I currently have two RB4011's on two separate properties, a couple of KM apart. They both have pretty simple configurations with a DHCP running on each. Router A has an ADSL connection on port 1 that it gets very slow internet from. Router B has a fiber connection on Port 1, which I want to share with Router A via a radio link.
Both routers have a Unifi radio connected on Port 10, as shown on the picture attached. The radios, and port 10 on both routers, are on their own subnet, being 192.168.20.0/24. There are two further radios at the top of a hill that are wired together to create two wireless legs, as there isn't line of sight between the properties. If I connect the radio at router B to a NAS etc, instead of the router, I can happily access it on the subnet 192.168.192.0/24, so I am happy that the radio links function.
From the reading I have done so far, I know that I need to create a route on Router A to point at port 10 on Router B - I have done this via
Code: Select all
add distance=1 gateway=192.168.20.6
I have included the config from Router A here, in the hope that a couple of small additions/changes will see me on the right path. I can post router B if required, it's just a bit of a trek to get it - while I can see B from A, I can't access it. I am thinking that I might need to do something with the firewall on Router A, and just let Router B do all the work - seems to be double-handling for packets to go through two firewalls.
Any advice is greatly appreciated - I've been able to follow a few guides to get me this far but haven't been able to find one that explains just what I am trying to do - or at least that I could understand.
Code: Select all
# jul/21/2021 21:13:38 by RouterOS 6.48.1
# software id = XNUF-D3YG
#
# model = RB4011iGS+
# serial number = XXXX
/interface bridge
add admin-mac=08:55:31:9E:BB:20 auto-mac=no comment=defconf name=bridge
add disabled=yes name=bridge1
/interface ethernet
set [ find default-name=ether10 ] name="NanoBeam PoE"
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=XXXX
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add fri=6h-22h mon=6h-22h name=Teresa sun=6h-22h thu=6h-22h tue=6h-22h wed=6h-22h
add fri=6h-22h30m mon=6h-22h30m name=Katelyn sat=6h-22h30m sun=6h-22h30m thu=6h-22h30m tue=6h-22h30m wed=6h-22h30m
/ip pool
add name=dhcp ranges=192.168.192.175-192.168.192.245
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/user group
add name=homeassistant policy=read,test,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge interface="NanoBeam PoE"
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface="NanoBeam PoE" list=WAN
/ip address
add address=192.168.192.1/24 comment=defconf interface=bridge network=192.168.192.0
add address=192.168.20.1/24 interface="NanoBeam PoE" network=192.168.20.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.192.111 comment="Shelly 1 Front Gate Light Switch" mac-address=40:F5:20:00:84:F5 server=defconf
add address=192.168.192.112 comment="Shelly 1 Front Gate Control" mac-address=E0:98:06:94:EA:4C server=defconf
add address=192.168.192.30 mac-address=C8:2B:96:02:A8:2E server=defconf
add address=192.168.192.76 client-id=1:3e:f8:ea:76:21:1c mac-address=3E:F8:EA:76:21:1C server=defconf
add address=192.168.192.75 client-id=1:24:5e:be:3:79:8d mac-address=24:5E:BE:03:79:8D server=defconf
add address=192.168.192.6 comment="Workshop Aruba Switch" mac-address=F4:03:43:07:BB:A0 server=defconf
add address=192.168.192.80 client-id=1:b8:ae:ed:71:77:64 comment="TV Lounge NUC" mac-address=B8:AE:ED:71:77:64 server=defconf
add address=192.168.192.20 client-id=1:80:2a:a8:4f:f9:cc mac-address=80:2A:A8:4F:F9:CC server=defconf
add address=192.168.192.40 client-id=1:24:f2:7f:c0:d4:b4 mac-address=24:F2:7F:C0:D4:B4 server=defconf
