#360332 - 20/11/2013 21:32
Re: The best router
[Re: Cris]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12318
Loc: Sterling, VA
|
It didn't get me set up for this installation. Maybe because it was DSL? I hate DSL. I'll again if I'm ever connected to a cable modem or something.
_________________________
Matt
|
|
Top
|
|
|
|
|
#360335 - 21/11/2013 09:04
Re: The best router
[Re: Dignan]
|
carpal tunnel
Registered: 17/01/2002
Posts: 3995
Loc: Manchester UK
|
Wow, that RouterBoard hardware looks great and the price looks good too. Can you put OpenWRT or whatever else on it? I think putting OpenWRT would actually be a retrograde step. It's a real double hit, great hardware matched to brilliant software. Andy, I need some clarification: is the software brilliant, or is designed for people who are brilliant? The latter, obviously!  Sorry you've had such a hard time with it, as you say there is a learning curve with the software. It's like configuring an HP ProCurve or Cisco device, it's not all wizards and stuff. Although the last time I bought one, it did have a basic config on that did NAT on a PPPoE connection, maybe they ship them completely blank now. So, for future reference, let's assume you're just setting up a plain ordinary internet connection for a house or small office. - DSL/Cable connection presented as PPPoE (plugged from the modem into Ether1)
- A private block of 192.168.x.x addresses (plugged from the switch into Ether2)
- An FTP server in the office that needs to be accessible externally
Do a factory reset on the modem to clear out any previous config. Plug your laptop/PC into the second ethernet interface (Ether2) and run up WinBox (a free application you can download from their website). From here you should be able to discover your unconfigured router and start setting it up. Once connected, click the 'New Terminal' button to open a command line interface. Have a look in at http://wiki.mikrotik.com/wiki/Winbox for further info. In your command window, start typing the following: Set a password for the admin user: /user set admin password=NEWPASSWORD Turn off most of your possible attack vectors: /ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=no port=22
set www-ssl disabled=yes
set api disabled=yes
set winbox disabled=no port=8291 ...and close off the ports on the firewall: /ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes Set the router's IP address on the LAN: /ip address add \
address=192.168.0.1/24 \
broadcast=192.168.0.255 \
disabled=no \
interface=ether2 \
network=192.168.0.0 Lock down the firewall rules: /ip firewall filter
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
add action=accept chain=forward comment=ICMP disabled=no protocol=icmp
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=accept chain=output disabled=no
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
add action=accept chain=input comment=ICMP disabled=no protocol=icmp
add action=drop chain=input comment="Drop the rest" disabled=no Create a PPPoE profile: /ppp profile add \
change-tcp-mss=yes \
name=dsl \
only-one=yes \
use-compression=default \
use-encryption=default \
use-ipv6=yes \
use-mpls=no \
use-vj-compression=default and create a PPPoE client account: /interface pppoe-client add \
ac-name="" \
add-default-route=yes \
allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no \
disabled=no \
interface=ether1 \
max-mru=1492 \
max-mtu=1492 \
mrru=disabled \
name=DSL \
password=secret \
profile=dsl \
service-name="" \
use-peer-dns=yes \
user=abc@a.1 Add a masquerading rule: /ip firewall nat add chain=srcnat action=masquerade src-address=192.168.0.0/24 ...and finally, if you want to poke a hole in the firewall for your FTP server (which we'll assuming is running on 192.168.1.2): /ip firewall filter
add action=accept chain=forward comment="Access to FTP server from outside" protocol=tcp dst-address=192.168.1.2 dst-port=21 (OPTIONAL) Set up a DHCP server: When I said RouterOS didn't have wizards, I lied a little. /ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: ether2
Select network for DHCP addresses
dhcp address space: 192.168.0.0/24
Select gateway for given network
gateway for dhcp network: 192.168.0.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.0.10-192.168.0.254
Select DNS servers
dns servers: 192.168.0.1
Select lease time
lease time: 3d
_________________________
Cheers,
Andy M
|
|
Top
|
|
|
|
|
#360338 - 21/11/2013 19:09
Re: The best router
[Re: andym]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12318
Loc: Sterling, VA
|
Thanks for the help! I'll think about this. I may need to look for another solution, though. Something in between this and your standard off-the-shelf Linksys. I'll try to get past the initial learning curve but it just might not be worth the time considering the places these routers will be used (mostly homes). These people need extremely basic stuff. BTW, what you call wizards I call a UI  Also, what's this stuff about master interfaces? I couldn't tell why the router I was working on had the "master" itnerface set to to port 2...
