No Internet at ALL / Wrong Topology ?

RouterOS General
1

Hi guys, I am trying to setuo a network here on my company, but I don't know why, I am not able to do the basic. When I restore my RB450G and use the default inital script to setup the basic like wan1 and local with dhcp works fine, when i do the EXACTLY the same set without the script, IT FAILS!

What am I missing? here are the output:
[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU MAX-L2MTU

0 R Link1 ether 1500 1520 1520
1 Link2 ether 1500 1520 1520
2 R Local-m ether 1500 1520 1520
3 RS Local-s1 ether 1500 1520 1520
4 S Local-s2 ether 1500 1520 1520[admin@MikroTik] > ip dhcp-client print
Flags: X - disabled, I - invalid

INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS

0 Link1 yes yes bound 192.168.55.103/24[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 D 192.168.55.103/24 192.168.55.0 Link1
1 192.168.88.1/32 192.168.88.1 Local-m[admin@MikroTik] > ip pool print

NAME RANGES

0 pool1 192.168.88.10-192.168.88.25[admin@MikroTik] > ip dhcp-server print
Flags: X - disabled, I - invalid

NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP

0 server1 Local-m pool1 1w3d[admin@MikroTik] > ip dhcp-server network print

ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN

0 192.168.88.0/24 192.168.88.1 192.168.88.1[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 192.168.55.1 0
1 ADC 192.168.55.0/24 192.168.55.103 Link1 0
2 ADC 192.168.88.1/32 192.168.88.1 Local-m 0[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=accept out-interface=Link1My topology is (maybe some day will be):

One stupid question, on my diagram, I don't know if I am managing the IP's of RB450 and of Switch in the correct way, is this correct or I should have another vLan only for them 2 ?

thanks a lot!

cheers

2

I’m not sure what you mean by “it fails”. If you can’t access the internet, then I think your srcnat should be action=masquerade.

3

On this example, was wrong, but even changing to masquerade is not working.

Like, running the script OK, doing the samething of the script step-by-step, it FAILS ! the RB450 gets internet , I can ping google.com, but my clients don’t. They get the IP, but not the internet connection.

cheers

4

Are the clients able to access anything by IP? Maybe your dns?
Did you set “allow-remote-requests=yes” under "/ip dns?

Also under /ip dhcp-client, insure you have selected “use-peer-dns=yes”.

5

It’s all like this…

I don’t know what is going on… what scares me is the I am doing the exactly same thing of the script.

cheers mate.

6

Post the script. Maybe that will have the answer.

7

Surfer, here is the script... the only part that I couldnt reproduce is that one in the end of the script about /Tool Mac-server . This option we don't have on the GUI.

#|
#| WAN (gateway) Configuration:
#| gateway: ether1 (renamed with extension '-gateway');
#| firewall: enabled;
#| NAT: enabled;
#| DHCP Client: enabled;
#|
#| LAN Configuration:
#| LAN Port: ether2-master-local;
#| switch group: ether2 (master), ether3, ether4, ether5
#| (renamed with extensions '-master-local' and '-slave-local')
#| LAN IP: 192.168.88.1;
#| DHCP Server: enabled;

:global action;
:local dhcpEnabled 0;
:local wirelessEnabled 0;

#check for wireless and dhcp packages
:if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
:set dhcpEnabled 1;
}
:if ([:len [/system package find name="wireless" !disabled]] != 0) do={
:set wirelessEnabled 1;
}

#-------------------------------------------------------------------------------

Apply configuration.

these commands are executed after installation or configuration reset

#-------------------------------------------------------------------------------
:if ($action = "apply") do={

wait for interfaces

:while ([/interface ethernet find] = "") do={ :delay 1s; };

/interface set ether1 name="ether1-gateway";
:if ( $dhcpEnabled = 1) do={
	/ip dhcp-client add interface=ether1-gateway disabled=no comment="default configuration";
}

/interface {
	set ether2 name=ether2-master-local;
	set ether3 name=ether3-slave-local;
	set ether4 name=ether4-slave-local;
	set ether5 name=ether5-slave-local;
}
/interface ethernet {
	set ether3-slave-local master-port=ether2-master-local;
	set ether4-slave-local master-port=ether2-master-local;
	set ether5-slave-local master-port=ether2-master-local;
}

/ip address add address=192.168.88.1/24 interface=ether2-master-local comment="default configuration";
:if ($dhcpEnabled = 1) do={
	/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
	/ip dhcp-server
		add name=default address-pool="default-dhcp" interface=ether2-master-local disabled=no;
	/ip dhcp-server network
		add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
}
/ip firewall nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration"
/ip firewall {
	filter add chain=input action=accept protocol=icmp comment="default configuration"
	filter add chain=input action=accept connection-state=established comment="default configuration"
	filter add chain=input action=accept connection-state=related comment="default configuration"
	filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration"
}
/tool mac-server disable [find];
/tool mac-server mac-winbox disable [find];
:foreach k in=[/interface find] do={
	:local tmpName [/interface get $k name];
	:if (!($tmpName~"ether1")) do={
		/tool mac-server add interface=$tmpName disabled=no;
		/tool mac-server mac-winbox add interface=$tmpName disabled=no;
	}
}
/ip neighbor discovery set [find name="ether1-gateway"] discover=no
/ip dns {
	set allow-remote-requests=yes
	static add name=router address=192.168.88.1
}

