Hi,

I am having trouble getting traffic to flow between the LAN and WLAN ports of my RB SXT 5nD r2 (OS 6.27).

If I use the Quick Setup it configures a bridge and traffic flows fine.

The configuration I need to use is to have a firewall between the LAN and WLAN ports (making the LAN side the WAN or outside of the firewall and the WLAN the inside or safe side).

Please find below a dump of my config and I would really appreciate any suggestions - I am not even sure if OS licence level 3 (which is what comes on the SXT) has the ability to do what I want to do?

Regards,

Daniel Jansen

apr/15/2015 17:32:20 by RouterOS 6.27

software id = 0E7J-YX6S

/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-ht-above country=australia dfs-mode=no-radar-detect disabled=no l2mtu=2290 mode=bridge name=wlan1-gateway nv2-preshared-key=******************* nv2-security=enabled
wireless-protocol=nv2
/interface ethernet
set [ find default-name=ether1 ] name=ether1-local
/ip neighbor discovery
set wlan1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether1-local name=default
/ip address
add address=192.168.88.1/24 comment="default configuration" disabled=yes interface=ether1-local network=192.168.88.0
add address=192.168.10.250/24 interface=wlan1-gateway network=192.168.10.0
add address=192.168.1.1/24 interface=ether1-local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=established,related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=ether1-local
add chain=forward comment="default configuration" connection-state=established,related disabled=yes
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface=ether1-local
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=yes out-interface=ether1-local
add action=masquerade chain=srcnat disabled=yes src-address=192.168.1.0/24
add action=masquerade chain=srcnat disabled=yes src-address=192.168.10.0/24
/ip route
add distance=1 gateway=192.168.10.1 pref-src=192.168.10.250
/system clock
set time-zone-name=Australia/Sydney
/system identity
set name=LJH-Dan
/system leds
set 0 interface=wlan1-gateway
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether1-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether1-local

I eventually solved this one myself.

Turned out that I had forgotten to update the config under DHCP Server > Networks.

It was still set to 192.168.88.1 when it should have been updated to 192.168.1.1.
Traffic was then being filtered by the firewall which just required some tuning.

I blogged about my experience and solution here: http://blog.wdbb.com.au/cfml-mura-and-coding/mikrotik-rb-sxt-5nd-r2-cannot-get-traffic-to-flow-lan-wlan-when-not-bridged/

Regards,

Daniel Jansen