[SOLVED] Can't access PCs, NAS via LAN but via Wifi is OK

RouterOS Beginner Basics
1

Hello,

I have some problems: made a basic setup of MikroTik 951G-2HnD pppoe works, internet works, but I can’t access
PCs and NAS which I have on my LAN, but I can access them via Wifi.
Port 1 of Mikrotik is connected to ADSL modem, then everything is connected to Mikrotik via LAN: PC1 (fixed IP - 192.168.1.7),PC2 (fixed ip - 192.168.1.8 ),PC3(fixed ip - 192.168.1.9),NAS(fixed ip - 192.168.1.10).
I can ping NAS via LAN but can’t connect to it or access SMB shares, but when I use wifi connection on any PC - I can access NAS or other PCs with no problem. My config is below.

/interface bridge 
add admin-mac=D4:CA:6D:93:62:55 ageing-time=5m arp=enabled auto-mac=no \ 
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \ 
    name=bridge-local priority=0x8000 protocol-mode=rstp transmit-hold-count=\ 
    6 
/interface ethernet 
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \ 
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:93:62:54 \ 
    master-port=none mtu=1500 name=ether1-gateway speed=100Mbps 
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \ 
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:93:62:55 \ 
    master-port=none mtu=1500 name=ether2-master-local speed=100Mbps 
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \ 
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:93:62:56 \ 
    master-port=ether2-master-local mtu=1500 name=ether3-slave-local speed=\ 
    100Mbps 
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \ 
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:93:62:57 \ 
    master-port=ether2-master-local mtu=1500 name=ether4-slave-local speed=\ 
    100Mbps 
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \ 
    disabled=no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:93:62:58 \ 
    master-port=ether2-master-local mtu=1500 name=ether5-slave-local speed=\ 
    100Mbps 
/interface ethernet switch 
set 0 mirror-source=none mirror-target=none name=switch1 
/interface wireless security-profiles 
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \ 
    group-ciphers=aes-ccm group-key-update=5m interim-update=0s \ 
    management-protection=disabled management-protection-key="" mode=\ 
    dynamic-keys name=default radius-eap-accounting=no radius-mac-accounting=\ 
    no radius-mac-authentication=no radius-mac-caching=disabled \ 
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \ 
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\ 
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \ 
    static-sta-private-algo=none static-sta-private-key="" \ 
    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\ 
    none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=\ 
     wpa2-pre-shared-key=\ 
/interface wireless 
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 area="" \ 
    arp=enabled band=2ghz-b/g basic-rates-a/g=6Mbps basic-rates-b="" \ 
    bridge-mode=enabled channel-width=20mhz compression=no country=\ 
    no_country_set default-ap-tx-limit=0 default-authentication=yes \ 
    default-client-tx-limit=0 default-forwarding=yes dfs-mode=none \ 
    disable-running-check=no disabled=no disconnect-timeout=3s distance=\ 
    indoors frame-lifetime=0 frequency=2437 frequency-mode=manual-txpower \ 
    frequency-offset=0 hide-ssid=yes ht-ampdu-priorities=0 ht-amsdu-limit=\ 
    8192 ht-amsdu-threshold=8192 ht-basic-mcs=\ 
    mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any \ 
    ht-rxchains=0,1 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-\ 
    6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-1\ 
    7,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" ht-txchains=0,1 \ 
    hw-fragmentation-threshold=disabled hw-protection-mode=none \ 
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\ 
    D4:CA:6D:93:62:59 max-station-count=2007 mode=ap-bridge mtu=1500 \ 
    multicast-helper=default name=wlan1 noise-floor-threshold=default \ 
    nv2-cell-radius=30 nv2-noise-floor-offset=default nv2-preshared-key="" \ 
    nv2-qos=default nv2-queue-count=2 nv2-security=disabled \ 
    on-fail-retry-time=100ms periodic-calibration=default \ 
    periodic-calibration-interval=60 preamble-mode=both \ 
    proprietary-extensions=post-2.9.25 radio-name=D4CA6D936259 \ 
    rate-selection=advanced rate-set=configured scan-list=default \ 
    security-profile=default ssid= station-bridge-clone-mac=\ 
    00:00:00:00:00:00 supported-rates-a/g=\ 
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\ 
    "" tdma-period-size=2 tx-power=6 tx-power-mode=card-rates \ 
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\ 
    none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled \ 
    wireless-protocol=802.11 wmm-support=disabled 
/interface wireless manual-tx-power-table 
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9M\ 
    bps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:\ 
    17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,H\ 
    T40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-\ 
    7:17" 
/interface wireless nstreme 
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\ 
    3200 framer-policy=none 
/ip hotspot profile 
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\ 
    hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\ 
    cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \ 
    split-user-domain=no use-radius=no 
/ip hotspot user profile 
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \ 
    shared-users=1 status-autorefresh=1m transparent-proxy=no 
/ip ipsec proposal 
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \ 
    lifetime=30m name=default pfs-group=modp1024 
/ip pool 
add name=default-dhcp ranges=192.168.88.10-192.168.88.254 
add name=dhcp_pool1 ranges=192.168.1.30-192.168.1.76 
add name=dhcp_pool2 ranges=192.168.1.30-192.168.1.76 
/ip dhcp-server 
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\ 
    static disabled=no interface=bridge-local lease-time=3d name=dhcp1 
/ppp profile 
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\ 
    default use-encryption=default use-mpls=default use-vj-compression=\ 
    default 
set 1 change-tcp-mss=yes name=default-encryption only-one=default \ 
    use-compression=default use-encryption=yes use-mpls=default \ 
    use-vj-compression=default 
/interface pppoe-client 
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \ 
    dial-on-demand=no disabled=no interface=ether1-gateway max-mru=1480 \ 
    max-mtu=1480 mrru=disabled name=pppoe-out password= \ 
    profile=default service-name="" use-peer-dns=yes user=\ 
     
