MikroTik

I have two 532's with R52s in each.

We are only providing Internet, and thus only want layer 3 traffic to pass between routers.

On Side A, we have a public IP on Ether1 (which goes to internet) and a private 192.168.70.1/24 IP on Wan1 which is in Ap Bridge Mode.

I have Nat Rule for Masq, out port Ether1

and a static route for 0.0.0.0/0 with a default gatway of my ISPs gw. (in same subnet as my public IP) Ether1 public IP

I have a static router for 192.168.190.0/24 with a GW of 192.168.70.2


On Side B
I set a private 192.168.70.2/24 IP on Wan1 which is in station Mode. and successfully connects to Side A, I can ping 192.168.70.1 just fine.

I have Nat Rule for Masq, out port Wan1.

I have DHCP server running on port Ether1 (which is uplinked to a switch) and which hands out private IP address in the 192.168.190.100-200 range. GW: 192.168.190.1

I also have a ip of 192.168.190.1 on ether1


------
NO BRIDGES ANYWHERE


This should work right? Just to provide internet to those 192.168.190.100-200 computers-

I had all this working and i've messed it up some how, as one night it quit working, but the wireless link is fine, so before i do a reconfig from scratch i want to make sure my layout is right.

if this is clean enough i'll submit to to the wiki as a layer 3 bridge as they already have a transparent WDS based bridge how to in there

thanks

everyone uses wds? I thought this would be very common, anyone NOT using WDS for a bridge??

whats the difference between the WDS and your case ? when should we use WDS or follow your natted setup , is there any different in throughput ? performance ?

There are certinly some advantages, and think there will be a def. preformance boost as you can do this with NO bridges, which tax the memeory, bus, and cpu of the router. (plus u will be using the radios to repeate layer 2 broadcast traffic as well, with WDS)


But more importantly i need some pro, ect.. to verifiy my config at the top and if that should work for a Layer3 IP only, internet access only wireless bridge.

thanks

i'm kinda confuse with your setup,
maybe you could explain it better,

1. set wireless side A with ap-bridge mode, and side B with station mode, correct?
2. do not create bridge port, correct?
3. side A:
Ether1 = ISP ip address (public)
WAN1 = 192.168.70.1/24 (private)
a router with IP: 192.168.190.0/24, GW of 192.168.70.2

side B:
WAN1 = 192.168.70.2/24 (public)
Ether1 = 192.168.190.1 (local)
GW: 192.168.190.1

please correct my false understanding.
Thank you

side A:

does not have a 192.168.190.0/24 address at all, I have side B Masquerading 192.168.190.0/24 behind 192.168.70.2



Side B: has that 192.168.190.1 and a dhcp server handing out 192.168.190.100-200 to clients.

and WAN1 = 192.168.70.2/24 (public) = private


I dont understand why some experts are not chiming in here...people are asking as if this is a functional setup, as far as i KNOW it is NOT.

PLEASE someone input?

how much tx/rx the rate?
any significant increase compare with wds?

everyone uses wds? I thought this would be very common, anyone NOT using WDS for a bridge??

Well, I use Bridges without WDS, but only when clients are not MTKs.

Regards.

NOw i need some one to comment on the above setup as it will stop working after 7 hours.

which makes NO SENSE.

so, This does NOT work.

After a few hours, i can no longer ping 192.168.70.1 from 70.2


any ideas??

EDIT: mac-ping and mac telnet still work...its just ip is wacked....this keeps happening.

EDIT2: RESOLVED: Simply removing the IP and recreating it fixed the issue. any ideas? i know this will happen again, as it has before.

i just read the jo2jo post. I'm confused all the network is routing then why are we saying bridging. Why there is natting at the first network tht network could easily be routed to final gateway and natted there. There is no need to nat it to 70.x network then to final gateway and natted again. Simply put the rout of 190.x network on the final gateway. Just saves when u r dnatting.
just a suggestion

I have two 532's with R52s in each.

We are only providing Internet, and thus only want layer 3 traffic to pass between routers.

On Side A, we have a public IP on Ether1 (which goes to internet) and a private 192.168.70.1/24 IP on Wan1 which is in Ap Bridge Mode.

