Issues:
- Laptop cannot ping 8.8.8.8
- Router #1 cannot ping 8.8.8.8 (get "no route to host" msg)
Things that work:
- Laptop can ssh into Router #1 and #2
- From router #2 I can ping out to 8.8.8.8.
Here's the network diagram:
Here's the router configs:
Router #1 Conf
----------------
Code: Select all
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=sfp-sfpplus2 ] comment="Lumen WAN Port"
/interface list
add name=LAN
/ip pool
add name=cgnat-pool1 ranges=100.64.0.0/28
/ip dhcp-server
add address-pool=cgnat-pool1 interface=bridge1 name=CGNAT
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether12
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge1 list=LAN
/ip address
add address=65.58.144.2/27 interface=sfp-sfpplus2 network=65.58.144.0
add address=100.64.0.1/22 interface=bridge1 network=100.64.0.0
add address=65.58.144.6/27 interface=sfp-sfpplus2 network=65.58.144.0
/ip dhcp-server network
add address=100.64.0.0/22 dns-server=9.9.9.9,1.1.1.1 gateway=100.64.0.1 netmask=22
/ip dns
set servers=9.9.9.9,1.1.1.1
/ip firewall filter
add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="accept ICMP" in-interface=sfp-sfpplus2 protocol=icmp
add action=accept chain=input comment="allow Winbox" in-interface=sfp-sfpplus2 port=8291 protocol=tcp
add action=accept chain=input comment="allow SSH" in-interface=sfp-sfpplus2 port=22 protocol=tcp
add action=drop chain=input comment="block everything else" in-interface=sfp-sfpplus2
/ip firewall nat
add action=netmap chain=srcnat out-interface=sfp-sfpplus2 protocol=tcp src-address=100.64.0.0/28 to-addresses=65.58.144.6 to-ports=1024-65535
add action=netmap chain=srcnat out-interface=sfp-sfpplus2 protocol=udp src-address=100.64.0.0/28 to-addresses=65.58.144.6 to-ports=1024-65535
add action=masquerade chain=srcnat out-interface=sfp-sfpplus2 src-address=100.64.0.0/22
add action=accept chain=input comment="accept ICMP" in-interface=sfp-sfpplus2 protocol=icmp
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=65.58.144.2 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
/ip ssh
set strong-crypto=yes
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
[admin@router1] > ip route print
Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAd 0.0.0.0/0 192.168.1.1 1
DAc 65.58.144.0/27 bridge1 0
0 IsH 100.64.0.0/22 65.58.144.1 1
DAc 192.168.1.0/24 ether1 0
DIcH 192.168.88.0/24 ether13 0
[admin@route1] >
Router #2 Conf
----------
Code: Select all
/interface bridge
add name=bridge1
/interface list
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether13 network=192.168.88.0
add address=65.58.144.1/27 interface=bridge1 network=65.58.144.0
/ip dhcp-client
add interface=ether1
/ip dns
set servers=9.9.9.9
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add dst-address=100.64.0.0/22 gateway=65.58.155.1
/system clock
set time-zone-name=America/Los_Angeles
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
[admin@router2] > ip route print
Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC; H - HW-OFFLOADED; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
0 IsH 0.0.0.0/0 65.58.144.2 1
DAc + 65.58.144.0/27 sfp-sfpplus2 0
DAc 100.64.0.0/22 bridge1 0
1 IsH 192.168.1.0/24 65.58.144.2 1
DIcH 192.168.88.0/24 ether13 0
[admin@router2] >