I already connected my Raspberry Pi into the CRS125-24G-1S-IN (Router 2) through USB and the same is recognized as an LTE device by RouterOS. I have the CRS125 (Router 2) connected to a hEX S (Router 1) 300 meters from me, which is where the WAN - ONT (fiber converter) is connected.
Strangely enough, sometimes I can't ping or SSH my Raspberry Pi at it's subnet - 192.168.0.1 from my PC. I added the masquerade rule with out interface as the Raspberry Pi (LTE) on the CRS125(Router 2). When the Pi is accessible, in order to reach the Internet (WAN) that is located on Router 1 I also need to add a masquerade rule on Router 2 for the out interface: bridge, which slows down drastically the Router 2 performance and internet speed.
I basically need the Pi to have a stable connection with my computer and to access WAN (Internet). I'm also wondering how should I setup my firewall to use my Public IP address - 192.45.67.193 for accessing the website and mail server. I'm aware about basic forwarding rules for ports 80, 443, 993 so far. But no idea how to apply the basic principles on Mikrotik as I'm still learning it.
Here is the full diagram of my current setup including all the config files for both routers: hEX S - Router 1:
Code: Select all
/interface bridge
add admin-mac=*************** auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] comment=WAN (ONT)
set [ find default-name=ether3 ] comment=WIFI
set [ find default-name=ether4 ] comment=DEVICE
set [ find default-name=ether5 ] comment=ROUTER_2
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add interface=ether2 name=vlan10 vlan-id=10
add interface=ether2 name=vlan30 vlan-id=30
/interface pppoe-client
add add-default-route=yes comment=ISP disabled=no interface=vlan10 \
keepalive-timeout=disabled name=pppoe-out1 password=***** service-name=\
use-peer-dns=yes user=****@*****
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add disabled=no interface=vlan30
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan30
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface=pppoe-out1
CRS125-24G-1S-IN - Router 2:
Code: Select all
/interface bridge
add name=bridge1
/interface lte
set [ find ] name=lte1
/ip pool
add name=dhcp_pool0 ranges=\
192.168.88.1-192.168.88.2,192.168.88.4-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether4 comment=PC
add bridge=bridge1 interface=ether2 comment=ROUTER_1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.88.3/24 interface=bridge1 network=192.168.88.0
add address=192.168.1.1/24 interface=lte1 network=192.168.1.0
/ip dhcp-client
add disabled=no interface=lte1
add disabled=no interface=bridge1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.3
/ip firewall nat
add action=masquerade chain=srcnat out-interface=lte1
Any help is very appreciated! Thanks