If I connect to any of the wifi, I can't ping the gateway so I have no internet.
The device connected to wifi gets the ip. I'm posting my configuration. Any help will be welcome.
Code: Select all
# feb/17/2018 08:56:43 by RouterOS 6.34.3
# software id = T1Q8-0MEJ
#
/caps-man channel
add band=2ghz-b/g/n frequency=2412 name=channel1 width=20
add band=2ghz-b/g/n frequency=2437 name=channel6 width=20
add band=2ghz-b/g/n frequency=2462 name=channel11 width=20
/interface bridge
add name="Bridge CCTV"
add name="Bridge Invitado"
add name="Bridge Oficina"
/interface ethernet
set [ find default-name=ether1 ] name="ether1 WAN0"
set [ find default-name=ether2 ] name="ether2 WAN1"
set [ find default-name=ether3 ] name="ether3 LAN"
set [ find default-name=ether4 ] name="ether4 - TOTA"
set [ find default-name=ether6 ] name="ether6 - LAN"
set [ find default-name=ether7 ] name="ether7 - WIFI"
/ip neighbor discovery
set "ether1 WAN0" discover=no
set "ether2 WAN1" discover=no
set "ether3 LAN" discover=no
set "ether4 - TOTA" discover=no
set ether5 discover=no
set "ether6 - LAN" discover=no
set "ether7 - WIFI" discover=no
set ether8 discover=no
set ether9 discover=no
set ether10 discover=no
set ether11 discover=no
set ether12 discover=no
set ether13 discover=no
/caps-man configuration
add comment="Config Invitado" country=argentina datapath.bridge="Bridge Invitado" name="CAGR - Invitado" security.authentication-types=wpa-psk,wpa2-psk security.encryption=aes-ccm \
security.group-encryption=aes-ccm ssid=Invitado
add comment="Red WIFI Privada" country=argentina datapath.bridge="Bridge Oficina" hide-ssid=yes name="CAGR - Privada" security.authentication-types=wpa-psk,wpa2-psk security.encryption=aes-ccm \
security.group-encryption=aes-ccm ssid=Privada
add comment="Config WIFI CCTV" country=argentina datapath.bridge="Bridge CCTV" name="CAGR - CCTV" security.authentication-types=wpa-psk,wpa2-psk security.encryption=aes-ccm security.group-encryption=\
aes-ccm ssid=CCTV
/ip firewall layer7-protocol
add name=BLOCKED regexp="^.+(facebook.com|youtube).*\$"
add name=WindowsUpdate regexp="^.+(update.microsoft|windowsupdate|download.microsoft|wustat|ntservicepack).*\\\$"
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.199
add name=dhcp_pool_WOficina ranges=192.168.10.10-192.168.10.254
add name=dhcp_pool_WInvitado ranges=192.168.11.10-192.168.11.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface="ether3 LAN" lease-time=1d name=dhcp1