/queue type 
set 0 kind=pfifo name=default pfifo-limit=50 
set 1 kind=pfifo name=ethernet-default pfifo-limit=50 
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5 
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \ 
    red-limit=60 red-max-threshold=50 red-min-threshold=10 
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5 
set 5 kind=none name=only-hardware-queue 
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default 
set 7 kind=pfifo name=default-small pfifo-limit=10 
/routing bgp instance 
set default as=65530 client-to-client-reflection=yes disabled=no \ 
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\ 
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \ 
    redistribute-static=no router-id=0.0.0.0 routing-table="" 
/routing ospf instance 
set [ find default=yes ] disabled=no distribute-default=never in-filter=\ 
    ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \ 
    metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \ 
    out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \ 
    redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \ 
    router-id=0.0.0.0 
/routing ospf area 
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\ 
    backbone type=default 
/snmp community 
set [ find default=yes ] addresses="" authentication-password="" \ 
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\ 
    DES name=public read-access=yes security=none write-access=no 
/system logging action 
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory 
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \ 
    disk-stop-on-full=no name=disk target=disk 
set 2 name=echo remember=yes target=echo 
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \ 
    syslog-facility=daemon syslog-severity=auto target=remote 
/user group 
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\ 
    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default 
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\ 
    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default 
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\ 
    winbox,password,web,sniff,sensitive,api" skin=default 
/interface bridge port 
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \ 
    interface=ether2-master-local path-cost=10 point-to-point=auto priority=\ 
    0x80 
add bridge=bridge-local disabled=no edge=auto external-fdb=auto horizon=none \ 
    interface=wlan1 path-cost=10 point-to-point=auto priority=0x80 
/interface bridge settings 
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\ 
    no 
/interface ethernet switch port 
set 0 vlan-header=leave-as-is vlan-mode=disabled 
set 1 vlan-header=leave-as-is vlan-mode=disabled 
set 2 vlan-header=leave-as-is vlan-mode=disabled 
set 3 vlan-header=leave-as-is vlan-mode=disabled 
set 4 vlan-header=leave-as-is vlan-mode=disabled 
set 5 vlan-header=leave-as-is vlan-mode=disabled 
/interface l2tp-server server 
set authentication=pap,chap,mschap1,mschap2 default-profile=\ 
    default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=\ 
    1460 mrru=disabled 
/interface ovpn-server server 
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\ 
    default enabled=no keepalive-timeout=60 mac-address=FE:42:1E:F3:19:99 \ 
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no 
/interface pptp-server server 
set authentication=mschap1,mschap2 default-profile=default-encryption \ 
    enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled 
/interface sstp-server server 
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\ 
    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\ 
    disabled port=443 verify-client-certificate=no 
/interface wireless access-list 
/interface wireless align 
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\ 
    00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \ 
    frames-per-second=25 receive-all=no ssid-all=no 
/interface wireless sniffer 
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \ 
    multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\ 
    no streaming-max-rate=0 streaming-server=0.0.0.0 
/interface wireless snooper 
