Community discussions

MikroTik App
  4. RouterOS
  5. General

sucks as a stand alone router!

Post Reply
 
marvin
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Mon Nov 15, 2004 9:56 pm

sucks as a stand alone router!

Mon Apr 25, 2005 11:02 pm

I had 2 ethernet cards one for dsl and one for cable. 1 Ethernet for the internal side.

eth1 x.x.x.x/32 cable
eth2 x.x.x.x/24 dsl
eth3 192.168.0.1/24 ethernet

Using masquerading. No other ips but our wireless mikrotik router which has bridged with customers on 192.168.60.x had every single customer showing ip conflicts! From nothing but putting the above router online! Mikrotik sucks as a router! Big time so now looking for an alternative solution for a dual wan router that supports proxy-arp.
Top
 
Cameron Earnshaw
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Sun May 30, 2004 6:46 pm
Contact:
Contact Cameron Earnshaw

Tue Apr 26, 2005 2:14 am

I've got plenty of issues with Mikrotik reliability of late, but have never heard of the problem you describe. Are you sure you have your DHCP server set up properly? You haven't assigned IPs to the interfaces that are also being assigned by DHCP have you?
Top
 
marvin
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Mon Nov 15, 2004 9:56 pm

Tue Apr 26, 2005 2:44 am

No current setup.

Mikrotik Wireless AP:

Wan1
Wan2
Wan3
Ether1
Bridged IP: 192.168.0.70
Gateway: 192.168.0.1
Proxy-Arp enabled

Mikrotik Router

Wan1: x.x.x.x/32
Wan2: x.x.x.x/24
Ether: 192.168.0.1
Gateway: Wan1, Wan2
Proxy-Arp Enabled

Internal IP: 192.168.0.0/24
Wireless Clients IP: 192.168.60.0/24

Wireless customers were getting ip conflicts when I hooked up the Mikrotik Router. The entire problem went away when I removed the Mikrotik Router from the LAN completely.

Oh and no DHCP at all. Our BMU assigns static internal ip's based on if it's infrastructure or clients. So no dhcp to cause any headaches.
Top
 
Cameron Earnshaw
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Sun May 30, 2004 6:46 pm
Contact:
Contact Cameron Earnshaw

Tue Apr 26, 2005 4:02 am

Is it possible that you have a rogue DHCP server on the same subnet as your internal IPs? 192.168.0.x is the factory default on D-Link routers, I believe. Maybe one of your wireless clients mistakenly connected the radio to the LAN side of his router. We see this quite often.
Top
 
marvin
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Mon Nov 15, 2004 9:56 pm

Tue Apr 26, 2005 4:41 am

No the problem started as soon as we put the Mikrotik Router online in place of our dual wan Xincom router. The problem ended as soon as we removed the Mikrotik Router offline and put the Xincom back online.
Top
 
changeip
Forum Guru
Forum Guru
Posts: 3833
Joined: Fri May 28, 2004 5:22 pm

Tue Apr 26, 2005 6:36 am

As soon as I bought a house I had to start paying property taxes, mowing the yard, and taking out the trash. Damn house. Once I got rid of it everything started working like I was used to.

Puns put aside, I think the problem is probably with a configuration issue. Post your config and we'll give you some straight answers.

"Wireless customers were getting ip conflicts when I hooked up the Mikrotik Router." What's the IP range they are getting conflicts on?

Sam
Top
 
sten
Forum Veteran
Forum Veteran
Posts: 923
Joined: Tue Jun 01, 2004 12:10 pm

Tue Apr 26, 2005 9:18 am

Proxy-Arp enabled
Here is the culprit. Proxy-Arp only if you really understand it, otherwise stay away from ever proxying arp.It proxies for ALL other routes. Not like on other platforms where you flag specific routes for proxy arp. (Feature missed dearly!!!)
Top
 
marvin
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Mon Nov 15, 2004 9:56 pm

Tue Apr 26, 2005 9:57 am

Well that is a problem than because I needed to proxy-arp a customers external static ip instead of using the DMZ from Xincom. So how can I proxy-arp without ip conflicts all over? We have a corporate customer that needs to have an external ip right now it's natted but that is not the solution they are requiring.
Top
 
marvin
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Mon Nov 15, 2004 9:56 pm

Tue Apr 26, 2005 5:46 pm

Ok I got a serious problem according to proxy-arp documents.

