RB5009UG+S+IN WAN + 2 LAN
Posted: Sat Jun 24, 2023 6:45 am
Hi folks,
Really beginner question. I've tried setting up the router with a PPPoE + VLAN on ether1, one LAN on ether2 and another on ether3 (both unmanaged switches, firewalled separate). The PPPoE connection is working, and I can ping internet addresses from the router using that interface, but no client can get to the internet or ping internet addresses.
The script below seems to create all the IP routes, including the 0.0.0.0/0 route to the PPPoE interface.
Config below from reset/no-defaults. Anyone see an issue?
Edit: have updated the DNS line, still no internet
Regards
Really beginner question. I've tried setting up the router with a PPPoE + VLAN on ether1, one LAN on ether2 and another on ether3 (both unmanaged switches, firewalled separate). The PPPoE connection is working, and I can ping internet addresses from the router using that interface, but no client can get to the internet or ping internet addresses.
The script below seems to create all the IP routes, including the 0.0.0.0/0 route to the PPPoE interface.
Config below from reset/no-defaults. Anyone see an issue?
Code: Select all
/interface vlan
add interface=ether1 name=ether1.10 vlan-id=10
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1.10 name=pppoe-out1 user=xxxxxxxxx password=xxxxxxxxx
/ip pool
add name=pool1 ranges=192.168.88.50-192.168.88.150
add name=pool2 ranges=192.168.89.50-192.168.89.150
/ip dhcp-server
add address-pool=pool1 interface=ether2 name=server1 server-address=192.168.88.1
add address-pool=pool2 interface=ether3 name=server2 server-address=192.168.89.1
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=192.168.89.1/24 interface=ether3 network=192.168.89.0
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
add address=192.168.89.0/24 dns-server=192.168.89.1 gateway=192.168.89.1
/ip dns
set servers=1.1.1.1,1.0.0.1
/ip firewall filter
add action=drop chain=input comment="Drop invalid connection" connection-state=invalid
add action=accept chain=input comment="Accept established connections" connection-state=established
add action=accept chain=input comment="Accept established connections" connection-state=related
add action=accept chain=input comment="Allow access from local network" in-interface=ether2 src-address=192.168.88.0/24
add action=accept chain=input comment="Allow access from local network" in-interface=ether3 src-address=192.168.89.0/24
add action=drop chain=input comment="Drop everything else"
add action=drop chain=forward comment="Drop invalid connections" connection-state=invalid
add action=accept chain=forward comment="Accept established connections" connection-state=established
add action=accept chain=forward comment="Accept established connections" connection-state=related
add action=drop chain=forward comment="Drop lan to lan" dst-address=192.168.88.0/24 src-address=192.168.89.0/24
add action=drop chain=forward comment="Drop lan to lan" dst-address=192.168.89.0/24 src-address=192.168.88.0/24
add action=accept chain=forward comment="Allow traffic from local" in-interface=ether2 src-address=192.168.88.0/24
add action=accept chain=forward comment="Allow traffic from local" in-interface=ether3 src-address=192.168.89.0/24
add action=drop chain=forward comment="Drop everything else"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
Code: Select all
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
Regards
