Hi !
I can’t figure out this solution, please HELP !
Device: mAP lite
Wireless network: 192.168.0.0/24 , AP: 192.168.0.1
I need to connect the mAP to the wireless network, and have a PC to connected to the mAP wired LAN port.
mAP has am ip: 192.168.0.88
PC got an IP 192.168.0.100 (in bridged mode)
I can ping the mAP from the PC, can ping default gw (192.168.0.1), i have internet.
I can setup bridged or router mode, i have internet on PC, can ping any IP address on the wifi network, can ping the IP of the mAP,use WinBox from the PC BUT:

• can’t ping the mAP from the Wifi network, Winbox can’t see the device.
• can’t ping the PC from the Wifi network.
  The solution i need:
• Attach the mAP to the Wifi network (as client)
• The PC on the LAN port use DHCP to got IP from the same adresses in the WIFI network
• I need access the PC via i’ts IP address from Wifi network
• I need access the mAP via it’s IP address from Wifi network.

Regards,
Gabor Rajnai

What AP is used? Mikrotik too?
Client Isolation active?

hi
please send here
/interface bridge export
/ip firewall export

Hi !
Ap is Ubiquity unify AP. Client isolation disabled

I’m not at home atm, at weekend i will post the configs. Thank you.

You need to use Station pseudo bridge

station-bridge mode works only with RouterOS APs.and provides support for transparent protocol-independent L2 bridging on the station device.
https://wiki.mikrotik.com/wiki/Manual:Wireless_Station_Modes

Soo, i changed the configuration to router mode. I used quickset → CAP (login to my wfi network) ->router mode ->nat , DHCP server. Now i have an IP address from my WifI network (192.168.0.xx). The GW is 192.168.0.1. The lan client computer got Ip from 192.168.88.10-100 range (currently 192.168.88.10). The Internet is working, but cant connect any of my devices on my network, neither can’t ping the Mikrotik ip address (currently 192.168.0.101) from the Wifi side. I can access MikrotIk via Winbox from the LAN port.

[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 192.168.0.1 1
1 ADC 192.168.0.0/24 192.168.0.101 wlan1 0
2 ADC 192.168.88.0/24 192.168.88.1 bridge 0

[admin@MikroTik] >> /interface bridge export

feb/02/2019 16:46:24 by RouterOS 6.43.8

software id = HCDT-XYBU

model = RouterBOARD mAP L-2nD

serial number = 95DA097B52C4

/interface bridge
add comment=defconf name=bridge
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=wlan1
add bridge=bridge interface=ether1

[admin@MikroTik] > /ip firewall export

feb/02/2019 16:47:19 by RouterOS 6.43.8

software id = HCDT-XYBU

model = RouterBOARD mAP L-2nD

serial number = 95DA097B52C4

/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=
invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=
out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=WAN

So my goal to access devices on my wifi network (192.168.0.xx) can ping, and login ssh to Mikrotik via Wifi IP address (192.168.0.101) and access the LAN side machine via rdp protocoll (3389) form WIFi side. But i’m absolutelly rookie in the routeros… Its more like cisco cmd line configuration, and that one is what i always missed somehow.

I figured out something, now i can ping the Mikrotik, can connect via ssh and winbox, but the 3389 port foward not working to the pc. This is the last requirement, soo please help. I post the firewall nat and filters: (The PC lan address is 192.168.88.252, mikrotik lan address 192.168.88.1 , mikrotik wan (wifi) address 192.168.0.101)

[admin@MikroTik] /ip firewall> export

feb/02/2019 19:24:52 by RouterOS 6.43.8

software id = HCDT-XYBU

model = RouterBOARD mAP L-2nD

serial number = 95DA097B52C4

/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP”
connection-nat-state=“” connection-type=“” in-interface=wlan1 protocol=icmp
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input dst-port=22 protocol=tcp
add action=accept chain=forward dst-port=3389 protocol=tcp
add action=accept chain=forward dst-port=3389 protocol=udp
add action=accept chain=input protocol=icmp
add action=accept chain=forward connection-nat-state=dstnat disabled=yes
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=
invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” ipsec-policy=
out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=3389 protocol=tcp to-addresses=
198.168.88.252
add action=accept chain=dstnat dst-port=3389 protocol=udp
add action=accept chain=dstnat dst-port=22 protocol=tcp
add action=accept chain=dstnat dst-port=8291 protocol=tcp src-address-list=“”
add action=dst-nat chain=dstnat protocol=icmp to-addresses=192.168.88.1

Did you change this?

Yepp i tried the whole setting in station pseudobridge → And Success !!!
I can see the PC on lan port witch is got IP from Accespoint via DHCP relay on wlan1 port.
I can ping the IP address of the mikrotik (all in the same ip range from the accespoint), and can connect via winbox and ssh. I had to dig in into the configuration modes, just didn’t came easy…
And finally i can wake-up the pc via WOL command from the Mikrotik tools …