Hi All,
I have spent about 12 hours on this and have to finally call in some assistance.
I have the following setup
- Modem in bridged mode
- Mikrotik RB751
- Lots o computers on my LAN and wireless network
- An ISP I dial out from modem on.
I am wanting to share this internet connection to all machines through both ether1 and wlan1.
What I have working so far
- Microtik is successfully dialing and connecting to ISP
- DCHP server is working and handing out IP addresses (and the correct gateway afaik)
- Wireless clients work in the same way and get IP addresses
What is not working
- Any computer issued with an IP address is not able to use the WAN(internet)
- I can however ping machines on the WAN
- I cannot nslookup anything
- I cannot nslookup anything even when I force the machines to use 8.8.8.8 as the dns server.
What I suspect is my firewall rules.
I have restarted from scratch about 5 times and followed both these guides
http://wiki.mikrotik.com/wiki/How_to_Connect_your_Home_Network_to_xDSL_Line (This one killed access to the mikrotik and required reset to default)
http://wiki.mikrotik.com/wiki/A_script_to_set_up_WAN/LAN/WLAN_to_get_you_started (This one got me to where I am now but still not working)
If there is something wrong with these guides they should probably be removed from the wiki.
Below is my config and stats
[admin@MikroTik] > interface pppoe-client monitor pppoe-out1
status: connected
uptime: 15m46s
idle-time: 1s
active-links: 1
service-name:
ac-name: bne-pipe-bng1
ac-mac: 00:30:88:17:47:08
mtu: 1480
mru: 1480
[admin@MikroTik] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 wlan1 wlan 1500 2290
1 R ether1-gateway ether 1500 1600 4076
2 R ether2-master-local ether 1500 1598 2028
3 ether3-slave-local ether 1500 1598 2028
4 ether4-slave-local ether 1500 1598 2028
5 ether5-slave-local ether 1500 1598 2028
6 R bridge-local bridge 1500 1598
7 R pppoe-out1 pppoe-out 1480
ether2 and wlan1 are both bridged to bridge-local
ether3 -ether5 are all linked as slaves to ether2 (came like this as default not sure where setting is)
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; added by setup
address=192.168.64.1/24 network=192.168.64.0 interface=bridge-local actual-interface=bridge-local
1 address=192.168.64.2/24 network=192.168.64.0 interface=ether2-master-local actual-interface=bridge-local
2 D address=124.171.233.51/32 network=203.215.9.250 interface=pppoe-out1 actual-interface=pppoe-out1
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S ;;; added by setup
dst-address=0.0.0.0/0 gateway=192.168.64.254 gateway-status=192.168.64.254 reachable bridge-local distance=1 scope=30 target-scope=10
1 DS dst-address=0.0.0.0/0 gateway=203.215.9.250 gateway-status=203.215.9.250 reachable pppoe-out1 distance=1 scope=30 target-scope=10
2 ADC dst-address=192.168.64.0/24 pref-src=192.168.64.1 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10
3 ADC dst-address=203.215.9.250/32 pref-src=124.171.233.51 gateway=pppoe-out1 gateway-status=pppoe-out1 reachable distance=0 scope=10
[admin@MikroTik] > /ip firewall export
# jan/02/1970 00:36:14 by RouterOS 5.7
# software id = 38RB-JCRU
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m \
udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="Local access to RB for Winbox" disabled=no dst-port=8291 protocol=tcp src-address-list=local
add action=accept chain=input comment=eLAN disabled=no in-interface=ether2-master-local
add action=accept chain=input comment=wLAN disabled=no in-interface=wlan1
add action=accept chain=input comment=bridge disabled=no in-interface=bridge-local
add action=jump chain=input comment="Treat all traffic equally" disabled=no jump-target=inbound
add action=jump chain=forward comment="Treat all traffic equally" disabled=no jump-target=inbound
add action=accept chain=inbound comment="Allow limited icmp" disabled=no limit=50,5 protocol=icmp
add action=drop chain=inbound comment="Drop excess icmp" disabled=no protocol=icmp
add action=accept chain=inbound comment="Accept established" connection-state=established disabled=no
add action=accept chain=inbound comment="Accept related" connection-state=related disabled=no
add action=accept chain=inbound comment="Internal traffic can do what it wants." disabled=no src-address-list=local
add action=drop chain=inbound comment="And drop everything else" disabled=no
add action=accept chain=output comment="Allow everything out" disabled=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=no src-address=192.168.64.0/24
add action=masquerade chain=srcnat comment=NAT disabled=no out-interface=ether1-gateway
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
Any help would be greatly appreciated.
Edit: Added more information about dns
[admin@MikroTik] > ip dns print
servers: 8.8.8.8,8.8.4.4
allow-remote-requests: yes
max-udp-packet-size: 512
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 10KiB