I could use some help configuring the router for basic internet access. I am using the Winbox.exe GUI for configuration. Here is what I have done so far:
1 - Assigned Eth2 an IP address and set up the DHCP server to assign address on this interface. This is working fine and clients are pulling a DG and DNS just fine.
2 - Assigned Eth1 an IP address and set up the DHCP client to pull an address. This is working fine also and the router is pulling DG and DNS.
3 - All of the neccessary routes seem to have been automaticly created including the default route.
4 - From a client computer I can ping the WAN interface but cannot ping anything past that.
5 - From the router I can ping anything, the next hop, DNS server and IPs on the internet.
6 - BUT I cannot access the internet or ping an internet IP or anything past the WAN interface from a client workstation.
Am I needing to create a firewall rule letting outbound traffic out? I'm not sure what I need to do next. Any help would be appreciated.
Re: Basic router configuration for internet access
Need to add masquerade rule in firewall Nat.
ip firewall nat add chain=srcnat action=masquerade out-interface=(choos your wan interface hear.)
ip firewall nat add chain=srcnat action=masquerade out-interface=(choos your wan interface hear.)
Re: Basic router configuration for internet access
i think you also need this one
Configure firewall to protect your router:
/ip firewall rule input add connection-state=invalid action=drop \
comment="Drop invalid connection packets"
/ip firewall rule input add connection-state=established \
comment="Allow established connections"
/ip firewall rule input add connection-state=related \
comment="Allow related connections"
/ip firewall rule input add protocol=udp comment="Allow UDP"
/ip firewall rule input add protocol=icmp comment="Allow ICMP Ping"
/ip firewall rule input add src-address=ex. 192.168.0.0/24 \ <--------- network ip of lan interface
comment="From my home network"
/ip firewall rule input add action=drop log=yes \
comment="Log and drop everything else"
Configure firewall to protect your router:
/ip firewall rule input add connection-state=invalid action=drop \
comment="Drop invalid connection packets"
/ip firewall rule input add connection-state=established \
comment="Allow established connections"
/ip firewall rule input add connection-state=related \
comment="Allow related connections"
/ip firewall rule input add protocol=udp comment="Allow UDP"
/ip firewall rule input add protocol=icmp comment="Allow ICMP Ping"
/ip firewall rule input add src-address=ex. 192.168.0.0/24 \ <--------- network ip of lan interface
comment="From my home network"
/ip firewall rule input add action=drop log=yes \
comment="Log and drop everything else"
Re: Basic router configuration for internet access
This worked and I did not need the others posted by clarkstyx.
"ip firewall nat add chain=srcnat action=masquerade out-interface=(choos your wan interface hear.)"
Is this needed because I do not have a route from my next hop router back to the Mikrotik router?
Thanks
"ip firewall nat add chain=srcnat action=masquerade out-interface=(choos your wan interface hear.)"
Is this needed because I do not have a route from my next hop router back to the Mikrotik router?
Thanks
Who is online
Users browsing this forum: No registered users and 62 guests