Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

NAT with VLAN bridge

Locked
 
domon
just joined
Topic Author
Posts: 20
Joined: Sat Dec 03, 2016 4:20 pm

NAT with VLAN bridge

Thu Dec 22, 2016 9:31 pm

Internal devices on the 3 VLANs cannot reach the internet. I have 3 VLANs setup, and assigned to 3 bridges, with physical ports assigned to each of the 3 bridges. Segmentation works and dhcp works, however none of the devices can reach the internet via the WAN port. The WAN port is receiving an IP address.

/ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 10.0.0.1 0
1 ADC 10.0.0.0/16 10.0.0.163 ether1 0
2 ADC 10.10.1.0/24 10.10.1.1 br-vlan10 0
3 ADC 10.10.2.0/24 10.10.2.1 br-vlan20 0
4 ADC 10.10.3.0/24 10.10.3.1 br-vlan30 0

Is there a different firewall nat rule that needs to be in place or something else?


/interface bridge
add name=br-vlan10
add name=br-vlan20
add name=br-vlan30

/interface vlan
add interface=br-vlan10 name=vlan10 vlan-id=10
add interface=br-vlan20 name=vlan20 vlan-id=20
add interface=br-vlan30 name=vlan30 vlan-id=30

/ip dhcp-server
add add-arp=yes disabled=no interface=br-vlan10 lease-time=1d name=dhcp10
add add-arp=yes disabled=no interface=br-vlan20 lease-time=1d name=dhcp20
add add-arp=yes disabled=no interface=br-vlan30 lease-time=1d name=dhcp30

/ip pool
add name=pool10 ranges=10.10.1.0/24
add name=pool20 ranges=10.10.2.0/24
add name=pool30 ranges=10.10.3.0/24

/interface bridge nat
add chain=srcnat

/interface bridge port
add bridge=br-vlan10 interface=ether2
add bridge=br-vlan10 interface=ether3
add bridge=br-vlan10 interface=ether4
add bridge=br-vlan10 interface=ether5
add bridge=br-vlan10 interface=ether6
add bridge=br-vlan10 interface=ether7
add bridge=br-vlan10 interface=ether8
add bridge=br-vlan20 interface=ether9
add bridge=br-vlan20 interface=ether10
add bridge=br-vlan20 interface=ether11
add bridge=br-vlan20 interface=ether12
add bridge=br-vlan20 interface=ether13
add bridge=br-vlan20 interface=ether14
add bridge=br-vlan20 interface=ether15
add bridge=br-vlan20 interface=ether16
add bridge=br-vlan30 interface=ether17
add bridge=br-vlan30 interface=ether18
add bridge=br-vlan30 interface=ether19
add bridge=br-vlan30 interface=ether20
add bridge=br-vlan30 interface=ether21
add bridge=br-vlan30 interface=ether22
add bridge=br-vlan30 interface=ether23
add bridge=br-vlan30 interface=ether24

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

/ip address
add address=10.10.1.1/24 interface=br-vlan10 network=10.10.1.0
add address=10.10.2.1/24 interface=br-vlan20 network=10.10.2.0
add address=10.10.3.1/24 interface=br-vlan30 network=10.10.3.0

/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1

/ip dhcp-server network
add address=10.10.1.0/24 dns-server=4.2.2.2 domain=test.lan gateway=10.10.1.1
add address=10.10.2.0/24 dns-server=4.2.2.2 domain=test.lan gateway=10.10.2.1
add address=10.10.3.0/24 dns-server=4.2.2.2 domain=test.lan gateway=10.10.3.1

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: NAT with VLAN bridge

Fri Dec 23, 2016 12:58 am

Any reason to have these?
Code: Select all
/interface bridge nat
add chain=srcnat
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
And is there anything in /ip firewall filter?
Top
Locked
  4. RouterOS
  5. Beginner Basics