Hi,
I have a RouterBOARD cAP Gi-5acD2nD with an LTE router connected to ether1 as primary internet gateway, and another LTE router (with another ISP) connected to ether2.
Routing internet over ether1 works fine, as expected. But routing internet over ether2 doesn’t work at all.
I have searched the forums but this seems like a very specific problem. The firmware is 6.43.8
Can anyone help me with this please?
ether1 = 192.168.18.2, and the LTE router is 192.168.18.1.
ether2-PoeOut = 10.0.0.1 with the LTE router on 10.0.0.254.
From the MikroTik, I can ping 10.0.0.254 but none of my PC’s can ping 10.0.0.254
From the console, I can ping google.com without a problem, but pining google.com over the ether2 interface fails.
[admin@MikroTik] > /ping google.com
SEQ HOST SIZE TTL TIME STATU
0 216.58.223.14 56 52 79ms
1 216.58.223.14 56 52 69ms
2 216.58.223.14 56 52 72ms
sent=3 received=3 packet-loss=0% min-rtt=69ms avg-rtt=73ms max-[admin@MikroTik] > /ping google.com interface=ether2-PoeOut
SEQ HOST SIZE TTL TIME STATU
0 216.58.223.14 timeot
1 216.58.223.14 timeot
2 216.58.223.14 timeot
3 216.58.223.14 timeot
sent=4 received=0 packet-loss=100%
The LTE router on 10.0.0.254 works fine if I connect directly to it from my PC.
feb/03/2019 22:31:05 by RouterOS 6.43.8
software id = MKII-15HB
model = RouterBOARD cAP Gi-5acD2nD
serial number = xxxxxxx
/interface bridge
add admin-mac=64:D1:54:F6:18:01 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MyWiFi
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=
20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto mode=
ap-bridge ssid=MyWiFi-5G wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-LTE
set [ find default-name=ether2 ] name=ether2-PoeOut
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile
supplicant-identity=MikroTik
/interface wireless
add disabled=no mac-address=66:D1:54:F6:18:04 master-interface=wlan2 name=
wlan3 security-profile=profile ssid=MyWiFi-Guest
add disabled=no mac-address=66:D1:54:F6:18:03 master-interface=wlan1 name=
wlan4 security-profile=profile ssid=MyWiFi-Guest
/ip pool
add name=dhcp ranges=192.168.10.100-192.168.10.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=dhcp1
/interface bridge filter
add action=drop chain=forward in-interface=wlan3
add action=drop chain=forward out-interface=wlan3
add action=drop chain=forward in-interface=wlan4
add action=drop chain=forward out-interface=wlan4
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1-LTE
add bridge=bridge comment=defconf disabled=yes interface=ether2-PoeOut
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=wlan3
add bridge=bridge interface=wlan4
/interface list member
add interface=ether1-LTE list=WAN
add interface=bridge list=LAN
/interface wireless access-list
add ap-tx-limit=5000000 interface=wlan4
add ap-tx-limit=5000000 interface=wlan3
/ip address
add address=192.168.18.2/24 interface=ether1-LTE network=192.168.18.0
add address=192.168.10.1/24 interface=wlan1 network=192.168.10.0
add address=10.0.0.1/24 disabled=yes interface=ether2-PoeOut network=10.0.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=
ether2-PoeOut
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1 netmask=24
/ip dns
set servers=192.168.18.1,192.168.10.1,8.8.8.8
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether2-PoeOut to-addresses=
0.0.0.0
/ip route
add check-gateway=ping distance=1 gateway=192.168.18.1
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1-LTE type=external
/system clock
set time-zone-name=Africa/Johannesburg
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
source="\r
\n :if ([system leds settings get all-leds-off] = "never") do={\r
\n /system leds settings set all-leds-off=immediate \r
\n } else={\r
\n /system leds settings set all-leds-off=never \r
\n }\r
\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN