Newbie here with a newbie issue.
I am sure I am missing something on my config that is causing me to not be able to ping/connect/see my Qnap NAS while using a CRS326-24G2s+RM bridged to a HexS.
my setup is the following:
ISP--------->HexS------->CRS----->LAN
on the LAN I have my PC and NAS on the same subnet 192.168.88.0/24
I followed the wiki setup and I can ping pretty much all my devices but the NAS
I also want to mention that i have a Pi hole running on 192.168.1.70 that is connected directly to the ISP router.
Below is my current config.
Any help you can provide, is much appreciated.
Code: Select all
# jan/21/2022 18:13:13 by RouterOS 6.49.2
# software id =
#
# model = RB760iGS
# serial number =
/interface bridge
add name=local
/interface ethernet
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=sfp1 ] disabled=yes
/interface list
add name=listBridge
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.100
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=local name=dhcp1
/interface bridge port
add bridge=local interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=listBridge
/interface list member
add interface=local list=listBridge
/ip address
add address=192.168.88.1/24 interface=local network=192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.88.100 client-id=1:4:d9:f5:84:67:5a mac-address=\
04:D9:F5:84:67:5A server=dhcp1
add address=192.168.88.99 client-id=1:2c:c8:1b:6:4f:bb mac-address=\
2C:C8:1B:06:4F:BB server=dhcp1
add address=192.168.88.97 client-id=1:dc:a6:32:1c:7:24 mac-address=\
DC:A6:32:1C:07:24 server=dhcp1
add address=192.168.88.95 client-id=1:84:a9:38:b7:b4:e mac-address=\
84:A9:38:B7:B4:0E server=dhcp1
add address=192.168.88.94 client-id=1:24:5e:be:20:e9:f6 mac-address=\
24:5E:BE:20:E9:F6 server=dhcp1
add address=192.168.88.98 client-id=1:b8:27:eb:2:53:9f mac-address=\
B8:27:EB:02:53:9F server=dhcp1
add address=192.168.88.96 client-id=1:b8:27:eb:9e:ee:b8 mac-address=\
B8:27:EB:9E:EE:B8 server=dhcp1
add address=192.168.88.92 client-id=1:e8:65:d4:dc:f9:88 mac-address=\
E8:65:D4:DC:F9:88 server=dhcp1
add address=192.168.88.91 mac-address=6C:AD:F8:D4:C5:4A server=dhcp1
add address=192.168.88.90 mac-address=1C:F2:9A:67:CE:6A server=dhcp1
add address=192.168.88.85 client-id=1:50:ed:3c:58:46:76 mac-address=\
50:ED:3C:58:46:76 server=dhcp1
add address=192.168.88.83 client-id=1:b8:27:eb:be:9b:eb mac-address=\
B8:27:EB:BE:9B:EB server=dhcp1
add address=192.168.88.82 client-id=1:e8:65:d4:dc:f9:80 mac-address=\
E8:65:D4:DC:F9:80 server=dhcp1
add address=192.168.88.80 client-id=1:0:e:c6:a3:cd:9c comment=MiBox \
mac-address=00:0E:C6:A3:CD:9C server=dhcp1
add address=192.168.88.79 client-id=1:24:5e:be:20:e9:f7 mac-address=\
24:5E:BE:20:E9:F7 server=dhcp1
add address=192.168.88.78 client-id=1:48:ba:4e:68:4f:d0 mac-address=\
48:BA:4E:68:4F:D0 server=dhcp1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.1.70 gateway=192.168.88.1
/ip dns
set servers=192.168.1.70
/ip firewall filter
add action=accept chain=input comment="accept established,related" \
connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="allow ICMP" in-interface=ether1 \
protocol=icmp
add action=accept chain=input comment="allow Winbox" in-interface=ether1 \
port=8291 protocol=tcp
add action=accept chain=input comment="allow SSH" in-interface=ether1 port=22 \
protocol=tcp
add action=drop chain=input comment="block everything else" in-interface=\
ether1
add action=fasttrack-connection chain=forward comment=\
"fast-track for established, related" connection-state=\
established,related
add action=accept chain=forward comment="accept established, related" \
connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward comment=\
"drop access to clients behind NAT from WAN" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat in-interface=ether1 port=3389 protocol=tcp \
to-addresses=192.168.88.97
/ip proxy
set port=80
/ip proxy access
add action=deny dst-host=*.baidu.*
add action=deny dst-host=*.qq.*
add action=deny dst-host=*.taobao.*
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=2200
set api disabled=yes
set winbox address=192.168.88.0/24
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Lisbon
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=listBridge
/tool mac-server mac-winbox
set allowed-interface-list=listBridge