MikroTik

I have mikrotik routerboard 750gl software version 5.2 , 5 ethernet ports . i user 4 ports for wan contections and one port for lan conections .
i cant access http interface for these 4 wan interface ... i mean that i cant access the web interface for every adsl modem for these 4 wan intefaces. but internet connections run very well ..



here is all rules :
-------------------------------
/ip address
add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=in1 network=192.168.1.0
add address=192.168.16.2/24 broadcast=192.168.16.255 comment="" disabled=no \
interface=in2 network=192.168.16.0
add address=10.0.0.139/24 broadcast=10.0.0.255 comment="" disabled=no \
interface=in3 network=10.0.0.0
add address=192.168.10.2/32 broadcast=192.168.10.2 comment="" disabled=no \
interface=in4 network=192.168.10.2
add address=192.168.20.1/32 broadcast=192.168.20.1 comment="" disabled=no \
interface=out network=192.168.20.1

-----------------------


/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:8D \
master-port=none mtu=1500 name=in1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:8E \
master-port=none mtu=1500 name=in2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:8F \
master-port=none mtu=1500 name=out speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:90 \
master-port=none mtu=1500 name=in3 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:A5:F3:91 \
master-port=none mtu=1500 name=in4 speed=100Mbps



------------------------


/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 routing-mark=in1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.16.1 routing-mark=in2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
10.0.0.138 routing-mark=in3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.10.1 routing-mark=in4 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
192.168.16.1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=3 dst-address=\
0.0.0.0/0 gateway=10.0.0.138 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=4 dst-address=\
0.0.0.0/0 gateway=192.168.10.1 scope=30 target-scope=10



---------------------------
/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=\
in1 new-connection-mark=in1_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
in2 new-connection-mark=in2_conn passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=in1_conn \
disabled=no new-routing-mark=in1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=in2_conn \
disabled=no new-routing-mark=in2 passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
in3 new-connection-mark=in3_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
in4 new-connection-mark=in4_conn passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=in3_conn \
disabled=no new-routing-mark=in3 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=in4_conn \
disabled=no new-routing-mark=in4 passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local in-interface=out new-connection-mark=in1_conn \
passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local in-interface=out new-connection-mark=in2_conn \
passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local in-interface=out new-connection-mark=in3_conn \
passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting comment="" disabled=no \
dst-address-type=!local in-interface=out new-connection-mark=in4_conn \
passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3
add action=mark-routing chain=prerouting comment="" connection-mark=in1_conn \
disabled=no in-interface=out new-routing-mark=in1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=in4_conn \
disabled=no in-interface=out new-routing-mark=in4 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=in3_conn \
disabled=no in-interface=out new-routing-mark=in3 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=in2_conn \
disabled=no in-interface=out new-routing-mark=in2 passthrough=yes

-----------------------------


/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=in1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=in2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=in3
add action=masquerade chain=srcnat comment="" disabled=no out-interface=in4

************************
i mean that I cant access for example web interface for 192.168.1.1 , 192.168.16.1 , 10.0.0.138 or 192.168.10.1
sorry for my english

thanks for help

why nobody answer ???

why nobody answer ???

Because you didn't pay attention to this thread. Please read it and restate your question to keep us from the 20 questions game that no one likes to play. Nobody can or will help you without detailed information about your physical and logical network setup.

http://forum.mikrotik.com/viewtopic.php?f=2&t=45259

why nobody answer ???

Because you didn't pay attention to this thread. Please read it and restate your question to keep us from the 20 questions game that no one likes to play. Nobody can or will help you without detailed information about your physical and logical network setup.

http://forum.mikrotik.com/viewtopic.php?f=2&t=45259

so what is about my game ?

i cant access http interface for these 4 wan interface ... i mean that i cant access the web interface for every adsl modem for these 4 wan intefaces. but internet connections run very well ..

You cannot access your routers web interface from the Internet, or directly connected to any of your routers ethernet ports?

According to your setup, it looks like your DSL modems act like a NAT router.

Is this similar to your network configuration?

Internet----[DSL Modem]-----[RB750GL]

i cant access http interface for these 4 wan interface ... i mean that i cant access the web interface for every adsl modem for these 4 wan intefaces. but internet connections run very well ..

You cannot access your routers web interface from the Internet, or directly connected to any of your routers ethernet ports?

According to your setup, it looks like your DSL modems act like a NAT router.

Is this similar to your network configuration?

Internet----[DSL Modem]-----[RB750GL]

I dont want to access routers web interface from internet ...
i cant through Lan ( routerboard 750g >>> mikrotik x86 hotspot server >> lan cleints )
so i cant access from lan cleints ...
thanks

I dont want to access routers web interface from internet ...
i cant through Lan ( routerboard 750g >>> mikrotik x86 hotspot server >> lan cleints )
so i cant access from lan cleints ...
thanks

Okey. wasn't sure about that. If you ping your router, what are the results? And also try telnet/ssh.

I dont want to access routers web interface from internet ...
i cant through Lan ( routerboard 750g >>> mikrotik x86 hotspot server >> lan cleints )
so i cant access from lan cleints ...
thanks

Okey. wasn't sure about that. If you ping your router, what are the results? And also try telnet/ssh.

when I do ping, ssh or telnet adsl router ip sometimes reply sometimes not ... depend on which internet ip from which router i used now to internet

I dont want to access routers web interface from internet ...
i cant through Lan ( routerboard 750g >>> mikrotik x86 hotspot server >> lan cleints )
so i cant access from lan cleints ...
thanks

Okey. wasn't sure about that. If you ping your router, what are the results? And also try telnet/ssh.

when I do ping, ssh or telnet adsl router ip sometimes reply sometimes not ... depend on which internet ip from which router i used now to internet

So, you are not able to access your ISP modems... and sometimes they return ping, sometimes not. Correct?
This sounds like an issue with your ISP modems. If you plug your computer directly into each ISP modem, then are you able to access them web admin on them?

internet connection work good , i show allways trafic for each interface in MT
yes if I plug computer directly into each ISP modem, I can able to access them webadmin ...

See my response to your duplicate post here: http://forum.mikrotik.com/viewtopic.php?f=14&t=57889

See my response to your duplicate post here: http://forum.mikrotik.com/viewtopic.php?f=14&t=57889

this rules worked good

chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=ye>
src-address=0.0.0.0/0 dst-address=50.50.50.0/24

chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=ye>
src-address=0.0.0.0/0 dst-address=70.70.70.0/24

chain=prerouting action=mark-routing new-routing-mark=wan3 passthrough=ye>
src-address=0.0.0.0/0 dst-address=30.30.30.0/24

chain=prerouting action=mark-routing new-routing-mark=wan4 passthrough=ye>
src-address=0.0.0.0/0 dst-address=60.60.60.0/24


so i can access all webinterfaces for adsl modems

I would recommend mapping them to private LAN addresses so you're not blocking some real site or network. So rather than; 30.30.30.0/24, 50.50.50.0/24, 60.60.60.0/24, 70.70.70.0/24, you should probably use something like; 10.10.0.10, 10.10.0.20, 10.10.0.30, 10.10.0.40, ...(*) Also you may want to make the source address specific and the masks tighter, since you really only want to map the ADSL modem to an internal address.

(*) Even better would be to make a network plan with specific address ranges dedicated to administrative and infrastructure machines. So for example if you're using the 192.168.0.0/16 range for your internal LAN addresses, dedicate some block like 192.168.1.0/24 or 192.168.254.0/24 to your servers, routers and administrative work stations. Then map the modems into that range.