Community discussions

MikroTik App
 
Zen11t
just joined
Topic Author
Posts: 1
Joined: Tue Aug 24, 2021 9:40 pm

no internet on 2nd bridge=wlan

Tue Aug 24, 2021 9:50 pm

Hi Guys!

I need some help:
My setup:

ether1: WAN port with static IP: 172.16.20.11/24 DHCP server address:172.16.0.2 DNS server address: 172.16.0.9
wlan0: 192.168.88.0/24 with DHCP server
ether3: I want to forward all traffic from this port to WAN(ether1) --->this works fine!

My problem is that my wifi clients get IP from 192.168.88.0/24 range but no internet access.

Thank you for all the help!

admin@MikroTik-AP1] > /export hide-sensitive  

# aug/08/2021 10:58:33 by RouterOS 6.48.3

# software id = 8UTZ-Y547

#

# model = CRS109-8G-1S-2HnD

# serial number = 883C07E37159

/interface bridge

add name=bridge1

add admin-mac=64:D1:54:B3:C7:AF auto-mac=no comment=defconf name=bridge2

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=hungary disabled=no frequency=auto mode=ap-bridge ssid=ap1 wps-mode=disabled

/interface ethernet

set [ find default-name=ether2 ] disabled=yes

set [ find default-name=ether4 ] disabled=yes

set [ find default-name=ether5 ] disabled=yes

set [ find default-name=ether6 ] disabled=yes

set [ find default-name=ether7 ] disabled=yes

set [ find default-name=ether8 ] disabled=yes

set [ find default-name=sfp1 ] disabled=yes

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik

/ip pool

add name=dhcp ranges=192.168.88.10-192.168.88.254

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge2 name=defconf

/interface bridge port

add bridge=bridge1 comment=defconf interface=ether3

add bridge=bridge2 comment=defconf interface=wlan1

add bridge=bridge1 interface=ether1

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface list member

add comment=defconf interface=bridge2 list=LAN

add comment=defconf interface=bridge1 list=WAN

/ip address

add address=172.16.20.11/16 interface=ether1 network=172.16.0.0

add address=192.168.88.0/24 interface=bridge2 network=192.168.88.0

/ip dhcp-client

add comment=defconf interface=ether1

/ip dhcp-server network

add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24

/ip dns

set allow-remote-requests=yes servers=172.16.0.9

/ip dns static

add address=192.168.88.1 comment=defconf name=router.lan

/ip firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yes

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: no internet on 2nd bridge=wlan

Wed Aug 25, 2021 3:55 am

1. You only need one bridge (get rid of bridge1)

2. What friggen subnet do you intend to use on ethernet 3, you only have one pool defined????

3. No need to create an extra bridge for a subnet on an etherport, just assign the subnet to the etheport directly

4.. YOUR WAN PORT ether1 should be removed from the bridge!


5. You dont assign etherport to wans LOL, what one does is make routing decisions at the proper place in the config............

6. add comment=defconf interface=bridge1 list=WAN
change bridge1 to Ether1

In summary, you need to clarify how many groups of users you have and what they should or should not be able to do.

Who is online

Users browsing this forum: baragoon, sokalsondha and 44 guests