Hello all,
I have tried to configure my router for internet, it shows I have internet but cannot browse the internet on it, also cannot ping the gateway.
This is my configure.
Please help, what am I doing wrong?
[admin@MSMSL HOME] > export compact

feb/09/2018 11:03:02 by RouterOS 6.41.1

software id = 2USS-HUBP

model = 951Ui-2HnD

serial number = 558304A8C5F2

/interface bridge
add comment="Bridge all ports" fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment="WAN port" name=ether1_WAN
set [ find default-name=ether2 ] comment="Master Lan Port" name=ether2_LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=
allowed mode=dynamic-keys name=WPA@ supplicant-identity=""
wpa-pre-shared-key=xxxxxxxxx wpa2-pre-shared-key=xxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge
security-profile=WPA@ ssid=MSMSLimited wireless-protocol=802.11
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool0 ranges=192.168.1.10-192.168.1.240
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 lease-time=10h name=
dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2_LAN
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=wlan1
/ip address
add address=155.93.121.254/30 comment="WAN Network" interface=ether1_WAN
network=155.93.121.252
add address=192.168.1.1/24 comment="LAN Subnet" interface=bridge1 network=
192.168.1.0
add address=192.168.1.1/24 interface=ether2_LAN network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=217.117.0.38,217.117.15.106
/ip firewall address-list
add address=192.168.1.0/24 list=MSLAN
add address=41.73.252.26 list=Remote
/ip firewall filter
add action=accept chain=input comment="Allow access from LAN" disabled=yes
src-address-list=MSLAN
add action=accept chain=input disabled=yes src-address-list=Remote
add action=drop chain=forward comment="Drop invalids" connection-state=invalid
disabled=yes
add action=accept chain=forward connection-state=new disabled=yes in-interface=
bridge1 log=yes
add action=accept chain=forward comment="Allow established connections"
connection-state=established disabled=yes log=yes
add action=accept chain=forward connection-state=r
add action=drop chain=forward
add action=accept chain=input
connection-state=establish
add action=accept chain=input
connection-state=related d
add action=drop chain=input co
disabled=yes log=yes
/ip firewall nat
add action=masquerade chain=sr
add action=masquerade chain=sr
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 sr
/ip route
add comment="Facing ISP gatewa
/system clock
set time-zone-name=Africa/Lago
/system identity
set name="MSMSL HOME"
/system leds
set 5 interface=wlan1
/system ntp client

Spotted two issues:

You do not give out a DNS server in /ip dhcp-server networks
You don’t have a default route configured - at least it doesn’t show in your export:

/ip route add gateway=155.93.121.253 distance=1

-Chris

Take a look at this example configuration. Read all the comments and verify you’re okay with it. Before applying this do a system reset configuration (no default, no backup). Then connect to it via WInbox over a MAC address.

Notes:
Apply this config in sections at a time. The Set interface names if you want can kick you out if you’re connected to the router over an interface name you changed. Say you’re on ether2 and you change the name to be etherTWO.

# Example configuration

/system identity
set name="MSMSL HOME"

# Set interface names if you want
/interface ethernet
set [ find default-name=ether1 ] name=ether-WAN
set [ find default-name=ether2 ] name=ether2
set [ find default-name=ether3 ] name=ether3
set [ find default-name=ether4 ] name=ether4

# Create a bridge and add ports that will be on the LAN side
/interface bridge
add name=bridge-LAN protocol-mode=none

/interface bridge port
add bridge=bridge-LAN interface=ether2
add bridge=bridge-LAN interface=ether3
add bridge=bridge-LAN interface=ether4
add bridge=bridge-LAN interface=wlan1

# Setup Wifi
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n disabled=no distance=indoors frequency=auto mode=ap-bridge wireless-protocol=802.11 wps-mode=disabled ssid="MSMSLimited"

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-key-update=60m mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key="MYPASSWORD"


# DHCP server for LAN
/ip pool
add name=dhcp_pool0 ranges=192.168.1.10-192.168.1.240
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-LAN lease-time=10h name=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1

# Assign IP addresses, one for WAN and one for LAN
/ip address
add address=155.93.121.254/30 interface=ether-WAN comment="WAN Network"
add address=192.168.1.1/24 interface=bridge-LAN comment="LAN Subnet"

