Community discussions

MikroTik App
 
akram
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Wed Aug 10, 2005 4:58 pm

Bridge and masqurade

Thu Jan 27, 2022 9:44 pm

i got 1 bridge for two LAN ,called Bridge2 and Ipaddress is 12.12.12.1/24
and there 1 WAN for internet and I have NAT masquerade and it works fine
but somesites didn't work like yahoo,com and other sites I need fix that ,any help?
i test my PC in the wan address range and put a switch as a test ,yahoo site was working ,so what is my problem in mikrotik NAT?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11864
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge and masqurade

Fri Jan 28, 2022 12:20 am

Please have a look at the first LINK provided here ( HAVING ISSUES AND NEED HELP READ THIS FIRST - viewtopic.php?t=182373 )
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
akram
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Wed Aug 10, 2005 4:58 pm

Re: Bridge and masqurade

Fri Jan 28, 2022 4:09 pm

Please have a look at the first LINK provided here ( HAVING ISSUES AND NEED HELP READ THIS FIRST - viewtopic.php?t=182373 )
I read that but did not solve my issue
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11864
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge and masqurade

Fri Jan 28, 2022 5:50 pm

I believe we have a disconnect, when I said read, I a meant understand the information provided and take some actions based on those readings!

To enable us to help you, you have to HELP YOURSELF, by providing enough clear information that will lead us to a fast and clear solution.

Did you post your config? NO
Did you provide a diagrams? NO
Did you state your requirements in terms of user use cases without mention of the config? NO

Therefore, assistance possible = 0
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
akram
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Wed Aug 10, 2005 4:58 pm

Re: Bridge and masqurade

Fri Jan 28, 2022 7:15 pm

I believe we have a disconnect, when I said read, I a meant understand the information provided and take some actions based on those readings!

To enable us to help you, you have to HELP YOURSELF, by providing enough clear information that will lead us to a fast and clear solution.

Did you post your config? NO
Did you provide a diagrams? NO
Did you state your requirements in terms of user use cases without mention of the config? NO

Therefore, assistance possible = 0
ok got it
here is the diagram attached
here is the configuration
/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.100.100/24 192.168.100.0 2-WAN
1 12.12.12.1/24 12.12.12.0 bridge2

/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade src-address=12.12.12.0/24
out-interface=2-WAN log=no log-prefix=""

ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.100.1 10
1 ADC 12.12.12.0/24 12.12.12.1 bridge2 0
2 ADC 192.168.100.0/24 192.168.100.100 2-WAN 0
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11864
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge and masqurade

Fri Jan 28, 2022 8:50 pm

Thats a start but by config I meant

/export hide-sensitive file=anynameyouwish

Go to winbox, select terminal and enter the above at the command prompt.
Then go go FILES find the name above and right click and export/download onto your PC.

open up with notepadd++ and then paste here.
Make sure you use the code brackets above around the text, (icon with black square with white square brackets on the same line as BOLD and Underline etc....)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
akram
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Wed Aug 10, 2005 4:58 pm

