Community discussions

MikroTik App
 
abuali2011
just joined
Topic Author
Posts: 9
Joined: Mon Dec 26, 2011 5:59 pm

problem with routerboard 750g .. anybody help ?

Mon Dec 26, 2011 6:10 pm

I have mikrotik routerboard 750gl software version 5.2 , 5 ethernet ports . i user 4 ports for wan contections and one port for lan conections .
i cant access http interface for these 4 wan interface ... i mean that i cant access the web interface for every adsl modem for these 4 wan intefaces. but internet connections run very well ..



here is all rules :
-------------------------------
/ip address
add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=in1 network=192.168.1.0
add address=192.168.16.2/24 broadcast=192.168.16.255 comment="" disabled=no \
interface=in2 network=192.168.16.0
add address=10.0.0.139/24 broadcast=10.0.0.255 comment="" disabled=no \
interface=in3 network=10.0.0.0
add address=192.168.10.2/32 broadcast=192.168.10.2 comment="" disabled=no \
interface=in4 network=192.168.10.2
add address=192.168.20.1/32 broadcast=192.168.20.1 comment="" disabled=no \
interface=out network=192.168.20.1

-----------------------


/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:8D \
master-port=none mtu=1500 name=in1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:8E \
master-port=none mtu=1500 name=in2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:8F \
master-port=none mtu=1500 name=out speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:90 \
master-port=none mtu=1500 name=in3 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:91 \
master-port=none mtu=1500 name=in4 speed=100Mbps



------------------------


/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 routing-mark=in1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.16.1 routing-mark=in2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
10.0.0.138 routing-mark=in3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.10.1 routing-mark=in4 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
192.168.16.1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=3 dst-address=\
0.0.0.0/0 gateway=10.0.0.138 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=4 dst-address=\
0.0.0.0/0 gateway=192.168.10.1 scope=30 target-scope=10



---------------------------
/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=\
in1 new-connection-mark=in1_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
in2 new-connection-mark=in2_conn passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=in1_conn \
disabled=no new-routing-mark=in1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=in2_conn \
disabled=no new-routing-mark=in2 passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
in3 new-connection-mark=in3_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
in4 new-connection-mark=in4_conn passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=in3_conn \
disabled=no new-routing-mark=in3 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=in4_conn \
disabled=no new-routing-mark=in4 passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local in-interface=out new-connection-mark=in1_conn \
passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local in-interface=out new-connection-mark=in2_conn \
passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local in-interface=out new-connection-mark=in3_conn \
passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local in-interface=out new-connection-mark=in4_conn \
passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3
add action=mark-routing chain=prerouting comment="" connection-mark=in1_conn \
disabled=no in-interface=out new-routing-mark=in1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=in4_conn \
disabled=no in-interface=out new-routing-mark=in4 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=in3_conn \
disabled=no in-interface=out new-routing-mark=in3 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=in2_conn \
disabled=no in-interface=out new-routing-mark=in2 passthrough=yes

-----------------------------


/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=in1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=in2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=in3
add action=masquerade chain=srcnat comment="" disabled=no out-interface=in4

************************
i mean that I cant access for example web interface for 192.168.1.1 , 192.168.16.1 , 10.0.0.138 or 192.168.10.1
sorry for my english

thanks for help
Last edited by abuali2011 on Mon Dec 26, 2011 10:24 pm, edited 1 time in total.
 
abuali2011
just joined
Topic Author
Posts: 9
Joined: Mon Dec 26, 2011 5:59 pm

Re: problem with routerboard 750g .. anybody help ?

Mon Dec 26, 2011 6:42 pm

why nobody answer ???
 
User avatar
THG
Member
Member
Posts: 472
Joined: Thu Oct 15, 2009 1:05 am

Re: problem with routerboard 750g .. anybody help ?

Mon Dec 26, 2011 7:19 pm

why nobody answer ???
Because you didn't pay attention to this thread. Please read it and restate your question to keep us from the 20 questions game that no one likes to play. Nobody can or will help you without detailed information about your physical and logical network setup.

http://forum.mikrotik.com/viewtopic.php?f=2&t=45259
 
abuali2011
just joined
Topic Author
Posts: 9
Joined: Mon Dec 26, 2011 5:59 pm

Re: problem with routerboard 750g .. anybody help ?

Mon Dec 26, 2011 10:25 pm

why nobody answer ???
Because you didn't pay attention to this thread. Please read it and restate your question to keep us from the 20 questions game that no one likes to play. Nobody can or will help you without detailed information about your physical and logical network setup.

http://forum.mikrotik.com/viewtopic.php?f=2&t=45259


so what is about my game ?
 
User avatar
THG
Member
Member
Posts: 472
Joined: Thu Oct 15, 2009 1:05 am

Re: problem with routerboard 750g .. anybody help ?

Tue Dec 27, 2011 2:35 pm

i cant access http interface for these 4 wan interface ... i mean that i cant access the web interface for every adsl modem for these 4 wan intefaces. but internet connections run very well ..
You cannot access your routers web interface from the Internet, or directly connected to any of your routers ethernet ports?

According to your setup, it looks like your DSL modems act like a NAT router.

Is this similar to your network configuration?

Internet----[DSL Modem]-----[RB750GL]
 
abuali2011
just joined
Topic Author
Posts: 9
Joined: Mon Dec 26, 2011 5:59 pm

Re: problem with routerboard 750g .. anybody help ?

Tue Dec 27, 2011 7:27 pm

i cant access http interface for these 4 wan interface ... i mean that i cant access the web interface for every adsl modem for these 4 wan intefaces. but internet connections run very well ..
You cannot access your routers web interface from the Internet, or directly connected to any of your routers ethernet ports?

According to your setup, it looks like your DSL modems act like a NAT router.

Is this similar to your network configuration?

Internet----[DSL Modem]-----[RB750GL]

I dont want to access routers web interface from internet ...
i cant through Lan ( routerboard 750g >>> mikrotik x86 hotspot server >> lan cleints )
so i cant access from lan cleints ...
thanks
 
User avatar
THG
Member
Member
Posts: 472
Joined: Thu Oct 15, 2009 1:05 am

Re: problem with routerboard 750g .. anybody help ?

Tue Dec 27, 2011 11:14 pm


I dont want to access routers web interface from internet ...
i cant through Lan ( routerboard 750g >>> mikrotik x86 hotspot server >> lan cleints )
so i cant access from lan cleints ...
thanks
Okey. wasn't sure about that. If you ping your router, what are the results? And also try telnet/ssh.
 
abuali2011
just joined
Topic Author
Posts: 9
Joined: Mon Dec 26, 2011 5:59 pm

Re: problem with routerboard 750g .. anybody help ?

Wed Dec 28, 2011 5:02 pm


I dont want to access routers web interface from internet ...
i cant through Lan ( routerboard 750g >>> mikrotik x86 hotspot server >> lan cleints )
so i cant access from lan cleints ...
thanks
Okey. wasn't sure about that. If you ping your router, what are the results? And also try telnet/ssh.

when I do ping, ssh or telnet adsl router ip sometimes reply sometimes not ... depend on which internet ip from which router i used now to internet
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: problem with routerboard 750g .. anybody help ?

Thu Dec 29, 2011 2:40 am


I dont want to access routers web interface from internet ...
i cant through Lan ( routerboard 750g >>> mikrotik x86 hotspot server >> lan cleints )
so i cant access from lan cleints ...
thanks
Okey. wasn't sure about that. If you ping your router, what are the results? And also try telnet/ssh.

when I do ping, ssh or telnet adsl router ip sometimes reply sometimes not ... depend on which internet ip from which router i used now to internet
So, you are not able to access your ISP modems... and sometimes they return ping, sometimes not. Correct?
This sounds like an issue with your ISP modems. If you plug your computer directly into each ISP modem, then are you able to access them web admin on them?
 
abuali2011
just joined
Topic Author
Posts: 9
Joined: Mon Dec 26, 2011 5:59 pm

Re: problem with routerboard 750g .. anybody help ?

Thu Dec 29, 2011 4:04 am

internet connection work good , i show allways trafic for each interface in MT
yes if I plug computer directly into each ISP modem, I can able to access them webadmin ...
 
tjc
Member Candidate
Member Candidate
Posts: 276
Joined: Sun Jul 10, 2011 3:08 am

Re: problem with routerboard 750g .. anybody help ?

Sat Dec 31, 2011 2:07 am

See my response to your duplicate post here: http://forum.mikrotik.com/viewtopic.php?f=14&t=57889
 
abuali2011
just joined
Topic Author
Posts: 9
Joined: Mon Dec 26, 2011 5:59 pm

Re: problem with routerboard 750g .. anybody help ?

Sun Jan 01, 2012 8:34 pm

See my response to your duplicate post here: http://forum.mikrotik.com/viewtopic.php?f=14&t=57889
this rules worked good

chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=ye>
src-address=0.0.0.0/0 dst-address=50.50.50.0/24

chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=ye>
src-address=0.0.0.0/0 dst-address=70.70.70.0/24

chain=prerouting action=mark-routing new-routing-mark=wan3 passthrough=ye>
src-address=0.0.0.0/0 dst-address=30.30.30.0/24

chain=prerouting action=mark-routing new-routing-mark=wan4 passthrough=ye>
src-address=0.0.0.0/0 dst-address=60.60.60.0/24


so i can access all webinterfaces for adsl modems
 
tjc
Member Candidate
Member Candidate
Posts: 276
Joined: Sun Jul 10, 2011 3:08 am

Re: problem with routerboard 750g .. anybody help ?

Sun Jan 01, 2012 10:24 pm

I would recommend mapping them to private LAN addresses so you're not blocking some real site or network. So rather than; 30.30.30.0/24, 50.50.50.0/24, 60.60.60.0/24, 70.70.70.0/24, you should probably use something like; 10.10.0.10, 10.10.0.20, 10.10.0.30, 10.10.0.40, ...(*) Also you may want to make the source address specific and the masks tighter, since you really only want to map the ADSL modem to an internal address.

(*) Even better would be to make a network plan with specific address ranges dedicated to administrative and infrastructure machines. So for example if you're using the 192.168.0.0/16 range for your internal LAN addresses, dedicate some block like 192.168.1.0/24 or 192.168.254.0/24 to your servers, routers and administrative work stations. Then map the modems into that range.