Hi all,

I have manage to bridge different network and same network,
but recently i have been reading about routing network.

The objective now is the mikrotik box can act as router not switch anymore (today it was using bridge interface between each box). Is this possible? or i am just day dreaming?
I am not sure if this is right, so please advise and comment please,
I have 1 wlan interface and 1 ether interface on each mikrotik box.

I have try these setting, but still can not ping each ether from each box.
The bridge port only contain wireless interface, and only establish ap to station-wds between them.(Is this correct? can we put out the wlan from bridge port? since i dont want to use bridging)

Box 1
====
ether1 = 192.168.1.1
wlan1 = 172.168.1.1 (mode ap)
/ip route add dst-address= 192.168.1.2/32 gateway=172.168.1.2

Box 2
====
ether1 = 192.168.1.2
wlan1 = 172.168.1.2 (mode station-wds)
/ip route add dst-address= 192.168.1.1/32 gateway=172.168.1.1

Please advise or give any comment,
thank you so much!

I'm guessing you want to do something like this:

[ gateway 192.168.1.1 for network 192.168.1.0/24 ]

|
v

[ BOX1, set as an Access Point, 192.168.1.2]

|
v

[ BOX2, set as an AP Client, 192.168.1.3 on the wlan, gateway for 192.168.99.0/24, 192.168.99.1 on the ether interface ]

Just add a default route,

/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1

And you should be ok.

Dear Znuff,

thank you for your reply!
yes it is, that is what i am trying to create.

-how about the wlan mode?
on Box 2 (client), i set the wlan as station-wds mode
and on box 1(ap), i set the wlan as ap mode.
and i am not doing any bridge port, or create any bridge at all.
- i am also wanted to pretect each client behind AP, so they can not see each other.
is this already cover by the default route?

but still i am unable to ping each other box.
something wrong with my settings?
i am sure, i am still an idiot on these things...

If you are routing, don't use client WDS. WDS is used to create a transparent bridge.

Dear Gunzoid,

so it means, only AP - station mode right?
and how about protect each client, so they can not see each other?

hello everybody? please help...

Can you draw up a simple diagram in paint or so to help us better understand what it is you are trying to achieve, as in my opinion bridging should always be used as a last resort, including WDS...

Routing is essentially simple as all you are doing is matching destined address to specific interfaces ... i.e. 0.0.0.0/0 would go out Wan interface (i.e 192.168.2.1) whereas 192.168.3.0/24 would go out another intferace (i.e 192.168.3.1) and from there on but remember in routing the interfaces that will be communicating must be on the same subnet and ip space... (ideally)



Regards

@warwick09,
thanks for replying.
actually i was only wanted to create a routed network,
since bridging allows my client to see each other network, and they tend to mess with other's file/folder.

example:

ISP (ether1=10.1.1.254)
|
BOX1(wlan1 = 192.168.10.1, ether1=10.1.1.1, mode = AP)---client1
|
|
connect through wireless
|
|
BOX2(wlan1=192.168.10.2, ether1 = 10.1.2.1, mode = station)--client2

@box1: /ip route add gateway=10.1.1.254
@box2: /ip route add gateway=192.168.10.1

is this correct? since i dont want user behind box2 can see user behind box1.
thank you so much for your reply.

knock,,knock... anyone?

Sorry for taking soo long to reply (been real busy...) but umm this should work..

on box one simply add a default route of (dst) 0.0.0.0/(netmask) 10.1.1.254

ip route add dst-address=0.0.0.0/0 gateway=10.1.1.1

ip route add dst-address=10.1.1.0/24 pref-src=10.1.1.254

ip route add dst-address=192.168.10.0/24 pref-src=192.168.10.1

that should be it for box one ... do a ping test to http://www.google.com to ensure uve done everything right but be sure to adjust the netmask value to suite your specific setup. i.e. /8 /32 etc ...

ok for box 2 ...

ip route add dst-address=0.0.0.0/0 gateway=192.168.10.1

ip route add dst-address=192.168.10.0/24 pref-src=192.168.10.2

disable arp-reply on both interfaces wlan1/2 and add a few rules to prohibit direct discovery such as the blocking of netbios/ping/ftp/http.

...and just drop in a nat rule on box one for masquerading and you should be done. and be sure to set your dns servers under ip dns settings in winbox or terminal ...

ip firewall nat add chain=srcnat action=masquerade src-address=192.168.10.0/24 out-interface=ether1