Re: Bridge and masqurade

Fri Jan 28, 2022 11:03 pm

# jan/28/2022 23:00:34 by RouterOS 6.44.3
# software id = 88D3-XQ8U
#
# model = 750
# serial number = 467704411B41
/interface bridge
add admin-mac=4C:5E:0C:76:F1:BF auto-mac=no comment=\
"created from master port" disabled=yes name=bridge1 protocol-mode=none
add name=bridge2
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mtu=1420 \
name=1-LAN
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=1600 \
mtu=1420 name=2-WAN
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=3-LAN2
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
name=ether4-slave-local
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
name=ether5-slave-local
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=12.12.12.100-12.12.12.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 disabled=no interface=bridge2 \
lease-time=3d name=dhcp1
/interface pppoe-client
add add-default-route=yes interface=1-LAN name=Tedata profile=\
default-encryption user=131548@tedata.net.eg
/queue simple
add max-limit=40M/40M name=\
"253 - Laptop - Dell - Farida Laptop - 78:E4:00:CB:30:3E" target=\
12.12.12.253/32
add max-limit=50M/50M name=\
"104 - Laptop - Akram Mirle Laptop - 94-E9-79-FE-5D-61" target=\
12.12.12.104/32
add max-limit=5M/5M name=\
"103 - PC - Mohamed Akram - Win10 - c0-4a-00-26-ad-72 - wifi" target=\
12.12.12.103/32
add max-limit=10M/10M name="106 - PC - FaridaPC - Home - Luka & Farida - Home2\
\_PC - C0:4A:00:18:09:CA" target=12.12.12.106/32
add max-limit=30M/30M name="122 - Pc - Farida - Wifi - D0:37:45:8D:41:3C" \
target=12.12.12.122/32
add max-limit=100M/100M name=\
"254 - Mobile - Akram J5 Pro Samsung - 88:75:98:73:D5:55" target=\
12.12.12.254/32
add max-limit=200M/200M name="118 - Mobile - Akram New Phone Reno 6" target=\
12.12.12.118/32
add max-limit=5M/5M name=\
"105 - Mobille - Rana J5 Samsung - 88:75:98:07:B4:D8" target=\
12.12.12.105/32
add max-limit=15M/15M name=\
"102 - Mobile - Luka - Samsung S5 - f0-25-b7-ea-e1-2f" target=\
12.12.12.102/32
add max-limit=5M/5M name="100 - Mobile - Mohamed Akram - A8:7D:12:ED:2F:18" \
target=12.12.12.100/32
add max-limit=5M/5M name=\
"101 - Mobile - Farida Akram old Mob - 7C:46:85:2D:FE:F1" target=\
12.12.12.101/32
add max-limit=5M/5M name="108 - Mobile - Rasha iphone11 - 80:0C:67:95:76:FE" \
target=12.12.12.108/32
add max-limit=5M/5M name="113 - Mobile - Nana Awatef - 54:92:09:92:97:2A" \
target=12.12.12.113/32
add max-limit=5M/5M name="120 - Mobile2 - Nana Awatef - " target=\
12.12.12.120/32
add max-limit=8M/8M name="121 - PC - Luka - wifi - D0:37:45:8C:8D:94" target=\
12.12.12.121/32
add max-limit=50M/50M name="111 - EZcast - 54:E4:BD:7D:41:19" target=\
12.12.12.111/32
add max-limit=1M/1M name="112 - 7C:46:85:02:5E:8F" target=12.12.12.112/32
add max-limit=10M/10M name="109 - Electricty - SONOFF - 80:7D:3A:32:3B:DB" \
target=12.12.12.109/32
add max-limit=5M/5M name="110 - " target=12.12.12.110/32
add max-limit=4M/4M name=\
"114 - Mobile - Farida New Phone Y8s - 8C:5A:C1:72:D8:32" target=\
12.12.12.114/32
add max-limit=100M/100M name="115 - Akram Laptop - LAN" target=\
12.12.12.115/32
add disabled=yes max-limit=3M/3M name=\
"116 - Mobile - Uncle Hamdy -- Y7 prime - 74:59:09:A5:A3:19" target=\
12.12.12.116/32
add max-limit=10M/10M name=\
"122 - PC - Farida PC - wifi new - D0:37:45:8D:41:3C" target=\
12.12.12.122/32
add max-limit=5M/5M name=\
"123 - Mobile Arwa - Farida Friend - A8:7D:12:ED:EA:48" target=\
12.12.12.123/32
add max-limit=8M/8M name="127 - PC - Farida Akram - LAN - F8:B1:56:B7:18:9C" \
target=12.12.12.127/32
add max-limit=8M/8M name="128 - Mobie - nana Awatef New Phone A51 Samsung" \
target=12.12.12.129/32
add max-limit=5M/5M name="126 - PC - Malek Akram - LAN - 6C:F0:49:D1:8D:84" \
target=12.12.12.126/32
add max-limit=5M/5M name="125 - " target=12.12.12.125/32
add max-limit=5M/5M name="124 - " target=12.12.12.124/32
add max-limit=10M/10M name="119 - " target=12.12.12.119/32
add max-limit=10M/10M name=\
"201 - Mohamed New PC - Home-PC - Wifi - D0:37:45:86:51:05" target=\
12.12.12.201/32
add max-limit=10M/10M name=\
"116 - Pc - Mohmed Akram - LAN - 8C:5A:C1:72:D8:32" target=\
12.12.12.116/32
add max-limit=40M/40M name="202 - Luka PC" target=12.12.12.202/32
add max-limit=4M/4M name=\
"107 - Mobile - Iphone May be Rasha - 3E:71:60:EC:1E:EC" target=\
12.12.12.107/32
add max-limit=50M/50M name="117 - Mobile - Rana - Huwaei - 44:C7:FC:FC:4A:24" \
target=12.12.12.117/32
/interface bridge port
add bridge=bridge2 interface=1-LAN trusted=yes
add bridge=bridge2 interface=3-LAN2
add bridge=bridge1 interface=ether4-slave-local
add bridge=bridge1 interface=ether5-slave-local
add bridge=bridge1 interface=2-WAN
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge1 list=discover
add interface=3-LAN2 list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox
add interface=3-LAN2 list=mactel
add interface=ether4-slave-local list=mactel
add interface=3-LAN2 list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=ether5-slave-local list=mac-winbox
/ip address
add address=192.168.100.100/24 interface=2-WAN network=192.168.100.0
add address=12.12.12.1/24 interface=bridge2 network=12.12.12.0
/ip arp
add address=12.12.12.150 comment="4C:5E:0C:76:F1:BF my wan" interface=1-LAN \
mac-address=4C:5E:0C:76:F1:BF
/ip dhcp-client
add dhcp-options=hostname,clientid interface=bridge1
/ip dhcp-server lease
add address=12.12.12.254 client-id=1:88:75:98:73:d5:55 mac-address=\
88:75:98:73:D5:55 server=dhcp1
add address=12.12.12.253 client-id=1:78:e4:0:cb:30:3e mac-address=\
78:E4:00:CB:30:3E server=dhcp1
add address=12.12.12.106 client-id=1:c0:4a:0:18:9:ca mac-address=\
C0:4A:00:18:09:CA server=dhcp1
add address=12.12.12.105 client-id=1:88:75:98:7:b4:d8 mac-address=\
88:75:98:07:B4:D8 server=dhcp1
add address=12.12.12.104 client-id=1:94:e9:79:fe:5d:61 mac-address=\
94:E9:79:FE:5D:61 server=dhcp1
add address=12.12.12.103 client-id=1:c0:4a:0:26:ad:72 mac-address=\
C0:4A:00:26:AD:72 server=dhcp1
add address=12.12.12.102 client-id=1:f0:25:b7:ea:e1:2f comment=\
"102 - Mobile - Luka - Samsung S5 - f0-25-b7-ea-e1-2f" mac-address=\
F0:25:B7:EA:E1:2F server=dhcp1
add address=12.12.12.100 client-id=1:a8:7d:12:ed:2f:18 comment=\
"100 - Mobile - Mohamed Akram - A8:7D:12:ED:2F:18" mac-address=\
A8:7D:12:ED:2F:18 server=dhcp1
