Basic router setup guide/tutorial ?

tomiso · Wed Nov 18, 2009 6:37 pm

I've been looking for a basic router setup guide/tutorial.

I don't know about you guys, but i have a girlfriend that will beat me with a stick if the network is down

So i need a quick way to get everything going.

So, can someone please point me in the right direction or is there someone kind enough who will write a basic guide for us newbies.

The only thing i need is a basic router setup with NAT and firewall rules.
I've got a DSL connection and get a public IP from the ISP, and there is no need to ppoe login.

There rest i can figure out along the way.

DannyZ · Wed Nov 18, 2009 8:45 pm

Scan for AP, then connect. Setup dhcp server, pool, route and NAT

tomiso · Wed Nov 18, 2009 8:47 pm

In little more detail, please?

fewi · Wed Nov 18, 2009 9:08 pm

Adding IP addresses: http://wiki.mikrotik.com/wiki/IP/Address
DHCP basic example: http://wiki.mikrotik.com/wiki/DHCP_Serv ... c_examples
NAT basic example: http://wiki.mikrotik.com/wiki/Firewall_ ... c_examples

Zapnologica · Wed Nov 18, 2009 10:07 pm

i am alos having simelar problems. i can get my modem to connect but when i try acces the web from my pc it just says connecting.

where do i act set the RB to be a Gateway/router?

fewi · Wed Nov 18, 2009 10:19 pm

It's a router out of the box.

tomiso · Wed Nov 18, 2009 11:08 pm

Zapnologica · Thu Nov 19, 2009 7:34 am

i have a RB750 ( Router out of the box right?)

if i put in my PPPoE details and plug modem into ether 1 and pc into 2-5.

Nothing happens. when i go into the web browser it just says connecting.

Thu Nov 19, 2009 4:19 pm

where did you put those pppoe details? it's a router out of the box, but you want pppoe

we don't even use that here in our country

Zapnologica · Thu Nov 19, 2009 5:07 pm

if you login to 192.168.88.1 and go to PPPoE then you put in username and password.
I have also tried in winbox but it still dont work?

What do you use to login to then, in your country?

THG · Thu Nov 19, 2009 5:51 pm

What do you use to login to then, in your country?

It's probably like it is in my country, a pure ethernet connection to internet.

Zapnologica · Thu Nov 19, 2009 10:29 pm

so dont you login to an account????

you just connect up and away yo go. free internet for every one??

THG · Fri Nov 20, 2009 1:13 am

Free, why do you think it is free when we do not need to login?

Zapnologica · Fri Nov 20, 2009 12:10 pm

cause then how do they track your usage? if there is no login details or accounts that can identify who you are and how much you have used

Fri Nov 20, 2009 12:13 pm

you don't even want to know

i have an optics terminal in my apartment, and 100Mbit connection with 30Mbit both ways guaranteed (international traffic), no filters, no limitations. It costs something like 25$ per month.

We don't have logins, the ISP uses VLAN to control customers.

the ISP also offers 500Mbit, but my computer doesn't work so fast, so I didn't take that plan

Zapnologica · Fri Nov 20, 2009 12:35 pm

wish i could get that here is sa.

I have a 1mb wireless connection with a 3gb cap for R500.00 $67.00

Now im jelious.

Ok i still cant get this dam router to work.

I wish mikrotiks where made with the main idea in mind (to work).

Fri Nov 20, 2009 12:37 pm

you probably mistconfigured your PPPOE client

open INTERFACES window

there click PLUS icon

there choose PPPOE CLIENT

there select the GW PORT

and in DIAL OUT SET USER, PASS and SERVICE NAME. don't forget also to tick "ADD DEFAULT ROUTE"

Zapnologica · Fri Nov 20, 2009 12:41 pm

thats what i have done,

and i have tried clicking use peers dns too?

dont i have to add any firewal settigns or anything? surely just adding a pppoe client wont turn it on a gateway?