}

#-------------------------------------------------------------------------------

Revert configuration.

these commands are executed if user requests to remove default configuration

#-------------------------------------------------------------------------------
:if ($action = "revert") do={

remove wan port protection

/ip firewall {
	:local o [nat find comment="default configuration"]
	:if ([:len $o] != 0) do={ nat remove $o }
	:local o [filter find comment="default configuration"]
	:if ([:len $o] != 0) do={ filter remove $o }
}
/tool mac-server remove [find interface!=all]
/tool mac-server set [find] disabled=no
/tool mac-server mac-winbox remove [find interface!=all]
/tool mac-server mac-winbox set [find] disabled=no

reset wan ports;

/ip neighbor discovery set [find name="ether1-gateway"] discover=yes
/interface set "ether1-gateway" name=ether1;
:if ($dhcpEnabled = 1) do={
	:local o [/ip dhcp-server network find comment="default configuration"]
	:if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
	:local o [/ip dhcp-server find name="default" address-pool="default-dhcp" interface="ether2-master-local" !disabled]
	:if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
	/ip pool {
		:local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
		:if ([:len $o] != 0) do={ remove $o }
	}
	:local o [/ip dhcp-client find comment="default configuration"]
	:if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
}
/ip dns {
	set allow-remote-requests=no
	:local o [static find name=router address=192.168.88.1]
	:if ([:len $o] != 0) do={ static remove $o }
}
/ip address {
	:local o [find comment="default configuration"]
	:if ([:len $o] != 0) do={ remove $o }
}

remove switch

/interface set ether2-master-local name=ether2;
/interface ethernet set ether3-slave-local master-port=none;
/interface set ether3-slave-local name=ether3;
/interface ethernet set ether4-slave-local master-port=none;
/interface set ether4-slave-local name=ether4;
/interface ethernet set ether5-slave-local master-port=none;
/interface set ether5-slave-local name=ether5;

}

8

If you are adding these to the switch in the script…

   /interface ethernet {
       set ether3-slave-local master-port=ether2-master-local;
     set ether4-slave-local master-port=ether2-master-local;
     set ether5-slave-local master-port=ether2-master-local;
 }

…then why are you removing them from the switch?

# remove switch
    /interface set ether2-master-local name=ether2;
 /interface ethernet set ether3-slave-local master-port=none;
    /interface set ether3-slave-local name=ether3;
  /interface ethernet set ether4-slave-local master-port=none;
    /interface set ether4-slave-local name=ether4;
  /interface ethernet set ether5-slave-local master-port=none;
    /interface set ether5-slave-local name=ether5;

If you remove those from the switch, and do not add an ip and dhcp server to those interfaces, they won’t work. At least last time I checked.

9

There is a IF on the script, splitting it in 2 parts, one if we accept other if we don’t accept…

10

Post /interface ethernet.

Add: It appears the script is not the same as your current setup. The script uses ether2 as the local master. In your setup ether2 is Link2, not part of the switch, and your local master port is ether3.

11

please change your nat rule to :
add action=masquerade chain=srcnat src-address=192.168.88.0/24

12

Thanks Guys for the help!

After reset my configuration 10x, looks like that I was forgetting about to make the DNS remote allowed and to set the Mac-Server.

What is this Mac-Server for ???

Now I will try to setup the vLan, wish me luck!

cheers

Here is the final export working (without the correct vLans configuration), I hope this can help others…
/interface ethernet
set 0 name=eth1-Link1
set 1 name=eth2-Link2
set 2 name=eth3-Local-M
set 3 master-port=eth3-Local-M name=eth4-Local-S1
set 4 master-port=eth3-Local-M name=eth5-Local-S2
/ip neighbor discovery
set eth1-Link1 discover=no
set eth2-Link2 discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=Pool-DhcpDefault ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=Pool-DhcpDefault disabled=no interface=eth3-Local-M lease-time=1w3d name=Dhcp-Root
/port
set 0 name=serial0
/ip address
add address=192.168.88.1/24 comment=Default interface=eth3-Local-M network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=eth1-Link1
/ip dhcp-server lease
add address=192.168.88.2 client-id=1:f4:ac:c1:29:82:67 mac-address=F4:AC:C1:29:82:67 server=Dhcp-Root
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=Router
/ip firewall nat
add action=masquerade chain=srcnat out-interface=eth1-Link1
/tool mac-server
add disabled=no interface=eth3-Local-M
add disabled=no interface=eth4-Local-S1
add disabled=no interface=eth5-Local-S2
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=eth3-Local-M
add interface=eth4-Local-S1
add interface=eth5-Local-S2