Do not forget the masquerade nat rule.

Sent from Android by Tapatalk.

Does your default route (0.0.0.0) lead to your ISP gateway? And is this gateway reachable? If not, you will not be able to connect to internet.

Ok, you do not want to use dhcp server because you want to have fixed IPs. Have you considered to set static leasing of IP addresses?

Have you tried to ping external ip from the router? does it work? and from a device in the network?

Or you have problem with DNS resolving?

What ping directions have you tried with what result?

Are you connected to winbox by MAC or by IP?

Try this:

Code: Select all

ping www.google.com

It should resolve the ip and test the ping time. It should work. At least. You can end it by ctrl-c.
If not, try to ping 8.8.8.8. Does work?

Try to ping from router to local device. It should work also.

Than, I would say, you should have enabled some firewall rules. Something like this:

Code: Select all

/ip firewall filter
add chain=forward comment=Established connection-state=established
add chain=input comment=Established connection-state=established
add action=drop chain=input comment="DNS from WAN" dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=input comment="DNS from WAN" dst-port=53 in-interface=ether1 protocol=udp
add chain=input comment=Related connection-state=related
add chain=forward comment=Related connection-state=related
add action=drop chain=input comment=Invalid connection-state=invalid
add action=drop chain=forward comment=Invalid connection-state=invalid
add chain=input comment=Ping protocol=icmp
add action=drop chain=input comment="Drop All - WAN" in-interface=ether1
add action=drop chain=forward comment="Drop All - WAN" in-interface=ether1

What about setting the DNS in router? This is for what:

Code: Select all

/ip dns static
add address=72.29.224.33 name=DNS1
add address=72.29.224.50 name=DNS2

?

You should have the addresses of external dns servers in "servers", not in assignments. And enable "allow remote requests". Now test the ping to http://www.google.com from console again. It should work.

After that, it should be the question of setting the IP parameters to local network devices. They should have the local net ip address of router as default gateway and as dns server.

I would suggest to try the QuickSet (first option in Winbox menu), set AP or HomeAP and let it work. Then everything should work for you. After that, try to understand what each setting is for and try to adapt it to your special needs. It could be easier start for you than trying to configure router from scratch for the first time.

Thanks Jarda. I'm connecting with Winbox. Yes, I realized that I put the DNS servers in the static section of the setup. I corrected that and I can now ping both http://www.google.com and an IP address so DNS is fine now.

I have the 10.1.1.1 (Router's LAN IP on eth2) set as both the gateway and DNS server for the laptop plugged into eth6 on the router. No luck on pinging 10.1.1.1 nor a public IP or a domain.

ip route print

Thanks Jarda. I'm connecting with Winbox. Yes, I realized that I put the DNS servers in the static section of the setup. I corrected that and I can now ping both http://www.google.com and an IP address so DNS is fine now.

I have the 10.1.1.1 (Router's LAN IP on eth2) set as both the gateway and DNS server for the laptop plugged into eth6 on the router. No luck on pinging 10.1.1.1 nor a public IP or a domain.

I am sure, you are connecting by winbox. But by IP or by MAC? Probably by MAC.

By IP. I never had to use MAC. I used serial cable for initial WAN IP setup and as soon as I did that, I used IP thru Winbox.

Good to read that connection out works. What do you see in

Code: Select all

ip route print

?

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 xxx.xx.xxx.1 1
1 DC 10.1.1.0/24 10.1.1.1 ether2 255
2 ADC xxx.xx.xxx.0/25 xxx.xx.xxx.5 ether1 0

If you connect device to ether6, you have to set the default GW and DNS server of the device to 10.1.1.2. Because this is the ip address of the bridge and therefore the ip address of the router in this network. Not the 10.1.1.1.

I removed the bridge and instead set up a DHCP server on eth2 and I pointed my laptop to 10.1.1.1
/ip dhcp-server
add disabled=no interface=ether2 name=DHCP1 relay=10.1.1.1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp ranges=10.1.1.3-10.1.1.254
add name=dhcp_pool1 ranges=10.1.1.3-10.1.1.254
add name=dhcp_pool2 ranges=10.1.1.3-10.1.1.254

/ip dhcp-server lease
add address=10.1.1.6 mac-address=00:14:22:CE:53:24
/ip dhcp-server network
add gateway=10.1.1.1
add address=10.1.1.0/24 gateway=10.1.1.1 netmask=24

Even though I added a static lease, it shows as status waiting for some reason...

Why you have added different IP address to ether2?

I only have 10.1.1.1 as the IP for eth2. Not sure what you mean...

When you write about pinging, always write from-to you are pinging.

add address=10.1.1.1/24 interface=ether2 network=10.1.1.0
add address=10.1.1.2/24 interface=Bridge_6-10 network=10.1.1.0

This will cause some routing confusion. You have the same subnet on two interfaces.

add address=10.1.1.1/24 interface=ether2 network=10.1.1.0
add address=10.1.1.2/24 interface=Bridge_6-10 network=10.1.1.0

So what is new? Everything works as it should or are you still facing any problems?

Is the laptop on the WAN interface (ether1)? If so, then the laptop has the wrong default gateway to access the internet.

Is there a device connected to ether2?

Laptop settings:
IP: xxx.xx.xxx.120
Subnet: 255.255.255.128
Default Gateway: xxx.xx.xxx.5
DNS1: xxx.xx.xxx.5

If ether1 is the WAN interface and the laptop is on ether5, then this is wrong.

Laptop settings:
IP: xxx.xx.xxx.120
Subnet: 255.255.255.128
Default Gateway: xxx.xx.xxx.5
DNS1: xxx.xx.xxx.5

If ether2 to ether5 are on a switch, then it should be something like this. The dns ip may be wrong.
IP: 10.1.1.120
Subnet: 255.255.255.0
Default Gateway: 10.1.1.1
DNS1: 10.1.1.1

I am not using a switch at all. I was under the assumption that once you set up your WAN/LAN ports on the switch you can use the rest of the ports, in my case ether3-ether10 to plug in devices directly into the router.

What I'm trying to do is set up the router in the following way:
Ether1 - Router WAN port
Ether2 - Router LAN port
Ether3 - Ether5 - Ports to plug in devices that will have publicly accessible IPs
Ether6 - Ether10 - Ports to plug in devices that will be behind a LAN and can only be pinged / accessed if you are within the same network but are not accessible otherwise.