Wednesday, February 24, 2010

Basic Ethernet Router with NAT and Destination NAT

This is a pretty basic config, just mainly adding it for my own reference. This setup is public on eth2 and private on eth5. NAT all private traffic to the main Public IP on eth2 and then doing Destination NAT on several public ip addresses to their private ips.


# feb/24/2010 11:51:54 by RouterOS 4.4
#

DHCP
/ip pool add name=dhcp-pool-1 ranges=192.168.1.100-192.168.1.200
/ip dhcp-server add address-pool=dhcp-pool-1 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether5 lease-time=3d name=dhcp1
/ip dhcp-server network add address=192.168.1.0/24 comment="private dhcp" dns-server=209.173.36.11 \
gateway=192.168.1.254

IP Addresses

/ip address add address=xx.xx.xx.22/29 broadcast=xx.xx.xx.23 comment="public main ip" \
disabled=no interface=ether2 network=xx.xx.xx.16 add address=192.168.1.254/24 broadcast=192.168.1.255 comment="private main ip" \
disabled=no interface=ether5 network=192.168.1.0 add address=xx.xx.xx.18/32 broadcast=xx.xx.xx.18 comment="" disabled=no \
interface=ether2 network=xx.xx.xx.18 add address=xx.xx.xx.19/32 broadcast=xx.xx.xx.19 comment="" disabled=no \
interface=ether2 network=xx.xx.xx.19 add address=xx.xx.xx.20/32 broadcast=xx.xx.xx.20 comment="" disabled=no \
interface=ether2 network=xx.xx.xx.20
/ip route add comment="default route" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=xx.xx.xx.17 scope=30 target-scope=10


NAT

/ip firewall nat add action=src-nat chain=srcnat comment="" disabled=no src-address=\
192.168.1.0/24 to-addresses=xx.xx.xx.22 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
xx.xx.xx.18 to-addresses=192.168.1.87 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
xx.xx.xx.19 to-addresses=192.168.1.238 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
xx.xx.xx.20 to-addresses=192.168.1.45

Leftovers

/system clock set time-zone-name=America/Chicago
/system clock manual set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system identity set name=Customer1
/system ntp client set enabled=yes mode=unicast primary-ntp=192.43.244.18 secondary-ntp=\
66.187.224.4

Posted by at 3 comments:
Labels: , , , ,

Tuesday, February 23, 2010

Mikrotik EoIP


There are several versions of this article out there describing how to use MikroTik's EoIP (Ethernet over IP) feature with using a PPtP encryption. I needed a simpler version of just creating the EoIP tunnel without needing to create a secure tunnel due to the network it is traversing is all privately owned but with multiple layer 3 hops of varying name brands. The easiest way to do this was by letting the endpoints create the virtual layer 2 network.



What we will attempt to do is create a transparent network link from Building A to Building B. Remember, this is not encrypted so please keep this in consideration of crossing networks you do not own. This setup will allow all layer 2 traffic cross from both buildings. and the PCs to act like they are right next to each other without any special setups outside of the endpoints.

First you would need to add your external interface. The information here can be changed to whatever your situation requires. The main thing is to insure that Building A and Building B has a default gateway that allows communication between each other.

Building A Router:

/ip address
add address=172.16.3.7/24 broadcast=172.16.3.255 comment="external" \
disabled=no interface=ether1 network=172.16.3.0

/ip route
add comment="default gateway between buildings" disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=172.16.3.1 scope=30 \
target-scope=10

Building B Router:

/ip address
add address=172.16.23.32/24 broadcast=172.16.23.255 comment="external" \
disabled=no interface=ether1 network=172.16.23.0

/ip route
add comment="default gateway between buildings" disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=172.16.23.1 scope=30 \
target-scope=10

At this point, with cables leading to the external networks plugged into eth1, the two routers should be able to see each other. Next you add the EoIP tunnel.

Building A Router:

/interface eoip
add name=eoiptunnel remote-address=172.16.23.32 \
tunnel-id=101 disabled=no

Building B Router:

/interface eoip
add name=eoiptunnel remote-address=172.16.3.7 \
tunnel-id=101 disabled=no

The tunnel-id must match; this is a part of the association of the tunnel. After this we then add the interfaces to permit the traffic to be bridged over this tunnel.