_________________________
Matt
|
|
Top
|
|
|
|
|
#360342 - 21/11/2013 21:32
Re: The best router
[Re: Dignan]
|
pooh-bah
Registered: 06/02/2002
Posts: 1904
Loc: Leeds, UK
|
Once you have a basic config set you can use the UI to back it up and then copy it to another router.
|
|
Top
|
|
|
|
|
#360343 - 21/11/2013 23:38
Re: The best router
[Re: Cris]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12318
Loc: Sterling, VA
|
Once you have a basic config set you can use the UI to back it up and then copy it to another router. Good call. I'll give it another shot sometime
_________________________
Matt
|
|
Top
|
|
|
|
|
#360347 - 22/11/2013 01:58
Re: The best router
[Re: Dignan]
|
addict
Registered: 02/04/2002
Posts: 691
|
What about the Ubiquiti EdgeMax router? I'm pretty happy with mine, $99 and a simple 3 port router, QoS isn't available yet in the UI, but you can activate it with the CLI or text configs.
I just picked up the PoE 5 port version, I want to move my VoIP phones over and remove the powerbricks, but I haven't had time to put it into action yet besides upgrading to the latest firmware.
_________________________
Oliver
mk1 30gb: 129 | mk2a 30gb: 040104126
|
|
Top
|
|
|
|
|
#360348 - 22/11/2013 03:27
Re: The best router
[Re: oliver]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12318
Loc: Sterling, VA
|
Thanks for the mention, Oliver. I don't know how I missed that product, considering I've been looking at Ubiquiti's site a lot recently! From what I'm reading in the Amazon reviews, it sounds like it needs the same amount of setup But still, I really like Ubiquiti's other products, so I might give them a try next time.
_________________________
Matt
|
|
Top
|
|
|
|
|
#360351 - 22/11/2013 11:35
Re: The best router
[Re: andym]
|
old hand
Registered: 07/01/2005
Posts: 893
Loc: Sector ZZ9pZa
|
So, for future reference, let's assume you're just setting up a plain ordinary internet connection for a house or small office... Thanks for the post Andy, it'll be really handy when I get around to playing with one of these at home.
|
|
Top
|
|
|
|
|
#360352 - 22/11/2013 12:19
Re: The best router
[Re: sein]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12318
Loc: Sterling, VA
|
Andy,
Would you be so kind as to tell me how those instructions would differ if I were attaching this to a standard cable modem (one that's presumably already in bridge mode) that doesn't need to deal with PPPoE?
This would be the most common scenario. Thankfully most of my customers don't have DSL (I'm thankful for their sake).
Edited by Dignan (22/11/2013 12:19)
_________________________
Matt
|
|
Top
|
|
|
|
|
#360353 - 22/11/2013 12:41
Re: The best router
[Re: Dignan]
|
carpal tunnel
Registered: 17/01/2002
Posts: 3995
Loc: Manchester UK
|
Thanks for the help! I'll think about this. I may need to look for another solution, though. Something in between this and your standard off-the-shelf Linksys. I'll try to get past the initial learning curve but it just might not be worth the time considering the places these routers will be used (mostly homes). These people need extremely basic stuff. Their wiki is very good, but it really does require a good working knowledge of network systems. The reason I like them is the power and flexibility they offer and the fact the bare minimum is hidden away from you. Once you know what you're doing, you can get one set up just as quickly as any other. Like Cris says, you could pretty much copy and paste what I've posted up there into a terminal window and get a router that was fresh out of the box working in seconds.
