Hello, I bought a little HAp Lite Rouer and did a very basic AP Bridge of all the lan ports setup.
Followed this tutorial (https://www.youtube.com/watch?v=fwz54tyT5rg&list=PLxAiIeBixyz_CHXAckKJafWNa0G4wR4SF&index=2&t=287s)
On the firewall I did a NAT rule I did the recommended srcnat / Masquerade setup. Everything seemed to be working and I can connect to the internet through the LAN ports as well as the W-LAN port. The only problem that I found is that I have an Openhabian server running and the cloud connector is not able to connect to the proxy server. Also node red has a Projects node where you can push your setup to a Repository, this is also blocked.
All of this does work if I connect directly to the LTE router so I am pretty sure that the Microtk router block some port of sort.
open in notepad++ and copy here. (ensure for client WANIP that its removed).
Just a note, much of hte stuff on youtube is outdated or full of extra unecessary garbage.
The default rules are good to go out of the box.
Will have you up and running in no time.
One question. Do you wish users on the same LAN as the server to access the server via dyndns name/url as well as external users??
Thankyou for the feedback! - All the local devices must have access to the Server. Openhab has a Cloud Proxy Server ( I hope I named it correctly) Using the Cloud Connector “Plugin” You use a key and system ID that then connects to the cloud server. I then have access to the server without the need to do Portfarward as it is linked to my Openhab account,
The main reason for getting the router is to monitor the internet traffic and possibly block some of the devices that do not need the internet. ( For instance, I have an old DVR and when I had the router running I could see, via Torch, that it constantly was sending packets to some remote server, So that I would want to block
As suggested I reset the router and accepted the default settings. ( Note I got two separate default configs 1 when you do a hard reset and the other a soft reset, soft reset had the config that I wanted)
Everything seems to be working and I will go through all the settings to see what they all do , thank you for the “push” in the right direction.
Just one last question, for now . I notice that there is a significant difference between the LAN connection speed and the Wifi port - The wifi is at full ISP speed but the lan is severely throttled. If I do a file download from think board on my PC Ill go a max download speed of 20k but on my phone connected to the Wifi with the phones mobile network switched off it will download at 20m.
Where should I look to see how the lan ports is limited.
Attached is the default config file. newConfig.rsc (3.74 KB)
Thank you for the feedback , I have made the change as suggested but it does not make any difference to the download speed of the LAN connection. The maximum download speed that I can get , so far , was about 3.5M in Speed test , if I change the connection to Wifi it will go up to 15M, My isp provides a 20m connection.
I have also compared the two interfaces but can see any apparent differences. Any ideas?
Yes the presentation as Jotne noted is possible with the code links…
I will look to see if I see anything.
(1) Here is the main error I see.
/ip address
add address=192.168.8.1/24 comment=defconf interface=ether2 network=
192.168.8.0
should be
add address=192.168.8.1/24 comment=defconf interface**=bridge** network=
192.168.8.0
(2) slight modification needed here. The order of rules is important so move the block internet rule after the invalid rule… like so.
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=“Block users from Accessing Internet”
src-address-list=“Block Internet”
I have made the changes as suggested. But with no luck. What makes this difficult is that the W-Lan and ether2 is part of the same bridge so why is the eth port been throttled and not the W-lan port.
This is what the relevant setting looks lke now
You have to be careful,
All I asked you to do was move that block internet forward chain rule down from where it was to below the forward chain invalid rule.
It looks like you did something different… ?? (why do you have the invalid input chain rule there, it belongs in the input chain??)
Did you change the IP address as Jotne noted. I didnt state that one because he already covered it!!
/ip address
add address=192.168.8.1/24 comment=defconf interface=ether2 network=
192.168.8.0
should be
add address=192.168.8.1/24 comment=defconf interface**=bridge** network=
192.168.8.0
I am more concerned that you learn from the help vice get the config right LOL.
In other words, if we are putting all the interfaces on the bridge, and the bridge is providing DHCP, I hope you can see that mixing the config between bridge and eth2 is wrong.
Eth2 is not in play its simply like any other ethernet interface now on the router that is connected to the bridge
Correct I did the change the Bridge, but it did not make any difference. From what I could understand all the traffic will run through the firewall and the rules will apply to all the interfaces. Same with the bridge so why would there be a difference in internet speed?
Could be but it was the first thing that I checked, also if I connect the same cable directly into the LTE Rouer I get the full speed. Keep in mind that I used the default settings from the router. I also swapped out the cables just for incase.
