Ethernet routing fail

topcatsss · August 7, 2016, 3:05pm

I have a simple setup dhcp obtained over ether1 which sets routes etc.

but once it gets the dhcp it appears not to actually route the traffic.

config export attached:
any ideas where i'm going wrong

jan/01/2002 06:04:07 by RouterOS 6.37rc11

/interface bridge
add admin-mac=4C:5E:0C:A5:DA:92 auto-mac=no name=bridge-49Secure
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] master-port=ether2-master
set [ find default-name=ether7 ] master-port=ether2-master
set [ find default-name=ether8 ] master-port=ether2-master
set [ find default-name=sfp1 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=OWL-DART-49Secure wpa2-pre-shared-key=Password1
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=OWL-DART-48Public supplicant-identity="" wpa-pre-shared-key=Password2
wpa2-pre-shared-key=Password2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country="united kingdom" disabled=no frequency=auto max-station-count=100 mode=ap-bridge name=wlan-49Secure
security-profile=OWL-DART-49Secure ssid=OwlDart wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface wireless nstreme
set wlan-49Secure enable-polling=no
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:A5:DA:9A master-interface=wlan-49Secure mode=ap-bridge multicast-buffering=disabled name=wlan-48Public security-profile=
OWL-DART-48Public ssid=TheFirs vlan-id=48 wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=owl-dart-pool ranges=192.168.49.100-192.168.49.250
add name=owl-dart-poolpublic ranges=192.168.48.10-192.168.48.250
/ip dhcp-server
add add-arp=yes address-pool=owl-dart-pool disabled=no interface=bridge-49Secure lease-time=1w name=dhcp-49Secure
/interface bridge port
add bridge=bridge-49Secure interface=ether2-master
add bridge=bridge-49Secure interface=wlan-49Secure
/interface ethernet switch vlan
add vlan-id=48
/ip address
add address=192.168.49.1/24 interface=bridge-49Secure network=192.168.49.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.49.0/24 dns-server=192.168.49.1 domain=dart.the-owls.local gateway=192.168.49.1 ntp-server=192.168.49.1
/ip dns
set servers=208.67.222.222,208.67.220.220
/ip dns static
add address=192.168.88.1 name=router
add address=192.168.49.1 name=owl-dart-router
add address=192.168.49.2 name=owl-dart-win
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related disabled=yes
add action=drop chain=input comment="defconf: drop all from WAN" disabled=yes in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" dst-address-list="" out-interface=ether1 src-address=192.168.49.0/24
/ip smb
set domain=THE-OWLS
/lcd interface pages
set 0 interfaces=*1
/system clock
set time-zone-name=Europe/London
/system identity
set name=OWL-DART-LanLocal
/system ntp server
set enabled=yes manycast=no
/system routerboard settings
set silent-boot=yes
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge-49Secure
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge-49Secure
/tool sniffer
set filter-interface=ether1
[admin@OWL-DART-LanLocal] >

IntrusDave · August 7, 2016, 3:31pm

try this:

/ip dns
set allow-remote-requests=yes

topcatsss · August 7, 2016, 4:13pm

thanks for that, not noticed I had missed that.

however i’m not getting any traffic being routed at the moment out so dns is not the issue.

IntrusDave · August 7, 2016, 4:19pm

I don’t see you accepting traffic from the lan.

/ip firewall filter
add action=accept chain=forward ininterface=bridge-49Secure place-before=0
add action=accept chain=input ininterface=bridge-49Secure place-before=0

topcatsss · August 7, 2016, 4:33pm

I have tried pinging the gateway from the board and it just times out

IntrusDave · August 7, 2016, 4:35pm

I would disable all of the filter rules and see if it passes.

topcatsss · August 12, 2016, 1:35pm

All rules removed / disabled apart from the nat and still not going anywhere

IntrusDave · August 12, 2016, 2:41pm

Reset and start over. The only thing you absolutely need is…

IP address on WAN interface.
IP address on LAN interface.
src-nat rule for masquerade on WAN interface.

The “nice things” would be…

IP Pool for DHCP server
DHCP config for LAN subnet
DNS servers in dns settings - accept remote quests on
basic set of filter rules on input and forward (accept established, related) (accept new on LAN) (default drop)