I’ve gone through the quick set on home ap, I’ve set up bridges and I’ve worked with the DHCP and I can’t find a concise answer as to why I keep getting the no internet message : /, what are the first steps I need tp take and or screenshots I need to share?
export your config
/export hide-sensitive file=anynameyouwish
Then post the exported filed here (just ensure you remove your wanip and wan gateway ip.
Where would I find my Wanip and Wan gateway ip so I can remove them?
/export hide-sensitive file=anynameyouwish
Those RouterOS developers really do think of everything 
Alright, I exported my file, thank you guys for helping me : )
export4forum.rsc (1.78 KB)
Why two bridges?
This is wrong /ip address
add address=169.254.157.171/24 interface**=ether2** network=169.254.157.0
Worse though, you have no firewall rules and thus should not hook up to the internet.
This is wrong, because all interfaces will end up in LAN list:
/interface detect-internet
set detect-interface-list=LAN internet-interface-list=LAN lan-interface-list=LAN wan-interface-list=LAN
Either use correct lists, or disable it completely.
Also, interesting choice of LAN subnet, 169.254.x.x are link-local addresses that devices use when there’s no DHCP. I never tried to use this range with DHCP, I guess it should work, but it’s also not impossible that something sees them as special and refuse to use them to access anything beyond this subnet.
okay, I put in both lines of code in, what should I know about firewalls and how do I set one up?
A good firewall to start from is the default one. You can export it from the default config and later import it in your own config if not built starting from the default. You might also find an export already on the Forum or Wiki.
The default firewall one uses two interface lists : WAN and LAN . The interface(s) which has the incoming internet connection goes into the WAN interface list.The interfaces (or bridge) that forms the LAN connected ports go into the LAN interface list (slave ports of a bridge don’t have to be added). LAN ports can do everything, WAN ports are NAT-masqueraded and only allowed to send answers from earlier (established) connections.
I found this on the wiki, would you recommend this firewall? https://wiki.mikrotik.com/wiki/Home_Firewall
Last row says: 19:48, 21 May 2008 (EEST)
I believe most of it is obsolete. As said before, the default ruleset is the best starting point.
I leave the default firewall in all my devices, even if not used (all ports bridged) just in case I might later need one
This is from 6.45.6 , my preferred “stable” version today
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
The article linked to above has been deleted so one does assume it was out of date.
Okay, I got put the firewall up, what do I need to do next to get LAN connection?
export4forum2.rsc (3.04 KB)
Cleanup as Rob and Anav told you before…
/ip pool
add name=dhcp ranges=169.254.157.2-169.254.157.254
Wrong IP range … use one subnet out of the private IP ranges. LAN subnet must be different from WAN.subnet.
IPv4 Private Address Space and Filtering
10.0. 0.0/8 IP addresses: 10.0. 0.0 – 10.255. 255.255.
172.16. 0.0/12 IP addresses: 172.16. 0.0 – 172.31. 255.255.
192.168. 0.0/16 IP addresses: 192.168. 0.0 – 192.168. 255.255.
/interface detect-internet
set detect-interface-list=LAN internet-interface-list=LAN lan-interface-list=
LAN wan-interface-list=LAN
Remove this! It’s wrong. Internet detect could only be on WAN , never on LAN. Even if corrected, you don’t need this: It will set things for you that you did not expect.
/interface list member
add list=LAN
What’s this? Non-existing interface ? Remove?
/ip address
add address=169.254.157.171/24 interface=ether2 network=169.254.157.0
Again wrong IP address. And address must be on “bridge1” not on “ether2”. So it should be “interface=bridge1”
/ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
add address=169.254.157.0/24 gateway=169.254.157.171 netmask=24
Remove “add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24”. This is just wrong.
Adjust the other line for private IP addresses as selected before. The gateway should be your router to the internet, the IP address given above, but in the correct Private Range.
Let your devices get an IP address from your router. (renew or release/new on device , or restart devices, or disconnect/connect). If they still use 169.254, they did not properly obtain a leased IP address !
Okay, so I added everything to the text file but still am a little confused about the section where you said
“IPv4 Private Address Space and Filtering
10.0. 0.0/8 IP addresses: 10.0. 0.0 – 10.255. 255.255.
172.16. 0.0/12 IP addresses: 172.16. 0.0 – 172.31. 255.255.
192.168. 0.0/16 IP addresses: 192.168. 0.0 – 192.168. 255.255.”
Where does this get added?
Also, when I tried to restore the changes made I get a message that says “Couldn’t restore configuration - file not found (6)”
even tho I have it on my desktop.
I’ll upload the file again so that it can be reviewed again!
Thank you for the help so far!
export4forum3.rsc (2.82 KB)
You just pick one subnet to be used as private range.
Lets say we pick 192.168.100/24 as subnet. Most operators/devices choose 192.168.0.0/24, therefore we pick a different one, to avoid later conflicts.
If we take 192.168.100.0/24 we EDIT in Winbox or Webfig (not in Quick-set and export-edit-import is complicating things). Prefer WinBOX because if something goes wrong in the config steps then we can reconnect using the MAC address.
Step by step (I’m not very good at this kind of instructions, I prefer people to understand what they are doing …)
/ip pool
add name=dhcp ranges=169.254.157.2-169.254.157.254
Change the pool with winbox to contain 192.168.100.20-192.168.100.250
/ip address
add address=169.254.157.171/24 interface=bridge1 network=169.254.157.0
Add an extra IP address with winbox to the bridge interface, we will remove this one later
add address=192.168.100.1/24 interface=bridge1 network=191.168.100.0
/ip dhcp-server network
add address=169.254.157.0/24 gateway=169.254.157.171 netmask=24
Change the dhcp served network with winbox, to read ;
add address=192.168.100.0/24 gateway=192.168.100.1 netmask=24
Physically disconnect/reconnect to the MKT router, you will get something like 192.168.100.250 as IP address on your PC, and remove the old IP address 169.254.157.171 in the router.
I made the changes to the file but I’m not able to upload it the file, it tells me “Couldn’t restore configuration - file not found (6)”
backup<->restore (.backup file) - Files
export<->import (.rsc file) - Terminal
download<->upload (any file)- Files
Okay, I imported through the terminal and it said “expected end of command (line 30 column 22),” not sure what this means?