Community discussions

MikroTik App
  4. RouterOS
  5. General

NAT with 2 bridges

Post Reply
 
Paulí
just joined
Topic Author
Posts: 2
Joined: Fri Feb 22, 2013 1:39 pm

NAT with 2 bridges

Fri Feb 22, 2013 2:23 pm

Hi.

I have RB433 with OS v6.0rc9.

I created bridge1 - ethernet1, ethernet2 and wireless1.
In ethernet1 is connected big network 10.1.0.0/16 with gateway 10.1.0.7 with DHCP.
In ethernet2 is PC, in wireless1 some notebooks.
Ethernet1 have 10.1.190.141 for remote configuration (winbox).
It all works perfectly.

I created bridge2 - ethernet3 and wireless2 (virtual).
In ethernet3 is switch.
I set DHCP for this bridge - 192.168.2.0/24 and connected computer get it correctly.
But, what I set NAT? I need only access to the internet (over gateway 10.1.0.7), but not to the 10.1.0.0 network.

I tryied:
/ip firewall nat add action=masquerade out-interface=ether1 chain=srcnat
(and again with source address 192.168.2.0/24)

But ping for example to the 8.8.8.8 not working.
Code: Select all
[admin@router1] > export
# jan/01/2002 02:20:48 by RouterOS 6.0rc9
# software id = LLZ8-4VIW
#
/interface bridge
add l2mtu=1522 name=bridge1 protocol-mode=rstp
add l2mtu=2290 name=bridge2 protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n basic-rates-b=1Mbps,2Mbps,5.5Mbps country=\
    "czech republic" disabled=no frequency=2432 frequency-mode=superchannel \
    l2mtu=2290 mode=ap-bridge name=wireless1 periodic-calibration=enabled \
    preamble-mode=long ssid=wireless1 supported-rates-a/g=6Mbps,9Mbps,12Mbps \
    wds-mode=static wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
    passthrough mode=dynamic-keys supplicant-identity=MikroTik \
    wpa-pre-shared-key=123456 wpa2-pre-shared-key=123456
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough mode=\
    dynamic-keys name=security2 supplicant-identity="" \
    wpa-pre-shared-key=12345678 wpa2-pre-shared-key=12345678
/interface wireless
add area="" arp=enabled bridge-mode=enabled default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes disable-running-check=no disabled=no hide-ssid=no \
    interworking-profile=disabled l2mtu=2290 mac-address=D6:CA:6D:11:12:64 \
    master-interface=wireless1 max-station-count=2007 mtu=1500 \
    multicast-buffering=enabled multicast-helper=default name=wireless2 \
    proprietary-extensions=post-2.9.25 security-profile=security2 ssid=\
    wireless2 update-stats-interval=disabled wds-cost-range=0 \
    wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=\
    disabled wmm-support=disabled
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none !keepalive-timeout
/ip pool
add name=dhcp_pool1 ranges=192.168.2.1-192.168.2.253
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge2 name=dhcp1
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=bridge interface=wireless1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether1
add bridge=bridge2 interface=wireless2
add bridge=bridge2 interface=ether3
/ip address
add address=10.1.190.141/16 interface=ether1 network=10.1.0.0
add address=192.168.2.254/24 interface=ether3 network=192.168.2.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=10.1.0.201,8.8.8.8 gateway=\
    192.168.2.254
/ip dns
set allow-remote-requests=yes servers=10.1.0.201
/ip settings
set accept-redirects=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 !to-addresses \
    !to-ports
/ip hotspot service-port
set ftp disabled=yes
/ip route
add distance=1 gateway=10.1.0.7
/ip service
set www-ssl disabled=no
set api disabled=no
/ip upnp
set enabled=yes
/system clock
set time-zone-name=Europe/Prague
/system clock manual
set time-zone=+01:00
/system identity
set name=router
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set wireless2 disabled=yes display-time=5s
set bridge disabled=yes display-time=5s
set bridge2 disabled=yes display-time=5s
set wireless1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
/system watchdog
set watchdog-timer=no
[admin@router] >
I tryied too:
Code: Select all
/ip address
add address=10.1.190.141/16 interface=bridge1 network=10.1.0.0
add address=192.168.2.254/24 interface=bridge2 network=192.168.2.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 !to-addresses \
    !to-ports
What is wrong? :(

Thanks in advance.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: NAT with 2 bridges

Tue Feb 26, 2013 4:02 pm

Well one thing is that you have the gateway IP on Ether3:
Code: Select all
add address=192.168.2.254/24 interface=ether3 network=192.168.2.0
That needs to be on the bridge.
Top
 
Paulí
just joined
Topic Author
Posts: 2
Joined: Fri Feb 22, 2013 1:39 pm

Re: NAT with 2 bridges

Wed Feb 27, 2013 9:02 pm

Unfortunately. I writed on the bottom of text. I try it.

But, thanks for reply.

Anything else advice, please. :)

(I am sorry for my discourtesy, I cannot write better in English.)
Top
Post Reply

Who is online

Users browsing this forum: mrman187, Question and 156 guests
  4. RouterOS
  5. General