ltap mini Routing problems

jr1234 · August 22, 2023, 6:51pm

Hi to All,

I’m new to this products.
I installed other products of mikrotik without any problems,

but here I need help:

I want to use the latb as LTE router, using the ether interface localy.
Setup the lte works, I can ping ip from the web localy from the ltap.
But the routing from local (ethernet) to lte does not work.

ping the ltab from local pc works.
pc’s routing seems ok

But were is my mistake ?

I attached 3 picture and hope for a answere or hint.

Thanks a lot

JR

krafg · August 24, 2023, 11:02pm

You have masquerade rule from NAT tab on firewall?

Best is you paste your config using export.

Regards.

jr1234 · August 26, 2023, 8:32pm

It works,

The question from krafg was the hint: I switched on the firewall and add. NAT. After that it works fine!

Thanks a lot
JR

jr1234 · September 9, 2024, 9:06am

Hello All,

after some month of using, I like to reconfigure the Ltap.

Up today, we route only from eth (bridge) to lte (WAN).
All works fine using the hint from kraftg.

But now I like to create a additional, seperated Wifi network on the ltap.
Which means, the eth routing is still needed, but the wlan should do it additional and use it’s own network.

Wlan Config seems ok
new bridge briudge_wlan seems ok
dhcpd setup seems ok
Only routing does not work …same like the beginning.

But fw is on and nating is on, but ist works only for the bridge for eth.

My question: do I need additional routings ?

All help and notices are wellcome …

Thanks from here
J.
ltap_PW.rsc (3.68 KB)

jaclaz · September 9, 2024, 9:33am

I am not really sure what your intended setup is, but:

The bridge_wlan is neither LAN nor WAN:

/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN

And your firewall nat is only for WAN:

/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
ipsec-policy=out,none out-interface-list=WAN

jr1234 · September 9, 2024, 4:08pm

ok, maybe is a good idea to describe mywish-setup:

LTE is conneceted to Web
ETH is connected to a private networt with own dhcpd server, Routing from this network to web works!
I think its “bride”

New:
Create a new Wlan, with own dhcpd and route to the LTE interface for web access.
there I create “bridge_wlan” …may here is my mistake…
I think, I need 2 bridge: ETH-WAN and WLAN - WAN ?

I double check: WLAN should member of bridge_wlan…
As I understood your hint:
I had to add the WAN (lte) interface to bride_wlan ?

Ho to do so ?

FW: Yes, FW should protect both local lan eth and wlan for access from wan

Thanks for any hint

J.

jaclaz · September 9, 2024, 8:46pm

Interface list is a way to categorize/group items, so It Is the other way round, bridge Is in the category LAN, lte1 is in category WAN, bridge_wlan does not belong (yet) to any category (it doesn’t need to belong to any of the two above or to a third one) .
In the masquerade rule you use out-interface-list=WAN, which, given the above is the same as out-interface=lte1.

Then, you have a bridge with only one interface in it (which makes little sense, as a bridge is normally a way to connect two or more interfaces), and you want to add a second bridge, as well with only one interface in it, this is perplexing (to me).

You can have ether1 directly as lan, instead of the bridge, and wlan1 directly as wlan, just like you have the lte1 as wan, unless there are some reasons to use the bridge(s).

Usually a Mikrotik device has an interface as wan (outside, the lte1) and a bridge as lan (inside, both the ether1 and the wlan1) because ether1 and wlan1 normally need to comunicate between them.
What you seem to be wanting is to have two different, separated, lans (one connected to ether1 and the other connected wirelessly to wlan1) and have both of them reach the internet routing through lte1.
So you don’t really need any bridge, as you are not bridging anything, you only want to route two separated - one interface - lans.

jr1234 · September 10, 2024, 6:54am

HI,
thanks for your support.

Yes, you are right:
I want to setup 2 local networks.
So eth-Connections is working fine.

My problem is to setup network2 (WLAN)

Interface, and dhcpd Server is running, but I’m not able to setup the routing …and firewall
Routing setup lookslike different to PC and server routing…
Please can you give me the right route to bring the WLAN to WAN ?
With a existing example, it is much easier to understand.