And hows Vlan work,

cause i am trying to set up a small ISP but i cant find a way to give users a CAP. eg 3GB ??? could Vlan work

Fri Nov 20, 2009 12:46 pm

yes, it will. post your configuration

Zapnologica · Fri Nov 20, 2009 12:48 pm

k let me just reset the Rb and start from scratch to make sure i a doing it right

Zapnologica · Fri Nov 20, 2009 12:52 pm

K i added ip to lacal side (ether2)

added PPPoE client to (ether1) with peerdns and default route

/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes \
    l2mtu=1526 mac-address=00:0C:42:55:C4:8E mtu=1500 name=ether1 speed=\
    100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:55:C4:8F \
    master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:55:C4:90 \
    master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:55:C4:91 \
    master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:55:C4:92 \
    master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
    group-key-update=5m interim-update=0s mode=none name=default \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
    none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
    wpa2-pre-shared-key=""
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
    1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
    name=default pfs-group=modp1024
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
    use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
    only-one=default use-compression=default use-encryption=yes \
    use-vj-compression=default
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\
    "" dial-on-demand=no disabled=no interface=ether1 max-mru=1480 max-mtu=\
    1480 mrru=disabled name=pppoe-out1 password=password profile=default \
    service-name="" use-peer-dns=yes user=davehyslop@iburst.co.zaa
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
    5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 authentication=none disabled=no name=backbone \
    type=default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
    time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\
    DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
    400MHz force-backup-booter=no
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
    400MHz force-backup-booter=no
/user group
add comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\
    word,web,sniff,sensitive,!ftp,!write,!policy"
add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\
    ox,password,web,sniff,sensitive,!ftp,!policy"
add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\
    ,test,winbox,password,web,sniff,sensitive"
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
/interface ethernet mirror
set mirror-port=none source-port=none
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:45:58:CA:18:B7 \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
    enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
    00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
    frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
    multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
    no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.9.1/24 broadcast=192.168.0.250 comment="" disabled=no \
    interface=ether2 network=192.168.0.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 primary-dns=0.0.0.0 secondary-dns=0.0.0.0
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set pppoe-out1 discover=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set pppoe-out1 queue=default
/radius incoming
set accept=no port=3799
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 \
    metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified \
    mpls-te-router-id=unspecified redistribute-bgp=no redistribute-connected=\
    no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no term=vt102
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
    filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
    yes interface=all memory-limit=10 only-headers=no streaming-enabled=no \
    streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no

Pilgrim · Sat Nov 21, 2009 12:58 pm

The modem you have in front of your RB750 should be set up in a bridge configuration, so you don't have a router-on-router situation.

This set up (see attached file) of the PPPoE connection works for me in my RB750 (@Mikrotik - compliments, the RB750, is simply a great router).

I can sent you the rest of the screen dumbs that you will need to set up your router, but i will take a lot of time to alter and hide all the information, like real IP's. password etc. that should not be posted on the internet. So if you would like I can make the screen dumps and sent them to you by mail.

I went through a long learning process myself to get me RB750 going.

rgs Pilgrim

Pilgrim · Sat Nov 21, 2009 1:11 pm

DHCP, DNS, NAT see attached xls.

for firewall I would suggest below as a min.

/ip firewall filter
add action=drop chain=forward comment="" connection-state=invalid disabled=no
add action=accept chain=forward comment="" connection-state=established disabled=no
add action=accept chain=forward comment="" connection-state=related disabled=no
add action=accept chain=forward comment="" disabled=no dst-port=7345-7346 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=20-21 protocol=tcp
add action=accept chain=forward comment="" connection-state=new disabled=no src-address=192.168.0.0/24
add action=log chain=forward comment="" disabled=no dst-address=192.168.0.0/24 log-prefix=UNWANTED src-address=\
!192.168.0.0/24
add action=drop chain=forward comment="" disabled=no dst-address=192.168.0.0/24 src-address=192.168.0.0/24
add action=accept chain=input comment="" disabled=no dst-port=22 protocol=tcp src-address=192.168.0.0/24
add action=log chain=input comment="" disabled=no dst-port=22 log-prefix="" protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp

Pilgrim · Sat Nov 21, 2009 1:24 pm

RB 750 address and route list.jpg

finally, this is how the route and address list should look like. most of the rules are added automatically (don't forget to tick off "add default route" in your PPPoE connection.

