Hi folks,
I’ve been trying understand what I’m doing wrong by looking for other forum threads but am clearly missing something pretty obvious.
I’m trying to setup something relatively straightforward: RB951G===>CCR-1009===>Internet. The RB951G is connected to the CCR-1009 (IP: 192.168.0.1) via Ethernet (Eth2). The plan is to have clients connect to a SSID offered by the RB951G, obtain IP from the DHCP server on the CCR-1009 and then get connected to the Internet. I’d like to be able to VLAN this traffic so I can get a Guest AP setup later but right now I’m having problems with basic connectivity.
I have left the RB951G in Router mode and assigned a static IP (192.168.0.X subnet) in IP > Addresses. In IP > Routes, there is a dynamic route for the 192.168.0.X subnet, and I added a 0.0.0.0/0 route with the gateway set to IP of the CCR-1009. I’ve also added an entry in IP>DNS for the CCR-1009 IP address.
At the moment, I am not able to ping the IP address of the gateway from the RB951G or any Internet host. Due to this, no client can successfully get an IP address from the SSID running on the RB951G. However, I am able to successfully ping other hosts on the LAN which has me quite puzzled.
Appreciate any advice on what I’m doing wrong and how I should fix it!
At the moment, there are some firewall rules active. Here is the current list:
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1-gateway
add action=accept chain=forward comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=forward comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=forward comment="default configuration" \
connection-state=invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
yes out-interface=ether1-gateway