Client --> Mikrotik-->pihole-->Mikrotik as a DNS--> internet
The issue is that after creating the subnet (192.168.188.0/24) , the newly created subnet cant communicate to the other subnet, neither it has internet access. Also, there are other apps/devices on the new subnet, those devices will need internet access. Any help regarding how to fix this issue will be highly appreciated.Here is my configuration:
Code: Select all
# may/13/2021 08:15:52 by RouterOS 6.48.2
# model = RouterBOARD 962UiGS-5HacT2HnT
/interface bridge
add admin-mac=xxxxxx auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether3 ] advertise=\
100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
password=xxxxx user=xxxxxxx
/interface wireless
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=pinet ranges=192.168.188.20-192.168.188.40
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=pinet disabled=no interface=ether5 name=pinetDHCP
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set rp-filter=loose
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether5 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=192.168.188.1/24 comment=pinet interface=ether5 network=\
192.168.188.0
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.88.245 client-id=1:bc:5f:f4:8a:a0:2 mac-address=\
xxxxxx server=defconf
add address=192.168.88.246 client-id=1:10:dd:b1:b0:32:3d mac-address=\
xxxxxx server=defconf
add address=192.168.88.247 client-id=1:0:26:bb:68:22:82 mac-address=\
xxxxxx server=defconf
add address=192.168.88.4 client-id=1:dc:a6:32:44:f:f8 mac-address=\
xxxxxx server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.188.0/24 comment=pinet gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=2d query-server-timeout=100ms \
query-total-timeout=5s servers=1.1.1.1,1.0.0.1 use-doh-server=\
https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns static
add address=192.168.88.1 name=router.lan
add address=104.16.248.249 name=cloudflare-dns.com
add address=104.16.249.249 name=cloudflare-dns.com
/ip firewall address-list
add address=192.168.88.2-192.168.88.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
not_in_internet
add address=192.168.188.20-192.168.188.40 list=allowed_to_router
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allow ADMIN to Router" \
in-interface-list=LAN src-address-list=allowed_to_router
add action=accept chain=input in-interface-list=LAN port=53 protocol=tcp
add action=accept chain=input in-interface-list=LAN port=53 protocol=udp
add action=drop chain=input
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=forward comment=" Allow Port Forwarding - DSTNAT" \
connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface=\
bridge out-interface-list=WAN
add action=drop chain=forward comment="Drop All Else"
add action=drop chain=forward dst-port=53 in-interface-list=WAN protocol=tcp
add action=drop chain=forward dst-port=53 in-interface-list=WAN protocol=udp
/ip firewall mangle
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add check-gateway=ping distance=1 gateway=104.16.248.249 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=to_ISP1
add check-gateway=ping distance=2 gateway=104.16.249.249 routing-mark=to_ISP1
add distance=1 dst-address=104.16.248.249/32 gateway=pppoe-out1 scope=10
add distance=1 dst-address=104.16.249.249/32 gateway=pppoe-out1 scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=
set api disabled=yes
set winbox address=192.168.88.0/24
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Asia/Dhaka
/system logging
add topics=wireless,debug
add disabled=yes topics=dns
/system ntp client
set enabled=yes server-dns-names=\
0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
/system scheduler
add interval=1d name=reboot on-event="system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jun/07/2020 start-time=05:05:00
add interval=2w1d name="Package upgrade" on-event=\
"system package update install" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jun/23/2020 start-time=04:00:00
add interval=2w1d name="Routerboard Upgrade" on-event=":global Var1\r\
\n:global Var2\r\
\n:set Var1 \"\$[/system package get system version]\"\r\
\n:set Var2 \"\$[/system routerboard get current-firmware]\"\r\
\n:if (\$Var1>\$Var2) do={/system routerboard upgrade;\r\
\n/system reboot;\r\
\n}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jun/23/2020 start-time=04:10:00
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no/code]