I can't remember which rules needs to entered by hand, so set up this as the last point and check what is missing.

Zapnologica · Sat Nov 21, 2009 1:36 pm

Thanks so much i will give that a try

Pilgrim · Sat Nov 21, 2009 4:03 pm

RB750 IP Pool.jpg

Just saw a mistake in the screen dump showing the IP pool for the DHCP server

Should look like this.

The DNS IP Addresses shown in the screen dump is added automatically, Just be sure that "allow remote request" is enabled

_Sheriff_ · Sat Nov 21, 2009 11:40 pm

Maybe here are find some answers to your questions Tutorial's

icecybe · Sat Nov 28, 2009 1:05 pm

hy. I have a rb750 want to separate via vlans network, can someone help me ?

butche · Wed Dec 02, 2009 10:57 am

Try this: http://blog.butchevans.com/2008/06/how- ... pe-router/

butche · Wed Dec 02, 2009 10:57 am

hy. I have a rb750 want to separate via vlans network, can someone help me ?

Please start another thread. This question is not the same subject. thank you

tolstii · Wed Dec 02, 2009 6:06 pm

http://www.aitec.md/support.php?id=4

choose language English

Video:
Series: For Dummies (Для Чайников)
Language: Rus, Eng

tinka · Wed Dec 02, 2009 8:58 pm

something like

http://wiki.mikrotik.com/wiki/A_script_ ... ou_started

gregsowell · Thu Dec 03, 2009 4:35 am

I know this is a shameless self plug, but I've been doing some mikrotik classes with slides and all for FREE. All I'm hoping for is feedback.

Mikrotik Basics -> http://gregsowell.com/?p=957
Intro to networking -> http://gregsowell.com/?p=954
Mikrotik Security(available 12/7/09)-> http://gregsowell.com/?p=1076

This is the class index page. As new classes are completed, they will be added here -> http://gregsowell.com/?page_id=951

Here's a list of my Mikrotik short video tutorials - > http://gregsowell.com/?page_id=304

Greg

SamWCL · Thu Dec 03, 2009 10:48 am

I know this is a shameless self plug, but I've been doing some mikrotik classes with slides and all for FREE. All I'm hoping for is feedback.

Mikrotik Basics -> http://gregsowell.com/?p=957
Intro to networking -> http://gregsowell.com/?p=954
Mikrotik Security(available 12/7/09)-> http://gregsowell.com/?p=1076

This is the class index page. As new classes are completed, they will be added here -> http://gregsowell.com/?page_id=951

Here's a list of my Mikrotik short video tutorials - > http://gregsowell.com/?page_id=304

Greg

This is great Greg! way clearer than the wiki

gregsowell · Thu Dec 03, 2009 6:23 pm

Sam,

Great, I'm glad I could help =)

Greg

Zapnologica · Wed Jan 13, 2010 4:42 pm

The modem you have in front of your RB750 should be set up in a bridge configuration, so you don't have a router-on-router situation.

Ok i have still not come right after all the help you guys have given me?

My modem is jsut a modem? it has antenna and a ether port and a usb port, no router.
What could i be doing wrong????

Could my modem just not work with mikrotik????

Zapnologica · Wed Jan 13, 2010 6:08 pm

Well i have been messing around and i think i have got the modem side to work???

but the internet on the local side still dont work???

When i plug in the pc it has the yellow ! over the network picture and says no internet access.

Setup.jpg

is this correct???

im not sure if i blanked out the right ip? but oh well.

Oh great i see i cut it off???

fewi · Wed Jan 13, 2010 6:10 pm

Have you set up a DHCP server for the LAN machine to use, or assigned a static IP to it?

Zapnologica · Thu Jan 14, 2010 7:15 am

DHCP server works well.

