Allowing a VLAN to Access WAN(Internet)

trister1530 · January 22, 2024, 7:31pm

Hi,

I just can’t get a device on a VLAN to access the WAN. The VLAN is tagged on my Access Point - SSID mapped to VLAN. I’m sure it is the firewall configuration.

add action=accept chain=forward in-interface=vlan200 log-prefix=vlan200forwardpermit
add action=accept chain=input in-interface=vlan200 log-prefix=vlan200inputpermit
add action=accept chain=forward in-interface=all-vlan log-prefix=“All VLANs to WAN” out-interface-list=WAN

It’s not the VLAN setup, as I can join the SSID, I get an IP Address assigned, just no access to the internet. I’ve searched the forum with little luck.

Any assistance would be greatly appreciated.

software id = F81Q-886N

model = RB5009UG+S+

jvanhambelgium · January 22, 2024, 9:01pm

What about any NAT/Masquerading config ? Can you export that ?

trister1530 · January 22, 2024, 9:03pm

/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=HomeAssistant dst-port=8123 in-interface-list=WAN protocol=tcp to-addresses=192.168.0.50 to-ports=8123

Only one entry on top of the default config

trister1530 · January 22, 2024, 9:37pm

Installed Version 7.11

danergo · August 18, 2024, 9:20pm

Hi, did you ever solved this? I’m having the same problem!

erlinden · August 19, 2024, 6:16am

A complete export of /ip/firewall would be very helpfull. Even better…a complete export:

/export file=anynameyoulike

Remove serial and any other private info.

tser45239 · August 19, 2024, 1:23pm

Without a config export it is hard to tell what is wrong.

Did you set a route to 0.0.0.0/0 through your wan interface? Is DNS conifgured correctly?