add address=12.12.12.109 mac-address=80:7D:3A:32:3B:DB server=dhcp1 \
use-src-mac=yes
add address=12.12.12.101 comment=\
"101 - Mobile - Farida Akram - 7C:46:85:2D:FE:F1" mac-address=\
7C:46:85:2D:FE:F1 server=dhcp1
add address=12.12.12.108 client-id=1:80:c:67:95:76:fe mac-address=\
80:0C:67:95:76:FE server=dhcp1
add address=12.12.12.113 client-id=1:54:92:9:92:97:2a mac-address=\
54:92:09:92:97:2A server=dhcp1
add address=12.12.12.111 client-id=1:54:e4:bd:7d:41:19 mac-address=\
54:E4:BD:7D:41:19 server=dhcp1
add address=12.12.12.110 client-id=1:4c:5e:c:76:f1:bf mac-address=\
4C:5E:0C:76:F1:BF server=dhcp1
add address=12.12.12.112 mac-address=AA:00:00:00:00:00
add address=12.12.12.122 client-id=1:d0:37:45:8d:41:3c mac-address=\
D0:37:45:8D:41:3C server=dhcp1
add address=12.12.12.116 client-id=1:c4:34:6b:72:d5:4e mac-address=\
C4:34:6B:72:D5:4E server=dhcp1
add address=12.12.12.114 client-id=1:8c:5a:c1:72:d8:32 mac-address=\
8C:5A:C1:72:D8:32 server=dhcp1
add address=12.12.12.121 client-id=1:d0:37:45:8c:8d:94 mac-address=\
D0:37:45:8C:8D:94 server=dhcp1
add address=12.12.12.117 client-id=1:44:c7:fc:fc:4a:24 mac-address=\
44:C7:FC:FC:4A:24 server=dhcp1
add address=12.12.12.118 client-id=1:6e:3b:71:58:f9:96 mac-address=\
6E:3B:71:58:F9:96 server=dhcp1
add address=12.12.12.119 mac-address=7C:46:85:02:5E:8F server=dhcp1
add address=12.12.12.107 client-id=1:26:c0:43:91:25:5a mac-address=\
26:C0:43:91:25:5A server=dhcp1
add address=12.12.12.120 client-id=1:74:59:9:a5:a3:19 mac-address=\
74:59:09:A5:A3:19 server=dhcp1
add address=12.12.12.123 client-id=1:a8:7d:12:ed:ea:48 mac-address=\
A8:7D:12:ED:EA:48 server=dhcp1
add address=12.12.12.126 client-id=1:6c:f0:49:d1:8d:84 mac-address=\
6C:F0:49:D1:8D:84 server=dhcp1
add address=12.12.12.127 client-id=1:f8:b1:56:b7:18:9c mac-address=\
F8:B1:56:B7:18:9C server=dhcp1
add address=12.12.12.115 client-id=1:46:6a:ef:ee:e1:54 mac-address=\
46:6A:EF:EE:E1:54 server=dhcp1
/ip dhcp-server network
add address=12.12.12.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=12.12.12.1
/ip dns
set allow-remote-requests=yes servers=163.121.128.134,163.121.128.135,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=12.12.12.106 list=Fortnite
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Fasttrack DNS" \
dst-port=53 protocol=tcp
add action=fasttrack-connection chain=forward comment=\
"Fasttrack Connection - DNS - UDP" dst-port=53 protocol=udp
add action=drop chain=input disabled=yes dst-port=80 protocol=tcp
add action=drop chain=input disabled=yes dst-port=443 protocol=tcp
add action=drop chain=forward comment="7C:46:85:02:5E:8F - Unknown Huwaei Mobi\
le - Nana Awatef Motrola Android Old Phone" disabled=yes src-mac-address=\
7C:46:85:02:5E:8F
add action=drop chain=forward comment="E8:5A:8B:21:05:C0 - Unknown Redmi 8" \
src-mac-address=E8:5A:8B:21:05:C0
add action=drop chain=forward comment=\
"Drop 4C:5E:0C:76:F1:BF - Mikrotik 2nd LAN" disabled=yes src-mac-address=\
4C:5E:0C:76:F1:BF
add action=drop chain=forward comment=\
"Drop 80:0C:67:95:76:FE - Rasha Iphone 11" disabled=yes src-mac-address=\
80:0C:67:95:76:FE
add action=add-dst-to-address-list address-list=Fortnite \
address-list-timeout=none-dynamic chain=input disabled=yes dst-port=5222 \
log=yes protocol=tcp
add action=drop chain=forward disabled=yes log=yes src-address=192.168.88.105
add action=accept chain=input comment="default configuration" disabled=yes \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=yes
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=1-LAN
add action=accept chain=forward comment="default configuration" \
connection-state=established disabled=yes
add action=accept chain=forward comment="default configuration" \
connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" \
connection-state=invalid disabled=yes
add action=accept chain=forward disabled=yes log=yes src-address=\
192.168.88.103
add action=drop chain=forward comment=\
"a8:7d:12:ed:2f:18 Drop That MAC -Mohamed New Huawei Mobile" disabled=yes \
src-mac-address=A8:7D:12:ED:2F:18
add action=log chain=forward disabled=yes log=yes src-mac-address=\
4C:5E:0C:76:F1:BF
/ip firewall mangle
add action=passthrough chain=forward comment="Mohamed PC" src-address=\
12.12.12.103
add action=passthrough chain=forward comment="Farida PC" src-address=\
12.12.12.106
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=2-WAN src-address=12.12.12.0/24
add action=dst-nat chain=dstnat dst-port=5222 protocol=tcp to-addresses=\
12.12.12.104
add action=dst-nat chain=dstnat dst-port=5222 protocol=udp to-addresses=\
12.12.12.104
add action=dst-nat chain=dstnat dst-port=5795-5847 protocol=tcp to-addresses=\
12.12.12.104
add action=dst-nat chain=dstnat dst-port=5795-5847 protocol=udp to-addresses=\
12.12.12.104
/ip route
add distance=10 gateway=192.168.100.1
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip traffic-flow
set enabled=yes interfaces=bridge1
/ip traffic-flow target
add dst-address=192.168.88.200 port=1234 version=5
/system clock
set time-zone-autodetect=no
/system clock manual
set dst-delta=+02:00 time-zone=+02:00
/system ntp client
set enabled=yes primary-ntp=41.204.120.137 secondary-ntp=197.80.150.123
/system package update
set channel=development
/system scheduler
add interval=1h name="Send email ARP Print" on-event="/tool e-mail\r\
\n/tool e-mail set address=smtp.gmail.com\r\
\n/tool e-mail set port=587\r\
\n/tool e-mail set from=Mikrotik Home\r\
\n/tool e-mail> set user=home@gmail.com\r\
\n/tool e-mail> set password=no\r\
\n/tool e-mail> send to=akram@gmail.com \r\
\nsubject=\"Mikrotik test\" body=\"email test\" start-tls=yes\r\
\n/system script run ARP" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=may/20/2020 start-time=22:24:56
/system script
add dont-require-permissions=no name=ARP owner=akram policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=" \
/ tool e-mail send server=\"smtp.gmail.com\" port=\"587\" user=home\
@gmail.com password=\"no\" start-tls=yes to=akram@gmail\
.com subject=\"resend\" body=\"test\" "
/tool e-mail
set address=smtp.gmail.com from="Mikrotik Home" port=587 start-tls=yes user=\
home@gmail.com
/tool mac-server
set allowed-interface-list=mac-winbox
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-interface=bridge1 filter-ip-address=192.168.88.104/32
 