Also, what's this stuff about master interfaces? I couldn't tell why the router I was working on had the "master" itnerface set to to port 2...
This is really about the difference between Ethernet ports and network interfaces. On a device like the RB750, it has five ethernet ports and a switch chip. The ports can be used in a combination of ways with this switch chip. You can use each Ethernet port as an individual network interface (ie. you had a bunch of separate networks that you wanted to connect together and 'route' traffic in-between). In which case you have a network interface bound to each Ethernet port and not use the switch chip. You'd then need routes in your routing table to pass traffic between the physical ports. Or you could have 4 of the ports act like a switch and leave one port to act as the WAN port. This means you have 5 physical ports and 2 network interfaces. One interface is bound to the WAN port, and the other interface is bound to the switch chip which has the 4 other ports bound to it. Traffic will pass between the 4 other ports, but like the first example, you need stuff in your routing table to get stuff to go over the WAN port. So, you set Ether2 to be the switch 'Master' and then for each other port you want to be on the switch, you set that as a slave and point it to the 'Master' interface. You then set things like addresses for routing purposes on the 'Master' interface. From memory you have one switch per box.
_________________________
Cheers,
Andy M
|
|
Top
|
|
|
|
|
#360355 - 22/11/2013 12:54
Re: The best router
[Re: Dignan]
|
carpal tunnel
Registered: 17/01/2002
Posts: 3995
Loc: Manchester UK
|
Andy,
Would you be so kind as to tell me how those instructions would differ if I were attaching this to a standard cable modem (one that's presumably already in bridge mode) that doesn't need to deal with PPPoE?
This would be the most common scenario. Thankfully most of my customers don't have DSL (I'm thankful for their sake). Okay, all you need to do in that instance is plug up the office side to Ether2 and connect the cable modem to Ether1. Then, instead of typing in the bits for the PPP profile and PPPoE client. You'd need to do something like:
/ip dhcp-client add interface=ether1 disabled=no You should be good to go. If you need to spoof your MAC address:
/interface ethernet set ether1 mac-address=XX:XX:XX:XX:XX:XX
_________________________
Cheers,
Andy M
|
|
Top
|
|
|
|
|
#360356 - 22/11/2013 13:44
Re: The best router
[Re: andym]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12318
Loc: Sterling, VA
|
Thanks! I'll give the Routerboard another go. I'll be fine if I can back up the settings and re-use them
_________________________
Matt
|
|
Top
|
|
|
|
|
#360567 - 17/12/2013 03:51
Re: The best router
[Re: Dignan]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12318
Loc: Sterling, VA
|
Okay, so I'm playing around with the Ubiquiti Edgerouter now, and I like the interface a whole lot more. I found a SOHO configuration on their forums, so I was able to load that and pretty much get going right out of the gate. But... ...I want to set this up in an odd way that the folks over there aren't really getting. I believe the term is "cascading?" Basically, I want to be able to plug this router into another router, as in scenario #2 here. I know it's a silly setup, but you should see how difficult it is to set up some of these ISP-supplied routers in bridge mode. It's much easier to simply let the initial router think it's doing it's job, and just plug my router of choice into it, creating a new subnet, segregated from the initial router's traffic. This works with your standard off the shelf routers, but I'm not sure if I'm doing it right here. I have the settings described here, but I went with the simple config download they link to in the very beginning. The setup should be the same, though, except for the part where I reconfigured eth0 to be 192.168.3.1 instead of 1.1. I can see that eth2 is able to get DHCP from my router, but I couldn't get an internet connection through either of the other interfaces. I decided to set a manual IP for the WAN on eth2 to 192.168.1.2, which isn't used and is outside DHCP on my main router, but it still isn't giving me an internet connection. Any ideas? Thanks for your help.
_________________________
Matt
|
|
Top
|
|
|
|
|
|
Previous Topic
Index