# DHCP server can not run on slave interface!
add address-pool=dhcp disabled=no interface="ether6 - LAN" name=LAN
add address-pool=dhcp_pool_WOficina disabled=no interface="Bridge Oficina" name=dhcp2
add address-pool=dhcp_pool_WInvitado disabled=no interface="Bridge Invitado" name=dhcp3
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration="CAGR - Invitado" name-prefix=OficinaAP slave-configurations="CAGR - Privada,CAGR - CCTV"
/interface bridge port
add bridge="Bridge Oficina" disabled=yes interface="ether7 - WIFI"
add bridge="Bridge Oficina" interface="ether6 - LAN"
add bridge="Bridge Invitado" interface=ether8
/ip address
add address=192.168.0.1/24 interface="ether3 LAN" network=192.168.0.0
add address=200.5.110.86/30 disabled=yes interface="ether1 WAN0" network=200.5.110.84
add address=200.70.58.91/29 disabled=yes interface="ether2 WAN1" network=200.70.58.88
add address=192.168.10.1/24 comment="Direcciones Pool Oficina Oficina" interface="Bridge Oficina" network=192.168.10.0
add address=192.168.11.1 comment="Direcciones Pool Invitado" interface="Bridge Invitado" network=192.168.11.0
add address=192.168.12.1 comment="Direcciones Pool CCTV" interface="Bridge CCTV" network=192.168.12.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface="ether1 WAN0"
add dhcp-options=hostname,clientid disabled=no interface="ether4 - TOTA"
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.11.0/24 gateway=192.168.11.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.0.202 name=app.cagr
add address=192.168.0.127 name=nescribal.cagr
/ip firewall address-list
add address=192.168.0.100-192.168.0.230 list=allowed_to_router
add address=190.98.152.152-190.98.152.200 list=blocked_ips
add address=192.168.10.10-192.168.10.254 list=allowed_to_router_2
/ip firewall filter
add chain=input comment="default configuration" connection-state=established,related
add chain=input disabled=yes src-address-list=allowed_to_router
add chain=input disabled=yes src-address-list=allowed_to_router_2
add chain=input protocol=icmp
add action=drop chain=input disabled=yes log=yes log-prefix=droped
add action=drop chain=forward disabled=yes layer7-protocol=BLOCKED
/ip firewall mangle
add chain=prerouting disabled=yes dst-address=200.5.110.84/30 in-interface="ether3 LAN"
add chain=prerouting disabled=yes dst-address=200.70.58.88/29 in-interface="ether3 LAN"
add chain=prerouting dst-address=10.1.100.0/24 in-interface="ether3 LAN"
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes in-interface="ether1 WAN0" new-connection-mark=WAN0_conn
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes in-interface="ether2 WAN1" new-connection-mark=WAN1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface="ether4 - TOTA" new-connection-mark=WAN_TOTA_conn
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local in-interface="ether3 LAN" new-connection-mark=WAN0_conn per-connection-classifier=\
both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local in-interface="ether3 LAN" new-connection-mark=WAN0_conn per-connection-classifier=\
both-addresses:2/1
add action=mark-connection chain=prerouting comment="MARK CONN TOTA" connection-mark=no-mark in-interface="ether3 LAN" new-connection-mark=WAN_TOTA_conn
add action=mark-routing chain=prerouting connection-mark=WAN0_conn disabled=yes in-interface="ether3 LAN" new-routing-mark=to_WAN0
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=yes in-interface="ether3 LAN" new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting comment="MARK ROUTE TOTA" connection-mark=WAN_TOTA_conn in-interface="ether3 LAN" new-routing-mark=to_WAN_TOTA
add action=mark-routing chain=output connection-mark=WAN0_conn disabled=yes new-routing-mark=to_WAN0
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=yes new-routing-mark=to_WAN1
add action=mark-routing chain=output comment="OUT TOTA" connection-mark=WAN_TOTA_conn new-routing-mark=to_WAN_TOTA
add action=mark-packet chain=prerouting comment="Windows Update Marks" disabled=yes layer7-protocol=WindowsUpdate new-packet-mark=ms
/ip firewall nat
add action=masquerade chain=srcnat out-interface="ether1 WAN0"
add action=masquerade chain=srcnat out-interface="ether2 WAN1"
add action=masquerade chain=srcnat out-interface="ether4 - TOTA"
add action=masquerade chain=srcnat comment="NAT Wifi Invitado" out-interface="ether4 - TOTA" src-address=192.168.11.0/24
add action=masquerade chain=srcnat comment="NAT Red WIFI" disabled=yes src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment="Regla hairpin para WebServer 80" disabled=yes dst-address=192.168.0.202 dst-port=80 out-interface="ether3 LAN" protocol=tcp src-address=192.168.0.0/24
/ip route
add check-gateway=ping distance=1 gateway=200.5.110.85 routing-mark=to_WAN0
add check-gateway=ping distance=1 gateway=200.70.58.89 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=200.5.110.85
add distance=2 gateway=200.70.5[Codebox=text file=Untitled.txt][/Codebox]8.89