akram
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Wed Aug 10, 2005 4:58 pm

Re: Bridge and masqurade

Fri Jan 28, 2022 11:06 pm

# jan/28/2022 23:00:34 by RouterOS 6.44.3
# software id = 88D3-XQ8U
#
# model = 750
# serial number = 467704411B41
/interface bridge
add admin-mac=4C:5E:0C:76:F1:BF auto-mac=no comment=\
    "created from master port" disabled=yes name=bridge1 protocol-mode=none
add name=bridge2
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mtu=1420 \
    name=1-LAN
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=1600 \
    mtu=1420 name=2-WAN
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=3-LAN2
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
    name=ether4-slave-local
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
    name=ether5-slave-local
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=12.12.12.100-12.12.12.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 disabled=no interface=bridge2 \
    lease-time=3d name=dhcp1
/interface pppoe-client
add add-default-route=yes interface=1-LAN name=Tedata profile=\
    default-encryption user=131548@tedata.net.eg
/queue simple
add max-limit=40M/40M name=\
    "253 - Laptop - Dell - Farida Laptop - 78:E4:00:CB:30:3E" target=\
    12.12.12.253/32
add max-limit=50M/50M name=\
    "104 - Laptop - Akram Mirle Laptop - 94-E9-79-FE-5D-61" target=\
    12.12.12.104/32
add max-limit=5M/5M name=\
    "103 - PC - Mohamed Akram - Win10 - c0-4a-00-26-ad-72 - wifi" target=\
    12.12.12.103/32
add max-limit=10M/10M name="106 - PC - FaridaPC - Home - Luka & Farida - Home2\
    \_PC - C0:4A:00:18:09:CA" target=12.12.12.106/32
add max-limit=30M/30M name="122 - Pc - Farida - Wifi - D0:37:45:8D:41:3C" \
    target=12.12.12.122/32
add max-limit=100M/100M name=\
    "254 - Mobile - Akram J5 Pro Samsung - 88:75:98:73:D5:55" target=\
    12.12.12.254/32
add max-limit=200M/200M name="118 - Mobile - Akram New Phone Reno 6" target=\
    12.12.12.118/32
add max-limit=5M/5M name=\
    "105 - Mobille - Rana J5 Samsung - 88:75:98:07:B4:D8" target=\
    12.12.12.105/32
add max-limit=15M/15M name=\
    "102 - Mobile - Luka - Samsung S5 - f0-25-b7-ea-e1-2f" target=\
    12.12.12.102/32
add max-limit=5M/5M name="100 - Mobile - Mohamed Akram - A8:7D:12:ED:2F:18" \
    target=12.12.12.100/32
add max-limit=5M/5M name=\
    "101 - Mobile - Farida Akram old Mob - 7C:46:85:2D:FE:F1" target=\
    12.12.12.101/32
add max-limit=5M/5M name="108 - Mobile - Rasha iphone11 - 80:0C:67:95:76:FE" \
    target=12.12.12.108/32
add max-limit=5M/5M name="113 - Mobile - Nana Awatef - 54:92:09:92:97:2A" \
    target=12.12.12.113/32
add max-limit=5M/5M name="120 - Mobile2 - Nana Awatef - " target=\
    12.12.12.120/32
add max-limit=8M/8M name="121 - PC - Luka - wifi - D0:37:45:8C:8D:94" target=\
    12.12.12.121/32
add max-limit=50M/50M name="111 - EZcast - 54:E4:BD:7D:41:19" target=\
    12.12.12.111/32
add max-limit=1M/1M name="112 - 7C:46:85:02:5E:8F" target=12.12.12.112/32
add max-limit=10M/10M name="109 - Electricty - SONOFF - 80:7D:3A:32:3B:DB" \
    target=12.12.12.109/32
add max-limit=5M/5M name="110 - " target=12.12.12.110/32
add max-limit=4M/4M name=\
    "114 - Mobile - Farida New Phone Y8s - 8C:5A:C1:72:D8:32" target=\
    12.12.12.114/32
add max-limit=100M/100M name="115 -  Akram Laptop - LAN" target=\
    12.12.12.115/32
add disabled=yes max-limit=3M/3M name=\
    "116 - Mobile - Uncle Hamdy -- Y7 prime - 74:59:09:A5:A3:19" target=\
    12.12.12.116/32
add max-limit=10M/10M name=\
    "122 - PC - Farida PC - wifi new - D0:37:45:8D:41:3C" target=\
    12.12.12.122/32
add max-limit=5M/5M name=\
    "123 - Mobile Arwa - Farida Friend - A8:7D:12:ED:EA:48" target=\
    12.12.12.123/32
add max-limit=8M/8M name="127 - PC - Farida Akram - LAN - F8:B1:56:B7:18:9C" \
    target=12.12.12.127/32
add max-limit=8M/8M name="128 - Mobie - nana Awatef New Phone A51 Samsung" \
    target=12.12.12.129/32
add max-limit=5M/5M name="126 - PC - Malek Akram  - LAN - 6C:F0:49:D1:8D:84" \
    target=12.12.12.126/32
add max-limit=5M/5M name="125 - " target=12.12.12.125/32
add max-limit=5M/5M name="124 - " target=12.12.12.124/32
add max-limit=10M/10M name="119 - " target=12.12.12.119/32
add max-limit=10M/10M name=\
    "201 - Mohamed New PC - Home-PC - Wifi - D0:37:45:86:51:05" target=\
    12.12.12.201/32
add max-limit=10M/10M name=\
    "116 - Pc - Mohmed Akram - LAN - 8C:5A:C1:72:D8:32" target=\
    12.12.12.116/32
add max-limit=40M/40M name="202 - Luka PC" target=12.12.12.202/32
add max-limit=4M/4M name=\
    "107 - Mobile - Iphone May be Rasha - 3E:71:60:EC:1E:EC" target=\
    12.12.12.107/32
add max-limit=50M/50M name="117 - Mobile - Rana - Huwaei - 44:C7:FC:FC:4A:24" \
    target=12.12.12.117/32
/interface bridge port
add bridge=bridge2 interface=1-LAN trusted=yes
add bridge=bridge2 interface=3-LAN2
add bridge=bridge1 interface=ether4-slave-local
add bridge=bridge1 interface=ether5-slave-local
add bridge=bridge1 interface=2-WAN
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge1 list=discover
add interface=3-LAN2 list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox
add interface=3-LAN2 list=mactel
add interface=ether4-slave-local list=mactel
add interface=3-LAN2 list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=ether5-slave-local list=mac-winbox
/ip address
add address=192.168.100.100/24 interface=2-WAN network=192.168.100.0
add address=12.12.12.1/24 interface=bridge2 network=12.12.12.0
/ip arp
add address=12.12.12.150 comment="4C:5E:0C:76:F1:BF my wan" interface=1-LAN \
    mac-address=4C:5E:0C:76:F1:BF
/ip dhcp-client
add dhcp-options=hostname,clientid interface=bridge1
/ip dhcp-server lease
add address=12.12.12.254 client-id=1:88:75:98:73:d5:55 mac-address=\
    88:75:98:73:D5:55 server=dhcp1
add address=12.12.12.253 client-id=1:78:e4:0:cb:30:3e mac-address=\
    78:E4:00:CB:30:3E server=dhcp1
add address=12.12.12.106 client-id=1:c0:4a:0:18:9:ca mac-address=\
    C0:4A:00:18:09:CA server=dhcp1
add address=12.12.12.105 client-id=1:88:75:98:7:b4:d8 mac-address=\
    88:75:98:07:B4:D8 server=dhcp1
add address=12.12.12.104 client-id=1:94:e9:79:fe:5d:61 mac-address=\
    94:E9:79:FE:5D:61 server=dhcp1
add address=12.12.12.103 client-id=1:c0:4a:0:26:ad:72 mac-address=\
    C0:4A:00:26:AD:72 server=dhcp1
add address=12.12.12.102 client-id=1:f0:25:b7:ea:e1:2f comment=\
    "102 - Mobile - Luka - Samsung S5 - f0-25-b7-ea-e1-2f" mac-address=\
    F0:25:B7:EA:E1:2F server=dhcp1
add address=12.12.12.100 client-id=1:a8:7d:12:ed:2f:18 comment=\
    "100 - Mobile - Mohamed Akram - A8:7D:12:ED:2F:18" mac-address=\
    A8:7D:12:ED:2F:18 server=dhcp1
add address=12.12.12.109 mac-address=80:7D:3A:32:3B:DB server=dhcp1 \
