Community discussions

MikroTik App
 
mo8a
newbie
Topic Author
Posts: 27
Joined: Thu Aug 05, 2021 5:12 pm

probleme access internet from LAN

Mon Aug 09, 2021 11:57 am

hello friends,

please need help, i can't give access to internet from my mikrotik to my LAN.
my network is :
MY LAN ===> Mikrotik ==> Modem ISP ===> internet

my export :
export 

# aug/09/2021 10:54:58 by RouterOS 6.47.10

# software id = 

#

# model = RBD52G-5HacD2HnD

# serial number = 

/interface bridge

add admin-mac= auto-mac=no comment=defconf name=bridge

/interface pppoe-client

add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-77D1EA wireless-protocol=802.11

set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-77D1EB wireless-protocol=802.11

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip hotspot profile

set [ find default=yes ] html-directory=flash/hotspot

/ip pool

add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/ip dhcp-server

add address-pool=default-dhcp disabled=no interface=bridge name=defconf

/interface bridge port

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=wlan1

add bridge=bridge comment=defconf interface=wlan2

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=ether1 list=WAN

/ip address

add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

/ip dhcp-client

add comment=defconf disabled=no interface=ether1

/ip dhcp-server network

add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns

set allow-remote-requests=yes

/ip dns static

add address=192.168.88.1 comment=defconf name=router.lan

/ip firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/system clock

set time-zone-name=Europe/Paris

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN



thanks
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: probleme access internet from LAN

Mon Aug 09, 2021 12:58 pm

Do you get an IP from your ISP on ehter1.

Type:
/ip address print where interface=ether1
 
mo8a
newbie
Topic Author
Posts: 27
Joined: Thu Aug 05, 2021 5:12 pm

Re: probleme access internet from LAN

Mon Aug 09, 2021 1:11 pm

.
yes, because my WAN ( ether1 ) is on mode " DHCP-client" and it's take the IP from my modem ISP
[admin@MikroTik] > ip address print where interface=ether1
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                         
 0 D 192.168.1.27/24    192.168.1.0     ether1                                                                                                            
[admin@MikroTik] > 

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: probleme access internet from LAN

Mon Aug 09, 2021 2:09 pm

it looks like you dont have an ISP modem then. You have an ISP modem/router that is giving you a private IP address, not a public IP address.
Still you should be able to reach the internet with your config??

Ahh pppoe.....
Okay you need to add this to your interface list members.
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN

small note:
You can set this to NONE, keep winbox mac server rule as is,
but plain mac server is a potential security item that doesnt need to be....
/tool mac-server
set allowed-interface-list=LAN

Who is online

Users browsing this forum: No registered users and 22 guests