I'm currently trying out configurations so as to convert my network from Bridged to Routed.

I have a /24 for discussion purposes I’m calling it 1.1.1.0/24 that is being provided to me.

what we have
1 - Core Router 1.1.1.254
2 – Test Router A (Port 1: 1.1.1.130/24) (Port 2: 1.1.1.133/30) (Ports 3-5:192.168.1.1/24)
3 – Test Router B (Port 1: 1.1.1.134/30 this is Plugged into Test Router B Port 2)
My problem is that test Router B is showing the public IP 1.1.1.130 to the world and NOT 1.1.1.134

Test Router A Configuration:

/interface bridge
add l2mtu=1598 name="test"
add l2mtu=2290 name="test 59"
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=NOPCS \
supplicant-identity="" wpa-pre-shared-key=xxxxxxxxx wpa2-pre-shared-key=\
xxxxxxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
20/40mhz-ht-below disabled=no frequency=2437 l2mtu=2290 mode=ap-bridge \
security-profile=test ssid="test"
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.59.1-192.168.59.10
add name=dhcp_pool2 ranges=1.1.1.134
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface="test 59" lease-time=1d \
name="test 59"
add address-pool=dhcp_pool2 interface=ether2 lease-time=1d name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge="test 59" interface=ether3
add bridge="test 59" interface=ether4
add bridge="test 59" interface=ether5
add bridge="test 59" interface=wlan1
add bridge="test Office" interface=ether6
add bridge="test Office" interface=ether7
add bridge="test Office" interface=ether8
add bridge="test Office" interface=ether9
add interface=ether1
add interface=ether2
/ip address
add address=192.168.59.254/24 interface="test 59" network=192.168.59.0
add address=1.1.1.130/24 interface=ether1 network=1.1.1.0
add address=192.168.1.1/24 interface="test Office" network=192.168.1.0
add address=1.1.1.133/30 interface=ether2 network=1.1.1.132
/ip dhcp-server network
add address=192.168.59.0/24 dns-server=1.1.1.254,8.8.8.8,4.2.2.1 \
gateway=192.168.59.254
add address=1.1.1.132/30 dns-server=\
1.1.1.133,1.1.1.254,8.8.8.8 gateway=1.1.1.133
/ip dns
set allow-remote-requests=yes servers=1.1.1.254,8.8.8.8
/ip route
add distance=1 gateway=1.1.1.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8\
,ether9,ether10"

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

Test Router B Configuration:

/interface bridge
add name=TEST59
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no l2mtu=2290 mode=\
ap-bridge
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys wpa-pre-shared-key=xxxxxxxxx wpa2-pre-shared-key=\
xxxxxxxxxxxx
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.59.1-192.168.59.10
add name=dhcp_pool2 ranges=192.168.2.1-192.168.2.10
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=TEST59 lease-time=1d name=\
dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=TEST59 interface=ether3
add bridge=TEST59 interface=ether4
add bridge=TEST59 interface=ether5
add bridge=TEST59 interface=wlan1
/ip address
add address=192.168.59.254/24 disabled=yes interface=TEST59 network=\
192.168.59.0
add address=1.1.1.132/30 interface=ether1 network=1.1.1.134
add address=192.168.2.254/24 interface=TEST59 network=192.168.2.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.254 gateway=192.168.2.254
add address=192.168.59.0/24 dns-server=192.168.59.254 gateway=192.168.59.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.254,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=1.1.1.133
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1

My guess is your masq rule on a's config. You most likely don't want that.

Sent from my SCH-I545 using Tapatalk

My guess is your masq rule on a's config. You most likely don't want that.

Ya, I have a feeling it might have something to do with it also, but when I remove the rule all traffic fails.

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

this should be removed

add
chain=dstnat action=dst-nat to-addresses=x.x.x.x
dst-address=x.x.x.x


also
/interface bridge port

add interface=ether1
add interface=ether2

last two add interface=ether1 where or = none

How are you using traffic? If it's going out to the Internet it needs a masq somewhere

Sent from my SCH-I545 using Tapatalk

Traffic is going out to the internet.


Lakis:

chain=dstnat action=dst-nat to-addresses=x.x.x.x
dst-address=x.x.x.x the x.x.x.x should that be my lan or public ips?

last two add interface=ether1 where or = none ?

Traffic is going out to the internet.


Lakis:

chain=dstnat action=dst-nat to-addresses=x.x.x.x
dst-address=x.x.x.x the x.x.x.x should that be my lan or public ips?

last two add interface=ether1 where or = none ?

Post a diagram... if its going out to the internet you can't have it using private addresses.

I'm not trying get Private IP's to show to the world, im trying to get the WAN Public ip on Router B to show and Router B is connected to router A's Port#2 because of that I think Router A's Masqr its NATing the traffic from Router B, I'm running private ips on a couple of ports not all of them which is why there is the Masqr Nat rule but how do I exclude Router B traffic from Router A's Nat rule?

All I'm trying to accomplish is routing public ip's and have them show to the world and then manage all my devices on a private vlan after I accomplish routing public ips

Then modify the masq rule to only masq from specific sources.

Sent from my SCH-I545 using Tapatalk

Is it possible to specify the source as a bridge if so how?

Sure. Just set the in interface to the bridge.

Sent from my SCH-I545 using Tapatalk

Ok, So I have the Public IP's showing correctly BUT. I still haven't been able to NAT the 192.168.2.0/24 to Eth1 public ip address and make traffic flow.
The currenty Masqr rule is not working. So what is the specific Masqr Rule I should be applying. because this rule add action=masquerade chain=srcnat out-interface=ether1 is not working. Thanks.

Below is an updated config.

/interface bridge
add name=TEST59
add l2mtu=1598 name=WAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no l2mtu=2290 mode=\
ap-bridge
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.59.1-192.168.59.10
add name=dhcp_pool2 ranges=192.168.2.1-192.168.2.10
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=TEST59 lease-time=1d name=\
dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=WAN interface=ether3
add bridge=WAN interface=ether4
add bridge=WAN interface=ether5
add bridge=TEST59 interface=wlan1
add bridge=TEST59 interface=ether6
add bridge=TEST59 interface=ether7
add bridge=TEST59 interface=ether8
add bridge=WAN interface=ether2
add bridge=WAN interface=ether1
/ip address
add address=192.168.59.254/24 disabled=yes interface=TEST59 network=\
192.168.59.0
add address=1.1.1.130/24 interface=ether1 network=1.1.1.0
add address=1.1.1.254/24 interface=TEST59 network=192.168.2.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.254 gateway=192.168.2.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.254,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=1.1.1.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1

Add in-interface=whatever...

Sent from my SCH-I545 using Tapatalk

Ah YES you would think that would work. I'm receiving the following error when I try specifying the LAN Bridge to the interface.

Ah YES you would think that would work. I'm receiving the following error when I try specifying the LAN Bridge to the interface.

error.jpg

uhuhuh.gif

Argh... forgot about that.

Use src-address.

You would think that would also work, but ZERO traffic flows outbound to the world when specifying the src-address as 192.168.2.0/24

You would think that would also work, but ZERO traffic flows outbound to the world when specifying the src-address as 192.168.2.0/24

Then something is wacky... post a diagram of your network and your full current configs and I'll break it down when I have some time.

This is the Full Config the only thing missing is the wifi security settings and I changed my first three octets of my public ips to 1.1.1.

/interface bridge
add name=TEST59
add l2mtu=1598 name=WAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no l2mtu=2290 mode=\
ap-bridge
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.59.1-192.168.59.10
add name=dhcp_pool2 ranges=192.168.2.1-192.168.2.10
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=TEST59 lease-time=1d name=\
dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=WAN interface=ether3
add bridge=WAN interface=ether4
add bridge=WAN interface=ether5
add bridge=TEST59 interface=wlan1
add bridge=TEST59 interface=ether6
add bridge=TEST59 interface=ether7
add bridge=TEST59 interface=ether8
add bridge=WAN interface=ether2
add bridge=WAN interface=ether1
/ip address
add address=192.168.59.254/24 disabled=yes interface=TEST59 network=\
192.168.59.0
add address=1.1.1.130/24 interface=ether1 network=1.1.1.0
add address=1.1.1.254/24 interface=TEST59 network=192.168.2.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.254 gateway=192.168.2.254
/ip dns
set allow-remote-requests=yes servers=1.1.1.254,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=1.1.1.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1

ros code

/ip address
add address=192.168.59.254/24 disabled=yes interface=TEST59 network=\
192.168.59.0
add address=1.1.1.130/24 interface=ether1 network=1.1.1.0
add address=1.1.1.254/24 interface=TEST59 network=192.168.2.0

Looks wrong?...

ros code

/ip address
add address=192.168.59.254/24 disabled=yes interface=TEST59 network=192.168.59.0
add address=1.1.1.130/24 interface=ether1 network=1.1.1.0
add address=192.168.2.254/24 interface=TEST59 network=192.168.2.0

Or something like that is my guess.... the way you have it you don't actually have any address on the router in the 192.168.2.0/24 subnet.


And your masq should be

ros code

add src-address=192.168.2.0/24 action=masquerade chain=srcnat out-interface=ether1

ok so in the process of hiding my public ip I messed up the config I posted. sorry

my actual config is
add address=192.168.59.254/24 disabled=yes interface=NOW59 network=192.168.59.0
add address=1.1.1.130/24 interface=ether1 network=1.1.1.0
add address=192.168.2.254/24 interface=NOW59 network=192.168.2.0

but I also added the nat rule you posted and still no traffic flowing out.

Post your routing table as well. I'll look in the morning.

Sent from my SCH-I545 using Tapatalk

add distance=1 gateway=1.1.1.254

and screen shot

NOW59=TEST59 I was renaming NOW to TEST