this is my 2nd mikrotik and a new one to set up.
and I'm stuck.
not sure what I missed out in the configuration, but i cannot get internet access for clients.
I am sure that I've enabled NAT Masquerade but still not able to get the client to get acces
my topology as such
4G modem - RB-941 - Clients.
Internet access from RB941 = works OK
Internet access from clients = not ok.
Code: Select all
# jan/14/2023 09:54:25 by RouterOS 6.49.7
# software id = T9PD-VUT8
#
# model = RB941-2nD
# serial number = HCR087MNR5P
/interface bridge
add name=Bridge_LAN
/interface list
add name=WAN
add name=Sys
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip,aes-ccm mode=\
dynamic-keys name=E3User supplicant-identity="" unicast-ciphers=\
tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge \
security-profile=E3User ssid=E3Cipanas
/ip pool
add name=LAN ranges=192.168.27.2-192.168.27.254
add name=Sys ranges=192.168.88.2-192.168.88.10
/ip dhcp-server
add add-arp=yes address-pool=LAN disabled=no interface=Bridge_LAN lease-time=\
12h name=DHCP_LAN
add add-arp=yes address-pool=Sys disabled=no interface=ether4 name=DHCP_Sys
/interface bridge port
add bridge=Bridge_LAN interface=ether2
add bridge=Bridge_LAN interface=ether3
add bridge=Bridge_LAN interface=wlan1
/interface bridge settings
set use-ip-firewall=yes
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=\
LAN wan-interface-list=WAN
/interface list member
add interface=ether1 list=WAN
add interface=ether4 list=Sys
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=wlan1 list=LAN
add interface=ether4 list=LAN
/ip address
add address=192.168.88.1/24 interface=ether4 network=192.168.88.0
add address=192.168.27.1/24 interface=Bridge_LAN network=192.168.27.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,1.1.1.1,1.0.0.1
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input connection-state=new dst-port=53 \
in-interface-list=LAN protocol=udp
add action=accept chain=input in-interface-list=LAN
add action=drop chain=input comment="drop all else"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=forward comment="allow internet traffic" \
in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="allow port forwarding" \
connection-nat-state=dstnat disabled=yes
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set winbox address=192.168.27.0/24,192.168.88.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Asia/Jakarta
/system identity
set name=Marge
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
Please help to point out if there is anything that I've missed out that causes the problem.