* HAP AX3
I've added a new bridge for WiFi ports.
Then I've set up a network address for the WiFi bridge.
I also added an interface list for the WiFi bridge.
Finally, some DHCP configurations and I thought I was done.
As it happens, there's a firewall rule that blocks all traffic that does not come from the LAN interface list.
Unless I disable this rule, clients from the WiFi network cannot reach the Internet.
I could change the "not LAN" to "WAN", I guess...
Creating an interface list that includes both "bridge_LAN" and "bridge_WiFi" was my first idea.
However, even though it is called an interface "list", I could only set one interface.
So, is there a way to create such an interface list that includes both "bridge_LAN" and "bridge_WiFi", or "LAN" and "LAN_WiFi" lists?
I've added a new bridge for WiFi ports.
Code:
[@MikroTik] > interface/bridge/export/interface bridgeadd comment=defconf name=bridge_LAN port-cost-mode=shortadd comment=defconf name=bridge_WiFi port-cost-mode=short/interface bridge portadd bridge=bridge_LAN comment=defconf interface=ether2 internal-path-cost=10 path-cost=10add bridge=bridge_LAN comment=defconf interface=ether3 internal-path-cost=10 path-cost=10add bridge=bridge_LAN comment=defconf interface=ether4 internal-path-cost=10 path-cost=10add bridge=bridge_LAN comment=defconf interface=ether5 internal-path-cost=10 path-cost=10add bridge=bridge_WiFi comment=defconf interface=wifi_5GHz internal-path-cost=10 path-cost=10add bridge=bridge_WiFi comment=defconf interface=wifi_2GHz internal-path-cost=10 path-cost=10add bridge=bridge_LAN interface=veth1Then I've set up a network address for the WiFi bridge.
Code:
[@MikroTik] > ip address/export/ip addressadd address=192.168.8.1/24 comment="defconf - LAN Bridge" interface=bridge_LAN network=192.168.8.0add address=192.168.9.1/24 comment="WiFi Bridge" interface=bridge_WiFi network=192.168.9.0I also added an interface list for the WiFi bridge.
Code:
[@MikroTik] > interface/list/export/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd comment="Interface list for WiFi bridge" name=LAN_WiFi/interface list memberadd comment="defconf - LAN interface list for LAN bridge" interface=bridge_LAN list=LANadd comment=defconf interface=ether1_WAN list=WANadd comment="WiFi interface list for WiFi bridge" interface=bridge_WiFi list=LAN_WiFiFinally, some DHCP configurations and I thought I was done.
Code:
[@MikroTik] > ip dhcp-server/export/ip dhcp-serveradd address-pool=dhcp_LAN interface=bridge_LAN lease-time=1d name=defconf_LANadd address-pool=dhcp_WiFi interface=bridge_WiFi lease-time=1d name=WiFi_DHCP/ip dhcp-server networkadd address=192.168.8.0/24 comment="defconf - LAN DHCP Configuration" dns-server=192.168.8.1 gateway=192.168.8.1 netmask=24add address=192.168.9.0/24 comment="WiFi DHCP configuration" dns-server=192.168.8.1 gateway=192.168.9.1 netmask=24As it happens, there's a firewall rule that blocks all traffic that does not come from the LAN interface list.
Code:
[@MikroTik] > ip firewall/filter/export/ip firewall filteradd action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANUnless I disable this rule, clients from the WiFi network cannot reach the Internet.
I could change the "not LAN" to "WAN", I guess...
Creating an interface list that includes both "bridge_LAN" and "bridge_WiFi" was my first idea.
However, even though it is called an interface "list", I could only set one interface.
So, is there a way to create such an interface list that includes both "bridge_LAN" and "bridge_WiFi", or "LAN" and "LAN_WiFi" lists?
Statistics: Posted by diasdm — Fri Mar 15, 2024 4:53 am