DHCP server enabled and clients have new IPs but no internet access

inna · February 9, 2024, 7:15am

Hello everyone,
I have an ADSL modem with the subnet 192.168.1.1/24. I set up the repeater bridge mode in the Mikrotik and I created a new wireless network, called Repeater, and the ADSL’s wireless network is called Zyxel.
The very first time, the wireless network Repeater is only repeating the Zyxel and when I connect to Repeater, I have internet access and my private IP is something like 192.168.1.20, and I can visit all websites like google.

Now I create a DHCP server on my Mikrotik within the subnet 192.168.73.1/24. Now if I connect to Repeater, my private IP is 192.168.73.2 for example, and in the Mikrotik > IP > DHCP Server > Leases, I see I’m connected. I see in my ipconfig[i/] in my Windows CMD that my gateway is 192.168.73.1 and when I open the gateway, I see the Mikrotik admin page.
But the issue is I don’t have any internet access in this case.

I see in IP > Firewall > Connections that my laptop is sending an ICMP request but I don’t have any internet access.

This is how I created an activated the repeater mode in Mikrotik: I created a security profile to connect to my ADSL modem. I created a Wireless interface to connect to my Zyxel modem, then I created a virtual interface called Repeater so I can connect to my Mikrotik.

Are there anything I didn’t do or did I do anything wrong in this case?

I hope I said the required data to see what’s done up to now.

Mikrotik model: RB941-2nD
Firmware version: 6.48.6

Thanks in advance

baragoon · February 9, 2024, 11:41am

not really, you forgot to post your Mikrotik config

bpwl · February 9, 2024, 12:03pm

Indeed config is needed. Many things can be missing.

I see the Mikrotik admin page.

But can you get to the modem (192.168.1.1) from 192.168.73.2 ?
What is used? Masquerade/srcnat on the modem/MT line? Or Modem has been told 192.168.73.0/24 is via the MT router ?
Some modems don’t have IP route settings for the LAN, then Masquerade/srcnat is needed on the MT, for the return path. (Typical default WAN connection case on MT to modem, not bridge mode)

inna · February 9, 2024, 12:03pm

Hello, here you are.
I hope I removed the important data like mac address and passwords. I see no more important data to be public:

# feb/08/2024 13:12:29 by RouterOS 6.48.6
# software id = X4F2-673A
#
# model = RB941-2nD
# serial number = HCX085JJMFP
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=iran disabled=no \
    frequency=2447 mode=station-pseudobridge ssid=Zyxel_9021
add disabled=no keepalive-frames=disabled mac-address=MY_MIKROTIK_MAC_ADDRESS \
    master-interface=wlan1 multicast-buffering=disabled name=wlan2 ssid=\
    VahidRepeater wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=SEC_PROFILE_PASSWORD \
    wpa2-pre-shared-key=SEC_PROFILE_PASSWORD
/ip pool
add name=dhcp ranges=192.168.73.2-192.168.73.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge nat
add action=accept chain=dstnat disabled=yes in-bridge=bridge1 in-bridge-list=\
    all in-interface=wlan2 in-interface-list=all
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=wlan2
/interface list member
add interface=wlan1 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=wlan2 list=WAN
/ip address
add address=192.168.73.1/24 interface=ether1 network=192.168.73.0
/ip dhcp-client
add interface=bridge1
/ip dhcp-server network
add address=192.168.73.0/24 gateway=192.168.73.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=accept chain=forward disabled=yes dst-address=192.168.1.1 \
    out-interface=wlan1 src-address=0.0.0.0
/ip firewall nat
add action=masquerade chain=srcnat connection-type="" disabled=yes \
    dst-address=192.168.1.1 out-interface=bridge1 src-address=0.0.0.0
add action=accept chain=dstnat disabled=yes dst-address=192.168.1.1 \
    src-address=0.0.0.0
/ip route
add distance=1 gateway=192.168.73.1
/system clock
set time-zone-name=Asia/Tehran
/system identity
set name=RouterOS

I also tried adding some NAT rules but didn't work and then I disabled them again.

inna · February 9, 2024, 12:16pm

Thanks, I added the MT config in the fourth post.

But can you get to the modem (192.168.1.1) from 192.168.73.2 ?

No, I cannot see this IP from 73/24. But I only can see 73.1 which opens MT web page.

I posted the full config.
I did nothing on my ADSL modem. The MT only connects to it as a client and I did other configs on my MT.

bpwl · February 9, 2024, 1:53pm

OK , some remarks.

see this story, about the use of station-pseudobridge: http://forum.mikrotik.com/t/hap-mini-as-wifi-client-switch/173424/1
decide as in the above story about using either
the bridged solution (with station-pseudo bridge)
or
the routed solution with masquerade/SRCNAT as the ADSL modem is limited in settings
SRC-NAT is done in the FW (the default masquerade rule was there, for all traffik going out the WAN-interfacelist).
“Bridge NAT” is for MAC addresses, not usefull here.
use mode “station” for the routed solution, no station-pseudobridge
WLAN1 should not be a port on the bridge, for the routed solution. WLAN2 is port on the bridge
add WLAN1 to the WAN interface list
add bridge to the LAN interface list
ports on a bridge are slave interfaces only. The handling (like DHCP and and interface list) is defined by the bridge only, not by the interface membership.
LAN and WAN interface lists are used by the default configuration settings ( eg: deny incoming if not from LAN list (!LAN) , masquerade if outgoing interface is in WAN list)
WLAN1 gets a 192.168.1.x IP address (or has a DHCP client there.)
The bridge has the 192.168.73.1 IP address.
(ether1 address is maybe used correctly by bridge, but is a sub-optimal configuration. Address setting not refused by ROS, like the DHCP server would be refused)
Source NAT (or masquerade for automatic NAT address selection) is OK. It is for all destinations (0.0.0.0/0), and source filter 192.168.73.0/24, if outgoing interface is on the WAN interface list.
DST nat seems not usefull here. (is for forwarding incoming requests from the modem to a MT LAN connected device)