hello all
i have been trying to set up NAT as in http://wiki.mikrotik.com/wiki/NAT_Tutorial. internet connection on wlan1 IP 172.26.0.200 coming from 192.26.0.199. IP of router box (RB433 v3.17) 10.0.1.6 (bridge1) i can ping to 192.26.0.199 from bridge1 but not from eth1,2 or 3. there does not seem to be any routing going on.

newbee still learning mikrotik can anyone help

richard

Show Your MT:
/ip fire ex
/ip ad ex

hi arE
is this what you want?

/ip firewall filter
add action=add-dst-to-address-list address-list=1 address-list-timeout=0s chain=forward \
comment="" disabled=yes dst-address=172.26.0.0/24 out-interface=wlan1 routing-mark=main \
src-address=10.0.1.0/24

[admin@LOS_CRIS_2] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 172.26.0.200/24 172.26.0.0 172.26.0.255 wlan1
1 10.0.1.6/24 10.0.1.0 10.0.1.255 bridge1
2 10.0.1.7/24 10.0.1.0 10.0.1.255 ether1
3 10.0.1.8/24 10.0.1.0 10.0.1.255 ether2
4 10.0.1.9/24 10.0.1.0 10.0.1.255 ether3
5 10.0.1.10/24 10.0.1.0 10.0.1.255 wlan2

richard

Hi richard_s,
What is the goal of the three ethernet ports? Do you want them to be like one local net router on a switch? Or do you want a separate local nets on any of them?

for now i am only going to use 1 for local PC. internet will be coming in from wlan1 wlan2 will be used for local AP on 10.0.1.xxx network.

richard

OK, I think I have it. First, unless you have a reason I don't see, remove the bridge.
Remove all ip assignments on ether2 and ether3
Assign ether1 ip/mask 10.0.0.1/24
Assign wlan2 ip/mask 10.0.1.1/24

Then you will need to masquerade all internal IPs as wlan1, so
/ip firewall nat
add chain=srcnat action=masquerade out-interface=wlan1

Then you will need a route to the internet
/ip route add gateway=172.26.0.1

This should be the gateway from your ISP. If not change it to the correct gateway.

Set up /ip dns, then /ip dhcp-server on wlan2, and you should be good to go.

If you want to make the ports like a switch,
/interface ethernet
set ether2 master-port=ether1
set ether3 master-port=ether1

thanks surfertim
i will try that tomorrow

thanks

richard

Just to make certain you know how this works now...
You must assign the ip range 10.0.0.2-10.0.0.253 with gateway 10.0.0.1 to devices on the ethernet connection.
You must assign 10.0.1.2-10.0.1.253 with gateway 10.0.1.1 to devices on the wireless connection.

pardon my ignorance but how do i do that in telnet?

thanks

richard

Are you asking how to connect to use the command line interface? I use ssh to connect to the box for security reasons, but both end up at the command line interface.
telnet xxx.xxx.xxx.xxx
or
ssh admin@xxx.xxx.xxx.xxx

no i know how to access box its how do i input information (ip or ip firewall) and what format do i put "You must assign the ip range 10.0.0.2-10.0.0.253 with gateway" in

thanks

richard

I mean you must assign the computers that connect to those ports one of those ip sets. Like the first computer you put on the ethernet interface should be assigned (in that computer) 10.0.0.2 netmask 255.255.255.0 with the gateway at 10.0.0.1. The next computer would be 10.0.0.3 netmask 255.255.255.0 gateway still 10.0.0.1, and on...

Or you can set up dhcp on ether1. Insure all else, like dns and routes, are done first, then the dhcp-server setup is enter-enter-enter, except for the interface entry. I use:
/ip dhcp-server setup

Then they get IPs as they connect.

so they have to be done one at a time. what directory do i do this in? and whats the format. i am going to be using static IP's as this network will be used for 10 TV channels.

thanks

richard

They must be set up in each computer. If Linux, I use the GUI that came with my OS (PCLinuxOS). In Windows, it is done in control panel - network settings - tcp/ip. That is about all I can give you on that one. Too many Windows/Linux OS versions out there.

You will need to enter the dns server settings in each computer also.

thanks for the reply
i am using windows what i dont know is where to put the "You must assign the ip range 10.0.0.2-10.0.0.253" is it to go into the mikrotik box if so where?

richard

The MikroTik box already knows how to find all those ips. When you set up ether1 with 10.0.0.1/24, it lets the router know that all ips that start with 10.0.0.x are on that interface, It will also know that all ips that start with 10.0.1.x are on wlan2 for the same reason. It knows that the 172.26.0.x ips are on wlan1.

The only things it doesn't know is about ip/netmasks that are not on an interface in that box. That is why the /ip route gateway=xxx.xxx.xxx.xxx entry to get to the net. That says "if the ip is not on an interface on this box, then send the request out this ip".

If you get into more complex internal routings, you will have gateways pointed everywhere.

ADD: What I meant by that was:
You must assign ONE of those ips to each of the computers on that interface. Since 10.0.0.1 is taken by the interface itself (this is the gateway for this local net), the first computer is 10.0.0.2, the next computer is 10.0.0.3, and on...

And the computers on each local net follow the same rule about gateways. You must tell each computer on the ethernet connection that if the ip doesn't start with 10.0.0.x, ask 10.0.0.1 about it.

thanks very much for that i had gone off down the wrong track with my thinking, now the penny has dropped. programming is not my forte i am still learning with a long way to go.
once again many thanks for the help

richard

No problem. Everybody was a newbie somewhere sometime. If you decide to get into it again sometime, you know where to come...

thought i had it but......
can ping from eth1 10.0.1.1 to gateway 172.26.0.1 but.......
cannot surf the web from laptop plugged into eth1.
route print says gateway state= reachable.
its one of those days

richard

OK. Today is good.Is the laptop ip/netmask/gateway set up? It should be
ip = 10.0.0.2
netmask = 255.255.255.255.0
gateway = 10.0.0.1

In Windows, it is in Control Panel - Network Settings. Use the drop down to find the tcpip setting for your ethernet card. Highlight, then select the Properties button.

There are no other computers on the ethernet connection yet, right?

ADD: Verify ether 1 ip address is 10.0.0.1/24.
Setting up a dhcp server on ether1 is easy and would avoid having to do this for every computer. It becomes plug-and-play.

the laptop is the only PC on IP is set to 10.0.0.2 255.255.255.0
i can ping gateway but cant surf?
could i be missing any other perameter?

richard

Then I suspect you are just a setting away from surfing. What you lack is dns. In the MT box:
/ip dns
set primary-dns=xxx.xxx.xxx.xxx
set secondary-dns=yyy.yyy.yyy.yyy
set allow-remote-requests=yes

Then set the dns in your Windows laptop. Same ip's as above. It should be one of the tabs in the network settings where you entered your ip/netmask. You should have gotten a couple of dns server ip's with your ip/netmask/gateway info from your ISP.