From a client on the segment:
* I can ping IPs and names on the internet without a problem
* I can ping IPs but not names on my existing (parent) segment (10.0.0.0/24 - see below for setup) by IP (Linux says: temporary failure in name resolution). Same results from the RB terminal.
* I can't ping a name (xxyyzz) that I've setup a static entry for on the RBs DNS to an IP (10.0.0.245) but ping to IP works fine. In the RB terminal a ping to the name xxyyzz works fine.
I wiped the router completely then followed basic setup https://help.mikrotik.com/docs/display/ ... figuration . I noted there was no info about DNS in it so I did what I thought was correct.
I am presently testing with the RB setup under the existing router (a NetGear wireless router) so my RB450g WAN/Eth1 is plugged into it and my testing machines are downstream (Eth2 - Eth5) of the RB. I'll retire the NetGear as a router once things are working. The NetGear segment is 10.0.0.0/24 and the RB segment is 10.1.2.0/24. Most my stuff is on the 10.0.0.0 segment for now, with testing equipment on the 10.1.2.0 segment.
Feel free to point out any other badly configured stuff or suggestions - my feelings won't be hurt
Here's my export:
Code: Select all
# oct/06/2021 15:09:31 by RouterOS 6.32.3
# software id = XFBU-EHZP
#
/interface bridge
add name=local
/ip neighbor discovery
set ether1 discover=no
set ether2 discover=no
set ether3 discover=no
set ether4 discover=no
set ether5 discover=no
/ip pool
add name=dhcp_pool1 ranges=10.1.2.90-10.1.2.139
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=local name=dhcp1
/interface bridge port
add bridge=local interface=ether2
add bridge=local interface=ether3
add bridge=local interface=ether4
add bridge=local interface=ether5
/ip address
add address=10.1.2.1/24 interface=local network=10.1.2.0
/ip cloud
set update-time=no
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.1.2.0/24 dns-server=10.1.2.1,1.1.1.1,8.8.8.8 gateway=\
10.1.2.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=10.0.0.245 name=xxyyzz
/ip firewall filter
add chain=input comment="accept established,related" connection-state=\
established,related
add action=drop chain=input connection-state=invalid
add chain=input comment="allow ICMP" in-interface=ether1 protocol=icmp
add chain=input comment="allow Winbox" in-interface=ether1 port=8291 \
protocol=tcp
add chain=input comment="allow SSH" in-interface=ether1 port=22 protocol=tcp
add action=drop chain=input comment="block everything else" in-interface=\
ether1
add action=fasttrack-connection chain=forward comment=\
"fast-track for established,related" connection-state=established,related
add chain=forward comment="accept established,related" connection-state=\
established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward comment=\
"drop access to clients behind NAT form WAN" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip ssh
set strong-crypto=yes
/ip traffic-flow
set enabled=yes
/system clock
set time-zone-name=America/Detroit
/tool bandwidth-server
set enabled=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=local