On the pc it says default gateway 192.168.88.1

and every thing is correct.

Like i said, it just does not work. It's very weird.

Zapnologica · Sun Jan 17, 2010 10:05 pm

gimmepatiencequickly · Sun Jan 24, 2010 9:45 pm

Hey ZAP,

I noticed your username may be incorrect. @iburst.co.za --- not @iburst.co.zaa

Remove one a
I am no iburst user myself, but I am zure that there is no double A in the username

Zapnologica · Mon Jan 25, 2010 7:09 am

oh.

yea its meant to be .co.za not co.zaa

will try change that.

Zapnologica · Fri Mar 05, 2010 6:38 am

Changed that and its still not workiing??

Zapnologica · Fri Mar 05, 2010 6:42 am

My problem is not with connectiong to the WAN side, it says connected.

The problem is the computers cant connect to the WAN side??

butche · Fri Mar 05, 2010 7:29 am

Zap,
You are making this WAY too hard. First, log in by winbox, then click on the "New Terminal" and type the following commands:

/ip route print
/ip address print
/ip firewall nat print
/ip dhcp-server print
/ip dhcp-server network print
/ip dhcp-server lease print

After each command, highlight the command AND output, right-click the window and select "copy". Paste that text into a message here on the forum. Do NOT take a screenshot of winbox. Just follow the instructions given and someone should be able to see what you have wrong. Oh, don't try to mask IP addresses. In your screenshot above, you masked a PRIVATE IP anyway, which is even more useless than masking the public IP (which you did not do).

Zapnologica · Fri Mar 05, 2010 3:51 pm

You are making this WAY too hard.

I know, i really just wish it would work.

Oh, don't try to mask IP addresses. In your screenshot above, you masked a PRIVATE IP anyway, which is even more useless than masking the public IP (which you did not do).

I dont even know what that is? so im not sure if i maybe did it by mistake or not?

/ip route print:

/ip address print
/ip firewall nat print
/ip dhcp-server print
/ip dhcp-server network print
/ip dhcp-server lease print

Zapnologica · Fri Mar 05, 2010 4:49 pm

You are making this WAY too hard.

I know, i really just wish it would work.

Oh, don't try to mask IP addresses. In your screenshot above, you masked a PRIVATE IP anyway, which is even more useless than masking the public IP (which you did not do).

I dont even know what that is? so im not sure if i maybe did it by mistake or not?

You are making this WAY too hard.

I know, i really just wish it would work.

Oh, don't try to mask IP addresses. In your screenshot above, you masked a PRIVATE IP anyway, which is even more useless than masking the public IP (which you did not do).

I dont even know what that is? so im not sure if i maybe did it by mistake or not?

/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE              
 0   192.168.88.1/32    192.168.88.1    192.168.88.1    ether2 
                
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade out-interface=WAN 

[admin@MikroTik] > /ip dhcp-server print
Flags: X - disabled, I - invalid 
 #   NAME     INTERFACE     RELAY           ADDRESS-POOL     LEASE-TIME ADD-ARP
 0   DHCPs... ether2                        pool1            3d        

[admin@MikroTik] > /ip dhcp-server network print
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN   

[admin@MikroTik] > /ip dhcp-server lease print
Flags: X - disabled, R - radius, D - dynamic, B - blocked 
 #   ADDRESS                  MAC-ADDRESS       HOS... SERVER    RAT... STATUS 
 0 D 192.168.88.50            40:61:86:14:9B:6F DYL... DHCPse...        bound

edmidor · Sun Mar 07, 2010 4:04 am

I know this is a shameless self plug, but I've been doing some mikrotik classes with slides and all for FREE. All I'm hoping for is feedback.

