Help... Setup NAT ON RB2011UiAS-2HnD Failed....

cysergtlo · December 11, 2022, 9:02am

Client Cant Ping To Internet or WAN
On Log its too much info about

srcnat: in:(unknown 0) out:ether2_WAN, src-mac.....

This my config source :

# model = RB2011UiAS-2HnD

/interface bridge
add fast-forward=no mtu=1500 name=bridge1

/interface ethernet
set [ find default-name=ether1 ] name=ether1_WANBK
set [ find default-name=ether2 ] name=ether2_WAN rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether5 ] name=ether5_LAN rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=sfp1 ] disabled=yes

/interface wireless
set [ find default-name=wlan1 ] country=indonesia2 disabled=no \
    frequency-mode=manual-txpower mode=ap-bridge ssid=PERBEND

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode= dynamic-keys wpa-pre-shared-key=........ wpa2-pre-shared-key=........

/ip pool
add name=dhcp_pool0 ranges=192.168.200.1-192.168.200.250

/ip dhcp-server
add address-pool=dhcp_pool0 bootp-support=none disabled=no interface=ether5_LAN lease-time=3d10m name=dhcp1

/interface bridge port 
add bridge=bridge1 fast-leave=yes interface=ether1_WANBK point-to-point=no restricted-role=yes trusted=yes
add bridge=bridge1 fast-leave=yes interface=wlan1 point-to-point=no trusted=yes

/interface bridge settings
set use-ip-firewall=yes

/ip settings
set accept-redirects=yes accept-source-route=yes secure-redirects=no

/ip address
add address=192.168.200.254/24 interface=ether5_LAN network=192.168.200.0

/ip dhcp-client
add add-default-route=no disabled=no interface=bridge1 use-peer-dns=no use-peer-ntp=no
add add-default-route=no disabled=no interface=ether2_WAN use-peer-dns=no use-peer-ntp=no

/ip dhcp-server network
add address=192.168.200.0/24 dns-server=192.168.200.254 gateway=192.168.200.254 netmask=24 ntp-server=192.168.200.254
add address=192.168.222.0/24 dns-server=192.168.222.254 gateway=192.168.222.254 netmask=24 ntp-server=192.168.222.254

/ip dns
set allow-remote-requests=yes servers=172.25.5.1,192.168.30.1,8.8.8.8

/ip firewall nat
add action=masquerade chain=srcnat log=yes out-interface=ether2_WAN

/ip route
add distance=30 gateway=172.25.5.1
add disabled=yes distance=1 dst-address=10.10.0.0/16 gateway=172.25.5.1
add distance=1 dst-address=172.18.0.0/24 gateway=172.25.5.1

erlinden · December 11, 2022, 9:42am

Mmmm…a lot of things not making sense:

where are your firewall filter rules?
why is there a DHCP client on the bridge?
what is the purpose of the 192.168.222.x network?
/ip dns has the 192.168.30.1 entry…are you behind NAT?
why the static routes?
less important…WPA-PSK? You can (nearly) leave the Wifi open

Maybe some additional info will give more insight on where you are using the RB and how.

cysergtlo · December 11, 2022, 10:07am

where are your firewall filter rules? i not setup any filter rules for now…
why is there a DHCP client on the bridge? I have 2 WAN Gateway ( Eth1 [192.168.30.1] and Eth2 [172.25.5.1] and both is DHCP so i make bridge to combine Wifi with Eth1 )
what is the purpose of the 192.168.222.x network? Sorry thats for my plan if Mikrotik wifi have DHCP Server
/ip dns has the 192.168.30.1 entry…are you behind NAT? yes
why the static routes? Cause I Have 2 Gateway thats for next plan to make Special Route Which i will manage it later after My Client can connect to internet
less important…WPA-PSK? You can (nearly) leave the Wifi open Noted

erlinden · December 11, 2022, 10:15am

May I suggest starting from scratch…getting everything in place correctly (not many interfaces on the bridge), and then reconfigure to multi WAN?

cysergtlo · December 11, 2022, 10:31am

Actualy My Wifi has problem too.. it always Italic text Interface Name even i was setup DHCP server for it..but if i combine with Bridge the problem was solved. But still client 192.168.200.0/24 always fail connect to internet. but Wifi Client 192.168.30.0/24 from bridge can Connect To Internet.

I do listing all my config to hope that maybe someone can correct the code that causes the NAT setting to fail

anav · December 11, 2022, 3:30pm

What erlinden is saying is that nothing about your config is standard or default, you have funny settings that most dont use all over the place.

In other words start with the default settings see what works and then we can go from there to add functionality… If I get time I will post something you can use… busy at the moment

cysergtlo · December 13, 2022, 5:02am

Problem was solved… ISP was block my nat using limit from TTL