Hi, I’m a total noob to RouterOS, and I’ve been trying for almost a week to get my Routerboard RB2011UiAS-2HnD-IN working to replace an old WRT54GL running DD-WRT.

I can ping the internet from the router, but I can’t access the internet from any of the bridge ports. I can’t ping my local WAN port address from any bridge port.

First I tried the Home AP quick set, then I configured step-by-step using the manual’s Initial Configuration. I checked routes and NAT and all the other stuff mentioned in the Initial Configuration steps 5-6 times, and even though it looks good as far as I know, it doesn’t work. Disabling the firewall didn’t help either.

Currently I have the old router connected to the new router for internet access.

Could use some help, please.

Here’s my interface and IP configuration…

dec/19/2018 12:44:29 by RouterOS 6.43.7

software id = R9RF-MAEY

model = 2011UiAS-2HnD r2

serial number = 91DF099E8A71

/interface bridge
add admin-mac=B8:69:F4:6A:69:00 auto-mac=no comment=defconf name=bridge1
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
ether6-master
set [ find default-name=ether7 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
country=“united states” disabled=no distance=indoors frequency=2437 mode=
ap-bridge ssid=DTJNet wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
…
/interface wireless
add disabled=no mac-address=BA:69:F4:6A:69:09 master-interface=wlan1 name=
wlan2 security-profile=GuestDefault ssid=HospitalityHouse
/interface bridge filter
add action=drop chain=forward in-interface=wlan2
add action=drop chain=forward out-interface=wlan2
/interface bridge port
add bridge=bridge1 comment=defconf interface=ether2-master
add bridge=bridge1 comment=defconf interface=ether6-master
add bridge=bridge1 comment=defconf hw=no interface=sfp1
add bridge=bridge1 comment=defconf interface=wlan1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=wlan2
/interface detect-internet
set internet-interface-list=WAN
/interface list member
add comment=defconf interface=bridge1 list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1 list=discover
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=bridge1 list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox

dec/19/2018 12:44:37 by RouterOS 6.43.7

software id = R9RF-MAEY

model = 2011UiAS-2HnD r2

serial number = 91DF099E8A71

/ip pool
add name=dhcp ranges=192.168.0.101-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=defconf
/ip address
add address=192.168.0.1/24 comment=defconf interface=ether2-master network=
192.168.0.0
add address=158.140.40.171/25 comment=“My ISP address” interface=ether1
network=158.140.40.128
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1

DHCP client can not run on slave interface!

add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=209.244.0.3,209.244.0.4,64.6.64.6
/ip dns static
add address=192.168.0.1 name=router.lan
/ip firewall filter
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-nat-state=“” connection-state=
established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” disabled=yes
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=158.140.40.129
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh address=192.168.0.0/24 port=2200
set api disabled=yes
set winbox address=192.168.0.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external

I can have a look but I dont understand some of your selections…
Changed to look more like what I am used to feel free to ask any questions.
The lastest firmware is 6.43.8 by the way.

/interface bridge
add admin-mac=xx.xx.xx.xx.xx auto-mac=no comment=defconf name=bridge1
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
{ether6 to ether10 look like some weird configuration so I removed them_

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
country=“united states” disabled=no distance=indoors frequency=2437 mode=
ap-bridge ssid=DTJNet wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless
add disabled=no mac-address=BA:69:F4:6A:69:09 master-interface=wlan1 name=
wlan2 security-profile=GuestDefault ssid=HospitalityHouse
/interface bridge port
add bridge=bridge1 comment=defconf interface=ether2-master
add bridge=bridge1 comment=defconf interface=ether6-master
add bridge=bridge1 comment=defconf interface=wlan1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan2

/interface list member
add comment=defconf interface=bridge1 list=LAN
add comment=defconf interface=ether1 list=WAN

/ip pool
add name=dhcp ranges=192.168.0.101-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=defconf
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge1 network=
192.168.0.0
add address=158.140.40.171/25 comment=“My ISP address” interface=ether1
network=158.140.40.128
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=209.244.0.3,209.244.0.4,64.6.64.6

/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related” connection-state=
established,related
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=“Allow ADMIN to Router”
in-interface-list=LAN src-address-list=adminaccess
add action=accept chain=input comment=“Allow LAN DNS queries-UDP” dst-port=53
in-interface-list=LAN protocol=udp
add action=accept chain=input comment=“Allow LAN DNS queries - TCP” dst-port=
53 in-interface-list=LAN protocol=tcp
add action=drop chain=input comment=“DROP ALL ELSE” log-prefix=\

add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related” connection-state=
established,related
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=accept chain=forward comment=“ENABLE LAN to WAN” in-interface=
Bridge1 out-interface-list=WAN src-address=192.168.0.0/24
dd action=accept chain=forward comment=
“Allow Port Forwarding” connection-nat-state=dstnat
add action=drop chain=forward comment=
“DROP ALL other FORWARD traffic”
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=158.140.40.129
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh address=192.168.0.0/24 port=2200
set api disabled=yes
set winbox address=192.168.0.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes

/ip address list
lanIP1 =adminaccess
lanIP2 = adminaccess
and so forth

Ok, I redid my configuration from scratch using the Home AP quick set. Same problem. Here’s my bridge, addresses, route and NAT info in WinBox…

Hopefully someone else has more patience mine has run out for today.
(Cannot help if you are not paying attention to the detail.)
For example your sourcenat rule is not what I indicated on my post.
Also you failed to change your interface to bridge1 for DHCp address, its still ethernet2

Ok, found the problem and it was with me. My old router was 192.168.0.2. This one is 192.168.0.1. I had to DHCP refresh my various devices so the gateway would be correct, then it all worked.
Brain is fried from too many other things.