Mikrotik Basics -> http://gregsowell.com/?p=957
Intro to networking -> http://gregsowell.com/?p=954
Mikrotik Security(available 12/7/09)-> http://gregsowell.com/?p=1076

This is the class index page. As new classes are completed, they will be added here -> http://gregsowell.com/?page_id=951

Here's a list of my Mikrotik short video tutorials - > http://gregsowell.com/?page_id=304

Greg

Great videos - but, is there any way to watch them in some way other then via embedded player? I had to stop in the middle, and when I opened it again I had to wait while it slowly goes to the point where I stopped - there's no way to scroll and skip

Mon Mar 08, 2010 9:53 am

"slowly" goes to the part? you need a MikroTik router so your internet connection is faster

Zapnologica · Mon Mar 08, 2010 11:11 am

So what is wrong with my settings?

thanks edmidor but i have set it up allready and i have completed many tutorials and the dam thing still does not work.

butche · Mon Mar 08, 2010 5:46 pm

So what is wrong with my settings?

I see several problems. How do you obtain a public IP? Do you use PPPoE? Do you use DHCP-Client? You did not supply all of the information I requested, so it is hard to tell. If you can just answer the question about how you get your public, I can provide you with a fix.

Zapnologica · Mon Mar 08, 2010 6:39 pm

the ISP uses a PPPoE account.

So when it conencts it just gets the public IP from the ISP,

I think thats the setting where you click "use peer dns" when create the PPPOE client.

If you can i will be more than gratefull. I am desperate.

butche · Mon Mar 08, 2010 7:27 pm

Select this text, copy to clipboard, paste into a notepad. Edit the pppoe username and password. Copy and paste into a new terminal window in winbox:

# Remove the portions of the config that may be a problem
/interface bridge port remove [find]
/interface bridge remove [find]
/ip route remove [find]
/interface pppoe-client remove [find]
/ip dhcp-server remove [find]
/ip dhcp-server network remove [find]

# Ether1 is the WAN.  Set this up for pppoe-client
# Fix the profile
/ppp profile
set default change-tcp-mss=yes use-compression=yes \
     use-encryption=yes use-vj-compression=no

# Create the pppoe client interface now
# YOU MUST CHANGE THE USERNAME AND PASSWORD
/interface pppoe-client
add name=Internet user=CHANGEUSERNAME password=CHANGEPASSWORD \
      interface=ether1 add-default-route=yes use-peer-dns=yes profile=default \
      disabled=no

# Bridge the inside ethernet interfaces
/interface bridge add name=LANBridge
/interface bridge port 
add bridge=LANBridge interface=ether2
add bridge=LANBridge interface=ether3
add bridge=LANBridge interface=ether4
add bridge=LANBridge interface=ether5

/ip address
set [find address=192.168.88.1/24] interface=LANBridge

# Configuration for the DHCP server for the LAN
/ ip pool
add name="dhcp_pool1" ranges=192.168.88.100-192.168.88.200
/ ip dhcp-server
add name="dhcp1" interface=LANBridge lease-time=1d address-pool=dhcp_pool1 \
bootp-support=static authoritative=yes disabled=no
/ ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 

# You can change the DNS to be what you want
/ ip dns
set allow-remote-requests=yes 

/ ip firewall nat
add chain=srcnat out-interface=Interface src-address=192.168.88.0/24 \
action=masquerade disabled=no

If this doesn't fix the problem, then there is something that you have not provided here that I need to see. The ether1 interface is your WAN port and all other ports are the LAN. I have not tested this script beyond proofreading.

Zapnologica · Mon Mar 08, 2010 7:43 pm

Ok, I dont know what is wrong with my Terminal>

if i copy "/interface bridge add name=LANBridge" and ricgh click past into terminal it adds all this other stuff to it and then it gives an error.

Gosh the thing is irrating me and now i cant access it via winbox it just keeps saying. "could not connect (to MAC address) (port:20561) - timed out

Zapnologica · Mon Mar 08, 2010 8:42 pm

Ok i have evently sorted it out with loads of fustration.

Dont i need to add ip addresses to eth 2,3,4,5

cause my dhcp server is all in red?

butche · Mon Mar 08, 2010 9:02 pm

Post the information that I requested above (Posted: Fri Mar 05, 2010 7:51 am) and I can try to help.