set channel-time=200ms multiple-channels=yes receive-errors=no 
/ip accounting 
set account-local-traffic=no enabled=no threshold=256 
/ip accounting web-access 
set accessible-via-web=no address=0.0.0.0/0 
/ip address 
add address=192.168.1.1/24 comment="default configuration" disabled=no \ 
    interface=wlan1 network=192.168.1.0 
/ip dhcp-client 
add add-default-route=yes comment="default configuration" \ 
    default-route-distance=1 disabled=yes interface=ether1-gateway \ 
    use-peer-dns=yes use-peer-ntp=yes 
/ip dhcp-server config 
set store-leases-disk=5m 
/ip dhcp-server network 
add address=192.168.1.0/24 dhcp-option="" dns-server="" gateway=192.168.1.1 \ 
    ntp-server="" wins-server="" 
/ip dns 
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \ 
    max-udp-packet-size=4096 servers=8.8.8.8 
/ip dns static 
add address=192.168.88.1 disabled=no name=router ttl=1d 
/ip firewall connection tracking 
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \ 
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \ 
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \ 
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \ 
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s 
/ip firewall filter 
add action=accept chain=input comment="Added by webbox" disabled=no protocol=\ 
    icmp 
add action=accept chain=input comment="Added by webbox" connection-state=\ 
    established disabled=no in-interface=pppoe-out 
add action=accept chain=input comment="Added by webbox" connection-state=\ 
    related disabled=no in-interface=pppoe-out 
add action=drop chain=input comment="Added by webbox" disabled=no \ 
    in-interface=pppoe-out 
add action=jump chain=forward comment="Added by webbox" disabled=no \ 
    in-interface=pppoe-out jump-target=customer 
add action=accept chain=customer comment="Added by webbox" connection-state=\ 
    established disabled=no 
add action=accept chain=customer comment="Added by webbox" connection-state=\ 
    related disabled=no 
add action=drop chain=customer comment="Added by webbox" disabled=no 
/ip firewall nat 
add action=masquerade chain=srcnat comment="Added by webbox" disabled=no \ 
    out-interface=pppoe-out 
/ip firewall service-port 
set ftp disabled=no ports=21 
set tftp disabled=no ports=69 
set irc disabled=no ports=6667 
set h323 disabled=no 
set sip disabled=no ports=5060,5061 sip-direct-media=yes 
set pptp disabled=no 
/ip hotspot service-port 
set ftp disabled=no ports=21 
/ip neighbor discovery 
set ether1-gateway disabled=yes 
set ether2-master-local disabled=no 
set ether3-slave-local disabled=no 
set ether4-slave-local disabled=no 
set ether5-slave-local disabled=no 
set wlan1 disabled=yes 
set bridge-local disabled=no 
set pppoe-out disabled=yes 
/ip proxy 
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \ 
    cache-on-disk=no enabled=no max-cache-size=unlimited \ 
    max-client-connections=600 max-fresh-time=3d max-server-connections=600 \ 
    parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\ 
    no src-address=0.0.0.0 
/ip service 
set telnet address="" disabled=no port=23 
set ftp address="" disabled=no port=21 
set www address="" disabled=no port=80 
set ssh address="" disabled=no port=22 
set www-ssl address="" certificate=none disabled=yes port=443 
set api address="" disabled=yes port=8728 
set winbox address="" disabled=no port=8291 
/ip smb 
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\ 
    all 
/ip smb shares 
set [ find default=yes ] comment="default share" directory=/pub disabled=no \ 
    max-sessions=10 name=pub 
/ip smb users 
set [ find default=yes ] disabled=no name=guest password="" read-only=yes 
/ip socks 
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080 
/ip traffic-flow 
set active-flow-timeout=30m cache-entries=4k enabled=no \ 
    inactive-flow-timeout=15s interfaces=all 
/ip upnp 
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes 
/ip upnp interfaces 
add disabled=no interface=ether1-gateway type=internal 
add disabled=no interface=ether2-master-local type=internal 
add disabled=no interface=ether3-slave-local type=internal 
add disabled=no interface=ether4-slave-local type=internal 
