Unable to route between devices

RouterOS Beginner Basics
1

Hi,

I’m new here. Bought Mikrotik, looks super-exciting, except the fact I’m unable to make it work (moment of shame). I am trying to achieve the following setup:

Ideas are the following:

  1. Physically connected devices are within 10.0.1.1/29 subnet
  2. Wirelessly connnected are 10.0.2.1/29
  3. All devices can talk to each other, subject to specific firewall rules (e.g allow access to 10.0.1.4:80 only from 10.0.1.2)
  4. DHCP server checks to what port device is connected and compares its MAC address before providing a lease. All devices that are trying to connect with a static IP are routed to /dev/null.
  5. ARP cache is preconfigured (e.g whatever is connected to eth1 needs to have a certain MAC address and will be forced to use predefined IP address)
    Bonus tasks for feature:
  6. Freeradius/Squid/Privoxy running on eth4/Raspberry, add appropriate rules to forward the traffic.

Here is the initial config: http://pastebin.com/D42NKq2C. Client connected to LAN is receiving IP address from the pool, but I can’t ping the router or ping the device from the router…
Can I bug the support with these questions? Find someone with whom we can chat on IRC/Jabber/Skype/Whatever? :slight_smile:

Thanks a lot!

2

Two problems:

  • You have 10.0.1.0/29 on LAN and 10.0.1.1 on WAN. No matter how big is WAN subnet, 10.0.1.1 overlaps with LAN /29. If you don’t want to complicate things, you need different subnets.
  • 10.0.1.0/29 is network address, you need some other one for router.

To prevent other devices from connecting, you can enable add-arp=yes for DHCP server, add static leases based on MAC addresses, and then set arp=reply-only for bridge interface. It will take care of devices with manually assigned IP addresses.