How to use a Mikrotik as your router, but still leave the Verizon Fios router in place…

(sorry, no screen shots on this one just yet…)

Here are the basic steps you’ll want to do to leave the Fios router in place but be able to use the Mikrotik as “the router.”

  1. Change the DHCP range of the Fios router to 192.168.1.2-192.168.1.150.  By default it will use every IP in the .1 subnet up to .254.
  2. Plug the WAN port of your Mikrotik into a LAN port on the Fios.
  3. Set up the Fios to give your Mikrotik a static DHCP reservation of 192.168.1.160.
  4. Enable DMZ on the Fios for 192.168.1.160.
  5. Turn off wireless in the Fios router.
  6. Plug everything into the Mikrotik – the only Cat5 coming out of the Fios should be going into the Mikrotik’s WAN port.
  7. Done. Now you can pretty much forget that the Fios router is even there. Just don’t change the IP scheme of the Mikrotik to use 192.168.1.xyz or you will run into problems.
  8. Extra Credit – set up your own username and login and enable remote admin on the Fios router. If you do this, make sure that a stupid login like ‘admin’ and ‘password’ is still enabled….it will be accessible to the whole internet.
Log into the Fios router and go to Advanced, then IP Address Distribution.  Click the little pencil ‘Edit‘ icon on the far right of the IP address range. Change the End IP Address to 192.168.1.150. The Fios router hands out IP addresses to the Fios TV Boxes starting at 192.168.1.100 and up to 192.168.1.150. Changing the DHCP range to go up to .150 means that you will always be ‘out of the way’ of the addresses for the Fios devices.
Plug in an ethernet cable from the Mikrotik’s ether1 and into a LAN port on the Fios router.
With your Mikrotik’s WAN port plugged into a LAN port on the Fios router, look on that same IP Address Distribution page and click on Connection List. Find your Mikrotik in the list and click the Edit icon on the right. Click the Static Lease Type checkbox and click Apply. You will jump back to the Connection List page. Find your Mikrotik again and click Edit one more time. Now there will be a field for you to enter your desired static DHCP reservation of 192.168.1.160. Click Apply.

Now you’ll want to make sure your Mikrotik gets the new IP address. If it doesn’t show up as 192.168.1.160 in the Connection List, then reboot it. That should force it to grab a ‘new’ DHCP address and should grab 192.168.1.160.

Using a DHCP reservation instead of setting a static IP in the Mikrotik means that if someone ever hits the Reset button the Fios router (it happens…) then the Mikrotik will just get a new DHCP address and won’t conflict with anything else on the network. After a reset the static DHCP rule will be gone, but the router will still work inside the home. You WILL lose remote connectivity to it, though, because the DMZ Host setting will go back to being off and the IP address of the Mikrotik will be different anyway… but that is a less critical issue than having an IP conflict that takes the customer’s whole network down because your static IP is the same as a DHCP address that the Fios hands out after a reset… ask me how I know….

Go to the Firewall Settings page in the Fios router and click on DMZ Host on the left side. Check the checkbox and type in 192.168.1.160 into the IP address field. Click Apply.

Now your Mikrotik is ‘wide open’ to the internet. You don’t need to worry about any port forwarding or firewall rules in the Fios router at this point. Everything coming in from the WAN can pass right through to the Mikrotik.

Since you’ll want the Mikrotik doing ‘everything’ on the LAN, you’ll probably want to disable the WiFi of the Fios router. (Of course you’ll need wireless access point(s) hanging off of the Mikrotik now). If someone connects to the Fios’ WiFi, they will be on a different subnet from the LAN on the Mikrotik. This is fine if they only need access to the Internet, but they won’t see anything behind the Mikrotik’s firewall.

Go into the Fios router’s Wireless Settings page. Click on Basic Security Settings on the left. The first thing on the page is a Wireless On/Off radio button. Click the Off and then Apply at the bottom of the page.

With a few minor exceptions, you can now treat the Mikrotik as if it is the ‘only’ router in the system. You will only need to set up firewall rules for port forwarding, VPN, etc in the Mikrotik and you won’t even need to log in to the Fios router.


Tagged:
  • Springs

    MUCH BETTER!

    On step 3.
    Change that to “Change the start address to 192.168.1.50.”

    What this does, is makes it really easy to know what happened when someone calls for help.
    Whats your IP address?
    192.168.1.4

    OK.

    Someone reset the router and either took out the mikrotik or is connected to the FIOS wireless. Just cuts down on trouble shooting.

    ABSOLUTELY set up remote admin on the FIOS ROUTER!
    Fios Router 192.168.1.1
    Firewall
    Yes
    Remote Administration
    Check Using Primary HTTPS Port (443)

    This will let you log into the fios router from outside the network.

    If you are trouble shooting… start from the base and work your way up.

    After you are done with that..
    Advanced
    Yes
    Configuration File
    Save Configuration File

    Now put that *.cfg file in some client specific place.
    When someone presses reset on the router.. this will restore it to where you were without all the retyping.

  • Cams

    Would this kinda be the same concept when using a Comcast business modem\router as well?

    • admin

      Yes, except you can’t set a static DHCP reservation in the Comcast business router (SMC in our area). You have to give the mikrotik a static IP outside of the Comcast’s DHCP range, then set that as the DMZ Host. Oh, and no remote admin on those routers either…. at least nothing that’s available to end users.

  • scott
    • admin

      Thx for the link! I only ever tried this at one site and I couldn’t get it to work and have been doing it with a DMZ ever since (with no issues that I know of yet)