# What is your default gateway for WAN?
/ip route
add distance=1 gateway=155.93.121.1

# Allow LAN access to router DNS server
/ip dns
set allow-remote-requests=yes servers=217.117.0.38,217.117.15.106


# Good default firewall. Drops everything you don't need.
/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Accept established related"
add chain=input action=accept in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=input action=drop comment="Drop all other input"
add chain=forward action=accept connection-state=established,related comment="Accept established related"
add chain=forward action=accept connection-state=new in-interface=bridge-LAN comment="Allow LAN access to router and Internet"
add chain=forward action=accept connection-nat-state=dstnat comment="Allow Port forwards"
add chain=forward action=drop comment="Drop all other forward"

# Default NAT
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN comment="Default masq"

# optional
/ip ssh
set strong-crypto=yes

Thank you.
Actually have a default route defined like you stated, but truly not giving out DNS server in dhcp server, which I’ve now applied.
Then pinged the gateway or internet, but still having time out whenever I have my NAT enabled, but when I disable NAT, the pings responded, but when enable NAT, the pings timed out.

What else could be wrong?

Hello,
I did this, when done, I tried pinging yahoo.com from the terminal, I got invalid value of mac-address, mac–address required blah blah
while resolving ip-address:could not get answer from dns server

[quote=normis post_id=641966 time=1518425011 user_id=5]
All MikroTik products support 3G/4G, if there is a USB port or a miniPCIe slot.

There is no need to specifically write “3G support”. Your images are wrong.
[/quote]

Hi Normis,

Please can you help with my original post?

I can ping gateway, ping yahoo or any address ONLY when I disable my NAT rule, but can’t when NAT is enabled.

What is WRONG?



Regards.

Prosper

[admin@MSMSL HOME] > export

feb/12/2018 10:35:11 by RouterOS 6.41.1

software id = 2USS-HUBP

model = 951Ui-2HnD

serial number = 558304A8C5F2

/interface bridge
add name=bridge-LAN protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether-WAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n disabled=no distance=indoors
frequency=auto mode=ap-bridge ssid=MSMSLimited wireless-protocol=802.11
wps-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-key-update=1h
mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=
mywifipassword
/ip pool
add name=dhcp_pool0 ranges=192.168.1.10-192.168.1.240
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-LAN lease-time=3d
name=dhcp1
/interface bridge port
add bridge=bridge-LAN interface=ether2
add bridge=bridge-LAN interface=ether3
add bridge=bridge-LAN interface=ether4
add bridge=bridge-LAN interface=wlan1
/ip address
add address=155.93.121.254/30 comment="WAN Interface" interface=ether-WAN
network=155.93.121.252
add address=192.168.1.1/24 comment="LAN Subnet" interface=bridge-LAN network=
192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=217.117.0.38,217.11.15.106 gateway=
192.168.1.1
/ip dns
set allow-remote-requests=yes servers=217.117.0.38,217.117.15.106
/ip firewall filter
add action=accept chain=input comment="Accept established related"
connection-state=established,related disabled=yes
add action=accept chain=input comment=
"Allow LAN Access to router and Internet" disabled=yes in-interface=
bridge-LAN
add action=drop chain=input comment="Drop all other connections" disabled=yes
add action=accept chain=forward comment="Accept established related"
connection-state=established,related disabled=yes
add action=accept chain=forward comment=
"Allow LAN Access to router and Internet" connection-state=new disabled=
yes in-interface=bridge-LAN
add action=accept chain=forward comment="Allow Port forwading"
connection-nat-state=dstnat disabled=yes
add action=drop chain=forward comment="Drop All Other Forwards" disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="Network Translation" disabled=yes
out-interface=ether-WAN
/ip route
add distance=1 gateway=155.93.121.253
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Africa/Lagos
/system identity
set name="MSMSL HOME"
/system ntp client
set enabled=yes primary-ntp=97.127.86.125 secondary-ntp=196.10.54.57
[admin@MSMSL HOME] >

With this config with the NAT disabled, I can ping the gateway and yahoo.com or internet from the terminal successfully, but my clients cannot connect to the internet, but when NAT is enabled, I cannot connect to the internet and still unable to ping internet or gateway from the terminal.

if you disable your firewall rules, is there any difference?

No difference.