Community discussions

MUM Europe 2020
 
jabertwo
just joined
Topic Author
Posts: 1
Joined: Mon Jan 13, 2020 11:57 pm

Why dont I get internet on m LAN bridge when I have internet WAN Port?

Tue Jan 14, 2020 12:10 am

I am pretty new to mikrotik, have done some stuff succesfully already, but now I'm stuck:
I have a hEX PoE connected to my modem on the WAN interface. The WAN interface gets an ip address via DHCP. On the LAN interfaces I created a bridge, on which I run a DHCP server. For outgoing traffic on the WAN interface I have created a NAT rule. My problem is that I have internet (I am able to ping 8.8.8.8) on the WAN interface but I have no internet (cant ping 8.8.8.8) on the LAN interfaces.
I already tried adding a static route and every other selection I found online, but it didnt help. Maybe I am just using the wrong search terms.
Anyway I attached my config (export hide-sensitive).
config.rsc
You do not have the required permissions to view the files attached to this post.
 
techlord
newbie
Posts: 28
Joined: Mon Nov 18, 2019 4:33 pm

Re: Why dont I get internet on m LAN bridge when I have internet WAN Port?

Tue Jan 14, 2020 9:45 am

This may be a shot in the dark but I would remove dst-address=0.0.0.0/0 from

"/ip firewall nat
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 ipsec-policy=\
out,none out-interface=ether1"

Not sure how ROS evaluates that 0.0.0.0. I can't find anything else wrong with the config but I am not an experienced MK user.
 
mkx
Forum Guru
Forum Guru
Posts: 3616
Joined: Thu Mar 03, 2016 10:23 pm

Re: Why dont I get internet on m LAN bridge when I have internet WAN Port?

Tue Jan 14, 2020 11:21 am

Remove both static routes you have defined:
/ip route
add distance=1 gateway=ether1 pref-src=10.0.0.1
add distance=1 gateway=192.168.178.1

As ether1 (WAN) interface is configured dynamically using DHCP client, also WAN routes should come dynamically. And you can check actual settings using command /ip route print.
And as @techlord already wrote, unset the dst-address setting from NAT rule ...

BTW, your use case is pretty much what default config "CPE router" is all about ... is there any reason for you to create your own setup, crippling all the router security (firewall filters explicitly allow all connections to the router from wild internet)? I heartly suggest to reset RB to factory defaults and start from there, making only minimal changes (while making sure you understand the changes you want to perform).
BR,
Metod

Who is online

Users browsing this forum: CZFan, Google [Bot], zhirukhin and 62 guests