Zapnologica · Mon Mar 08, 2010 9:08 pm

K well i have soem inprove ment
i have the computers pickin up the router and they getting the correct dhcp.

it says there is internet conenctivity.

It just does not work.

[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        G GATEWAY              DISTANCE IN..
 0 ADS  0.0.0.0/0                          r 41.213.8.1           1        In..
 1 ADC  41.213.8.1/32      41.213.90.142                          0        In..
 2 ADC  192.168.1.1/32     192.168.1.1                            0        et..
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE              
 0 D 41.213.90.142/32   41.213.8.1      0.0.0.0         Internet               
 1   192.168.1.1/32     192.168.1.1     192.168.1.1     ether3                 
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade src-address=192.168.88.0/24 
     out-interface=ether1 
[admin@MikroTik] > /ip dhcp-server print
Flags: X - disabled, I - invalid 
 #   NAME     INTERFACE     RELAY           ADDRESS-POOL     LEASE-TIME ADD-ARP
 0   server1  ether3                        dhcp_pool1       3d        
[admin@MikroTik] > /ip dhcp-server network print
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN   
 0 192.168.1.0/24     192.168.1.1    
[admin@MikroTik] > /ip dhcp-server lease print
Flags: X - disabled, R - radius, D - dynamic, B - blocked 
 #   ADDRESS                                MAC-ADDRESS       HOST-NAME                        SERVER                        RATE-LIMIT                        STATUS 
 0 D 192.168.88.254                         40:61:86:14:9B:6F DYLAN_LAPTOP                     server1                                                         bound  
 1 D 192.168.1.200                          00:19:DB:B7:00:BC Dylan-PC                         server1                                                         bound  
 2 D 192.168.1.199                          00:24:21:CD:B5:54 DYLAN_LAPTOP                     server1                                                         bound  
[admin@MikroTik] >

Zapnologica · Mon Mar 08, 2010 9:10 pm

I took the bridge out to simplfy things.

I am just using ether3 at the moment, so i make the dhcp on that and gave it an ip of 192.168.1.1
Once that it working i will worry about the other ports.
Thanks for all your help, i really appereciate it.

butche · Mon Mar 08, 2010 9:33 pm

Set the out interface on the nat rule to "Internet"

Zapnologica · Mon Mar 08, 2010 9:38 pm

Ok cool. And the source ip range must be, ? 192.168.1.0 right?

Still Not working:

Latest code

[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        G GATEWAY              DISTANCE IN..
 0 ADS  0.0.0.0/0                          r 196.2.112.1          1        In..
 1 ADC  192.168.1.1/24     192.168.1.1                            0        et..
 2 ADC  196.2.112.1/32     196.2.108.185                          0        In..
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE              
 0   192.168.1.1/24     192.168.1.1     192.168.1.1     ether3                 
 1 D 196.2.108.185/32   196.2.112.1     0.0.0.0         Internet               
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade src-address=192.168.1.0/24 
     out-interface=Internet 
[admin@MikroTik] > /ip dhcp-server print
Flags: X - disabled, I - invalid 
 #   NAME     INTERFACE     RELAY           ADDRESS-POOL     LEASE-TIME ADD-ARP
 0   server1  ether3                        dhcp_pool1       3d        
[admin@MikroTik] > /ip dhcp-server network print
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN   
 0 192.168.1.0/24     192.168.1.1    
[admin@MikroTik] > /ip dhcp-server lease print
Flags: X - disabled, R - radius, D - dynamic, B - blocked 
 #   ADDRESS                  MAC-ADDRESS       HOS... SERVER    RAT... STATUS 
 0 D 192.168.88.254           40:61:86:14:9B:6F DYL... server1          bound  
 1 D 192.168.1.200            00:19:DB:B7:00:BC Dyl... server1          bound  
 2 D 192.168.1.199            00:24:21:CD:B5:54 DYL... server1          bound  
[admin@MikroTik] >

Ok now it is half working, Skype is working but i cant browse in internet explorer?
In the bottom left it says Site found , Waiting for reply and then it jsut stay on that for like 5 min then it gives the errror.
I can also download emails.

