Internet sharing & MikroTik saved the day(s)!

This week I was with a customer, assisting them with moving the office to another location. As the whole “migration” was done in a hurry, some things were not prepared on time – there was no Internet access on the second location. This was quite a problem, because people had to work during the move (they had to generate and send reports, invoices, respond to e-mails, etc.).

However, the good thing was that the networking was already done and servers were moved relatively fast. So… we had servers and networking up and running in no time, and we got even some “spare parts” – couple of MikroTik routers.

As I’ve said already – without Internet, people couldn’t do much, so I’ve had an idea to use someone’s phone and one of the “spare” routers to provide temporary Internet access for the whole network. I’ve connected one router to a network switch, grabbed someone’s iPhone, enabled Internet sharing on it, and then connected my notebook to the wired network, so that I could configure the router.

internet_sharing_on

As you can see on the previous picture, I’ve set my SSID and password to “blog.kaniski.eu”, and I’ll use this later in my router configuration.

Note: I don’t have an iPhone near me right now, so I’m using my Lumia 930 and MikroTik RB751U-2HnD router to “emulate” this scenario… sorry about that. Smile

Router’s configuration that was used is actually very simple – here’s the whole script (note that I’ve changed the ranges, names, etc. for privacy reasons):

# reset the system and don’t load defaults (totally unconfigured router)
/system reset-configuration no-defaults=yes
y

# set router's identity (for “cosmetic” reasons)
/system identity set name="blog.kaniski.eu"

# add IP address to internal network interface (ether5 in my case)
/ip address add address=10.10.10.254 netmask=255.255.255.0 interface=ether5

# configure DHCP client for wlan1 interface (get IP address from the phone’s DHCP server)
/ip dhcp-client add interface=wlan1 use-peer-dns=yes use-peer-ntp=yes add-default-route=yes disabled=no

# set wireless properties and enable wlan1 interface
/ip neighbor discovery set wlan1 discover=no
/interface wireless security-profiles add name="blog.kaniski.eu" authentication-types=wpa2-psk group-ciphers=aes-ccm mode=dynamic-keys unicast-ciphers=aes-ccm wpa2-pre-shared-key="blog.kaniski.eu"
/interface wireless set wlan1 mode=station security-profile="blog.kaniski.eu" ssid="" band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=croatia frequency=auto
/interface wireless connect-list add security-profile="blog.kaniski.eu" connect=yes ssid="blog.kaniski.eu" interface=wlan1
/interface wireless set wlan1 disabled=no

# masquerade the outgoing traffic on wlan1
/ip firewall nat add chain=srcnat out-interface=wlan1 action=masquerade

# change your admin password
/user set admin password="blog.kaniski.eu"

# reboot the router (not necessary, but it’s something I like to do)
/system reboot
y

And… voilà – my network should have Internet access now! As you can see, my Lumia shows one client connected, and now I can access the Internet from behind my MikroTik router. Pretty cool! Smile

internet_sharing_connected

If you, by any chance, don’t have a DHCP server in you network, your router can help you with that as well. All you need to do is following:

# add DHCP server for the internal network
/ip pool add name="dhcp-internal" ranges=10.10.10.101-10.10.10.200
/ip dhcp-server add address-pool="dhcp-internal" authoritative=yes interface=ether5 lease-time=1d name="dhcp-internal"
/ip dhcp-server network add address=10.10.10.0/24 dns-server=10.10.10.254 gateway=10.10.10.254 netmask=24
/ip dhcp-server enable dhcp-internal

# allow remote requests for DNS
/ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 

You can check if your router (and the rest of your network) is connected to phone’s wireless (and Internet), by opening the router’s admin page in your favorite web browser (http://10.10.10.254/ in our case):

wifi_connected

Although things didn’t go exactly like planned, this little trick enabled people to work while waiting for the “real Internet access”. Right now is three days from implementing this temporary solution and still no “real Internet” in sight… maybe next week. Sad smile

Thanks for reading and have a great weekend!

Leave a Comment.