    use-src-mac=yes
add address=12.12.12.101 comment=\
    "101 - Mobile - Farida Akram - 7C:46:85:2D:FE:F1" mac-address=\
    7C:46:85:2D:FE:F1 server=dhcp1
add address=12.12.12.108 client-id=1:80:c:67:95:76:fe mac-address=\
    80:0C:67:95:76:FE server=dhcp1
add address=12.12.12.113 client-id=1:54:92:9:92:97:2a mac-address=\
    54:92:09:92:97:2A server=dhcp1
add address=12.12.12.111 client-id=1:54:e4:bd:7d:41:19 mac-address=\
    54:E4:BD:7D:41:19 server=dhcp1
add address=12.12.12.110 client-id=1:4c:5e:c:76:f1:bf mac-address=\
    4C:5E:0C:76:F1:BF server=dhcp1
add address=12.12.12.112 mac-address=AA:00:00:00:00:00
add address=12.12.12.122 client-id=1:d0:37:45:8d:41:3c mac-address=\
    D0:37:45:8D:41:3C server=dhcp1
add address=12.12.12.116 client-id=1:c4:34:6b:72:d5:4e mac-address=\
    C4:34:6B:72:D5:4E server=dhcp1
add address=12.12.12.114 client-id=1:8c:5a:c1:72:d8:32 mac-address=\
    8C:5A:C1:72:D8:32 server=dhcp1
add address=12.12.12.121 client-id=1:d0:37:45:8c:8d:94 mac-address=\
    D0:37:45:8C:8D:94 server=dhcp1
add address=12.12.12.117 client-id=1:44:c7:fc:fc:4a:24 mac-address=\
    44:C7:FC:FC:4A:24 server=dhcp1
add address=12.12.12.118 client-id=1:6e:3b:71:58:f9:96 mac-address=\
    6E:3B:71:58:F9:96 server=dhcp1
add address=12.12.12.119 mac-address=7C:46:85:02:5E:8F server=dhcp1
add address=12.12.12.107 client-id=1:26:c0:43:91:25:5a mac-address=\
    26:C0:43:91:25:5A server=dhcp1
add address=12.12.12.120 client-id=1:74:59:9:a5:a3:19 mac-address=\
    74:59:09:A5:A3:19 server=dhcp1
add address=12.12.12.123 client-id=1:a8:7d:12:ed:ea:48 mac-address=\
    A8:7D:12:ED:EA:48 server=dhcp1
add address=12.12.12.126 client-id=1:6c:f0:49:d1:8d:84 mac-address=\
    6C:F0:49:D1:8D:84 server=dhcp1
add address=12.12.12.127 client-id=1:f8:b1:56:b7:18:9c mac-address=\
    F8:B1:56:B7:18:9C server=dhcp1
add address=12.12.12.115 client-id=1:46:6a:ef:ee:e1:54 mac-address=\
    46:6A:EF:EE:E1:54 server=dhcp1
/ip dhcp-server network
add address=12.12.12.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=12.12.12.1
/ip dns
set allow-remote-requests=yes servers=163.121.128.134,163.121.128.135,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=12.12.12.106 list=Fortnite
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Fasttrack DNS" \
    dst-port=53 protocol=tcp
add action=fasttrack-connection chain=forward comment=\
    "Fasttrack Connection - DNS - UDP" dst-port=53 protocol=udp
add action=drop chain=input disabled=yes dst-port=80 protocol=tcp
add action=drop chain=input disabled=yes dst-port=443 protocol=tcp
add action=drop chain=forward comment="7C:46:85:02:5E:8F - Unknown Huwaei Mobi\
    le - Nana Awatef Motrola Android Old Phone" disabled=yes src-mac-address=\
    7C:46:85:02:5E:8F
add action=drop chain=forward comment="E8:5A:8B:21:05:C0 - Unknown Redmi 8" \
    src-mac-address=E8:5A:8B:21:05:C0
add action=drop chain=forward comment=\
    "Drop 4C:5E:0C:76:F1:BF - Mikrotik 2nd LAN" disabled=yes src-mac-address=\
    4C:5E:0C:76:F1:BF
add action=drop chain=forward comment=\
    "Drop 80:0C:67:95:76:FE - Rasha Iphone 11" disabled=yes src-mac-address=\
    80:0C:67:95:76:FE
add action=add-dst-to-address-list address-list=Fortnite \
    address-list-timeout=none-dynamic chain=input disabled=yes dst-port=5222 \
    log=yes protocol=tcp
add action=drop chain=forward disabled=yes log=yes src-address=192.168.88.105
add action=accept chain=input comment="default configuration" disabled=yes \
    protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established disabled=yes
add action=accept chain=input comment="default configuration" \
    connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=1-LAN
add action=accept chain=forward comment="default configuration" \
    connection-state=established disabled=yes
add action=accept chain=forward comment="default configuration" \
    connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid disabled=yes
add action=accept chain=forward disabled=yes log=yes src-address=\
    192.168.88.103
add action=drop chain=forward comment=\
    "a8:7d:12:ed:2f:18 Drop That MAC -Mohamed New Huawei Mobile" disabled=yes \
    src-mac-address=A8:7D:12:ED:2F:18
add action=log chain=forward disabled=yes log=yes src-mac-address=\
    4C:5E:0C:76:F1:BF
/ip firewall mangle
add action=passthrough chain=forward comment="Mohamed PC" src-address=\
    12.12.12.103
add action=passthrough chain=forward comment="Farida PC" src-address=\
    12.12.12.106
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=2-WAN src-address=12.12.12.0/24
add action=dst-nat chain=dstnat dst-port=5222 protocol=tcp to-addresses=\
    12.12.12.104
add action=dst-nat chain=dstnat dst-port=5222 protocol=udp to-addresses=\
    12.12.12.104
add action=dst-nat chain=dstnat dst-port=5795-5847 protocol=tcp to-addresses=\
    12.12.12.104
add action=dst-nat chain=dstnat dst-port=5795-5847 protocol=udp to-addresses=\
    12.12.12.104
/ip route
add distance=10 gateway=192.168.100.1
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip traffic-flow
set enabled=yes interfaces=bridge1
/ip traffic-flow target
add dst-address=192.168.88.200 port=1234 version=5
/system clock
set time-zone-autodetect=no
/system clock manual
set dst-delta=+02:00 time-zone=+02:00
/system ntp client
set enabled=yes primary-ntp=41.204.120.137 secondary-ntp=197.80.150.123
/system package update
set channel=development
/system scheduler
add interval=1h name="Send email ARP Print" on-event="/tool e-mail\r\
    \n/tool e-mail set address=smtp.gmail.com\r\
    \n/tool e-mail set port=587\r\
    \n/tool e-mail set from=Mikrotik Home\r\
    \n/tool e-mail> set user=home@gmail.com\r\
    \n/tool e-mail> set password=no\r\
    \n/tool e-mail> send to=akram@gmail.com \r\
    \nsubject=\"Mikrotik test\" body=\"email test\" start-tls=yes\r\
    \n/system script run ARP" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=may/20/2020 start-time=22:24:56
/system script
add dont-require-permissions=no name=ARP owner=akram policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=" \
    / tool e-mail send server=\"smtp.gmail.com\" port=\"587\" user=home\
    @gmail.com password=\"no\" start-tls=yes to=akram@gmail\
    .com subject=\"resend\" body=\"test\"  "
/tool e-mail
set address=smtp.gmail.com from="Mikrotik Home" port=587 start-tls=yes user=\
    home@gmail.com
/tool mac-server
set allowed-interface-list=mac-winbox
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-interface=bridge1 filter-ip-address=192.168.88.104/32
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11864
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Bridge and masqurade

