Routing between wireless and wired machines

I have a small network set up, but things aren’t working as expected.

See the drawing below:

http://74.204.57.123/tmp/wireless.pdf

on the left end, is an AP of non-MikroTik origin. I connect to it
with one of the wlan’s on an RB433 (wlan1). This works fine. And, I can
currently reach the internet from 192.168.88.5. To do this, I
instituted a NAT firewall. The NAT firewall has action=masquerade,
OutIface=wlan1, srcnat chain. I have a DHCP server running on the bridge,
and on wlan2, I can wirelessly connect and get an IP.

But, my wlan2 connected wireless devices cannot reach the internet.
They need to be able to both reach the internet and connect to servers
on the 192.168.88.5 machine.

The hardware for the right end is not yet built up yet. So, I’m running the 433
set up for a wds bridge, without the other end of the bridge in place yet.

I set up a bridge on the 433, called it wds-bridge, and it has ports to ether1
and to wlan2. If I add a port to wlan1, everything gets gummed up.

On wlan2, I have wds mode = dynamic, and default wds bridge is wds-bridge.

I intend for the right hand 711 wlan1 to be a station, but it might be neat to
set it up as a ap bridge, and use it to extend the wireless network coverage.

The 433’s wlan2, wds-bridge, and ether1 all have 192.168.88.x static addresses assigned.
wlan1 gets it’s address via the DHCP client.

I know I’m missing something basic so far… just coming up blank on what it is. Any
pointers will be appreciated. What do I need to get to the internet and the 192.168.88.x network?

murf

I see no reason why to use WDS. Reset your wlan2 settings, set it as AP bridge.
Now, create regular Bridge:
/interface bridge add name=LAN

Add ports to that bridge (ether 1 and wlan2)
/interface bridge add bridge=LAN interface=ether1
/interface bridge add bridge=LAN interface=wlan2

Now, set single DHCP server on the bridge interface LAN.
Masquarade setting keep same, it is correct.
Make sure that you set network in dhcp:
/ip dhcp-server network add address=192.168.88.0/24 netmask=24 gateway=192.168.88.1 dns-server=192.168.88.1
without this, connected computers will not know default gateway or dns server so they will not be able to send pakets outside the LAN. You can use different DNS server, but if you chose to use RBs DNS, set Allow Remote Request to yes:
/ip dns allow-remote-request=yes

Also, make sure if you set the gateway and DNS on all computers with static IP.
I hope this will solve your proble. If not, write me back with exportet settings and I will try to solve it.

Many thanks!

I turned off the wds on wlan2; I kept the bridge with its ports, just renamed it because
it had all the right ports.

It looks like my main failure was to define the network for the DHCP server. It’s not obvious
in the setup that it needs to be set up, but… it sure did make a difference!

I reconnected devices, and they could reach the internet, and could ping the .5 machine.
Again, many thanks.