Community discussions

 
morina
just joined
Topic Author
Posts: 4
Joined: Wed Sep 11, 2019 4:04 pm

First config

Thu Sep 12, 2019 2:09 pm

Hi All
Im just in first steps on networking and im facing a situation that i need to solve.
I have 2 pc with different connection in the office with 2 separated networks:
-1 pc access on the internet IP 192.168.20.10/24
-2 pc access on the intranet with IP 192.168.100.40/24
I want to use just one laptop so i can access on both connections.

I configured IP 192.168.20.10 as WAN on mikrotik with ip lan 192.168.200.1/24 and i got internet connection on my laptop that has IP 192.168.200.254.

I need help to configure the intranet IP 192.168.100.40 on mikrotik so at my laptop i can use both : internet connection and intranet

Regards
 
morina
just joined
Topic Author
Posts: 4
Joined: Wed Sep 11, 2019 4:04 pm

Re: First config

Thu Sep 12, 2019 5:49 pm

Has anyone face this before? Cold some one give me some advice?
 
morina
just joined
Topic Author
Posts: 4
Joined: Wed Sep 11, 2019 4:04 pm

Re: First config

Fri Sep 13, 2019 10:33 am

Hi All ,
After some researches i did some configuration .
When i enable the firewall mangle rule i can access ip of intranet on web but i dont have internet connection on 192.168.200.254. If i disable the rule i just have internet connection
Cold someone take a look and give me advice at what part i mess.
Thank you.

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=\
!192.168.200.0/24 new-routing-mark=wan2 passthrough=yes protocol=tcp \
src-address=192.168.200.254
/ip firewall nat
add action=masquerade chain=srcnat out-interface= ether1
add action=src-nat chain=srcnat routing-mark=wan2 to-addresses=192.168.100.40
/ip route
add distance=1 gateway=192.168.100.40 routing-mark=wan2
add distance=1 gateway=192.168.20.10
 
mkx
Forum Guru
Forum Guru
Posts: 2792
Joined: Thu Mar 03, 2016 10:23 pm

Re: First config

Fri Sep 13, 2019 11:46 am

You should post complete configuration as all of the details matter ... run /export hide-sensitive and post it here inside [code] [/code] block.
BR,
Metod
 
morina
just joined
Topic Author
Posts: 4
Joined: Wed Sep 11, 2019 4:04 pm

Re: First config

Fri Sep 13, 2019 12:33 pm

Hi mkx,
Thank your for your replay.
Here is my configuration.
I was making some test and if i put "dst-port=80" on mangle roule i could access some part form intranet through web on port 80 but no on another ports and i have internet connection on 200.240
# jan/01/2002 22:14:02 by RouterOS 6.30.4
# software id = H21S-MBQG
#
# model = 951Ui-2HnD
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=wan1
set [ find default-name=ether5 ] name=wan2
set [ find default-name=ether3 ] name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap group-ciphers=tkip,aes-ccm management-protection=allowed mode=\
dynamic-keys name=profile1 supplicant-identity="" unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=profile1 ssid=MT
/ip dhcp-server
add disabled=no interface=bridge1 name=dhcp2
/ip pool
add name=dhcp_pool0 ranges=192.168.200.2-192.168.200.254
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=LAN
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether2
/ip settings
set rp-filter=loose
/ip address
add address=192.168.20.10/24 interface=wan1 network=192.168.20.0
add address=192.168.200.1/24 interface=bridge1 network=192.168.200.0
add address=192.168.100.40/24 interface=wan2 network=192.168.100.40
/ip dhcp-server lease
add address=192.168.200.240 client-id=1:d4:85:64:6c:4:c mac-address=D4:85:64:6C:04:0C server=dhcp2
add address=192.168.200.250 client-id=1:60:36:dd:ba:3c:fe mac-address=60:36:DD:BA:3C:FE server=dhcp2
add address=192.168.200.251 client-id=1:b8:d7:af:a1:bd:6b mac-address=B8:D7:AF:A1:BD:6B server=dhcp2
/ip dhcp-server network
add address=192.168.200.0/24 dns-server=8.8.8.8,192.168.20.1 gateway=192.168.200.1
/ip dns
set servers=8.8.8.8,192.168.20.1
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!192.168.200.0/24 new-routing-mark=wan2 passthrough=yes \
protocol=tcp src-address=192.168.200.240
/ip firewall nat
add action=masquerade chain=srcnat
add action=src-nat chain=srcnat routing-mark=wan2 to-addresses=192.168.100.40
/ip route
add distance=1 gateway=192.168.100.40 routing-mark=wan2
add distance=1 gateway=192.168.20.1


set db-path=user-manager
[user@MikroTik] >
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1358
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: First config

Sat Sep 14, 2019 12:41 pm

If this device is directly connect the world wide web, I suspect you might have some bigger problems as the device might already be compromised. "jan/01/2002 22:14:02 by RouterOS 6.30.4"

Read up on netinstall, then apply at least 6.44.5 long term version with netinstall.
MTCNA, MTCTCE, MTCRE & MTCINE
 
anav
Forum Guru
Forum Guru
Posts: 2936
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: First config

Sun Sep 15, 2019 1:53 am

I feel dirty just looking at that OS..............
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: No registered users and 15 guests