Sat Jan 29, 2022 1:41 am

First thing to do is update your firmware to latest long term firmware 6.49 something I believe.

You only need one bridge, the other one I see is disabled.

All ports should be on bridge 2 except the WAN port ether2.
Remove ether2-wan from any bridge.

Your interface lists, list members and firewall rules are a mess, in fact I dont think your firewall rules are particularly safe at the moment.

Upgrade the firmware and try to clean up your interface lists and firewall rules and repost again.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
akram
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Wed Aug 10, 2005 4:58 pm

Re: Bridge and masqurade

Sat Jan 29, 2022 5:06 pm

ok i upgrade to 7.1.1 and remove all the mess up of the firewall.
still the same issue I cannot open the yahoo site and some other sites.
so u accept to check with me by anydesk and we can contact by whatsapp if it's not against any rules
here is the code now:-
# jan/29/2022 17:02:35 by RouterOS 7.1.1
# software id = 88D3-XQ8U
#
# model = 750
# serial number = 467704411B41
/interface bridge
add name=bridge2
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mtu=1420 \
    name=1-LAN
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=1600 \
    mtu=1420 name=2-WAN
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=3-LAN2
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
    name=ether4-slave-local
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
    name=ether5-slave-local
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=12.12.12.100-12.12.12.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 bootp-support=none interface=bridge2 \
    lease-time=3d name=dhcp1
/queue simple
add max-limit=40M/40M name=\
    "253 - Laptop - Dell - Farida Laptop - 78:E4:00:CB:30:3E" target=\
    12.12.12.253/32
add max-limit=50M/50M name=\
    "104 - Laptop - Akram Mirle Laptop - 94-E9-79-FE-5D-61" target=\
    12.12.12.104/32
add max-limit=5M/5M name=\
    "103 - PC - Mohamed Akram - Win10 - c0-4a-00-26-ad-72 - wifi" target=\
    12.12.12.103/32
add max-limit=10M/10M name="106 - PC - FaridaPC - Home - Luka & Farida - Home2\
    \_PC - C0:4A:00:18:09:CA" target=12.12.12.106/32
add max-limit=30M/30M name="122 - Pc - Farida - Wifi - D0:37:45:8D:41:3C" \
    target=12.12.12.122/32
add max-limit=100M/100M name=\
    "254 - Mobile - Akram J5 Pro Samsung - 88:75:98:73:D5:55" target=\
    12.12.12.254/32
add max-limit=200M/200M name="118 - Mobile - Akram New Phone Reno 6" target=\
    12.12.12.118/32
add max-limit=5M/5M name=\
    "105 - Mobille - Rana J5 Samsung - 88:75:98:07:B4:D8" target=\
    12.12.12.105/32
add max-limit=15M/15M name=\
    "102 - Mobile - Luka - Samsung S5 - f0-25-b7-ea-e1-2f" target=\
    12.12.12.102/32
add max-limit=5M/5M name="100 - Mobile - Mohamed Akram - A8:7D:12:ED:2F:18" \
    target=12.12.12.100/32
add max-limit=5M/5M name=\
    "101 - Mobile - Farida Akram old Mob - 7C:46:85:2D:FE:F1" target=\
    12.12.12.101/32
add max-limit=5M/5M name="108 - Mobile - Rasha iphone11 - 80:0C:67:95:76:FE" \
    target=12.12.12.108/32
add max-limit=5M/5M name="113 - Mobile - Nana Awatef - 54:92:09:92:97:2A" \
    target=12.12.12.113/32
add max-limit=5M/5M name="120 - Mobile2 - Nana Awatef - " target=\
    12.12.12.120/32
add max-limit=8M/8M name="121 - PC - Luka - wifi - D0:37:45:8C:8D:94" target=\
    12.12.12.121/32
add max-limit=50M/50M name="111 - EZcast - 54:E4:BD:7D:41:19" target=\
    12.12.12.111/32
add max-limit=1M/1M name="112 - 7C:46:85:02:5E:8F" target=12.12.12.112/32
add max-limit=10M/10M name="109 - Electricty - SONOFF - 80:7D:3A:32:3B:DB" \
    target=12.12.12.109/32
add max-limit=5M/5M name="110 - " target=12.12.12.110/32
add max-limit=4M/4M name=\
    "114 - Mobile - Farida New Phone Y8s - 8C:5A:C1:72:D8:32" target=\
    12.12.12.114/32
add max-limit=100M/100M name="115 -  Akram Laptop - LAN" target=\
    12.12.12.115/32
add disabled=yes max-limit=3M/3M name=\
    "116 - Mobile - Uncle Hamdy -- Y7 prime - 74:59:09:A5:A3:19" target=\
    12.12.12.116/32
add max-limit=10M/10M name=\
    "122 - PC - Farida PC - wifi new - D0:37:45:8D:41:3C" target=\
    12.12.12.122/32
add max-limit=5M/5M name=\
    "123 - Mobile Arwa - Farida Friend - A8:7D:12:ED:EA:48" target=\
    12.12.12.123/32
add max-limit=8M/8M name="127 - PC - Farida Akram - LAN - F8:B1:56:B7:18:9C" \
    target=12.12.12.127/32
add max-limit=8M/8M name="128 - Mobie - nana Awatef New Phone A51 Samsung" \
    target=12.12.12.129/32
add max-limit=5M/5M name="126 - PC - Malek Akram  - LAN - 6C:F0:49:D1:8D:84" \
    target=12.12.12.126/32
add max-limit=5M/5M name="125 - " target=12.12.12.125/32
add max-limit=5M/5M name="124 - " target=12.12.12.124/32
add max-limit=10M/10M name="119 - " target=12.12.12.119/32
add max-limit=10M/10M name=\
    "201 - Mohamed New PC - Home-PC - Wifi - D0:37:45:86:51:05" target=\
    12.12.12.201/32
add max-limit=10M/10M name=\
    "116 - Pc - Mohmed Akram - LAN - 8C:5A:C1:72:D8:32" target=\
    12.12.12.116/32
add max-limit=40M/40M name="202 - Luka PC" target=12.12.12.202/32
add max-limit=4M/4M name=\
    "107 - Mobile - Iphone May be Rasha - 3E:71:60:EC:1E:EC" target=\
    12.12.12.107/32
add max-limit=50M/50M name="117 - Mobile - Rana - Huwaei - 44:C7:FC:FC:4A:24" \
    target=12.12.12.117/32
/routing bgp template
set default as=65530 disabled=no name=default output.network=bgp-networks
/routing ospf instance
add name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=bridge2 ingress-filtering=no interface=1-LAN trusted=yes
add bridge=bridge2 ingress-filtering=no interface=3-LAN2 trusted=yes
add disabled=yes ingress-filtering=no interface=ether4-slave-local
add disabled=yes ingress-filtering=no interface=ether5-slave-local
add bridge=bridge2 disabled=yes ingress-filtering=no interface=2-WAN
/ip neighbor discovery-settings
set discover-interface-list=discover
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface list member
add list=discover
add interface=3-LAN2 list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add list=mactel
add list=mac-winbox