I checked the documentation:

/ip route add dst-address=192.168.2.0/24 gateway=172.16.1.2

syntax lookslike “normal” but how to route one network to the lte ?
(I’m trying to do so using the web interface ) Maybe a problem ?

with regards
J.

jaclaz · September 10, 2024, 9:17am

But you already have a route towards the internet (it should be provided by the lte1 interface by itself), the one in your screenshot:
DAS 0.0.0.0/0 lte1 reachable
is telling the router that any address in 0.0.0.0/0 (all the addresses) should go through lte1.

From terrminal, you can check with:
/ip route print

So it could be some rule in your firewall that prevents it to work, but you have (I hope temporarily) all firewall rules disabled, so it must be something else.

In another screenshot you have the wlan1 interface as XS, the X should mean “disabled”, but in the configuration, you have it as disabled=no, the S should mean that the interface is the slave to the bridge (bridgewlan), but the bridegewlan is nowhere to be seen in that screenshot .

But from the configuration, it seems like there is a setting missing in /ip dhcp-server network, are you actually getting an IP in the 192.168.89.x range when connected wirelessly?
And you have no DHCP server on the ethernet bridge, correct?

I would try with wlan1 " direct", i.e. like:

/interface bridge
add admin-mac=48:A9:8A:B7:CC:9D auto-mac=no comment=defconf name=bridge
add name=bridgewlan
…
/ip pool
add name=dhcp ranges=192.168.89.64-192.168.89.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface=> bridgewlan> wlan1 name=Dhcpelan src-address=192.168.89.1
…
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridgewlan interface=wlan1
…
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
add comment=myconf interface=wlan1 list=LAN
…
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.89.1/24 comment=myconf interface=> bridgewlan> wlan1 network=192.168.89.0
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
add address=192.168.89.0/24 comment=myconf dns-server=192.168.89.1 gateway=192.168.89.1 netmask=24
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=192.168.89.1 comment=myconf name=router.wlan

jr1234 · September 13, 2024, 7:37pm

Thanks for the answere.

Yes, the ETH network use its oen dhcp Server.

I use your hints, step by step..
And i was on the right way.

But m lte intetface dtopps working. I need to fix First.
Actual i stay in greece… And its Hard to comunicate to the Provider…
I need to enter a Shop… In the next hsbour.
I i need some days.

I will give you a Feedback asap.

Thanks for your Support.

jr1234 · September 14, 2024, 8:08am

HI,

using a new Sim cards, lte works for the eth network

I did the setup complete new, because I play too much for the lte1 issues.

Yes, bridge/eth makes no sense, but was by default. And it works..

WLAN is setup, but I am not able to setup the dhcpd server, always tells: “invalid”
Is there a hint to check the config ?

Can you have a look ?
Any hint is wellcome

Josef
newlte1.rsc (3.67 KB)

jaclaz · September 14, 2024, 9:58am

I don’t know, at first sight your dhcp settings look fine to me:

/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.89.1/24 comment=myconf interface=wlan1 network=\
    192.168.89.0
/ip pool
add name=dhcp_pool0 ranges=192.168.89.64-192.168.89.128
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=wlan1 name=dhcp1
/ip dhcp-server network
add address=192.168.89.0/24 gateway=192.168.89.1

but the DNS settings are missing, i.e. typically this:

/ip dhcp-server network
add address=192.168.89.0/24 gateway=192.168.89.1

is

/ip dhcp-server network
add address=192.168.89.0/24 comment=myconf dns-server=192.168.89.1 gateway=192.168.89.1

but this should be unrelated.

You may want to try the interactive setup command:
https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server#Configuration_Examples
and see what comes out of it.

When (while executing which command) exactly do you get the “invalid”?

In the output of:

/ip dhcp-server print

?

jr1234 · September 14, 2024, 1:38pm

Hey,

IT WORKS !

I recheckt my config using your hints once again, and …the invalid is gone!
Maybe the reboot this morning did it ?
Because, I didnt an change, but the invalid flag was not longer there.

Thanks a lot
Josef

jaclaz · September 14, 2024, 2:19pm

It could be.
Rebooting when testing a configuration is almost always a good idea, not only because some settings actually need a reboot to work, but because a reboot is the best simulation of what happens next time you have mains returning after a blackout or when you take power out for any other reason.