Join The Community

Facebook Page

Place Your Ads Here

About Configuration

www.basic-mikrotik.blogspot.com on 18.14. -

TCP/IP Related Questions

I have two NIC cards in the MikroTik router and they are working properly. I can ping both networks from the router but can't ping from one network through the router to the other network and to the Internet. I have no firewall setup.
This is a typical problem, where you do not have routing set up at your main Internet gateway. Since you have introduced a new network, you need to 'tell' about it your main gateway (your ISP). A route should be added for your new network. Alternatively, you can 'hide' your new network by means of masquerading to get access to the Internet. Please take time to study the Basic Setup Guide, where the problem is described and the solution is given.
There is an example how to masquerade your private LAN: 
[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interface=Public
[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0   chain=srcnat out-interface=Public action=masquerade
How can I change the TCP port number for telnet or http services, if I do not want to use the ports 23 and 80, respectively?
You can change the allocated ports under /ip service.
When I use the IP address/mask in the form 10.1.1.17/24 for my filtering or queuing rules, they do not work.
The rules 'do not work', since they do not match the packets due to the incorrectly specified address/mask. The correct form would be: 
   10.1.1.0/24 for the IP addresses in the range 10.1.1.0-10.1.1.255, or,
 10.1.1.17/32 for just one IP address 10.1.1.17.
I need to set up DHCP client, but there is no menu '/ip dhcp-client'.
The DHCP feature is not included in the system software package. You need to install the dhcp package. Upload it to the router and reboot!
Can I statically bind IP's to MAC addresses via DHCP?
Yes, you can add static leases to the DHCP server leases list. However, DHCP is insecure by default, and it is better to use PPPoE for user authentication and handing out IP addresses. There you can request the user to log on from a specified MAC address as well.
How can I masquerade two different subnets using two different external IP addresses for them?
Use /ip firewall nat rule with chain=srcnat action=nat, specify the to-src-address argument value. It should be one of the router's external addresses. If you use action=masquerade, the to-src-address is not taken into account, since it is substituted by the external address of the router automatically.
I cannot surf some sites when I use PPPoE.
Use /ip firewall mangle to change MSS (maximum segment size) 40 bytes less than your connection MTU. For example, if you have encrypted PPPoE link with MTU=1492, set the mangle rule as follows: 
 / ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss tcp-mss=!0-1448 new-mss=1448