Hi Guys, have a little problem, and I'll do my best to outline my network so you can better understand the situation.
I have a Rb433AH with a 5Ghz wlan card that connects the routerboard to the internet (routerboard has 2 public ip addresses set Ip address A and Ip address B). a cable comes off that down to a cisco router with a public ip address (Ip address A). I just installed a 2.4Ghz wlan card in the rb433 and want to distribute that out to local users and I want them on local ip addresses (10.1.0.1- 10.1.0.249) and I want them to access the internt through Ip address B. problem is that there are multiple public ip addresses routed through the link, so as it sits right now, the rb433 is acting as a bridge to the cisco. I need to set up Nat on the 2.4GHz card so that anyone that connects to the 2.4AP with an ip in the 10.1.0.0/24 address space can access the internet, but I don't want that to affect anything else.
I believe I am to use SRC-NAT but it doesn't seem to be working, as I can't get outside of the local network with the 2.4 clients. I have the 2.4 and 5GHz cards in seperate bridges, whereas the 5Ghz card is in bridge 1 along with ether1, and the 2.4Ghz card is in bridge 2 by itself.
can anyone shed some light on this most likely minor issue?
thanks,
Re: RE: NAT and secondary IP
Let's call the 2.4 wlan2 for discussion.
Bridge2 can be removed, it is not needed. The following are the minimum configurations, more detailed settings can better secure your network. Do the following:
/ip address add address=10.1.0.1/24 interface=wlan2
/ip pool add name=pool1 ranges=10.1.0.2-10.1.0.254
/ip dhcp-server network add address=10.1.0.0/24 gateway=10.1.0.1 dns-server=10.1.0.1
/ip dhcp-server add interface=wlan2
/ip dns set allow-remote-requests=yes primary-dns=<insert dns ip here>
If the IP Address B is able to be assigned to bridge1 directly, then assign IP-B to bridge1 and then do:
/ip firewall nat add chain=srcnat action=masquerade
If, however, the IP-B is part of a block that has been routed to the IP address of the 5Ghz wlan, then do the following instead (based on your description of bridging the 5g wlan and the ether though, I doubt this is the case):
/ip firewall nat add chain=srcnat action=src-nat to-addresses=<IP Address B> out-interface=bridge1
Hopefully I haven't steered you wrong here.
Bridge2 can be removed, it is not needed. The following are the minimum configurations, more detailed settings can better secure your network. Do the following:
/ip address add address=10.1.0.1/24 interface=wlan2
/ip pool add name=pool1 ranges=10.1.0.2-10.1.0.254
/ip dhcp-server network add address=10.1.0.0/24 gateway=10.1.0.1 dns-server=10.1.0.1
/ip dhcp-server add interface=wlan2
/ip dns set allow-remote-requests=yes primary-dns=<insert dns ip here>
If the IP Address B is able to be assigned to bridge1 directly, then assign IP-B to bridge1 and then do:
/ip firewall nat add chain=srcnat action=masquerade
If, however, the IP-B is part of a block that has been routed to the IP address of the 5Ghz wlan, then do the following instead (based on your description of bridging the 5g wlan and the ether though, I doubt this is the case):
/ip firewall nat add chain=srcnat action=src-nat to-addresses=<IP Address B> out-interface=bridge1
Hopefully I haven't steered you wrong here.
Who is online
Users browsing this forum: jokker and 61 guests