Having an issue where I cannot access the internet from my 2nd bridge that I have set up. Devices can connect to the bridge and obtain an ip from the DHCP server, but no internet access. Internet is provided by my ISP's router (192.168.178.1) and is accessible from bridge1. I'm sure I have missed a route or firewall rule but I am at a loss.
Any help would be greatly appreciated.
Code: Select all
# may/29/2021 19:32:05 by RouterOS 6.48.3
# software id = 5EX9-JBRW
#
# model = CRS326-24G-2S+
# serial number = DA750C2D3BEF
/interface bridge
add name=Sales_Bridge
add admin-mac=48:8F:5A:B3:E0:D3 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=Sales_Bridge name=Sales_Vlan vlan-id=100
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=Sales_Bridge lease-time=1h \
name=dhcp2
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=Sales_Bridge comment=defconf interface=ether5
add bridge=Sales_Bridge comment=defconf interface=ether6
add bridge=Sales_Bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add interface=bridge list=LAN
add interface=Sales_Vlan list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
add address=192.168.178.151/24 interface=ether1 network=192.168.178.0
add address=192.168.100.0/24 interface=Sales_Bridge network=192.168.100.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
add address=192.168.100.0/24 gateway=192.168.100.1
/ip dns
set servers=192.168.178.1,8.8.8.8
/ip firewall address-list
add address=192.168.88.0/24 list=LAN
/ip firewall filter
add action=drop chain=forward connection-state=invalid
add action=drop chain=input connection-state=invalid
add action=accept chain=input connection-state=established
add action=drop chain=input
add action=accept chain=forward connection-state=new src-address-list=LAN
add action=accept chain=forward connection-state=related
add action=accept chain=input src-address-list=LAN
add action=accept chain=forward connection-state=established
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input dst-port=53 in-interface-list=LAN protocol=tcp
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward in-interface=bridge out-interface-list=WAN \
src-address=192.168.88.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
192.168.88.0/24
/ip route
add distance=1 gateway=192.168.178.1
/system clock
set time-zone-name=Pacific/Auckland
/system routerboard settings
set boot-os=router-os