Hi everyone,
I have my mikrotik setup at home with VLANs, the VLAN6 is the one who provides internet, but I cannot get that in the LAN, I got packets moving around in eth1 and pppoe connection and even in the VLAN6, I also have packets moving in the ethernets that I am using and in the bridge, but it is no way to go to internet, I have the masquerade added in NAT but still no luck, don't know what I am missing. Here is my configuration:
==============================
/interface bridge
add arp=proxy-arp auto-mac=no comment=defconf \
fast-forward=no igmp-snooping=yes name=bridge
add fast-forward=no name=guest-bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=spain disabled=no distance=indoors frequency=auto mode=ap-bridge \
rx-chains=1 ssid=Privada tx-chains=1 tx-power-mode=\
all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
/interface vlan
add interface=ether1-gateway name=vlan2 vlan-id=2
add interface=ether1-gateway name=vlan3 vlan-id=3
add interface=ether1-gateway name=vlan6 vlan-id=6
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=vlan6 max-mru=\
1492 max-mtu=1492 name=pppoe-out1 password=adslppp use-peer-dns=yes user=\
adslppp@telefonicanetpa
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
password_wifi
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=wifi-guest supplicant-identity="" \
wpa2-pre-shared-key=entra
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=CE:2D:E0:04:46:19 \
master-interface=wlan1 multicast-buffering=disabled name=wlan-guests \
security-profile=wifi-guest ssid=Invitados wds-cost-range=0 \
wds-default-bridge=guest-bridge wds-default-cost=0 wps-mode=disabled
/ip dhcp-server option
add code=240 name=option_para_deco value=\
"':::::239.0.2.10:22222:v6.0:239.0.2.30:22222'"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des
/ip pool
add name=dhcp ranges=192.168.11.50-192.168.11.249
add name=vpn ranges=192.168.11.20-192.168.11.49
add name=wlan-guest ranges=192.168.22.10-192.168.22.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=default
add address-pool=wlan-guest disabled=no interface=guest-bridge name=\
wlan-guests
/ppp profile
set *FFFFFFFE dns-server=192.168.11.1 local-address=vpn remote-address=vpn
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge filter
add action=drop chain=output dst-address=239.0.0.0/8 ip-protocol=udp \
mac-protocol=ip out-interface=wlan1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=guest-bridge interface=wlan-guests
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes ipsec-secret=secreto use-ipsec=required
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-gateway list=WAN
/interface pptp-server server
set authentication=mschap2 enabled=yes
/interface wireless access-list
add signal-range=-80..120 vlan-mode=no-tag
add authentication=no forwarding=no signal-range=-120..-80 vlan-mode=no-tag
/ip address
add address=192.168.11.1/24 comment="default configuration" interface=bridge \
network=192.168.11.0
add address=192.168.100.10/24 interface=ether1-gateway network=192.168.100.0
add address=10.xxx.xxx.xxx/10 interface=vlan2 network=10.128.0.0 . <= This is a fixed IP
add address=192.168.22.1/24 interface=guest-bridge network=192.168.22.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1-gateway
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=vlan3 use-peer-ntp=no
/ip dhcp-server network
add address=192.168.11.0/24 comment=defconf dns-server=192.168.11.1 gateway=\
192.168.11.1 netmask=24
add address=192.168.11.199/32 dhcp-option=option_para_deco dns-server=\
172.26.23.3 gateway=192.168.11.1 netmask=24
add address=192.168.22.0/24 dns-server=192.168.22.1 gateway=192.168.22.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.11.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment="Default configuration" protocol=icmp
add action=accept chain=input comment="Default configuration" \
connection-state=established
add action=accept chain=input comment="Default configuration" \
connection-state=related
add action=accept chain=input disabled=yes dst-port=23,80 in-interface=\
pppoe-out1 protocol=tcp
add action=accept chain=input dst-port=8291 in-interface=pppoe-out1 protocol=\
tcp
add action=accept chain=input dst-port=1723 in-interface=pppoe-out1 protocol=\
tcp
add action=drop chain=input comment="Default configuration" in-interface=\
pppoe-out1
add action=accept chain=forward comment="Default configuration" \
connection-state=established
add action=accept chain=forward comment="Default configuration" \
connection-state=related
add action=drop chain=forward comment="Default configuration" \
connection-state=invalid
add action=drop chain=forward in-interface=guest-bridge out-interface=\
!pppoe-out1
/ip firewall mangle
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan2
add action=set-priority chain=postrouting new-priority=1 out-interface=\
pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="Default configuration" \
out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="Default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="Default configuration" \
out-interface=vlan2
add action=masquerade chain=srcnat comment="Default configuration" \
out-interface=vlan3
add action=dst-nat chain=dstnat comment=VOD dst-address-type=local \
in-interface=vlan2 to-addresses=192.168.11.199
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
192.168.22.0/24
/ip route
add distance=255 gateway=255.255.255.255
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=pppoe-out1 type=external
/ppp secret
add name=eneko password=contraseña profile=default-encryption
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan2 upstream=yes
add interface=bridge
/routing rip interface
add interface=vlan3 passive=yes receive=v2
add interface=vlan2 passive=yes receive=v2
/routing rip network
add network=10.0.0.0/8
add network=172.26.0.0/16
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=MikroTik
/system ntp client
set enabled=yes primary-ntp=163.117.202.33 secondary-ntp=89.248.104.162
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool user-manager database
set db-path=user-manager
===============================
Cheers.
-
-
MangleRule
Frequent Visitor
- Posts: 62
- Joined:
Re: I cannot get internet to work
Can you diagram what your goal is with the configuration? It is much easier to help if you have a diagram with your subnets, vlan ids, and maybe a basic traffic flow example. Without a diagram to reference, we have to sift through your configuration to try to guess what you are doing.
Re: I cannot get internet to work [SOLVED]
Hi MangleRule,
I've fixed yesterday. I went to a script found on internet and adding the lines with my modifications one by one, and I got internet working again. Thank you for the interest. Just for the sake of letting you know I have the following:
ISP Fiber service ==== ONT device ==== Mikrotik ==== PCs and APs
Basically my ISP is sending TV, Internet and Voice separated in different VLANs (VLAN 6 is internet) and the internet is encapsulated with an PPPoE call, so I have assigned a PPPoE Client to that VLAN6. What was happening is that I had what I thought is was right setup, and I reviewed for weeks trying to find what was wrong, but nothing worked, so I decided to start fresh and go one by one with the commands.
Cheers anyway
I've fixed yesterday. I went to a script found on internet and adding the lines with my modifications one by one, and I got internet working again. Thank you for the interest. Just for the sake of letting you know I have the following:
ISP Fiber service ==== ONT device ==== Mikrotik ==== PCs and APs
Basically my ISP is sending TV, Internet and Voice separated in different VLANs (VLAN 6 is internet) and the internet is encapsulated with an PPPoE call, so I have assigned a PPPoE Client to that VLAN6. What was happening is that I had what I thought is was right setup, and I reviewed for weeks trying to find what was wrong, but nothing worked, so I decided to start fresh and go one by one with the commands.
Cheers anyway
-
-
MangleRule
Frequent Visitor
- Posts: 62
- Joined:
Re: I cannot get internet to work
I'm glad to hear everything is working for you!
Who is online
Users browsing this forum: holvoetn and 14 guests