So thats quite odd?

butche · Mon Mar 08, 2010 10:52 pm

Sounds like an IE problem to me. Did you try another browser? If you can get out with other programs, but not IE, then it is not a MT config issue. Try going to other web pages (http://www.google.com for example)

Zapnologica · Tue Mar 09, 2010 6:05 am

Nope,

I have tried several pcs with firefox and IE. it dont work.

I for some reason think it is a dns problem. Cause i rember once in windows ip addresses i didnt fill in the dns server ip and it did this eact same thing, only skype worked.

Zapnologica · Tue Mar 09, 2010 6:09 pm

Yea, its deff not working. I have no idea why though??

Very odd

butche · Tue Mar 09, 2010 6:36 pm

Try manually setting the DNS entry on the PC and see if it works then. That will tell you if the problem is DNS related.

Zapnologica · Tue Mar 09, 2010 7:22 pm

So must the computer settings be>

IP: 192.168.1.200
Subnet: 255.255.255.0
Gateway:192.168.1.1

DNS: 192.168.1.1

fewi · Tue Mar 09, 2010 7:27 pm

Depends. Do you have the DNS server on the RouterOS device set to accept remote requests, and populated with DNS servers it can forward to?

Zapnologica · Tue Mar 09, 2010 7:56 pm

Depends. Do you have the DNS server on the RouterOS device set to accept remote requests, and populated with DNS servers it can forward to?

yes i do

Zapnologica · Tue Mar 09, 2010 9:27 pm

static ip and dns dont work either.

xploit · Wed Mar 10, 2010 12:59 pm

My MikroTik router has two (2) LAN Cards support two seperate Netoworks. I want to be able to access computers on LAN2 network from LAN1 network. How can go about achieving this. Thank you.

Zapnologica · Wed Mar 10, 2010 1:04 pm

My MikroTik router has two (2) LAN Cards support two seperate Netoworks. I want to be able to access computers on LAN2 network from LAN1 network. How can go about achieving this. Thank you.

Pls start new post for this issue.

SurferTim · Wed Mar 10, 2010 1:13 pm

@xploit: you already have another thread going. Users are actually answering your question there!
http://forum.mikrotik.com/viewtopic.php?f=2&t=39892

@Zapnologica: How does your setup do if you use just ips rather than domain names in the browsers? I use the dns ips issued by my provider in the dhcp-server setup and static ip assignments, not the hotspot gateway ip.

Zapnologica · Wed Mar 10, 2010 6:48 pm

So you mean instead of typing www.google.co.za i must type http://209.85.227.106/

and for the dns, my isp is dynamic and its allways changing. but i tried last night putting the isp dns in the computers dns.

Zapnologica · Wed Mar 10, 2010 6:55 pm

Still dont help.

Its doing the same thing.

just says website found, waiting for reply

SurferTim · Wed Mar 10, 2010 7:08 pm

[admin@MikroTik] > /ip dhcp-server network print
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 192.168.1.0/24 192.168.1.1

Is this correct? I see no dns servers mentioned. Might want to set that, then renew your ip address and see if that helps. See if you have "use-peer-dns=yes" in the dhcp client settings on your wan interface.

Zapnologica · Wed Mar 10, 2010 8:12 pm

i changed it since then. and i have tried auto and static ip.

and i am very sure that use peer dns is clicked.

SurferTim · Wed Mar 10, 2010 8:14 pm

Just wanted to insure that when you do "/ip dhcp-server network print", there are valid dns server ips there, correct?

Zapnologica · Wed Mar 10, 2010 8:32 pm

[admin@MikroTik] > /ip dhcp-server network print
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN   
 0 192.168.1.0/24     192.168.1.1     192.168.1.1

there you go.

