Mac / PC (192.168.1.10) -> Synolgoy router -> Internet -> Mikrotik (LtAP LTE) -> Printer (192.168.88.20) connected via Ethernet
Goal:
To print from Mac / PC on the outside office printer.
Current config:
Mikrotik as a l2tp client connect to Synology router - Done
Ping from MT -> Synology OK
I have the current config ...
Code: Select all
# aug/20/2022 10:31:38 by RouterOS 6.48.6
# software id = 0VN5-9AFF
#
# model = RB912R-2nD
# serial number = ************
/interface lte
set [ find ] name=lte1
/interface bridge
add admin-mac=************* arp=proxy-arp auto-mac=no comment=defconf \
name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=outdoor mode=\
ap-bridge ssid=MikroTik-A3918C wireless-protocol=802.11
/interface l2tp-client
add allow=mschap2 connect-to=************ disabled=no ipsec-secret=\
********** name=l2tp-out1 password=********* use-ipsec=yes user=vpn
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add add-arp=yes address-pool=default-dhcp always-broadcast=yes disabled=no \
interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add default-route-distance=100 interface=bridge use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1,9.9.9.9
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=VPNonline \
passthrough=yes src-address=192.168.88.2-192.168.88.254
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=l2tp-out1
add action=dst-nat chain=dstnat disabled=yes dst-address=31.61.225.149 \
dst-port=1024 in-interface=l2tp-out1 log=yes protocol=tcp to-addresses=\
192.168.88.108 to-ports=1024
/ip route
add distance=1 gateway=l2tp-out1 routing-mark=VPNonline
/system clock
set time-zone-name=Europe/Warsaw
/system gps
set port=serial0 set-system-time=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Any help appreciated.