add address=192.168.192.43 client-id=1:24:f2:7f:c0:d3:e6 mac-address=24:F2:7F:C0:D3:E6 server=defconf
add address=192.168.192.41 client-id=1:38:17:c3:c4:58:aa mac-address=38:17:C3:C4:58:AA server=defconf
add address=192.168.192.21 client-id=1:f0:9f:c2:2f:14:da comment="Front Gate Camera" mac-address=F0:9F:C2:2F:14:DA server=defconf
add address=192.168.192.23 client-id=1:f0:9f:c2:2f:41:56 comment="Front Door Camera" mac-address=F0:9F:C2:2F:41:56 server=defconf
add address=192.168.192.22 client-id=1:f0:9f:c2:14:ae:3 comment="Driveway Camera" mac-address=F0:9F:C2:14:AE:03 server=defconf
add address=192.168.192.24 client-id=1:80:2a:a8:cc:6b:6f comment="Tool Room Camera" mac-address=80:2A:A8:CC:6B:6F server=defconf
add address=192.168.192.55 client-id=1:b8:27:eb:1b:ba:8 mac-address=B8:27:EB:1B:BA:08 server=defconf
add address=192.168.192.77 client-id=1:e6:94:7:ac:11:8d comment="Sheree's Work iPhone" mac-address=E6:94:07:AC:11:8D server=defconf
add address=192.168.192.34 client-id=ff:5d:e2:6c:15:0:2:0:0:ab:11:e0:9:e3:c8:ec:6a:4:20 mac-address=52:54:00:08:19:5E server=defconf
add address=192.168.192.74 client-id=1:a8:db:3:5:e7:13 mac-address=A8:DB:03:05:E7:13 server=defconf
add address=192.168.192.78 client-id=1:c0:11:73:c:d7:ed mac-address=C0:11:73:0C:D7:ED server=defconf
add address=192.168.192.12 client-id=1:bc:30:5b:d3:ad:5e comment="UnRaid R710 iDRAC" mac-address=BC:30:5B:D3:AD:5E server=defconf
add address=192.168.192.44 client-id=1:38:17:c3:c4:59:28 mac-address=38:17:C3:C4:59:28 server=defconf
add address=192.168.192.7 comment="Unifi Flex Mini - Lounge" mac-address=74:AC:B9:AB:E8:E8 server=defconf
add address=192.168.192.4 client-id=1:f0:9f:c2:9:d4:6a comment="Unifi Tool Room Switch-8 150W" mac-address=F0:9F:C2:09:D4:6A server=defconf
add address=192.168.192.5 client-id=1:74:ac:b9:1e:6:eb comment="House Switch-8" mac-address=74:AC:B9:1E:06:EB server=defconf
add address=192.168.192.3 client-id=1:80:2a:a8:5d:b7:a0 comment="House Switch-8 150W" mac-address=80:2A:A8:5D:B7:A0 server=defconf
add address=192.168.192.2 client-id=1:b4:fb:e4:d0:72:6a comment="Gun Room Switch-24" mac-address=B4:FB:E4:D0:72:6A server=defconf
add address=192.168.192.25 client-id=1:24:52:6a:2d:ee:9 mac-address=24:52:6A:2D:EE:09 server=defconf
add address=192.168.192.26 client-id=1:24:52:6a:2d:ed:e0 mac-address=24:52:6A:2D:ED:E0 server=defconf
add address=192.168.192.113 comment="Shelly 1PM - Hot Water Cylinder" mac-address=98:F4:AB:B8:D2:89 server=defconf
add address=192.168.192.79 client-id=1:f4:4d:30:67:4a:4f comment="Server Room Nuc" mac-address=F4:4D:30:67:4A:4F server=defconf
add address=192.168.192.110 client-id=1:0:15:5d:c0:e5:3 comment="Home Assistant VM on Server Room Nuc" mac-address=00:15:5D:C0:E5:03 server=defconf
add address=192.168.192.114 comment="Shelly 1 Workshop High Bay Lights" mac-address=E8:DB:84:D3:3D:3D server=defconf
add address=192.168.192.70 client-id=1:a8:a1:59:64:a7:70 comment="Office PC" mac-address=A8:A1:59:64:A7:70 server=defconf
/ip dhcp-server network
add address=192.168.192.0/24 comment=defconf dns-server=192.168.192.100 gateway=192.168.192.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.192.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=192.168.192.0/24 src-address=192.168.192.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN src-address=192.168.192.0/24
/ip kid-control device
add mac-address=94:54:CE:CD:7D:FD name="Teresa Phone" user=Teresa
add mac-address=7E:A9:46:8A:E8:8C name="Katelyn Phone" user=Katelyn
/ip route
add distance=1 gateway=192.168.20.6
/ip service
set www address=192.168.192.0/24
set www-ssl disabled=no
set api address=192.168.192.0/24
/system clock
set time-zone-name=Pacific/Auckland
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN