV(IPTV). My Mikrotik(v6.47.8) LAN router has available ports. I want to use one network port of Mikrotik (ether9) for connecting TV.
Please take a look to the attachement.
How can I achieve this?
Thank you in advance!
Routing all traffic from network port to another router
You do not have the required permissions to view the files attached to this post.
Re: Routing all traffic from network port to another router
Export config...
# dec/03/2020 21:53:41 by RouterOS 6.47.8
# software id = E166-YQTB
#
# model = RB4011iGS+
# serial number =
/interface bridge
add arp=disabled name=bridgeIPTV
add admin-mac=B8 arp=proxy-arp auto-mac=no comment=defconf \
name=bridgeLocal
/interface ovpn-client
add certificate=mikrotik.ovpn_1 cipher=aes256 connect-to= \
mac-address= name=ovpn-out user=
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 dpd-interval=disable-dpd \
enc-algorithm=aes-256 hash-algorithm=sha256
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=\
aes-256-cbc,aes-128-cbc lifetime=8h
/ip pool
add name=dhcp ranges=192.168.88.3-192.168.88.254
add name=ovpn-pool ranges=192.168.89.10-192.168.89.29
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridgeLocal name=dhcp1
/ppp profile
add dns-server=1.0.0.1 local-address=192.168.89.1 name=ovpn remote-address=\
ovpn-pool use-encryption=yes
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
add bridge=bridgeLocal comment=defconf interface=ether6
add bridge=bridgeLocal comment=defconf interface=ether7
add bridge=bridgeLocal comment=defconf interface=ether8
add bridge=bridgeLocal comment=defconf interface=ether10
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus1
add bridge=bridgeIPTV interface=ether9
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set ipsec-secret= use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add interface=bridgeLocal list=LAN
add interface=ovpn-out list=WAN
/interface ovpn-server server
set auth=sha1 certificate=ovpn.server cipher=aes256 default-profile=ovpn \
enabled=yes require-client-certificate=yes
/ip address
add address=192.168.88.1/24 interface=bridgeLocal network=192.168.88.0
add address=192.168.0.100/24 interface=ether1 network=192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no comment=defconf disabled=no interface=ether1
add add-default-route=no interface=bridgeIPTV
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=94.140.15.15,94.140.14.14
/ip firewall filter
add action=reject chain=input dst-port=1194 protocol=tcp reject-with=\
icmp-network-unreachable src-address-list=!AzerbaijanIPs
add action=accept chain=input comment="Allow OpenVPN" dst-port=1194 log=yes \
log-prefix=ovnv_in_ protocol=tcp src-address-list=mylist
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=ether1
add action=masquerade chain=srcnat
add action=redirect chain=dstnat comment="DNS Redirect (TCP)" dst-address=\
192.168.88.1 dst-port=53 in-interface=bridgeLocal protocol=tcp to-ports=\
53
add action=redirect chain=dstnat comment="DNS Redirect (UDP)" dst-address=\
192.168.88.1 dst-port=53 in-interface=bridgeLocal protocol=udp to-ports=\
53
/ip route
add distance=1 gateway=192.168.0.1
/ppp secret
add name=ovpn password= profile=ovpn service=ovpn
/system clock
set time-zone-name=
/system ntp client
set enabled=yes server-dns-names=pool.ntp.org
-
-
CZFan
Forum Guru
- Posts: 2098
- Joined:
- Location: South Africa, Krugersdorp (Home town of Brad Binder)
- Contact:
Re: Routing all traffic from network port to another router
best will be to make the Mikrotik a switch / bridge, i.e. bridge all ports, no routing on Mikrotik
Re: Routing all traffic from network port to another router
best will be to make the Mikrotik a switch / bridge, i.e. bridge all ports, no routing on Mikrotik
I agree no routing way would be the easiest way, but I want to keep my internal network separate from main router controlled by service provider.
Maybe you could give me direction how this can be done... Thanks
Re: Routing all traffic from network port to another router
In that case, you can create another bridge (br-wan), move all the IP configuration from the ether1 to that bridge, and make both ether1 and ether9 member ports of that bridge. If you use two Ethernet interfaces connected to the same switch chip for the connection to the TP-link and the IPTV, set hw=yes on the two respective rows of /interface bridge port, and hw=no on the other ones on the same switch chip, the IPTV traffic will be forwarded by the switch chip, not loading the CPU.I want to keep my internal network separate from main router controlled by service provider.