I've got simple setup on CRS309 with Vlan1 ports assigned as LAN and Vlan2 port as WAN for internet connection. I am trying to do src NAT on Vlan2 towards my provider but when I do masquerade with output interface Vlan2 it doesn't appear to work. Am I missing something?
Here is my config
Code: Select all
/interface bridge
add ingress-filtering=no name=bridge protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=bridge name=vlan1 vlan-id=1
add interface=bridge name=vlan2 vlan-id=2
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=DATA ranges=192.168.89.10-192.168.89.254
/ip dhcp-server
add address-pool=DATA interface=vlan1 lease-time=12h name=DATA_DHCP
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge edge=yes ingress-filtering=no interface=ether1
add bridge=bridge interface=sfp-sfpplus1 pvid=2
add bridge=bridge edge=yes ingress-filtering=no interface=sfp-sfpplus2
add bridge=bridge edge=yes frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus3
add bridge=bridge edge=yes frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4
add bridge=bridge edge=yes frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus5
add bridge=bridge edge=yes frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus6
add bridge=bridge edge=yes frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus7
add bridge=bridge edge=yes frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus8
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=1
add bridge=bridge tagged=bridge vlan-ids=2
/interface list member
add interface=vlan2 list=WAN
add interface=vlan1 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.89.1/24 interface=vlan1 network=192.168.89.0
/ip dhcp-client
add interface=vlan2
/ip dhcp-server network
add address=192.168.89.0/24 dns-server=192.168.1.1 gateway=192.168.89.1
/ip firewall filter
add action=fasttrack-connection chain=forward connection-nat-state="" connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-nat-state=srcnat,dstnat connection-state=established,related,new,untracked
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan2
/routing igmp-proxy
set quick-leave=yes
/system clock
set time-zone-name=Europe/Bratislava
/system identity
set name=HomeRTR
/system routerboard settings
set boot-os=router-os