Even if I add a fourth nic into the system for a dmz section here is where the problem comes in.

Clients IP range: 192.168.60.0/24

router:
wan1: 24.73.65.14/32
wan2: 66.15.99.192/24
eth0: 192.168.0.1/24
eth1: 66.15.99.193/24

Switch <---> eth0
Switch <---> eth1

Now how do I handle this?

Mikrotik AP:
eth0: 192.168.0.70
wan1: 192.168.0.70 <---> ptp link
wan2: 192.168.0.70 <---> Sector 1
wan3: 192.168.0.70 <---> Sector 2
wan4: 192.168.0.70 <---> Sector 3
Bridge1: 192.168.0.70 (eth0, wan1, wan2, wan3, wan4)

Since proxy-arp since it's not flagged and is basically like a wild proxy-arp everything is proxy-arp'd how would I have to configure the above to be able to proxy arp over the wan1 interface without causing ip conflicts with customers? Since the ptp link on wan1 is going out to our other towers to our other ap's?

What I need to do is proxy-arp 66.15.99.194/24 to a client that is two towers away. Wan1 (tower1) to (tower2) which is a bridged level 4 with proxy-arp enabled to (tower3) which is hard wired to the customers cisco switch. Currently natted but needing to have the physical ip 66.15.99.194 which I was planning to proxy-arp.
Top
 
Cameron Earnshaw
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Sun May 30, 2004 6:46 pm
Contact:
Contact Cameron Earnshaw

Wed Apr 27, 2005 7:23 am

Why can't you just use dst-nat?
Top
 
marvin
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Mon Nov 15, 2004 9:56 pm

Wed Apr 27, 2005 3:39 pm

Because the corporate customer WANTS a true static ip. And most any corporate businesses want this as well as NO NATTING on any side but theirs. As well as no firewall on their side.
Top
 
sten
Forum Veteran
Forum Veteran
Posts: 923
Joined: Tue Jun 01, 2004 12:10 pm

Off topic!

Wed Apr 27, 2005 4:14 pm

I am currently under the impression that there are ISPs out there that NAT their customers. In norway, if my customers do not get Public IP's (dynamic or static), they would have my head on a pole. If the latency is 30ms+ to most national sites or there is 1%+ packet loss they would castrate me.
If i firewall them in any way other than the very basic 3-4 Microsoft virus ports and anti-spoofing they will go at me with an ice-pick.

How is it in other places? Is NAT ok? High latency ok? Firewalling?
Top
 
marvin
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Mon Nov 15, 2004 9:56 pm

Wed Apr 27, 2005 6:05 pm

Ok for residential for NAT and firewalling but businesses have their own solution and when they purchase pay for a static ip they want a true static ip and not a natted one.
Top
 
User avatar
djape
Member
Member
Posts: 465
Joined: Sat Nov 06, 2004 7:54 pm
Location: Serbia

Re: Off topic!

Wed Apr 27, 2005 9:31 pm

I am currently under the impression that there are ISPs out there that NAT their customers. In norway, if my customers do not get Public IP's (dynamic or static), they would have my head on a pole. If the latency is 30ms+ to most national sites or there is 1%+ packet loss they would castrate me.
If i firewall them in any way other than the very basic 3-4 Microsoft virus ports and anti-spoofing they will go at me with an ice-pick.

How is it in other places? Is NAT ok? High latency ok? Firewalling?
Hehe, that's your fault ;) I'm teaching my customers to be nice or I'll put their head on pole :)

I am NATing my customers, I have very big firewall rule, ping to national sites is 20-50ms and average packet loss is less tnen 1%

If they don't like it, it's fine with me, but in 2 years I didn't lose a customer.

Cheers...
Top
Post Reply
  4. RouterOS
  5. General