I'm a new user of RouterOS (ROS 6.40.6 on CRS-112-8G-4S-IN with QCA8511 chip). After reading docs, examples and forum posts for some days I still struggle with part of my desired configuration, and hope to find help here.
What I wish to achieve is this:
- Ports ether2 and ether4 to be trunk ports for VLANs 10 and 20 (192.168.10.0/24 and 192.168.20.0/24). A Linux host is attached to each port. On those hosts I use Linux networking to strip the VLAN-ID, providing one VNIC per VLAN.
- VLAN20 is for communication between these two Linux hosts (and additional ones in the future). This part I have configured successfully; the Linux hosts can ping each other on VLAN20.
- VLAN10 is to provide internet access to the Linux hosts, and also to provide them an IP address that can receive incoming connections. This is what I struggle with achieving.
- Port ether1 is connected to our office network, and can be reached from there at 192.168.0.177. This is the address on which I connect to ROS for configuration.
My question is regarding VLAN10. How can I set-up srd/dst-NAT in such a way, that the Linux hosts can establish connections to the outside, and also be reachable for incoming connections from our office network?
Below I paste output of the /export command. Thank you very much in advance for taking the time to help me
-gerret
Code: Select all
# jan/16/2019 09:36:33 by RouterOS 6.40.6
# software id = E54T-4FHN
#
# model = CRS112-8G-4S
# serial number = 94DB074A5535
/interface bridge
add name=bridge10
/interface ethernet
set [ find default-name=ether1 ] name=ether1-master
set [ find default-name=ether3 ] master-port=ether1-master
set [ find default-name=ether5 ] master-port=ether1-master
set [ find default-name=ether6 ] master-port=ether1-master
set [ find default-name=ether7 ] master-port=ether1-master
set [ find default-name=ether8 ] master-port=ether1-master
set [ find default-name=sfp9 ] master-port=ether1-master
set [ find default-name=sfp10 ] master-port=ether1-master
set [ find default-name=sfp11 ] master-port=ether1-master
set [ find default-name=sfp12 ] master-port=ether1-master
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether2,ether4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge10 interface=ether2
add bridge=bridge10 interface=ether4
/interface bridge settings
set use-ip-firewall=yes
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2,ether4 vlan-id=20
add tagged-ports=ether2,ether4 vlan-id=10
/interface ethernet switch vlan
add ports=ether2,ether4 vlan-id=10
add ports=ether2,ether4 vlan-id=20
/ip address
add address=192.168.0.171/24 comment=defconf interface=ether1-master network=192.168.0.0
add address=192.168.10.1/24 interface=ether4 network=192.168.10.0
/ip route
add distance=1 gateway=192.168.0.1
/system clock
set time-zone-name=Europe/Prague