RB750Gr2 with ROS 6.41 basic config help

scottma61 · January 6, 2018, 6:42pm

In over my head. Things are working, but not correctly. At some point I switched to ROS 6.41 and I think that messed up my 'Master-port'/Bridging. Excerpts on my config export are below. My setup needs are pretty basic as follows:

DSL PPPoe modem setup as a transparent bridge with a static IP assigned by the ISP going to ether1
want to setup ether2 - ether 5 as a switch, all LAN ports
Will use 192.168.0.1 as the gateway
Want DHCP set up with a range of 192.168.0.129 - 192.168.0.254 (I have a lot of static ports I establish in the 192.168.0.2 - 192.168.0.128 range)
Want all the internal IPs (192.168.0.xxx) to get DNS and NTP from the DHCP (gateway?)

I do not think my bridge is correct. I can only find configs on how to setup my hardware under pre-6.41 which says to use the 'master-port' functionality, that is apparently not used in 6.41+?
Much of the existing configuration was copied/adapated from other forum advice and most likely was mis-applied my me, so do not assume I know what I am doing or it was done as it is intentionally. Any guidance on how to get my basic setup configured optimally would be greatly appreciated. If you need additional information to help, just ask. Thank you.
[admin@MikroTik] > /export hide-sensitive

jan/06/2018 11:03:27 by RouterOS 6.41

software id = HDX9-JM2V

model = RouterBOARD 750G r2

serial number = 64FC0621ACBC

/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-master
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-WAN name=pppoe-out1 use-peer-dns=yes user=username@qwest.net
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.0.129-192.168.0.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge interface=ether2-master
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1-WAN list=WAN
add interface=bridge list=LAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.0.1/24 interface=ether2-master network=192.168.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1-WAN
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=205.171.3.65,205.171.2.65,8.8.8.8,8.8.4.4 gateway=192.168.0.1 netmask=24 ntp-server=
69.28.90.107,129.6.15.29
/ip dns
set allow-remote-requests=yes servers=205.171.3.65,205.171.2.65,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.0.1 name=router
/ip firewall address-list
add address=192.168.0.0/24 list=internal-nets
add address=65.100.XXX.XX list=external-nets
add address=192.168.0.50 comment=ScottNAS-1 list=customer-servers
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes
in-interface=pppoe-out1
add action=accept chain=input disabled=yes protocol=icmp
add action=accept chain=input connection-state=established disabled=yes
add action=accept chain=input connection-state=related disabled=yes
add action=drop chain=input disabled=yes in-interface=pppoe-out1
add chain=input comment="Accept established connections" connection-state=established
add chain=input comment="Accept related connections" connection-state=related
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid
add action=accept chain=input comment=UDP protocol=udp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add action=accept chain=input comment="From our LAN" in-interface=bridge src-address=192.168.0.0/24
add action=log chain=input comment="Log everything else" log-prefix="DROP INPUT"
add action=drop chain=input comment="Drop everything else"
add action=accept chain=input comment="Allow limited pings" nth=2,2
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=local dst-port=80 protocol=tcp to-addresses=192.168.0.50 to-ports=80
add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-address-type=local dst-port=443 protocol=tcp to-addresses=192.168.0.50 to-ports=
443
add action=masquerade chain=srcnat dst-address-type="" src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=pppoe-out1