Mikrpotik.jpg

SurferTim · Wed Mar 10, 2010 8:36 pm

I don't use the localnet gateway ip as a dns server. I use the ips my ISP issues. Replace that gateway ip with the current dns ips you are getting from your ISP. I am not saying that is the final answer, just as a test.

Zapnologica · Wed Mar 10, 2010 8:52 pm

oh ok,
So i must jsut look in /ip addresses for the dns that the isp has given?

SurferTim · Wed Mar 10, 2010 9:06 pm

There is nothing in "/ip dns"? No ips from your ISP?

Zapnologica · Wed Mar 10, 2010 9:19 pm

Check below

Zapnologica · Thu Mar 11, 2010 5:32 pm

Is there meant to be some thing under the dns tab?

There is only if i click on the "settngs" button under /ip dns

SurferTim · Thu Mar 11, 2010 5:38 pm

If those dns ips in the "dns settings" are valid, I would set them as static dns ips, just as a test. I am not saying this is the best way to do this, but sometimes a "hack" is the best way to determine the challenge.

Zapnologica · Thu Mar 11, 2010 6:38 pm

Done that.

But it still dont work.

what could it be. This is really fustrating, and i need to get this router working,

It still just says website found, waiting for reply

its really odd,

Skype, Steam. COD AWF2 works online

But not internet browser

Zapnologica · Thu Mar 11, 2010 7:27 pm

Omw,

you are not going to belive what it was.

it was the MRU.

i changed it to 1392 and it now works.

Zapnologica · Thu Mar 11, 2010 10:37 pm

Ok now that it works, Is there any way to like back up the settings so that when i play with the settings in the future and stuff it up can just uplaod the old config?

fewi · Thu Mar 11, 2010 10:39 pm

http://wiki.mikrotik.com/wiki/Configuration_Management

hanafibj · Fri Mar 12, 2010 1:51 am

i'm a newbie, may i ask for Winbox tutorial. thanks a lot.

Zapnologica · Fri Mar 12, 2010 6:16 am

thanks

Zapnologica · Fri Mar 12, 2010 4:27 pm

is there a way to make a DHCP server more dominant over annother one?

cause my network at home is linked to 3 of my friends houses, and generaly the computers connect to the closest one, but on the odd occasion my pc connects to some one elses, is there like a priority setting in winbox i could change?

fewi · Fri Mar 12, 2010 6:50 pm

Set the 'authoritative' option to 'yes' instead of the 'after x seconds' options.

But that's a band aid. Fix your networks so that you're not all on the same broadcast domains and get DHCP from one another.

Zapnologica · Fri Mar 12, 2010 10:37 pm

well thing is, its for gaming and copying files, so we alll have to see each other but we also all use out own internet.

And i was told you cant have both, you have to physicaly change your ip settings every time you want internet or if you wana LAN, cause games require you to all have the same gateway.

thewireguys · Sat Mar 13, 2010 7:57 am

Great info!! thank you

Plurnay · Wed May 19, 2010 2:58 pm

hi there Zapnologica
you think you can post your setting or pm me...

I have iburst to up in canada and i am having problem getting the modem to get a connection
i need some help

Zapnologica · Wed May 19, 2010 8:56 pm

Yea,
well the problem i had was with the MTU.

i changed that and it worked.

mersudin · Sun Jun 06, 2010 11:12 pm

it's easier to find another girlfriend

Zapnologica · Sun Jun 06, 2010 11:17 pm

haha.

aungthurahtet · Wed Dec 28, 2016 9:03 am

I know this is a shameless self plug, but I've been doing some mikrotik classes with slides and all for FREE. All I'm hoping for is feedback.

Mikrotik Basics -> http://gregsowell.com/?p=957
Intro to networking -> http://gregsowell.com/?p=954
Mikrotik Security(available 12/7/09)-> http://gregsowell.com/?p=1076

This is the class index page. As new classes are completed, they will be added here -> http://gregsowell.com/?page_id=951

Here's a list of my Mikrotik short video tutorials - > http://gregsowell.com/?page_id=304

Greg

this post is awesome , i learnt a lot from u .. thank you brother