Please help newbie to config Mikrotik in RB750 with ROS 5.7
I have IP Public in ether1-Astinet. and IP Local in ether5-lan
Ok ... let's the Print Detail mikrotik says 1st
Code: Select all
/ip fire nat pr detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; DNS
chain=dstnat action=redirect to-ports=53 protocol=tcp src-address-type=!local in-interface=ether5-LAN dst-port=53
1 chain=dstnat action=redirect to-ports=53 protocol=udp src-address-type=!local in-interface=ether5-LAN dst-port=53
2 ;;; NAT to Astinet
chain=srcnat action=src-nat to-addresses=118.x.x.195 routing-mark=astinet out-interface=ether1-Astinet
3 ;;; Default via Astinet
chain=srcnat action=masquerade out-interface=ether1-Astinet
/ip route pr detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=118.x.x.193 gateway-status=118.x.x.193 reachable ether1-Astinet distance=1 scope=30 target-scope=10
routing-mark=astinet
1 A S dst-address=0.0.0.0/0 gateway=118.x.x.193 gateway-status=118.x.x.193 reachable ether1-Astinet distance=1 scope=30 target-scope=10
2 ADC dst-address=118.x.x.192/29 pref-src=118.x.x.195 gateway=ether1-Astinet gateway-status=ether1-Astinet reachable distance=0 scope=10
3 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.254 gateway=ether5-LAN gateway-status=ether5-LAN reachable distance=0 scope=10
Code: Select all
/ip fire fil pr detail
Flags: X - disabled, I - invalid, D - dynamic
0 chain=chk-conn action=accept src-address-type=local
1 chain=chk-conn action=drop connection-state=invalid
2 chain=chk-conn action=drop src-address-type=broadcast,multicast
3 chain=chk-conn action=drop dst-address-type=broadcast,multicast
4 chain=chk-conn action=jump jump-target=virus
5 chain=virus action=drop protocol=tcp dst-port=445
6 chain=virus action=drop protocol=tcp dst-port=135-139
7 chain=virus action=drop protocol=udp dst-port=135-139
8 chain=virus action=drop protocol=tcp src-port=445
9 chain=virus action=drop protocol=tcp src-port=135-139
10 chain=virus action=drop protocol=udp src-port=135-139
11 ;;; Check Conn
chain=input action=jump jump-target=chk-conn
12 ;;; Accept WinBox
chain=input action=accept protocol=tcp dst-port=8291,8866
13 ;;; Accept icmp
chain=input action=accept protocol=icmp
14 ;;; Accept client
chain=input action=accept src-address=192.168.88.0/24 src-address-list=client in-interface=ether5-LAN
15 ;;; Accept est rel Speedy
chain=input action=accept connection-state=established in-interface=ether1-Astinet
16 chain=input action=accept connection-state=related in-interface=ether1-Astinet
17 ;;; Accept Local Conns
chain=input action=accept dst-address-type=local in-interface=ether1-Astinet
18 ;;; Default Drop
chain=input action=log src-address-list=localhost log-prefix="[--IN--]"
19 chain=input action=drop
20 ;;; Check Conn
chain=forward action=jump jump-target=chk-conn
21 ;;; Drop p2p
chain=forward action=drop p2p=all-p2p
22 ;;; Forward client
chain=forward action=accept src-address=192.168.88.0/24 src-address-list=client in-interface=ether5-LAN
23 ;;; Forward est rel Speedy
chain=forward action=accept connection-state=established in-interface=ether1-Astinet
24 chain=forward action=accept connection-state=related in-interface=ether1-Astinet
25 ;;; Default Drop
chain=forward action=log protocol=tcp log-prefix="[--FW--]"
26 chain=forward action=drop
Code: Select all
/ip fire mang pr detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; DNS
chain=output action=mark-routing new-routing-mark=astinet passthrough=yes protocol=udp dst-port=53
1 ;;; DNS
chain=prerouting action=mark-packet new-packet-mark=dns-ul passthrough=no protocol=udp dst-port=53
2 chain=postrouting action=mark-packet new-packet-mark=dns-dl passthrough=no protocol=udp src-port=53
3 ;;; Winbox
chain=prerouting action=mark-packet new-packet-mark=winbox-ul passthrough=no protocol=tcp dst-port=8291,8866
4 chain=postrouting action=mark-packet new-packet-mark=winbox-dl passthrough=no protocol=tcp src-port=8291,8866
5 ;;; Poker, Farmville
chain=forward action=mark-packet new-packet-mark=poker-ul passthrough=no protocol=tcp dst-port=843,8890,9339,5678
6 chain=forward action=mark-packet new-packet-mark=poker-dl passthrough=no protocol=tcp src-port=843,8890,9339,5678
7 ;;; PointBlank
chain=forward action=mark-packet new-packet-mark=pb-ul passthrough=no protocol=tcp dst-address=203.89.146.0/24 dst-port=39190,49100
8 chain=forward action=mark-packet new-packet-mark=pb-ul passthrough=no protocol=udp dst-address=203.89.146.0/24 dst-port=40000-40009
9 chain=forward action=mark-packet new-packet-mark=pb-dl passthrough=no protocol=tcp src-address=203.89.146.0/24 src-port=39190,49100
10 chain=forward action=mark-packet new-packet-mark=pb-dl passthrough=no protocol=udp src-address=203.89.146.0/24 src-port=40000-40009
11 chain=forward action=mark-packet new-packet-mark=pb-ul passthrough=no protocol=tcp dst-address=203.89.147.0/24 dst-port=39190,49100
12 chain=forward action=mark-packet new-packet-mark=pb-ul passthrough=no protocol=udp dst-address=203.89.147.0/24 dst-port=40000-40009
13 chain=forward action=mark-packet new-packet-mark=pb-dl passthrough=no protocol=tcp src-address=203.89.147.0/24 src-port=39190,49100
14 chain=forward action=mark-packet new-packet-mark=pb-dl passthrough=no protocol=udp src-address=203.89.147.0/24 src-port=40000-40009
15 ;;; ELSE
chain=forward action=mark-packet new-packet-mark=client-dl passthrough=no dst-address=192.168.88.0/24
16 chain=forward action=mark-packet new-packet-mark=client-ul passthrough=no src-address=192.168.88.0/24
from ether5-LAN output to HotSpot AccessPoint.
let says i'm using HotSpot Station (Client) and my IP is 192.168.88.1
from 192.168.88.1 connect to Mikrotik DOM SATA 1GB ROS 4.17 >>>> output to Local LAN is 192.168.0.0/24
i can easy ping or access to mikrotik (192.168.88.254) using Winbox.
But, my problem is, i can't Ping to 118.x.x.195 IP Public
is it something wrong ???
If from LAN (192.168.0.0/24) i can ping to IP Public >>> maybe from HotSpot Station, i can use another Public 118.x.x.196 for private using
