Hi All,
So here is a setup I have tried to do at my Inlaws place.
Mikrotik HAP Lite router, Internet Port is connected to the ISP Supplied ADSL Router.
I have disabled the WIFI and DHCP Server on the ISP ADSL Router.
There are 2 devices connected to the Ethernet Ports 2 and 3.
All other clients are connecting with wifi to the HAP Lite Router.
The HAP is using the default config, except I have made some changes:
I have removed the DHCP Client, Configured the IP Address, Route, DNS manually
DHCP Server pool is 192.168.88.128/25 (to dish out addresses from 128 to 254).
Then I have static Leases set for specific clients (in the range of 192.168.88.0/25, so addresses 10 to 127)
The reason I have done this is for the static lease clients, to give them a different rate-limiting queue (higher speed)
the clients that are assigned DHCP addresses from 128 to 254 have a different rate-limiting queue (lower speed)
(I could have done a seperate Virtual Wifi SSID to split it up, but I want it to be transparent to the user, so they all connect to the same SSID)
I have a PPTP outbound onnection to my Mikrotik router, so that I can remotely admin their router.
It was all working fine. Then all of a sudden I noticed that my Laptop (UBUNTU) and Android Phone, report ‘Connected - No Internet’. But they are still able to browse through that connection fine (and It is through the connection, because I disable mobile data on the phone).
Anybody care to give a quick look at my code, and tell me where I have gone wrong.
Thanks
Peter
# apr/29/2019 16:54:27 by RouterOS 6.44.3
# software id = DFVY-73PH
#
# model = RouterBOARD 931-2nD
/interface bridge
add admin-mac=64:D1:54:C1:7C:ED auto-mac=no comment=defconf fast-forward=no \
name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether2-master
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pptp-client
add connect-to=xxxxx.ddns.net disabled=no name=pptp-out1 password=\
xxxxxx user=xxxxxxxxxx
/interface list
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=secured_wpa \
supplicant-identity="" wpa-pre-shared-key=XXXXXXXX wpa2-pre-shared-key=\
XXXXXXXX
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge \
security-profile=secured_wpa ssid=xxxxxx_home wireless-protocol=802.11
/ip firewall layer7-protocol
add comment="Block Bit Torrent" name=layer7-bittorrent-exp regexp="^(\\x13bitt\
orrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?inf\
o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\
RP]"
/ip pool
add name=default-dhcp ranges=192.168.88.128-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no \
interface=bridge lease-time=1m name=defconf
/queue simple
add burst-limit=768k/3M burst-time=10s/10s max-limit=512k/3M name=\
priority_users target=192.168.88.0/25
add burst-limit=384k/1M burst-time=10s/10s max-limit=128k/512k name=\
other_users target=192.168.88.128/25
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
/interface list member
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=192.168.1.5/24 interface=ether1 network=192.168.1.0
/ip dhcp-server lease
add address=192.168.88.15 client-id=1:98:29:a6:ca:1c:e8 comment=XXXX-CELL \
mac-address=98:29:A6:CA:1C:E8 server=defconf
add address=192.168.88.18 client-id=1:8c:f5:a3:a:b2:e1 comment=YYYY-CELL \
mac-address=8C:F5:A3:0A:B2:E1 server=defconf
add address=192.168.88.14 client-id=1:64:12:69:32:82:de comment=DSTV-EXPLORA \
mac-address=64:12:69:32:82:DE server=defconf
add address=192.168.88.16 comment=XXXX-LAPTOP mac-address=70:F1:A1:47:35:DE \
server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=passthrough chain=forward comment="Priority Users - Download" \
dst-address=192.168.88.0/25 src-address=!192.168.88.0/24
add action=passthrough chain=forward comment="Priority Users - Upload" \
dst-address=!192.168.88.0/24 src-address=192.168.88.0/25
add action=passthrough chain=forward comment="Other Users - Download" \
dst-address=192.168.88.128/25 src-address=!192.168.88.0/24
add action=passthrough chain=forward comment="Other Users - Upload" \
dst-address=!192.168.88.0/24 src-address=!192.168.88.128/25
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Accept Winbox Access from Public LAN" \
dst-port=8291 protocol=tcp src-address=192.168.1.0/24
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input comment="Accept Winbox Access from Public LAN" \
dst-port=5978 protocol=udp src-address=192.168.1.0/24
add action=add-src-to-address-list address-list=Torrent-Conn \
address-list-timeout=2m chain=forward layer7-protocol=\
layer7-bittorrent-exp src-address=192.168.2.0/24 src-address-list=\
!allow-bit
add action=drop chain=forward dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \
src-address-list=Torrent-Conn
add action=drop chain=forward dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp \
src-address-list=Torrent-Conn
add action=accept chain=input comment="Allow All Traffic on PPTP" \
in-interface=pptp-out1
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1 log=yes
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment="Normal Forward - No Fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1
/ip route
add distance=1 gateway=192.168.1.254
/ppp secret
add name=xxxxxx password=xxxxxx
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=XXXXXX
/system ntp client
set enabled=yes primary-ntp=196.4.160.4 secondary-ntp=196.26.5.10
/system watchdog
set automatic-supout=no no-ping-delay=15m watch-address=8.8.8.8
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox