Community discussions

 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 12:00 am

Hi,

I have been browsing internet and this forum for at least a week now but havent been able to find out and solve my issue.

I am using an RB2011UAS-2HnD and two times mAP lite.

i configured:

DHCP client on Ethernet1 (named as WAN)
Bridge "main"
IP adresses 10.10.10.0/24
DHCP pool0 for 10.10.10.2 - 10.10.10.254
Gateway 10.10.10.1
all Lan ports mapped to Main
NAT srcnet masquerade rule created

Bridge "guest"
IP adresses 10.10.20.0/24
DHCP pool1 for 10.10.20.2 - 10.10.20.254
gateway 10.10.20.1
out interface "WAN"
NAT srcnet masquerade rule created

CAPsMan configuration1 mapped to datapath1 which is mapped to Main bridge with ssid "wifi"
CAPsman configuration2 mapped to datapath2 which is mapped to Guest bridge with ssid "wifiguests"

What is working correct:
Internet connectivity over LAN
Internet connectivity over WLAN "wifi"
connect to WLAN "wifiguests" & get IP adress

What is not working:
Connect to internet from "wifiguests"

I hope someone is able to help me out.
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 253
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 8:55 am

Please post export of nat rules. In similar configuration I have only one nat rule, not 2, perhaps there is something wrong.
---
Karlis
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 10:11 am

Hi, i took an export of complete firewall settings.
Evreything on IP address range 10.10.10.0/24 is working fine. 10.10.20.0/24 does not have internet access
# aug/22/2017 09:06:55 by RouterOS 6.40.1
# software id = 7YSF-D0R9
#
# model = 2011UAS-2HnD
# serial number = ***************
/ip firewall address-list
add address=10.10.10.4 list=Allow_Email
/ip firewall filter
add action=accept chain=input src-address=127.0.0.1
add action=drop chain=input comment="drop all invalid conections" \
    connection-state=invalid
add action=reject chain=output dst-port=110,995,143,993,25,465,587 log=yes \
    log-prefix=rejectports out-interface=WAN protocol=tcp reject-with=\
    icmp-network-unreachable src-address-list=!Allow_Email
add action=reject chain=forward dst-port=110,995,143,993,25,465,587 log=yes \
    log-prefix=rejectports out-interface=WAN protocol=tcp reject-with=\
    icmp-network-unreachable src-address-list=!Allow_Email
add action=accept chain=input comment="Allow all establised connections" \
    connection-state=established
add action=accept chain=input in-interface=!WAN src-address=10.10.10.0/24
add action=accept chain=input in-interface=!WAN src-address=10.10.20.0/24
add action=drop chain=input comment="Drop all" log=yes log-prefix=\
    dropallinput
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward connection-state=established
add action=accept chain=forward connection-state=related
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN src-address=\
    10.10.20.0/24
add action=masquerade chain=srcnat src-address=10.10.10.0/24
 
flynno
Member Candidate
Member Candidate
Posts: 241
Joined: Wed Aug 27, 2014 8:11 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 12:03 pm

Try below rule

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN src-address=10.10.10.0/24
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 12:43 pm

I changed this rule but unfortunately no effect.
Still no internet on guest wifi.
I can see traffic on the bridge but its not connecting to internet at all.
 
flynno
Member Candidate
Member Candidate
Posts: 241
Joined: Wed Aug 27, 2014 8:11 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 2:16 pm

Try these rules

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
add action=masquerade chain=srcnat out-interface=main
add action=masquerade chain=srcnat out-interface=guest
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 253
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 3:55 pm

You need only one rule in nat chain srcnat.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
Just curiosity - there are any dropped connections in output chain (rule with many email related ports)? IMHO this rule is useless.
---
Karlis
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 4:37 pm

Hi Karlis,

changing the NAT has no effect.

about the rules in fw, if i clean the address list, my main pc is not able to send email anymore. then i will see dropped packets.
Reason i put the rule in, is that i was blocked by my internet provider because of bulk email being send from my IP adres.

br hans
 
flynno
Member Candidate
Member Candidate
Posts: 241
Joined: Wed Aug 27, 2014 8:11 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 9:59 pm

IP > Addresses
10.10.10.1/24
10.10.20.1/24

Instead of 10.10.20.0/24 and 10.10.10.0/24
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Tue Aug 22, 2017 11:12 pm

this is what i have already
/ip address
add address=10.10.10.1/24 interface=woodynet network=10.10.10.0
add address=10.10.20.1/24 interface=guests network=10.10.20.0
 
flynno
Member Candidate
Member Candidate
Posts: 241
Joined: Wed Aug 27, 2014 8:11 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 2:11 am

Did you check your IP > Router List

guests route should look like

Dst. Address 10.10.20.1/24
Gateway guests reachable
Pref. Source 10.10.20.1
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 8:54 am

it looks almost the same, but as 10.10.10.0/24 is working correct i assume 10.10.20.0/24 setting is correct as well

Image
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 253
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 10:36 am

What is not working:
Connect to internet from "wifiguests"
What exactlynot working? http? ping to 8.8.8.8? ping to external ip of router? everything?
---
Karlis
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 11:33 am

Hi Karlis,

thanks for the suggestions to test.
Ping 8.8.8.8 is working fine
Ping WAN (public) IP address is working fine

also i tried to ping some other IP adresses (of commonly used websites) this is working fine as well
As soon as i try to ping a url, i recieve an error.
"temporary failure in name resolution"

Do i need to define a dns for my guest network?
Where do i need to do this?

br hans
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 11:40 am

in my DHCP i have nothing configured
Image

i tried to put here 8.8.8.8 to test but its not helping
 
flynno
Member Candidate
Member Candidate
Posts: 241
Joined: Wed Aug 27, 2014 8:11 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 12:31 pm

I had issues before with the router not picking up dns settings from ISP
Check to see if the input fields are empty or contain DNS IP's

Go to IP > DNS

You should have DNS IP addresses in the dynamic input fields, maybe update the router to the lastest bugfix if the inputs are empty

System > Packages > Check for updates > Channel > Bugfix only
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 1:45 pm

Hi Flynno

This is not the issue, DNS is picked up correctly.

The 10.10.10.0/24 network is working fine.
The issue is related ONLY to the 10.10.20.0/24 network which i want to use for guests wifi access limited to internet only.

DNS:
Image
DHCP CLIENT:
Image
 
flynno
Member Candidate
Member Candidate
Posts: 241
Joined: Wed Aug 27, 2014 8:11 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 2:24 pm

Is the master interface of the guest network set to the main in capsman see image
You do not have the required permissions to view the files attached to this post.
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 2:34 pm

sure thats done
i can ping ip adresses from guests wifi as well.

Image
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 2:59 pm

Looks like it is solved.

i found a message in internet about teh src-address for nat to be 0.0.0.0/0

this solved the issue

Image
 
woodyman
just joined
Topic Author
Posts: 12
Joined: Mon Aug 21, 2017 11:42 pm

Re: CAPsMAN and guestwifi, no internet on guestwifi

Wed Aug 23, 2017 11:12 pm

All big tanks for the tips.
It is solved now.

Who is online

Users browsing this forum: Google [Bot] and 31 guests