add disabled=no interface=ether5-slave-local type=internal 
add disabled=no interface=wlan1 type=internal 
add disabled=no interface=bridge-local type=internal 
add disabled=no interface=pppoe-out type=external 
/mpls 
set dynamic-label-range=16-1048575 propagate-ttl=yes 
/mpls interface 
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508 
/mpls ldp 
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \ 
    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \ 
    use-explicit-null=no 
/port firmware 
set directory=firmware ignore-directip-modem=no 
/ppp aaa 
set accounting=yes interim-update=0s use-radius=no 
/queue interface 
set ether1-gateway queue=only-hardware-queue 
set ether2-master-local queue=only-hardware-queue 
set ether3-slave-local queue=only-hardware-queue 
set ether4-slave-local queue=only-hardware-queue 
set ether5-slave-local queue=only-hardware-queue 
set wlan1 queue=wireless-default 
/radius incoming 
set accept=no port=3799 
/routing bfd interface 
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \ 
    multiplier=5 
/routing mme 
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \ 
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\ 
    0.0.0.0 timeout=1m ttl=50 
/routing rip 
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \ 
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \ 
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \ 
    routing-table=main timeout-timer=3m update-timer=30s 
/snmp 
set contact="" enabled=no engine-id="" location="" trap-generators="" \ 
    trap-target="" trap-version=1 
/system clock 
set time-zone-name= 
/system clock manual 
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\ 
    "jan/01/1970 00:00:00" time-zone=+00:00 
/system identity 
set name=MikroTik 
/system leds 
set 0 disabled=no interface=wlan1 leds=wlan-led type=wireless-status 
/system logging 
set 0 action=memory disabled=no prefix="" topics=info 
set 1 action=memory disabled=no prefix="" topics=error 
set 2 action=memory disabled=no prefix="" topics=warning 
set 3 action=echo disabled=no prefix="" topics=critical 
/system note 
set note="" show-at-login=yes 
/system ntp client 
set enabled=yes mode=unicast primary-ntp=79.142.192.4 secondary-ntp=\ 
    91.236.251.5 
/system resource irq 
set 0 cpu=auto 
set 1 cpu=auto 
set 2 cpu=auto 
set 3 cpu=auto 
/system routerboard settings 
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\ 
    600MHz force-backup-booter=no silent-boot=no 
/system upgrade mirror 
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\ 
    0.0.0.0 user="" 
/system watchdog 
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\ 
    none watchdog-timer=yes 
/tool bandwidth-server 
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\ 
    100 
/tool e-mail 
set address=0.0.0.0 from=<> password="" port=25 starttls=no user="" 
/tool graphing 
set page-refresh=300 store-every=5min 
/tool mac-server 
set [ find default=yes ] disabled=yes interface=all 
add disabled=no interface=ether2-master-local 
add disabled=no interface=ether3-slave-local 
add disabled=no interface=ether4-slave-local 
add disabled=no interface=ether5-slave-local 
add disabled=no interface=wlan1 
add disabled=no interface=bridge-local 
/tool mac-server mac-winbox 
set [ find default=yes ] disabled=yes interface=all 
add disabled=no interface=ether2-master-local 
add disabled=no interface=ether3-slave-local 
add disabled=no interface=ether4-slave-local 
add disabled=no interface=ether5-slave-local 
add disabled=no interface=wlan1 
add disabled=no interface=bridge-local 
/tool mac-server ping 
set enabled=yes 
/tool sms 
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret="" 
/tool sniffer 
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\ 
    "" filter-mac-address="" filter-mac-protocol="" filter-port="" \ 
    filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \ 
    only-headers=no streaming-enabled=no streaming-server=0.0.0.0 
/tool traffic-generator 
set latency-distribution-scale=10 test-id=0 
/user aaa 
set accounting=yes default-group=read exclude-groups="" interim-update=0s \ 
    use-radius=no
2

