How to access ADSL Modem on Mikrotik Ether1-Gateway

ColinR

Expert Member
Joined
Aug 24, 2006
Messages
3,753
I have an ADSL modem connected to the Ether1-Gateway port, and am therefore unable to access it.
I've read http://forum.mikrotik.com/viewtopic.php?f=13&t=57219 here, but no joy.

How do I access the modem? :confused:
Edit: I've posted this on the Mikrotik forum as well, and will update here, if I get an answer there.

/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.1.50/24 network=192.168.1.0
interface=ether2-master-local actual-interface=ether2-master-local

1 D address=41.xxx.xxx.xxx/32 network=xxx.xxx.xxx.xxx interface=pppoe-out1
actual-interface=pppoe-out1

/ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=xxx.xxx.xxx.xxx
gateway-status=xxx.xxx.xxx.xxx reachable pppoe-out1 distance=1 scope=30
target-scope=10

1 ADC dst-address=xxx.xxx.xxx.xxx/32 pref-src=xxx.xxx.xxx.xxx gateway=pppoe-out1
gateway-status=pppoe-out1 reachable distance=0 scope=10

2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.50
gateway=ether2-master-local
gateway-status=ether2-master-local reachable distance=0 scope=10


/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1-gateway" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074

1 R name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074

2 name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074

3 R name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074

4 name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074

5 R name="pppoe-out1" type="pppoe-out" mtu=1480

/ip firewall export
# mar/05/2012 09:56:57 by RouterOS 5.6
# software id = ZDRB-BFRV
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established disabled=no
add action=accept chain=input comment="default configuration" connection-state=\
related disabled=no
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
add action=masquerade chain=srcnat disabled=no src-address=192.168.1.0/24
add action=masquerade chain=srcnat disabled=no out-interface=ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
 
Last edited:

Tinuva

The Magician
Joined
Feb 10, 2005
Messages
10,156
There are 2 ways you can do this.

1. Point a route back from the Modem to the IP ranges on your Mikrotik network to the mikrotik ip on ethernet1-gateway. This means you need to add an ip on that interface so that the mikrotik can route to the adsl modem, and the adsl modem need a route back to the mikrotik.

2. NAT, this is the method I deciced to use, its simpler for me. Again you need an ip on ethernet1-gateway in the same ip range that the adsl modem has an ip. Then enable NAT for this interface much like you did for the pppoe interface.

Its not very specific, but should point you in the correct direction.
 

ColinR

Expert Member
Joined
Aug 24, 2006
Messages
3,753
I have the NAT rule in place, but it's not helping.
I'm thinking it has to do with an existing NAT rule, that covers the same ip range.
 

Tinuva

The Magician
Joined
Feb 10, 2005
Messages
10,156
Your ADSL modem needs a different IP range than what your internal network on the mikrotik is already using.

For example I use 10.0.0.0/24 for my home network, and 192.168.1.0/24 for the ADSL modem. As far as I know, NAT on the Mikrotik isn't really ip range specific, its more to do with the outgoing interface the NAT rule is applied to.
 

Roman4604

Expert Member
Joined
Jun 27, 2005
Messages
4,569
I have the NAT rule in place, but it's not helping.
There's an easier way, just run your Mikrotik "one arm".

Here the logical LAN IP & PPPoE interfaces are both configured on same physical port (e.g. Ether1). You can then give your ADSL modem a (mgmt) IP on the internal LAN and access directly (without any NAT/routing complications).
 

ColinR

Expert Member
Joined
Aug 24, 2006
Messages
3,753
Tinuva pointed me in the right direction, and I only just realised now what was actually being said!

My steps:

1. Assign IP to the ether1-gateway interface in the same range as the ADSL modem, but different to the LAN (this is the step I missed)
2. Create a Masquerade NAT rule for the ether1-gateway interface.

Thanks everyone
 

blunt

Expert Member
Joined
May 1, 2006
Messages
3,129
Reviving an old thread here.. I had this right about a year ago and then my MikroTik needed to be reset and reinstalled.. and I havent done it right since.

I'm not sure what I'm missing here.

My DSL modem is on 1-wan (ether1) and its IP is 192.168.1.1, my MikroTik is dialing a PPPoE via the 1-wan port for DSL, that's all working etc.

I've gone to IP -> Addresses in WebFig and added 192.168.1.1/24 to the 1-wan interface - https://www.dropbox.com/s/4f7l4fvem77b2jd/Screenshot 2013-11-26 20.51.31.png

I then have a masquerade rule for the wan interface -> https://www.dropbox.com/s/dp7kv68qgxeg211/Screenshot 2013-11-26 20.52.49.png

If I try to ping 192.168.1.1 it times out and says "Host is down" - any ideas?

The modem is functioning on 192.168.1.1, if I plug it in directly then I can ping and access it.

My subnet mask is 255.255.0.0 and my LAN IP range is 192.168.88.x
 

controlc

Active Member
Joined
Sep 2, 2005
Messages
51
My subnet mask is 255.255.0.0 and my LAN IP range is 192.168.88.x

If the subnet mask on your LAN is 255.255.0.0, then your pc won't be able to see the ADSL router. Change your LAN subnet mask to 255.255.255.0, or change your ADSL<>Mikrotik range to something not in the 192.168.x.x range
 

blunt

Expert Member
Joined
May 1, 2006
Messages
3,129
Fixed - set the dsl modem to 10.10.1.1 and added the IP 10.10.1.2 to the mikrotik, masquerade rule as mentioned above and all good.
 
Top