Hello, new here so sorry if don`t know all the rules.
Made network with 2 isp in on rb3011 some hap-ac on capsman (that managed by same rb3011) , 2 ethernet network going at each assigned isp, and its work good except that rb3011 cant ping inet addresses, all hardware after him has inet, but he himself doesn`t see route to host.
So my question is this did i screw up in routing rules or something?
Will be very thankful for any insight.
/ip address
add address=192.168.1.1/24 interface=mainbridge network=192.168.1.0
add address=192.168.10.1/24 interface=guest network=192.168.10.0
add address=1.1.1.106/30 interface=ether1 network=1.1.1.104
add address=2.2.2.86/30 interface=ether2 network=2.2.2.84
/ip route
add distance=1 gateway=1.1.1.105 routing-mark=wan1
add distance=1 gateway=2.2.2.85 routing-mark=wan2
add disabled=yes distance=1 gateway=1.1.1.105 pref-src=192.168.1.1
target-scope=1
/interface bridge
add fast-forward=no name=guest
add fast-forward=no name=mainbridge
/interface ethernet
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] master-port=ether6
/ip pool
add name=dhcp_pool1 ranges=192.168.1.15-192.168.1.254
add name=Guest_pool2 ranges=192.168.11.2-192.168.11.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no
interface=mainbridge lease-time=12h10m name=dhcp1
/ip pool
add name=dhcp_pool2 next-pool=Guest_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool2 authoritative=after-2sec-delay disabled=no
interface=guest lease-time=50m name=dhcp2
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled
name=MCH2.4 tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce name=
MCH5 tx-power=20
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled
frequency=2412,2437,2452,2457,2472 name=GCH2.4 tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce name=
GCH5 tx-power=20
/caps-man datapath
add bridge=mainbridge client-to-client-forwarding=yes local-forwarding=yes
name=mph
add bridge=guest client-to-client-forwarding=yes local-forwarding=no name=gph
/caps-man configuration
add channel=MCH5 country=russia datapath=mph mode=ap name=CF5G rx-chains=
0,1,2 security=msc ssid=SSID1 tx-chains=0,1,2
add channel=MCH2.4 country=russia datapath=mph mode=ap name=CF2.4G rx-chains=
0,1,2 security=msc ssid=SSID1 tx-chains=0,1,2
add channel=GCH5 country=russia datapath=gph mode=ap name=GCF5G rx-chains=
0,1,2 security=gsc ssid=SSID2 tx-chains=0,1,2
add channel=GCH2.4 country=russia datapath=gph mode=ap name=GCF2.4G
rx-chains=0,1,2 security=gsc ssid=SSID2 tx-chains=0,1,2
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=an,ac
master-configuration=CF5G slave-configurations=GCF5G
add action=create-dynamic-enabled hw-supported-modes=b,gn
master-configuration=CF2.4G slave-configurations=GCF2.4G
add action=create-dynamic-enabled hw-supported-modes=b,gn
master-configuration=CF2.4G radio-mac=6C:3B:6B:40:9C:9F
slave-configurations=GCF2.4G
add action=create-dynamic-enabled master-configuration=CF2.4G radio-mac=
17:89:13:F2:E1:78 slave-configurations=GCF2.4G
/interface bridge port
add bridge=mainbridge interface=ether6
add bridge=mainbridge interface=ether4
add bridge=mainbridge interface=ether5
add bridge=mainbridge interface=ether3
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.1
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=accept chain=input connection-state=new disabled=yes in-interface=
ether1 log=yes port=1701,500,4500 protocol=udp
add action=accept chain=input disabled=yes in-interface=ether1 log=yes
protocol=ipsec-esp
add action=accept chain=input comment=“Access to router only from My Network”
src-address=192.168.1.0/24
add action=drop chain=input comment=“drop ftp brute forcers” dst-port=21
protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content=“530 Login incorrect” dst-limit=
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist
address-list-timeout=3h chain=output content=“530 Login incorrect”
protocol=tcp
add action=drop chain=input comment=“drop ssh brute forcers” dst-port=22
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist
address-list-timeout=1w3d chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp
add action=accept chain=input comment=“Allow Ping Mikrotik” in-interface=
mainbridge protocol=icmp
add action=accept chain=forward comment=
“Accept established connections My Network” connection-state=established
add action=accept chain=forward comment=
“Accept established connections My Network” connection-state=established
add action=accept chain=forward comment=
“Accept related connections My Network” connection-state=related
add action=accept chain=input comment=“Accept related connections Mikrotik”
connection-state=related
add action=drop chain=input comment=“Drop invalid connections Mikrotik”
connection-state=invalid
add action=drop chain=forward comment=“Drop invalid connections My Network”
connection-state=invalid
add action=accept chain=ICMP comment=“Echo request - Avoiding Ping Flood”
icmp-options=8:0 limit=1,5 protocol=icmp
add action=accept chain=ICMP comment=“Echo reply” icmp-options=0:0 protocol=
icmp
add action=accept chain=ICMP comment=“Time Exceeded” icmp-options=11:0
protocol=icmp
add action=accept chain=ICMP comment=“Destination unreachable” icmp-options=
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=jump chain=output comment=“Jump for icmp output” jump-target=ICMP
protocol=icmp
add action=drop chain=ICMP comment=“Drop to the other ICMPs” protocol=icmp
add action=drop chain=input in-interface=ether1
add action=drop chain=input in-interface=ether2
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=wan1
passthrough=yes src-address=192.168.1.0/24
add action=mark-routing chain=prerouting connection-mark=wan1
new-routing-mark=wan1 passthrough=yes src-address=192.168.1.0/24
add action=mark-connection chain=prerouting new-connection-mark=wan2
passthrough=yes src-address=192.168.10.0/24
add action=mark-routing chain=prerouting connection-mark=wan2
new-routing-mark=wan2 passthrough=yes src-address=192.168.10.0/24
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=masquerade chain=srcnat src-address=192.168.10.0/24
/ip firewall service-port
set ftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=88
set ssh disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether2 type=external
add interface=ether1 type=external
add interface=guest type=internal
add interface=mainbridge type=internal