ROS 7.7
created NAT rule with ISP dynamically assigned IP. Anytime the router restarts or is powered down won't get access to the internet unless the NAT rule is manually updated with the new IP.
Is there any way to write a rule to overcome this issue?
Thanks,
Re: default route
Your config is lacking.
Post between code quotes
Terninal
Export file=anynameyouwish
Remove serial and public wan ip if present.
Post between code quotes
Terninal
Export file=anynameyouwish
Remove serial and public wan ip if present.
Re: default route
The action=masquerade is your friend (instead of action=src-nat).
-
-
ignoranceisbliss
just joined
- Posts: 15
- Joined:
Re: default route
attached file, serial, macs, IP sanitized
action is masquerade, chain is src-nat
Thanks,
action is masquerade, chain is src-nat
Thanks,
You do not have the required permissions to view the files attached to this post.
Re: default route
(1) Your vlan1 makes no sense.
If you need if for the wan connection then why are you trying to create an IP pool as well ??
Additionally there is no reason to attach ether1 to the bridge!
(2) Again remove any /interface bridge vlan settings - not required, you have a bridge with ports etc, the vlan is just for the wan connection.
(3) the bridge is not an IP DHCP client that should be removed.
(4) Why two rules that say the same thing??
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat log=yes out-interface=vlan1 \
out-interface-list=WAN
plus you can only have one not both out interface and out interface list.
(5) what is the purpose of the routing rule????
If you need if for the wan connection then why are you trying to create an IP pool as well ??
Additionally there is no reason to attach ether1 to the bridge!
(2) Again remove any /interface bridge vlan settings - not required, you have a bridge with ports etc, the vlan is just for the wan connection.
(3) the bridge is not an IP DHCP client that should be removed.
(4) Why two rules that say the same thing??
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat log=yes out-interface=vlan1 \
out-interface-list=WAN
plus you can only have one not both out interface and out interface list.
(5) what is the purpose of the routing rule????
Re: default route
Several things in there are weird. For start, I don't see any NAT rule with IP address you could be updating. But I do see default route that might need it (gateway), which is unusual, because normally you just let DHCP client add dynamic default route. Also to have both DHCP servers and clients on both LAN and WAN is probably not correct. And those two wifi routes don't look correct either.
-
-
ignoranceisbliss
just joined
- Posts: 15
- Joined:
Re: default route
Thanks for your input
I have only changed the default config that was not working - I did not create this configuration.
I could not find proper documentation on mikrotik and I've searched (initial router setup is old and a mess).
ether1 is a slave (attached to bridge) and cannot get it to have a dynamic IP from ISP.
I could not find a way in documentation to make it a master if it is still possible with ROS v7. How do I make ether1, supposedly WAN interface, a master?
Hence I created a VLAN which takes required settings for internet to work (this is a fiber network setup, and I could not get the ether1 to obtain an IP)
router does not work on the internet if I do get the NAT rule to have VLAN as out interface (if ether1 is selected, an error stating ether1 is slave is thrown)
DHCP-client: bridge was removed because when added does not get an IP address, it is always in Status: searching...
This is the only config I could get the router to work.
I have only changed the default config that was not working - I did not create this configuration.
I could not find proper documentation on mikrotik and I've searched (initial router setup is old and a mess).
ether1 is a slave (attached to bridge) and cannot get it to have a dynamic IP from ISP.
I could not find a way in documentation to make it a master if it is still possible with ROS v7. How do I make ether1, supposedly WAN interface, a master?
Hence I created a VLAN which takes required settings for internet to work (this is a fiber network setup, and I could not get the ether1 to obtain an IP)
router does not work on the internet if I do get the NAT rule to have VLAN as out interface (if ether1 is selected, an error stating ether1 is slave is thrown)
DHCP-client: bridge was removed because when added does not get an IP address, it is always in Status: searching...
This is the only config I could get the router to work.
Re: default route
You need to
a. create a network diagram of what you want to achieve.
b. list the user requirements
- identify users/devices groups of users/devices
- identify what traffic they should be able to accomplish and not be able to do.
c. if this is old firmware update to version 7.7.
d. Start again with default settings........
a. create a network diagram of what you want to achieve.
b. list the user requirements
- identify users/devices groups of users/devices
- identify what traffic they should be able to accomplish and not be able to do.
c. if this is old firmware update to version 7.7.
d. Start again with default settings........
Who is online
Users browsing this forum: Amazon [Bot], ips and 26 guests