Disclaimer: I receive many emails from local operators on howto access other operators media sharing portal so that there local users can access them. Rather then replying each one separately & Due to time shortage, I am posting a simple method on how you can let your users access the outer operator media portal via your load balance mikrotik. It is highly recommended to first search for the target web site/servers ip either using trace-route or wire shark. you have to conduct lengthy tracing by simply first try to connect with the target web site and start downloading multiple files, now using either TORCH, or using WIRE SHARK, you can get ips of all the servers which is being accessed by the torrent/idm which is connecting wit the target services. just make a note of these ip’s and add them in list either ip by ip or by /24 subnet.
Also It is recommended to use Mark Connections / Packets and Mark Routing. This way you wont have to create addition rules. So following pseudo codes is highly recommended to fit yourself in a famous quote that says `Work Smarter , not harder …`
Regard’s
Syed Jahanzaib
Example of WIRESHARK is posted bellow ….
Scenario:
We are using Mikrotik as pppoe server and dual vdsl links as WAN load balancer. We have acquired another Operator X line just to access there Entertainment portal which is great in media sharing files including video games etc. We want to let our user access there portal using our mikrotik without interfering with any other network.
Solution:
Quick & Dirty method. You should refine it when deploying in production environment.
We have configured an simple wifi router along with Operator X service in it. Now connect this router LAN line in your mikrotik (example Port 12).
IP Scheme:
- Mikrotik LAN IP for pppoe users : eth0 > 192.168.0.1
- Mikrotik PPPoE IP series (allowed users for internet) : 192.168.200.0/24
- Mikrotik WAN-1 IP Series for DSL1 : eth1 > 192.168.1.1
- Mikrotik WAN-2 IP Series for DSL2 : eth2 > 192.168.2.1
- Mikrotik eth12 IP Series for Portal X : eth12 > 192.168.12.2 ( > 192.168.12.1 is wifi router with local OP service)
- PORTAL-X IP Series: Web Portal – 123.123.123.0/24 Download servers – 172.17.1.0/24
Note:
For DNS, you can either use the OP-X dns servers (or wifi router as your dns as wifi router will get the DNS dynamically from the OP-X, or you can make static dns entries in your mikrotik dns server , and make sure all of your clients are using your mikrotik as there preferred dns server, you can also create a forced router to redirect all outgoing dns requests to your mirkotik. whatever is easier for you 🙂
Code!
# PPPoE Users IP List to access internet/portal /ip firewall address-list add address=192.168.200.0/24 comment="Allowed Users to Use Internet" list="allowed users" # Add Portal X IP Series, you can get there list by inspecting torrent files, or using WIRESHARK add address=123.123.123.0/24 list=portalx_list add address=172.17.1.0/24 list=portalx_list # Accept the PORTAL X packets to avoid processing them in PCC, then using routes we can route them via wifi router /ip firewall mangle add action=accept chain=prerouting comment="ACCEPT portalx_list PACKETS FROM PROCESSING THEM IN PCC - ZAIB" dst-address-list=portalx_list src-address-list="pppoe_allowed_users" # Allow requests going to Portal X interface (to wifi router with OP X service) /ip firewall nat add action=masquerade chain=srcnat comment=ALLOW_ACCESS_TO_portalx_list_INTERFACE out-interface=eth12 src-address-list="pppoe_allowed_users # Since we have excluded the Portal.X from PCC, therefor we have to create ROUTE for these packets # So that these packets should route via Wi.Fi Router (connected with OP X service) /ip route add distance=1 dst-address=123.123.123.0/24 gateway=192.168.12.1 comment=route_for_portalx_site_going_via_local_wifi_router add distance=1 dst-address=172.17.1.0/24 gateway=192.168.12.1 comment=route_for_portalx_site_going_via_local_wifi_router # In the end , simply create QUEUE to allow more bandwidth going to Portal X servers, # Again, if you had used packet marking, then you can use marked pkts & use single queue, more efficient /queue simple add max-limit=1G/1G name="portalx_list.torrent queue-1G" target=172.17.17.0/24 add max-limit=1G/1G name=portalx_list-public-ips-1G target=123.123.123.0/24
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
hi syde ,
I am getting error while runing
radiusd -X
Failed binding to authentication address * port 1812: Address already in use /usr/local/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
Can you help me how to debug
On Mon, Feb 5, 2018 at 9:07 PM, Syed Jahanzaib Personal Blog to Share Knowledge ! wrote:
> Syed Jahanzaib / Pinochio~:) posted: ” Disclaimer: Due to time shortage, I > have just posted large subnet for the target servers we want to access. It > is highly recommended to first search for the target web site/servers ip > either using trace-route or wire shark. you have to conduct lengthy tr” >
LikeLike
Comment by Girish Gowda — February 7, 2018 @ 4:38 AM
first stop the already running freeradius instance by
killall -9 freeradius
then start
freeradius -X
LikeLiked by 1 person
Comment by Syed Jahanzaib / Pinochio~:) — February 7, 2018 @ 8:10 AM
Need Help for mikrotik to dial openvpn L2TP/IPSec account to dial through mikrotik
LikeLike
Comment by Asifkof — February 14, 2018 @ 10:17 PM
Sir I love you. Thank you
LikeLike
Comment by Sultan Ali — May 21, 2018 @ 4:49 PM
we love you too 😉
LikeLiked by 1 person
Comment by Syed Jahanzaib / Pinochio~:) — June 6, 2018 @ 7:10 PM
Assalamu alaikum
Jahanzaib Bhai mashallah bhai thanks for informative posts.
in my view you are the biggest well wisher of our society.
LikeLike
Comment by Farhad shah — August 29, 2019 @ 1:39 PM