Hi everyone ,
Very new to Mikrotik and have been given the task of setting one up into an existing small office network with a 2wire Bt router.
I've setup basic internet connectivity and the wireless on the MT, i've also read lots and lots of forums and manuals and the MT Wiki, but i'm just in need of some basic pointers, can anyone tell me they would interact the MT with the BT router and a Small Business Server 2008, i'm just a bit confused about DHCP's (What is giving what IP's), firewalls, NAT, etc...
Any help would be greatly appreciated, there's no rush for the setup but it would be great to at least get it underway!
Thanks in advance for the replies!

Read this?
http://wiki.mikrotik.com/wiki/How_to_Co ... _xDSL_Line

Ron

Thanks!
That would have been so much easier if I'd of found that before setting everything up! Whoops...

So from reading that link, it makes alot more sense now, i would set a DMZ in the BT router to route everything to the MT and let the MT distribute the traffic...would i specify the MT's router WAN interface address in NAT & Firewall rules or the ISP's public static IP address??

I have no knowledge of the inner workings of the BT router, but question the use of a DMZ setting unless you want the internal server to be public facing only, i.e. make it visible to the outside world, but not visible to anyone on the internal network. That is the point of a DMZ.

Also, if you have been allocated a block of IPs by BT then you can set up the router in full bridging mode where the router is given one fixed IP by you and you give another IP to your RB public interface and in that way your RB is directly connected to the internet without it "seeing" the router/modem in between. This makes it MUCH easier to setup VPN's for example, as there is no NAT in between your RB interface and the internet.

If you have been given a single fixed IP, then you will have to allow the adsl router to have that (usually via DHCP from the ISP) and then operate in what is sometimes called "Half bridge" mode. Or...

If you have been given a single fixed IP you can place the router either in "half bridge" mode or run what would be the normal "out of the box" NAT modem on the router and allocate an internal IP onto your RB public interface or enable a DHCP Client on the public interface and let it pick up all the settings from the router's internal DHCP server.

Without knowing a lot more about the specifics of what the router does (or can do) and what your ISP allows you to do (many but not all, will give you a fixed IP, but allocate it to you based on a DHCP server at their end) so it would be difficult to know what to recommend exactly.

If that helps point you in the right direction, great, if not. Get back to us with more specifics.

Wow thanks for reply, we have one static ip address, probably why i'm finding it hard to setup an IP camera to view over the internet! Frustrating...So you are suggesting taking the DMZ off, what would be an alternative.....At the moment, i have the BT giving the MT a 192.168.1.98 address (by the BT's DHCP) and i have a DHCP client on that interface, and then on the outgoing MT interface i have the DHCP server setup giving out 192.168.0.x address to the LAN. Before we put the MT in, if you put the public IP address into a browser bar it would go to the camera fine, now, obviously it doesnt. Internet access is fine amongst the LAN, its just the "coming into the router (VPN, IP Cam etc..) from the outside" i'm having problems with...more help "Nest", very much appreciated!

For the BT router, you will need to open up the ports required on the router (port 80?) if you are using NAT mode (which by description you appear to be doing) - see your router manual for how to do that.

Then, as you need access to internal devices on your network and it's got an MT in between, you need to look at dst nat masquerading. Incoming packets of data, hitting your firewall on the public internet side, will have a destination IP address which is the public IP you have been given by BT.

But you need those packets to be routed through to a destination IP of your IP camera which is on the internal network. That is why the name for this is dst-nat. Destination Network Address Translation.

So, presuming that the IP camera only needs an incoming connection on port 80, as if it were a web server, try this, Change {external IP} and {internal IP} to suit. If it is not on port 80, but port 443, change accordingly. If you need to dst-nat other ports becuase the camera requires other ports to be opened, just add more of the above rules, changing each one as required.

With the router doing NAT and the MT doing NAT, that is called double NAT'ing, which can give problems. Try if you can to place the router into half bridging mode. This means the router will do the PPoA authentication, but pass all packets destined for your single public IP straight through the router untouched to your MT external interface.

Thanks very much for a extremely knowledgeable explanation, i tried to do the "half bridge" mode yesterday and ended up locking myself our of the BT router because i followed instructions on another website about removing "routing" and putting it into Bridged LLC or something, which essentially was supposed to turn it into a Modem, then tried to configure the MT (not very well) and lost all internet and couldnt then access the BT. Nightmare.
So your saying its much easier to use the PPoA authentication, with the BT in half bridge mode, that bit seemed ok, it was just the MT end that i was struggling with,
Sorry if i'm pestering, its just easier to learn with tailored answers

Ok, everything is working exactly how we wanted it.
Just a step by step if anyone finds it useful to configure a 2Wire modem/router and a MT router:
1. in the 2wire, goto Broadband>link config> change parameters to Bridged LLC, untick PVM, and connection type set to Direct IP or DHCP, disable routing.
2. In MT, goto PPP>new interface>PPPOE client, add ISP authentication (AC name was "BT_ADSL").
3. goto IP>addresses>add address>put your public static IP address and assign it to newly created PPPOE client interface.
4. Delete your current DHCP Client.
5. Change your src-nat rule to PPPOE Client interface.
6. cross your fingers.

Hopefully you should then have a "Dumb" modem connected by ethernet to your MT!

If i've got anything wrong or i've forgotten anything, post it up....

Well done! I once tried to do PPoE through an ADSL router on a UK ADSL line, failed miserably as the ISP did not support LLC mode and PPoE. In the end the only way I could get it to work reliably was by removing all bridging altogether but still having the ADSL router modem handling the PPoA authentication using the VC protocol. Would have loved the MT Router to handle the authentication, but it wasn't to be.

But glad you got it working. If you've still got the energy and inclination could you type this up with some screen shots and create a wiki article? I think there would be a lot of UK guys that could find such a guide useful? Putting it on the wiki will make it much more easy to find and use than buried deep in the forum somewhere!

Yeah will do, there was alot of trial and alot of error!
Will put a wiki together and post the link up!

Sorry but i'm being completely stupid, how do i create a wiki page!?

Open

http://wiki.mikrotik.com/wiki/Page_name_here

and then click "Create"

Thanks for helping out a complete beginner!!!

Took me a while but got there in the end, new wiki article up...http://wiki.mikrotik.com/wiki/PPPoE_With_2Wire_Router
Not really sure how to navigate to it from the Mikrotik Main Page, dunno if its in a category or not??
Bit new to this, anyway happy reading, please make edits or post comments, would be great to know if i've made any glaring errors!!!

Don't worry - I'll put the links from another page for you. Don't be offended if someone else rewrites your work! The Wiki "protocol" is that you submit all your hard work in the hope it will be added to and improved by others. Any major changes (like some idiot deleting it, or defacing it) will get rectified and undone by the moderators.

Edit: OK, done it. See http://wiki.mikrotik.com/wiki/Assorted_examples

Thanks very much!
Hope you found it interesting!