RB433AH ROS3.24 masqerade problem

bradata · June 1, 2009, 5:44am

Hello, sorry for my bad english

I have rb433ah with ros3.24. The configuration is:

ether1 - real IP (internet)
bridge1 with ports: wlan1 - AP bridge and wds client(s) connected - real ip (/29 mask) and real IP is routing to wds clients
ether2 - private IP (192.168.3.1/24) and clients with lan link on them

# jun/01/2009 08:40:48 by RouterOS 3.24
# software id = 5FWG-LTT
#
/ip address
add address=77.77.**.***/30 broadcast=77.77.**.*** comment="" disabled=no \
    interface=ether1 network=77.77.**.***
add address=77.77.**.***/29 broadcast=77.77.**.*** comment="" disabled=no \
    interface=bridge1 network=77.77.**.***
add address=192.168.3.1/24 broadcast=192.168.3.255 comment="" disabled=no \
    interface=ether2 network=192.168.3.0

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY-STATE GATEWAY                   DISTANCE INTERFACE          
 0 A S  0.0.0.0/0                          reachable     77.77.**.***              1        ether1             
 1 ADC  77.77.**.***/30    77.77.**.***                                            0        ether1             
 2 ADC  77.77.**.***/29    77.77.**.***                                            0        bridge1            
 3 ADC  192.168.3.0/24     192.168.3.1                                             0        ether2     

# jun/01/2009 08:38:01 by RouterOS 3.24
# software id = 5FWG-LTT
#
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
    ether1 src-address=192.168.3.0/24

The problem is: there no internet on 192.168.3.0/24 clients linked to ether2. There is DNS cache work on RB and the clients received IP on the sites, but packets don’t send/receive trough nat rule.

Please help

normis · June 1, 2009, 6:14am

what’s that bridge doing there? also try to remove the src-address from the masq rule

bradata · June 1, 2009, 9:06am

The bridge is here for the wds clients, but i remove them. The src addres can not be removed… I will write if success..

bradata · June 12, 2009, 5:27pm

There is “progress” in problem. I make few tests and result is bad…

The same configuration, but on ether2 i have wireless bridge between two edimax wlan ap. On board i have no bridges. There is DHCP server running on ether2. The client pc bound IP from DHCP and speed test between client pc and routerboard is ok. There is 7Mbit/s transfer. But masquerade is not working… I build pptp server on rb and trough pptp conection masquerade works. IP addresses on the pptp conection is from same range (192.168.3.0/24). In this moment the internet suitable only trough pptp connection, but this is unacceptable decision.

Please give me idea…