I have RB433 with OS v6.0rc9.
I created bridge1 - ethernet1, ethernet2 and wireless1.
In ethernet1 is connected big network 10.1.0.0/16 with gateway 10.1.0.7 with DHCP.
In ethernet2 is PC, in wireless1 some notebooks.
Ethernet1 have 10.1.190.141 for remote configuration (winbox).
It all works perfectly.
I created bridge2 - ethernet3 and wireless2 (virtual).
In ethernet3 is switch.
I set DHCP for this bridge - 192.168.2.0/24 and connected computer get it correctly.
But, what I set NAT? I need only access to the internet (over gateway 10.1.0.7), but not to the 10.1.0.0 network.
I tryied:
/ip firewall nat add action=masquerade out-interface=ether1 chain=srcnat
(and again with source address 192.168.2.0/24)
But ping for example to the 8.8.8.8 not working.
Code: Select all
[admin@router1] > export
# jan/01/2002 02:20:48 by RouterOS 6.0rc9
# software id = LLZ8-4VIW
#
/interface bridge
add l2mtu=1522 name=bridge1 protocol-mode=rstp
add l2mtu=2290 name=bridge2 protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n basic-rates-b=1Mbps,2Mbps,5.5Mbps country=\
"czech republic" disabled=no frequency=2432 frequency-mode=superchannel \
l2mtu=2290 mode=ap-bridge name=wireless1 periodic-calibration=enabled \
preamble-mode=long ssid=wireless1 supported-rates-a/g=6Mbps,9Mbps,12Mbps \
wds-mode=static wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
passthrough mode=dynamic-keys supplicant-identity=MikroTik \
wpa-pre-shared-key=123456 wpa2-pre-shared-key=123456
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough mode=\
dynamic-keys name=security2 supplicant-identity="" \
wpa-pre-shared-key=12345678 wpa2-pre-shared-key=12345678
/interface wireless
add area="" arp=enabled bridge-mode=enabled default-ap-tx-limit=0 \
default-authentication=yes default-client-tx-limit=0 default-forwarding=\
yes disable-running-check=no disabled=no hide-ssid=no \
interworking-profile=disabled l2mtu=2290 mac-address=D6:CA:6D:11:12:64 \
master-interface=wireless1 max-station-count=2007 mtu=1500 \
multicast-buffering=enabled multicast-helper=default name=wireless2 \
proprietary-extensions=post-2.9.25 security-profile=security2 ssid=\
wireless2 update-stats-interval=disabled wds-cost-range=0 \
wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=\
disabled wmm-support=disabled
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none !keepalive-timeout
/ip pool
add name=dhcp_pool1 ranges=192.168.2.1-192.168.2.253
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge2 name=dhcp1
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=bridge interface=wireless1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether1
add bridge=bridge2 interface=wireless2
add bridge=bridge2 interface=ether3
/ip address
add address=10.1.190.141/16 interface=ether1 network=10.1.0.0
add address=192.168.2.254/24 interface=ether3 network=192.168.2.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=10.1.0.201,8.8.8.8 gateway=\
192.168.2.254
/ip dns
set allow-remote-requests=yes servers=10.1.0.201
/ip settings
set accept-redirects=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 !to-addresses \
!to-ports
/ip hotspot service-port
set ftp disabled=yes
/ip route
add distance=1 gateway=10.1.0.7
/ip service
set www-ssl disabled=no
set api disabled=no
/ip upnp
set enabled=yes
/system clock
set time-zone-name=Europe/Prague
/system clock manual
set time-zone=+01:00
/system identity
set name=router
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set wireless2 disabled=yes display-time=5s
set bridge disabled=yes display-time=5s
set bridge2 disabled=yes display-time=5s
set wireless1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
/system watchdog
set watchdog-timer=no
[admin@router] >
Code: Select all
/ip address
add address=10.1.190.141/16 interface=bridge1 network=10.1.0.0
add address=192.168.2.254/24 interface=bridge2 network=192.168.2.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 !to-addresses \
!to-ports
Thanks in advance.