I have Nat Rule for Masq, out port Ether1

and a static route for 0.0.0.0/0 with a default gatway of my ISPs gw. (in same subnet as my public IP) Ether1 public IP

I have a static router for 192.168.190.0/24 with a GW of 192.168.70.2


On Side B
I set a private 192.168.70.2/24 IP on Wan1 which is in station Mode. and successfully connects to Side A, I can ping 192.168.70.1 just fine.

I have Nat Rule for Masq, out port Wan1.

I have DHCP server running on port Ether1 (which is uplinked to a switch) and which hands out private IP address in the 192.168.190.100-200 range. GW: 192.168.190.1

I also have a ip of 192.168.190.1 on ether1


------
NO BRIDGES ANYWHERE


This should work right? Just to provide internet to those 192.168.190.100-200 computers-

I had all this working and i've messed it up some how, as one night it quit working, but the wireless link is fine, so before i do a reconfig from scratch i want to make sure my layout is right.

if this is clean enough i'll submit to to the wiki as a layer 3 bridge as they already have a transparent WDS based bridge how to in there

thanks

Everything looks fine in this configuration.. One thing I believe is redundant is the multiple masquerading rules.


RouterA
WAN: public IP
LAN: 192.168.70.1/24

RouterA Routing table:
DST-NET Gateway
AS 0.0.0.0/0 ISP_GW
AS 192.168.190.0/24 192.168.70.2
DAC 192.168.70.0/24 <NULL>

Masquerading should be enabled on RouterA with a src-address of 192.168.0.0/16 (This will masquerade all networks including the routed ones as long as they using a 192.168.*.* subnet)

RouterB
WAN: 192.168.70.2/24
LAN: 192.168.190.1

RouterB Routing Table:
DST-NET Gateway
AS 0.0.0.0/0 192.168.70.1
DAC 192.168.190.0/24 <NULL>
DAC 192.168.70.0/24 <NULL>

If you have masquerading enabled on RouterB you're doing NAT twice, which is unnecessary, but really shouldn't hurt anything. RouterB if the WAN interface is a wireless interface should be in "station" mode. As long as the correct routes are in place this will work fine.. Basic Networking/Routing 101.

You could do this without routing by using station-wds and transparently bridging the traffic. Whether or not that is a better idea depends on how many users you're dealing with and a few other factors.


jo2jo:

It sounds like you may have an ARP issue, check to see that the arp entry in routerA still shows 192.168.70.2 mapped to the correct MAC address. It could be theres another device set to the same IP address. You could also create a static ARP entry on routerA so that it can't be overridden by another user.

i just read the jo2jo post. I'm confused all the network is routing then why are we saying bridging. Why there is natting at the first network tht network could easily be routed to final gateway and natted there. There is no need to nat it to 70.x network then to final gateway and natted again. Simply put the rout of 190.x network on the final gateway. Just saves when u r dnatting.
just a suggestion

yes! jo2jo I don't understand what you want because bridge=layer2 and layer3 has nothing to do with bridges. if you don't need layer2 bridges then you do routing. please clarify your issue, nobody seems to get it.

it seems routing not bridge?

its is clearly routing, that is my entire point. no layer 2 anywhere, which is why i say no bridges.

u guys want sup outs or config exports?

I think you have to clarify the whole idea, as your question clearly says you want to "bridge two networks"

normis, you are the only one having trouble understanding this. every other reply had no problems. and read the entire topic....bridge without WDS, and only layer 3, ok maybe its not a true bridge.....thanks.


anyway, I will try eliminating the 192.168.70.0 network i made and routing the 192.168.190.0/24 to Side A, and just run the DHCP server for those IP's on Side B.

So far IP communications worked through the night with the addition of the static ARP entries.

I'll report back.

tks

EDIT: I was able to remove the Masquerading rule on Side B, but i still need the 192.168.70.0 private network on the wireless interfaces of each side. The reason is that Computers with 192.168.190.0/24 address, connected to SIDE B, via a swtich, must have a Gateway in their subnet, or else a bridge would be required, which im not doing. Im pretty sure that private (.70.0/24) network between the two sides is required. It could obvioulsy be much smaller like a /29 but who cares..