Mikrotik Initial setup

[arrbee]

I'm pulling my hair out here!

Background info:
Home environment- I've a Ubiquiti network (mostly), Router, Switch, APs, and a controller VM.
currently using an 818 (with Eir) in passthrough to the UBNT router and looking to migrate to an LHG LTE18 kit.
I have the LHG, and have mounted it.


I'm really struggling with the LHG config.
Ideally I just want to pass through the public address through to the router, and also access the LHG on a management interface.

I've tried a good few things at this stage but have gotten nowhere!
Any good setup guides for routerOS 7.x out there????



Cheers,
RB

[Seán]

When passthrough enabled, the LHG ends up on the WAN side with no IP address and routers generally don't pass MAC layer traffic between the WAN and LAN side. The only workaround I've come across for accessing the MikroTik from within the network is with VLANs, however, this is something I'm unable to write a quick guide for. Even on MikroTik forum, there is a rather technical discussion about it in this MikroTik thread.

From my past experience, I don't recall any issue with having a double NAT, i.e. where I had a Fritz Box and MikroTik both operating in the default routing mode. For port forwarding, I set the MikroTik to forward to the IP address assigned to the WAN port of the Fritz box, then did port forwarding on the Friz Box to the device that required it.

If you really need to use passthrough such as for incoming IPsec VPN connections, one workaround would be to connect a network switch between WAN port of your UBNT router and the LHG's PoE adapter. Whenever you need to access the LHG management, connect your laptop to this network switch, open Winbox and go into the "Neighbors" tab to login. For Wi-Fi access (e.g. from the Winbox App on a phone), you can plug a basic Wi-Fi access point such as a travel router into this switch, then connect to this Wi-Fi network to access Winbox.

[arrbee]

I always thought double NATing was something to be avoided, although I don't have anything to back that up. more of a hunch around latency.

One of the interesting things I noticed with the 818 is that it was still accessible on it's "local" IP even in passthrough mode. This lead me to hope that something similar would be possible with the LHG.
As I havent even got the LHG serving up internet as a router yet, I'll work towards that 1st, then double NAT, then look into using a VLAN.

Thanks!

[Seán]

That's interesting how the Huawei B818 remains accessible in passthrough mode. This means it's likely working as a transparent router rather than true bridge in order to intercept connections to its own IP address. The MikroTik passthrough is completely layer 2, i.e. all traffic from the chosen passthrough MAC address is forwarded to the LTE interface and vice versa without involving layer 3 (IP addresses and routing).

From my limited searching, I had no luck finding any way of configuring the MikroTik to operate in a way like the Huawei does to provide management access via its IP address. It might be worth asking on the MikroTik forum, explaining that this is possible with your Huawei router in bridge / passthrough mode.

[arrbee]

That's interesting how the Huawei B818 remains accessible in passthrough mode.  This means it's likely working as a transparent router rather than true bridge in order to intercept connections to its own IP address.  The MikroTik passthrough is completely layer 2, i.e. all traffic from the chosen passthrough MAC address is forwarded to the LTE interface and vice versa without involving layer 3 (IP addresses and routing). 

From my limited searching, I had no luck finding any way of configuring the MikroTik to operate in a way like the Huawei does to provide management access via its IP address.  It might be worth asking on the MikroTik forum, explaining that this is possible with your Huawei router in bridge / passthrough mode.

I guess a transparent router would be able to process packets going through more easily.  if it needed to phone home for any reason. 

I've now got the LHG serving a connection as a router to a switch and separately double NATing through the UBNT router.
It's a right pain though as the winbox and Web GUI seem to only work after I reset the config. any time I make a change, I can't start a new session.

I'd certainly settle for admin access while double NATing.
Something I will look into more next week followed by seeing if any improvements can be made to the LTE connection.     (ready yourselves for questions about cell/band locking etc.