Building A Router:

/interface bridge
add name="eoipbridge"

/interface bridge port add bridge=eoipbridge interface=ether5

/interface bridge port add bridge=eoipbridge interface=eoiptunnel

Building B Router:

/interface bridge
add name="eoipbridge"

/interface bridge port add bridge=eoipbridge interface=ether5

/interface bridge port add bridge=eoipbridge interface=eoiptunnel

At this point the two buildings should be bridged on the same layer 2 network and be able to act accordingly.
Posted by at No comments:
Labels: , , ,

Mikrotik System Reset

To reset Mikrotik RouterOS to the default configuration, execute the command /system reset-configuration. This should do a complete wipe and restore the defaults.
Posted by at No comments:
Labels: , ,

Zhone Malc 723 and ADSL Interfaces

Below is SNMP OIDs for Zhone MALC 723

OBJECT NAME OID

ifAdminStatus 1.3.6.1.2.1.2.2.1.7
zhoneDslLineStatusChangeTrapEnable 1.3.6.1.4.1.5504.5.4.1.1.15
zhoneAdslTransmissionMode 1.3.6.1.4.1.5504.5.4.11.1.3
zhoneAdslChannelMode 1.3.6.1.4.1.5504.5.4.11.1.4
adslTrellisModeEnabled 1.3.6.1.4.1.5504.5.4.11.1.1
adslNTRModeEnabled 1.3.6.1.4.1.5504.5.4.11.1.2
adslPotsBypassRelayMaxDuration 1.3.6.1.4.1.5504.5.4.11.1.9
adslLineDMTConfMode 1.3.6.1.4.1.5504.5.4.11.1.11
adslMaxDownstreamToneIndex 1.3.6.1.4.1.5504.5.4.11.1.5
adslMinDownstreamToneIndex 1.3.6.1.4.1.5504.5.4.11.1.6
adslAtucConfRateMode 1.3.6.1.2.1.10.94.1.1.14.1.2
adslAtucConfRateChanRatio 1.3.6.1.2.1.10.94.1.1.14.1.3
adslAtucConfTargetSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.4
adslAtucConfMaxSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.5
adslAtucConfMinSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.6
adslAtucConfDownshiftSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.7
adslAtucConfMinDownshiftTime 1.3.6.1.2.1.10.94.1.1.14.1.10
adslAtucConfUpshiftSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.8
adslAtucConfMinUpshiftTime 1.3.6.1.2.1.10.94.1.1.14.1.9
adslAtucChanConfFastMaxTxRate 1.3.6.1.2.1.10.94.1.1.14.1.13
adslAtucChanConfFastMinTxRate 1.3.6.1.2.1.10.94.1.1.14.1.11
adslAtucChanConfInterleaveMaxTxRate 1.3.6.1.2.1.10.94.1.1.14.1.14
adslAtucChanConfInterleaveMinTxRate 1.3.6.1.2.1.10.94.1.1.14.1.12
adslAtucChanConfMaxInterleaveDelay 1.3.6.1.2.1.10.94.1.1.14.1.15
zhoneAdslAtucConfREADSL2 1.3.6.1.4.1.5504.5.4.19.1.1
adslMaxUpstreamToneIndex 1.3.6.1.4.1.5504.5.4.11.1.7
zhoneAdslMinUpstreamToneIndex 1.3.6.1.4.1.5504.5.4.11.1.8
adslAturConfRateMode 1.3.6.1.2.1.10.94.1.1.14.1.16
adslAturConfRateChanRatio 1.3.6.1.2.1.10.94.1.1.14.1.17
adslAturConfTargetSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.18
adslAturConfMinSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.19
adslAturConfMinSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.20
adslAturConfDownshiftSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.21

adslAturConfUpshiftSnrMgn 1.3.6.1.2.1.10.94.1.1.14.1.22

adslAturConfMinUpshiftTime 1.3.6.1.2.1.10.94.1.1.14.1.23
adslAturConfMinDownshiftTime 1.3.6.1.2.1.10.94.1.1.14.1.24
adslAturChanConfFastMaxTxRate 1.3.6.1.2.1.10.94.1.1.14.1.27
adslAturChanConfFastMinTxRate 1.3.6.1.2.1.10.94.1.1.14.1.25
adslAturChanConfInterleaveMaxTxRate 1.3.6.1.2.1.10.94.1.1.14.1.28
adslAturChanConfInterleaveMinTxRate 1.3.6.1.2.1.10.94.1.1.14.1.26

adslAturChanConfMaxInterleaveDelay 1.3.6.1.2.1.10.94.1.1.14.1.29
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)