I have a printer with an ethernet port that I want to connect with the mAP lite via wifi to my home network, so that other devices can access it.
printer <-------- ethernet --------> mAP lite <----- wifi -------> home router <----- other devices
I already had this working in station-pseudobridge mode, but the connection was very unstable and it was interfering with other wifi devices, I presume because my home router ist not a MikroTik device.
So I thought it should be possible to have this setup on layer 3 with the mAP lite configured as a router with NAT.
The important part of the config I currently have is:
- fixed IP 192.168.88.252 for printer on ether1
- fixed IP 192.168.1.4 for mAP lite assigned by the home router in wifi
- Forward rules for all traffic according to https://wiki.mikrotik.com/wiki/Manual:I ... ernal_host :
Code: Select alladd action=dst-nat chain=dstnat dst-address=192.168.1.4 to-addresses=\ 192.168.88.252 add action=src-nat chain=srcnat src-address=192.168.88.252 to-addresses=\ 192.168.1.4
- wlan1 as WAN
- A bridge with ether1 as LAN
When I try to print from another device, the printer either does not report back and I get a "print job failed" message, although the document was printed successfully, OR the printer goes into an infinite loop of printing the same thing over and over again.
The printer is unable to communicate back to the device, that started the print job, so that it gets flooded with retries of the same print job over and over.
It seems that something is interfering with my src-nat rule, as the packet count on this one stays zero all the time.
I tried to disable all the defconf Filter Rules and replaced them with the rules suggested here:
viewtopic.php?t=81006#p463336
However there are now a lot of packets droped on the final rule, and the src-nat still does not work.
Help?
current config export compact:
Code: Select all
/interface bridge
add admin-mac=<removed info> auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no distance=indoors \
frequency=2462 installation=indoor ssid="<removed info>" \
wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] <removed info>
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=wlan1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=wlan1
/ip dhcp-server lease
add address=192.168.88.252 mac-address=<removed info> server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" disabled=yes dst-address=\
127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new disabled=yes \
in-interface-list=WAN
add chain=forward comment=outgoing in-interface=bridge out-interface=wlan1
add chain=forward comment=established connection-state=established in-interface=\
wlan1 out-interface=bridge
add chain=forward comment=related connection-state=related in-interface=wlan1 \
out-interface=bridge
add action=drop chain=forward comment="Drop the rest"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=192.168.1.4 to-addresses=\
192.168.88.252
add action=src-nat chain=srcnat out-interface=wlan1 src-address=192.168.88.252 \
to-addresses=192.168.1.4