add interface=3-LAN2 list=mactel
add interface=ether4-slave-local list=mactel
add interface=3-LAN2 list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=ether5-slave-local list=mac-winbox
/ip address
add address=192.168.100.100/24 interface=2-WAN network=192.168.100.0
add address=12.12.12.1/24 interface=bridge2 network=12.12.12.0
/ip arp
add address=12.12.12.150 comment="4C:5E:0C:76:F1:BF my wan" interface=1-LAN \
    mac-address=4C:5E:0C:76:F1:BF
/ip dhcp-client
add disabled=yes
/ip dhcp-server lease
add address=12.12.12.254 client-id=1:88:75:98:73:d5:55 mac-address=\
    88:75:98:73:D5:55 server=dhcp1
add address=12.12.12.253 client-id=1:78:e4:0:cb:30:3e mac-address=\
    78:E4:00:CB:30:3E server=dhcp1
add address=12.12.12.106 client-id=1:c0:4a:0:18:9:ca mac-address=\
    C0:4A:00:18:09:CA server=dhcp1
add address=12.12.12.105 client-id=1:88:75:98:7:b4:d8 mac-address=\
    88:75:98:07:B4:D8 server=dhcp1
add address=12.12.12.104 client-id=1:94:e9:79:fe:5d:61 mac-address=\
    94:E9:79:FE:5D:61 server=dhcp1
add address=12.12.12.103 client-id=1:c0:4a:0:26:ad:72 mac-address=\
    C0:4A:00:26:AD:72 server=dhcp1
add address=12.12.12.102 client-id=1:f0:25:b7:ea:e1:2f comment=\
    "102 - Mobile - Luka - Samsung S5 - f0-25-b7-ea-e1-2f" mac-address=\
    F0:25:B7:EA:E1:2F server=dhcp1
add address=12.12.12.100 client-id=1:a8:7d:12:ed:2f:18 comment=\
    "100 - Mobile - Mohamed Akram - A8:7D:12:ED:2F:18" mac-address=\
    A8:7D:12:ED:2F:18 server=dhcp1
add address=12.12.12.109 mac-address=80:7D:3A:32:3B:DB server=dhcp1 \
    use-src-mac=yes
add address=12.12.12.101 comment=\
    "101 - Mobile - Farida Akram - 7C:46:85:2D:FE:F1" mac-address=\
    7C:46:85:2D:FE:F1 server=dhcp1
add address=12.12.12.108 client-id=1:80:c:67:95:76:fe mac-address=\
    80:0C:67:95:76:FE server=dhcp1
add address=12.12.12.113 client-id=1:54:92:9:92:97:2a mac-address=\
    54:92:09:92:97:2A server=dhcp1
add address=12.12.12.111 client-id=1:54:e4:bd:7d:41:19 mac-address=\
    54:E4:BD:7D:41:19 server=dhcp1
add address=12.12.12.110 client-id=1:4c:5e:c:76:f1:bf mac-address=\
    4C:5E:0C:76:F1:BF server=dhcp1
add address=12.12.12.112 mac-address=AA:00:00:00:00:00
add address=12.12.12.122 client-id=1:d0:37:45:8d:41:3c mac-address=\
    D0:37:45:8D:41:3C server=dhcp1
add address=12.12.12.116 client-id=1:c4:34:6b:72:d5:4e mac-address=\
    C4:34:6B:72:D5:4E server=dhcp1
add address=12.12.12.114 client-id=1:8c:5a:c1:72:d8:32 mac-address=\
    8C:5A:C1:72:D8:32 server=dhcp1
add address=12.12.12.121 client-id=1:d0:37:45:8c:8d:94 mac-address=\
    D0:37:45:8C:8D:94 server=dhcp1
add address=12.12.12.117 client-id=1:44:c7:fc:fc:4a:24 mac-address=\
    44:C7:FC:FC:4A:24 server=dhcp1
add address=12.12.12.118 client-id=1:6e:3b:71:58:f9:96 mac-address=\
    6E:3B:71:58:F9:96 server=dhcp1
add address=12.12.12.119 mac-address=7C:46:85:02:5E:8F server=dhcp1
add address=12.12.12.107 client-id=1:26:c0:43:91:25:5a mac-address=\
    26:C0:43:91:25:5A server=dhcp1
add address=12.12.12.120 client-id=1:74:59:9:a5:a3:19 mac-address=\
    74:59:09:A5:A3:19 server=dhcp1
add address=12.12.12.123 client-id=1:a8:7d:12:ed:ea:48 mac-address=\
    A8:7D:12:ED:EA:48 server=dhcp1
add address=12.12.12.126 client-id=1:6c:f0:49:d1:8d:84 mac-address=\
    6C:F0:49:D1:8D:84 server=dhcp1
add address=12.12.12.127 client-id=1:f8:b1:56:b7:18:9c mac-address=\
    F8:B1:56:B7:18:9C server=dhcp1
add address=12.12.12.115 client-id=1:46:6a:ef:ee:e1:54 mac-address=\
    46:6A:EF:EE:E1:54 server=dhcp1
add address=12.12.12.124 client-id=1:a8:98:92:f2:e:fd mac-address=\
    A8:98:92:F2:0E:FD server=dhcp1
/ip dhcp-server network
add address=12.12.12.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=12.12.12.1
/ip dns
set allow-remote-requests=yes servers=163.121.128.134,163.121.128.135,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=12.12.12.106 list=Fortnite
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Fasttrack DNS" \
    disabled=yes dst-port=53 hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward comment=\
    "Fasttrack Connection - DNS - UDP" disabled=yes dst-port=53 hw-offload=\
    yes protocol=udp
/ip firewall mangle
add action=passthrough chain=forward comment="Mohamed PC" src-address=\
    12.12.12.103
add action=passthrough chain=forward comment="Akram Laptop" src-address=\
    12.12.12.104
add action=passthrough chain=forward comment="Mohamed PC" src-address=\
    12.12.12.106
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=2-WAN src-address=12.12.12.0/24
/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=192.168.100.1
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip traffic-flow
set enabled=yes interfaces=*2
/ip traffic-flow target
add dst-address=192.168.88.200 port=1234 version=5
/system clock
set time-zone-autodetect=no
/system clock manual
set dst-delta=+02:00 time-zone=+02:00
/system ntp client
set enabled=yes
/system ntp client servers
add address=41.204.120.137
add address=197.80.150.123
/system scheduler
add interval=1h name="Send email ARP Print" on-event="/tool e-mail\r\
    \n/tool e-mail set address=smtp.gmail.com\r\
    \n/tool e-mail set port=587\r\
    \n/tool e-mail set from=Mikrotik Home\r\
    \n/tool e-mail> set user=homem@gmail.com\r\
    \n/tool e-mail> set password=no\r\
    \n/tool e-mail> send to=akram@gmail.com \r\
    \nsubject=\"Mikrotik test\" body=\"email test\" start-tls=yes\r\
    \n/system script run ARP" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=may/20/2020 start-time=22:24:56
/system script
add dont-require-permissions=no name=ARP owner=akram policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=" \
    / tool e-mail send server=\"smtp.gmail.com\" port=\"587\" user=home\
    @gmail.com password=\"no\" start-tls=yes to=akram@gmail\
    .com subject=\"resend\" body=\"test\"  "
/tool e-mail
set address=smtp.gmail.com from="Mikrotik Home" port=587 tls=starttls user=\
    home@gmail.com
/tool mac-server
set allowed-interface-list=mac-winbox
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-interface=*2 filter-ip-address=192.168.88.104/32

