Turn an Old PC into a LAN Server with RouterOS, Part 2

Date: Sep 28, 2009 By Eric Geier. Article is provided courtesy of Cisco Press.
Want an enterprise router for your network at a fraction of the cost of a Cisco router? You can connect your offices together, remotely access files, run enterprise Wi-Fi encryption, and more. Eric Geier, author of Wi-Fi Hotspots: Setting Up Public Wireless Internet Access, concludes his two-part tutorial on getting a RouterOS machine up and running on a spare PC.

In Part 1 of this two-part tutorial, we discovered how we can load the RouterOS software onto an old PC to get advanced enterprise router features at a very low cost.

In this article, we'll finish up the configuration. Once we're done you'll have a basic router, similar to one you'd get off the shelf, and you can then experiment with the more advanced features.

Configure DHCP to Manage the IP addresses

If you don't have to manually set the IP on each computer that connects to the network, you'll probably want to enable the DHCP server on RouterOS.

This server hands out and manages the IP addresses on the network. Here's how to turn on and configure the DHCP server using WinBox:

  1. Click IP > DHCP-Server and then click the DHCP Setup button.
  2. Make sure that the correct name is chosen for the network interface/adapter that will connect to your local network and then click Next.
  3. Specify the address space/range, for example 192.168.1.0/24 and then click Next.
  4. Enter the Default Gateway IP address—for example 192.168.1.1 (the router IP)—and click Next.
  5. Ignore the DHCP relay setting and click Next.
  6. Enter the DHCP address range. You'll probably want to change it to something like 192.168.1.100-192.168.1.199, so you can use the first 100 addresses for the router and any access points (APs) or servers loaded with static IPs. Then you can better distinguish between the addresses for the APs/servers and the end users.
  7. Specify the DNS server used by your ISP and click Next. It might be auto detected; otherwise, you might just use OpenDNSs: 208.67.222.222 and 208.67.220.220.
  8. The default lease time (every three days) is probably fine; however, if you prefer something else, make the change and click Next.
  9. Click OK to close the dialog box.
Enable DNS Relay for Ease of Client Configuration

Enable DNS Relay for Ease of Client Configuration

Next, you should enable the DNS relay feature so clients can be configured with the router's IP for their DNS server setting, and then the router will forward the DNS queries to the real server.

By default, DHCP gives the clients the real DNS server addresses, and queries are sent directly. However, if you manually configure a static IP, you must input the DNS information yourself.

Remembering the router's IP is usually much easier than remembering the DNS address provided by your ISP.

Here's how to enable this feature using WinBox:

  1. Click IP > DNS, and then press the Settings button.
  2. Double-check that you've entered your ISP's DNS server addresses into the Primary and Secondary fields.
  3. Check the Allow Remote Requests option to enable DNS relay.
  4. Click OK.
Enable NAT to Share the Internet

Enable NAT to Share the Internet

The final step of creating a basic Internet-sharing router is to enable Network Address Translation (NAT). This process makes sharing an Internet connection possible.

Remember, each computer or device must have an IP address to communicate on a network or on the Internet. But you only get one IP address for your Internet connection. Thus NAT is needed to "trick" the Internet into thinking communication from any computer or device on your local network is coming from your router.

In other words, it makes your router the single contact point or relay between your network and the Internet.

Here's how to enable NAT on RouterOS, using WinBox:

  1. Click IP > Firewall and select the NAT tab.
  2. Click the Plus button to add a new firewall rule.
  3. For the Chain, select "srcnat".
  4. For the Src Address, input the IP range of your local network. For example, if the router IP is 192.168.1.1, you'd type 192.168.1.0/24.
  5. For the Out Interface, select the name for the interface that's connected to the Internet.
  6. Click the Action tab.
  7. For the Action, choose "Masquerade".
  8. Click OK to save the changes.
(c)Configure the Wireless Interface for Wi-Fi Access

Configure the Wireless Interface for Wi-Fi Access

If your computer is loaded with a supported wireless card, you can set up wireless access on the router.

Here's how to get started:

  1. Click the Wireless menu button to bring up the Wireless Interface window. If RouterOS detected supported wireless cards, they'll be listed here. If they're disabled, make sure you enable them.
  2. For the mode, select "AP Bridge".
  3. Configure the basic wireless settings, such as the band, frequency, SSID (network name), and the security profile.
  4. When you're done, close the wireless interface window.

Now you should configure wireless encryption to keep people off your network and to prevent eavesdropping:

  1. Select the Security Profiles tab.
  2. Modify the default profile by double-clicking it or click the Add button to create a new one.
  3. To use the simple method of WPA/WPA2 (PSK), select "Dynamic Keys" for the Mode. Then check the WPA PSK and/or WPA2 PSK Authentication Types. Select TKIP if using WPA and AES CCM if using WPA2. Then type your passphrase in the Pre-Shared Key boxes.

Next you need to create an IP address for the AP (wireless interface):

  1. Click IP > Addresses and then click the Add (plus sign) button.
  2. Type in an address within the same subnet, followed by a forward slash (/) and the netmask. For example, enter 192.168.1.2/24 if the router's IP is 192.168.1.1/24.
  3. Select the wireless adapter for the interface.
  4. Click OK to save the changes.

Now you probably want DHCP on the wireless side, too, so Wi-Fi users get their IP addresses automatically:

  1. Click IP > DHCP-Server and then click the Add (plus sign) button.
  2. Select the wireless adapter for the interface.
  3. For the Address Pool, select "dhcp_pool1".
  4. Click OK to save the changes.
Discovering the rest of RouterOS

Discovering the rest of RouterOS

Remember, we've configured only the basic services, making a simple wired and/or wireless router. RouterOS can provide many advanced services for your LAN or WAN.

For example, you could use its RADIUS server so you can run WPA/WPA2-Enterprise encryption for Wi-Fi connections. You could use the VPN server to protect remote connections on public hotspots or to connect your offices together. The Mikro Tik documentation or Wiki might provide some help for these and other features.