You have created two bridges and assigned one port only (ether2, as master of 3,4,5) to the first, and wlan1 to the other.
Only wlan1 does have an IP address, so no routing from the ethernet port bridge.
I suggest you remove one bridge, put both ether2 and wlan into that bridge, and assign one DHCP server to it.
Also remove one of the two IP pools for serving the same subnet.

could you also please show us
/export compactfor better readiness.

[edit]
After reading your config again, I found that you did not create two bridges, so everything looked ok.
Only comment is the two IP pools, but that can not do any harm.
Maybe it has something to do with DNS?
Or, just for testing, what happens if you add al the ether ports into the bridge, and do not use master-port setting?
[/edit]

3

I have RouterOS 5.25 installed. Have used the default config RouterOS offers as base settings.
Not sure if it has something to do with DNS, internet via pppoe works OK when on LAN or WLAN with all devices I have.

Or, just for testing, what happens if you add al the ether ports into the bridge, and do not use master-port setting?

Did it - no changes.
Not able to connect via SMB or HTTP but still able to ping. Strange.

/interface bridge
add admin-mac=D4:CA:6D:93:62:55 auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g basic-rates-b="" bridge-mode=disabled disabled=no distance=\
    indoors frequency=2437 hide-ssid=yes ht-rxchains=0,1 ht-txchains=0,1 l2mtu=\
    2290 mode=ap-bridge rate-set=configured ssid=Rampard supported-rates-b="" \
    tx-power=6 tx-power-mode=card-rates
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway name=\
    pppoe-out password= use-peer-dns=yes user=\
/interface wireless nstreme
set wlan1 enable-polling=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=passthrough \
    mode=dynamic-keys wpa-pre-shared-key= wpa2-pre-shared-key=\
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.1.30-192.168.1.76
add name=dhcp_pool2 ranges=192.168.1.30-192.168.1.76
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=bridge-local name=dhcp1
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/interface wireless access-list
add interface=wlan1 mac-address=
add interface=wlan1 mac-address=
add interface=wlan1 mac-address=
add interface=wlan1 mac-address=
add interface=wlan1 mac-address=
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
    bridge-local
/ip dhcp-client
add comment="default configuration" interface=ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=,
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="Added by webbox" protocol=icmp
add chain=input comment="Added by webbox" connection-state=established \
    in-interface=pppoe-out
add chain=input comment="Added by webbox" connection-state=related \
    in-interface=pppoe-out
add action=drop chain=input comment="Added by webbox" in-interface=\
    pppoe-out
add action=jump chain=forward comment="Added by webbox" in-interface=\
    pppoe-out jump-target=customer
add chain=customer comment="Added by webbox" connection-state=established
add chain=customer comment="Added by webbox" connection-state=related
add action=drop chain=customer comment="Added by webbox"
/ip firewall nat
add action=masquerade chain=srcnat comment="Added by webbox" out-interface=\
    pppoe-out to-addresses=0.0.0.0
/ip neighbor discovery
set ether1-gateway disabled=yes
set wlan1 disabled=yes
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=ether1-gateway type=internal
add interface=ether2-master-local type=internal
add interface=ether3-slave-local type=internal
add interface=ether4-slave-local type=internal
add interface=ether5-slave-local type=internal
add interface=wlan1 type=internal
add interface=bridge-local type=internal
add interface=pppoe-out type=external
/system clock
set time-zone-name=Europe
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=79.142.192.4 secondary-ntp=\
    91.236.251.5
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
4

Sounds very strange. Almost think that it has something to do with the NAS itself.
What if you connect directly or with plain switch?

5

NAS is connected directly to MikroTik and I use a NAS already for more than 6 months on the same LAN before it was connected to a simple 5-port GLAN switch and ADSL modem (Zyxel) was acting as the router. Very strange, because I can access NAS SMB shares via LAN for several seconds and then i can’t do it anymore. :open_mouth:
Firewall was disabled of course. Will check it with Mac connected to my LAN.
Have checked many times: connect everything via a simple GLAN switch (and ADSL modem as router) - everything works, connect everything via MikroTik - NAS not accessible. :frowning:

6

I’ve just checked with iMac connected via GLAN to MikroTik - everything works fine! Very strange issue with Win7 (tried with 2 different PCs!) and access to a NAS made by Synology. Can’t fix it at the moment. But why does it work well when the NAS is connected to a GLAN switch :open_mouth: The same network, the same computers and NAS, only one thing is different is MikroTik router.


P.S. Any idea how I can check how packets are going to NAS? Tracert shows no problem. Did route -f - no changes. When NAS is accessed by client connected via LAN - not working, the same client but accesses via WLAN or via iMac - works well.

7

The solution:

NAS MTU is set to 9000, PC1, PC2 MTU was also set to 9000, wifi MTU was default - 1500, iMac MTU was also default - 1500.
Have changed PCs MTUs to default - everything works FINE!!! Now need to change MTU in MikroTik to 9000 so I can speed up my GLAN. How to do it? Manually can’t make it 9000.

8

It depends on your hardware (MT version) what’s your max MTU.
I have an 2011 and the max MTU is somewhere around 4092.
I had tried before to fool around with the MTU but could not find a proper config. I don’t understand MTU values agtetall I guess.

9

I use MikroTik 951G-2HnD and Max MTU for it is 4074 :frowning: Strange. My simple GLAN switch has Large MTU support by default e.g. 9k. So what to do with NAS? It has 9k MTU now and it reduces CPU load for it.

P.S. Strange that with 9k MTU setting in PCs and NAS these devices have working internet connection but problems inside of LAN.