Hi,
I am new in MT. I have set my Network as follows:
on ether1: WAN Setup
on ether2: Hotspot Setup
on ether3: Office LAN Setup
on ether4: Tetant LAN Setup
on ether5: PPPoE Setup
Already I have done the followings:
WAN Setup is done
Hotspot Setup is done and working properly with giving Internet to its Users.
Office LAN Setup is done and working properly with giving Internet to its users.
Problems:
Tetan LAN is not giving Internet to its users.
PPPoE Server is giving IP its clients but no Internet access to them.
Please help me to resolve the issues.
Thanks in advance.
# 2024-05-04 11:51:24 by RouterOS 7.12.1
# software id = QY7Y-5EHM
#
# model = C52iG-5HaxD2HaxD
# serial number = xxx
/interface bridge
add admin-mac=48:A9:8A:7F:5B:E1 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] comment=HotSpot
set [ find default-name=ether3 ] comment=Office
set [ find default-name=ether5 ] comment="pppoe server"
/interface wifiwave2
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
configuration.country=Bangladesh .mode=ap .ssid="XXX 5G" \
disabled=no mtu=1500 security.authentication-types=wpa2-psk,wpa3-psk
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
configuration.country=Bangladesh .mode=ap .ssid="XXX" disabled=\
no mtu=1500 security.authentication-types=wpa2-psk,wpa3-psk
/interface vlan
add interface=ether4 name=vlan-tetant vlan-id=4
/interface pppoe-client
add add-default-route=yes comment=PowerNet disabled=no interface=ether1 name=\
pppoe-out1 use-peer-dns=yes user=XXX
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip firewall layer7-protocol
add name=Youtube regexp="^.+(youtube.com).*\\\$"
add name=Facebook regexp="^.+(facebook.com).*\\\$"
/ip hotspot profile
set [ find default=yes ] dns-name=netbees.net hotspot-address=10.10.10.10 \
html-directory=netbees login-by=\
cookie,http-chap,http-pap,trial,mac-cookie name=netbees \
trial-uptime-limit=2h trial-uptime-reset=2w1d
/ip pool
add name=dhcp ranges=192.168.88.0/24
add name=office_pool ranges=10.10.20.0/24
add name=hotspot_pool ranges=10.10.0.0/20
add name=5mb_pool ranges=10.10.4.0/22
add name=10mb_pool ranges=10.10.8.0/22
add name=trial_pool ranges=10.10.0.0/22
add name=20mb_pool ranges=10.10.12.0/22
add name=tatent_pool ranges=10.10.21.0/24
add name=pppoe_pool ranges=10.10.22.0/24
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
add address-pool=office_pool interface=ether3 lease-time=10h name=office_dhcp
add address-pool=hotspot_pool interface=ether2 name=hotspot_dhcp
add address-pool=tatent_pool interface=vlan-tetant name=tetant_dhcp
/ip hotspot
add address-pool=hotspot_pool addresses-per-mac=1 disabled=no interface=\
ether2 name=NetBees
/ip hotspot user profile
set [ find default=yes ] address-pool=trial_pool keepalive-timeout=1m \
rate-limit=8M/8M
/port
set 0 name=serial0
/ppp profile
add dns-server=10.10.22.1 local-address=10.10.22.1 name=WebKutir-Profile \
only-one=yes remote-address=pppoe_pool
add name=30Mbps only-one=yes rate-limit=32M/32M
/queue tree
add max-limit=20M name="youtube download" packet-mark=\
"youtube mark pck download" parent=global queue=pcq-download-default
add max-limit=1G name="youtube upload" packet-mark="youtube mark pck upload" \
parent=global queue=pcq-upload-default
add max-limit=20M name=facebook packet-mark="facebook mark pck" parent=global \
queue=hotspot-default
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether2
add bridge=bridge comment=defconf disabled=yes interface=ether3
add bridge=bridge comment=defconf disabled=yes interface=ether4
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add comment="AP Config" interface=ether2 list=LAN
add comment=Office interface=ether3 list=LAN
add comment=Tetants interface=ether4 list=LAN
add comment=pppoe interface=ether5 list=LAN
/interface pppoe-server server
add authentication=chap,mschap1,mschap2 comment=pppoe-server default-profile=\
WebKutir-Profile disabled=no interface=ether5 max-mru=1492 max-mtu=1492 \
mrru=1500 one-session-per-host=yes service-name=PPPoE_Server
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=10.10.0.1/20 interface=ether2 network=10.10.0.0
add address=10.10.20.1/24 interface=ether3 network=10.10.20.0
add address=10.10.21.1/24 interface=vlan-tetant network=10.10.21.0
add address=10.10.22.1/24 interface=ether5 network=10.10.22.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=10.10.20.8 client-id=1:f4:30:b9:72:ff:22 mac-address=\
F4:30:B9:72:FF:22 server=office_dhcp
/ip dhcp-server network
add address=10.10.0.0/20 comment=hotspot dns-server=10.10.0.1 gateway=\
10.10.0.1 netmask=20
add address=10.10.20.0/24 comment=office dns-server=10.10.20.1 gateway=\
10.10.20.1 netmask=24
add address=10.10.21.0/24 comment=tetant dns-server=10.10.21.1 gateway=\
10.10.21.1 netmask=24
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=10.10.22.1 disabled=yes name=pppoe
/ip firewall address-list
add address=67.211.216.42 list=MikhmonRemoteAccess
/ip firewall filter
add action=accept chain=input disabled=yes dst-address=103.139.18.143 \
dst-port=8728 in-interface=pppoe-out1 protocol=tcp src-address-list=\
MikhmonRemoteAccess
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=forward in-interface=pppoe-out1 \
layer7-protocol=Youtube new-connection-mark="youtube mark con download" \
passthrough=yes
add action=mark-packet chain=prerouting connection-mark=\
"youtube mark con download" new-packet-mark="youtube mark pck download" \
passthrough=no
add action=mark-connection chain=forward in-interface=ether2 layer7-protocol=\
Youtube new-connection-mark="youtube mark con upload" passthrough=yes
add action=mark-packet chain=prerouting connection-mark=\
"youtube mark con upload" new-packet-mark="youtube mark pck upload" \
passthrough=no
add action=mark-connection chain=forward in-interface=ether2 layer7-protocol=\
Facebook new-connection-mark="facebook mark con" passthrough=yes
add action=mark-packet chain=prerouting connection-mark="facebook mark con" \
new-packet-mark="facebook mark pck" passthrough=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment=office disabled=yes out-interface=\
pppoe-out1 src-address=0.0.0.0-10.10.20.1
add action=masquerade chain=srcnat comment=hotspot disabled=yes \
out-interface=ether2 src-address=0.0.0.0-10.10.10.1
add action=masquerade chain=srcnat disabled=yes out-interface=ether3
add action=masquerade chain=srcnat disabled=yes out-interface=vlan-tetant
add action=masquerade chain=srcnat disabled=yes out-interface=ether5
add action=masquerade chain=srcnat disabled=yes src-address=10.10.22.0/24
/ip service
set www-ssl disabled=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/ppp secret
add name=0424001 profile=30Mbps service=pppoe
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Dhaka
/system logging
add action=disk prefix=-> topics=hotspot,info,debug
add disabled=yes topics=e-mail
add action=email topics=interface
/system note
set show-at-login=no