Network Broadcasting, connecting, not picking up internet

cci_admin · August 11, 2006, 8:49pm

Ok, so I followed the instructions and put the band at 2.4ghz - b/g, the mode to ap-bridge and the ssid is CCI Wireless. My iBook sees the network and tries to connect. It does, however I get no internet.

I have setup the gateway as 172.16.1.20/24 under IP addresses and assigned that to the wlan1 under the route list and it lists it as dynamic and connected, but not active. how do i go about making this work?

The DNS server is 172.16.1.50 and I put the router in manually under the Airport on the iBook as 172.16.1.50 instead of 172.16.1.10, which is the LAN line side.

It is a RouterOS v2.8 and AR5213 Atheros

EDIT: I forgot to add that I can ping the “address” of the wireless at 172.16.1.20

cci_admin · August 13, 2006, 3:20pm

giving an end of the weekend bump for helping me tomorrow morning when i return to work…

ericsooter · August 15, 2006, 1:44am

Not exactly knowing your configuration, sounds like you don’t have NAT turned on.

cci_admin · August 15, 2006, 3:09pm

Well it has functioned as a straight-up router for our servers for many months now, just this last week did I try and implement wireless.

Do I need NAT for wireless on? B/C I have many, many entries in my Firewall → NAT table already.

cci_admin · August 15, 2006, 3:56pm

Hopefully those help show that I must be missing something.

ericsooter · August 16, 2006, 2:29pm

Ok, from what I can tell. Now I just sort of glanced at your configuration. But it looks like your ether2 and wlan1 are both private interfaces with private IP’s on them; and your ether1 is your public. I think the problem is that wlan1 and ether2 are on the same subnet without any bridging setup. From what I can tell you need to do either one of two things. Put ether2 and wlan1 in a bridge. Just give them both one IP address and assign it to the bridge. Or put the wlan1 on another private subnet scheme (example 172.16.2.0/24); but if you do that you will probably have to setup two dhcp servers and address pools (if your using those services).

I would recommend the bridge option. Also I found the easiest way to nat when everything is going out one interface is to use a port based nat. The command is:
/ ip firewall nat
add chain=srcnat out-interface=local-bridge action=masquerade comment=“”
disabled=no

Where bridge is your bridge name.

Eric

cci_admin · August 16, 2006, 2:39pm

ericsooter:

Ok, from what I can tell. Now I just sort of glanced at your configuration. But it looks like your ether2 and wlan1 are both private interfaces with private IP’s on them; and your ether1 is your public. I think the problem is that wlan1 and ether2 are on the same subnet without any bridging setup. From what I can tell you need to do either one of two things. Put ether2 and wlan1 in a bridge. Just give them both one IP address and assign it to the bridge. Or put the wlan1 on another private subnet scheme (example 172.16.2.0/24); but if you do that you will probably have to setup two dhcp servers and address pools (if your using those services).

I would recommend the bridge option. Also I found the easiest way to nat when everything is going out one interface is to use a port based nat. The command is:
/ ip firewall nat
add chain=srcnat out-interface=local-bridge action=masquerade comment=“”
disabled=no

Where bridge is your bridge name.

Eric

Ok, I added a Bridge under “bridges” and named it cci-bridge. This now shows up under “out-interface”. However, how would I go about configuring this “out-interface” bridge to be for both of the other interfaces
?

wildbill442 · August 16, 2006, 7:00pm

dont change your src-nat rules..

All you need to do is create a bridge. Add the ether1 port and wlan1 port to the bridge.. Assign a single IP address to the bridge interface, and change your DHCP server to listen/broadcast on the bridge interface. So if this is your gateway to the internet your bridge interface would have an IP address of say, 172.16.1.1/24..

You should now be able to ping 172.16.1.1, and get out to the internet without changing any other settings.

Now if you want to be able to segment the two networks you’d use two seperate IP’s/networks for each interface and route…

You can’t have two ip addresses with the same subnet on different interfaces on a router. It defeats the purpose of routing.. Might as well be a Layer2 device.