Community discussions

MikroTik App
 
dermawas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Sat Jul 10, 2021 7:06 am

Help in analyzing new setup

Sat Jan 14, 2023 5:01 am

Hi All,

this is my 2nd mikrotik and a new one to set up.
and I'm stuck.
not sure what I missed out in the configuration, but i cannot get internet access for clients.
I am sure that I've enabled NAT Masquerade but still not able to get the client to get acces

my topology as such
4G modem - RB-941 - Clients.

Internet access from RB941 = works OK
Internet access from clients = not ok.
# jan/14/2023 09:54:25 by RouterOS 6.49.7
# software id = T9PD-VUT8
#
# model = RB941-2nD
# serial number = HCR087MNR5P
/interface bridge
add name=Bridge_LAN
/interface list
add name=WAN
add name=Sys
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip,aes-ccm mode=\
    dynamic-keys name=E3User supplicant-identity="" unicast-ciphers=\
    tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge \
    security-profile=E3User ssid=E3Cipanas
/ip pool
add name=LAN ranges=192.168.27.2-192.168.27.254
add name=Sys ranges=192.168.88.2-192.168.88.10
/ip dhcp-server
add add-arp=yes address-pool=LAN disabled=no interface=Bridge_LAN lease-time=\
    12h name=DHCP_LAN
add add-arp=yes address-pool=Sys disabled=no interface=ether4 name=DHCP_Sys
/interface bridge port
add bridge=Bridge_LAN interface=ether2
add bridge=Bridge_LAN interface=ether3
add bridge=Bridge_LAN interface=wlan1
/interface bridge settings
set use-ip-firewall=yes
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=\
    LAN wan-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add interface=ether4 list=Sys
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=wlan1 list=LAN
add interface=ether4 list=LAN
/ip address
add address=192.168.88.1/24 interface=ether4 network=192.168.88.0
add address=192.168.27.1/24 interface=Bridge_LAN network=192.168.27.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,1.1.1.1,1.0.0.1
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input connection-state=new dst-port=53 \
    in-interface-list=LAN protocol=udp
add action=accept chain=input in-interface-list=LAN
add action=drop chain=input comment="drop all else"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=accept chain=forward comment="allow internet traffic" \
    in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" \
    connection-nat-state=dstnat disabled=yes
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set winbox address=192.168.27.0/24,192.168.88.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Asia/Jakarta
/system identity
set name=Marge
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
my setup export as above.
Please help to point out if there is anything that I've missed out that causes the problem.
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Help in analyzing new setup  [SOLVED]

Sat Jan 14, 2023 5:21 am

I don’t see “/ip dhcp-server network gateway=…”
 
dermawas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Sat Jul 10, 2021 7:06 am

Re: Help in analyzing new setup

Sat Jan 14, 2023 5:32 am

I don’t see “/ip dhcp-server network gateway=…”
omg..... :shock: okay, i've added. :shock: and rebooted.
will update if this works. Thank you!


edit:
yep this works.... thank you so very much :-D
 
dermawas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Sat Jul 10, 2021 7:06 am

Re: Help in analyzing new setup

Sat Jan 14, 2023 5:40 am

Ok, it works from Admin Port & LAN port.
but from wlan still cannot access internet.
wlan is under 1 bride as lan.
this should work right ?

Who is online

Users browsing this forum: 0xAA55, Bing [Bot], DanMos79, holvoetn and 53 guests