new RouterBOARD 750

A heap of RouterBoard 750s landed on my desk.  I want to use these to do daft things like VPN termination, MPLS, and so on, but they arrive configured as home NAT boxes.  Step one is to do basic setup on the box.  The MAC address is printed on the unit, so I can get the IP from the DHCP server.  Then I’ll use MicroTik’s WinBox management client.  A MicroTik’s default username is “admin” with no password.

Hmmm… I can’t get in from outside.  Sensible enough for a home NAT, I suppose, if annoying for me right now.  My laptop is running over wireless, so I have a free Ethernet port.  Plugging in a cable to the “inside” port gives me an address in 192.168.88/24, and I can browse to 192.168.88.1.  Good enough — but this bloody Windows box now has two default routes, and my Internet connectivity is hosed.

First, go to the firewall tab and disable the firewall and NAT.  I don’t want a “public” interface on this box, if possible. Then go to the DHCP tab to disable the default gateway on this lease.  The Web interface is clearly minimal, designed for the home user.  I need a better interface, so fire up Winbox.

Winbox can connect to the inside interface.  First off, go to the IP->DHCP Server, the Network tab, and remove the default gateway with the “up” arrow.  I “ipconfig /release && ipconfig /renew” on my laptop, and I once again have Internet connectivity over my wireless.

I want a static IP on the “outside” interface.  Go to IP->DHCP Client, and hit the red X to disable.  Now go to IP->Addresses and add a new address.  There’s no “netmask” in the IP setup screen; you have to use slash notation after the IP address (e.g., 192.0.2.1/25).

Then go to System->Users, select the Admin user, and set a password.  The box is up and on the network.

Next stop: Radius auth for admin logins.

Stalk me on social media