You do not have the required permissions to view the files attached to this post.
 
User avatar
jvanhambelgium
Long time Member
Long time Member
Posts: 677
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Bridge and masqurade

Sat Jan 29, 2022 6:32 pm

Smells more like MTU issue on the PPPoE link.
I recall long time ago I had the same, some HTTPS sites would just not work.
 
akram
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Wed Aug 10, 2005 4:58 pm

Re: Bridge and masqurade

Sat Jan 29, 2022 7:30 pm

Smells more like MTU issue on the PPPoE link.
I recall long time ago I had the same, some HTTPS sites would just not work.
but it work when i put an IP address in the WAN range and the sites open
 
akram
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Wed Aug 10, 2005 4:58 pm

Re: Bridge and masqurade

Tue Feb 08, 2022 9:02 pm

Smells more like MTU issue on the PPPoE link.
I recall long time ago I had the same, some HTTPS sites would just not work.
you were right it is MTU issue ,I called the ISP and they give me MTU on ISP Router to put on in it and then I put the same MTU on my Bridge settings ,it's fixed guys
thanks guys

here is the MTU I put in both ISP router and Bridge
MTU Fix Issue on bridge2.jpg
You do not have the required permissions to view the files attached to this post.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3290
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Bridge and masqurade

Tue Feb 08, 2022 9:07 pm

You got an MTU issue...
The Bridge2 MTU is 1420 Byte, i can see that on post #10...
Set the Bridge MTU to 1500Byte...

Who is online

Users browsing this forum: tarfox and 14 guests