I disabled the wAP's firewall rules, I stripped all extra configuration, but I still can not get internet sharing to work...
I can happily ping or traceroute with the lte1 interface, so I have a connection, but where the following was enough with an LTE USB dongle in the hAP, the wAP with its LTE card refuse to work:
/ip firewall nat add action=masquerade chain=srcnat out-interface=lte1
I have no internet when being connected to the wAP nor the hAP.
My config so far:
# feb/22/2018 19:32:12 by RouterOS 6.41.2
# software id = ET4X-ZJMR
#
# model = RouterBOARD wAP R-2nD
# serial number = 8287076F0592
/interface lte
set [ find ] mac-address=02:1E:10:1F:00:00 name=lte1
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-95CFF4 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
# DHCP server can not run on slave interface!
add address-pool=default-dhcp disabled=no interface=wlan1 name=defconf
/port
set 0 name=usb1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=WAN
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf disabled=yes interface=wlan1 list=LAN
add comment=defconf interface=lte1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=wlan1 network=\
192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
add dhcp-options=hostname,clientid disabled=no interface=lte1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=lte1
/system clock
set time-zone-name=Europe/Paris
/system identity
set name="MikroTik wAP"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
The DHCP server on wlan1 (default config) is still there for the moment to be able to connect to the wAP by WiFi for testing. The single eth1 port is connected to the hAP and it receives an IP from that device as expected.
What could be the problem?
I had to put the lte1 interface in a WAN list in order to be able to add the latter to the bridge as well. Why can I not add the lte1 interface directly? It simply does not show up in the dropdown list of the bridge ports.