Hi all,
I have recently purchased an hEX router (RB750Gr3) and I'm having (noob) troubles configuring it. My home internet setup is as follows: I have a 5G FWA connection, my ISP installed a ZTE MC7010 on the roof acting as antenna and modem, from which I get an ethernet cable that is supposed to connect to the WAN port of the ISP provided router. I wish to get rid of the latter in favour of the hEX.
Connecting the router to the internet, starting from the default configuration of RouterOS version 7.13.4, was trivial: I just had to connect the cable from the ZTE antenna to port 1, create a VLAN with vlan-ID 1038 on ether1 as per the ISP recommendation and setup the DHCP client on the newly created vlan1 interface.
I can correctly ping, e.g. 8.8.8.8, from the router's tool, however all LAN ports are not connected to the internet. Nothing suspicious comes up to my (very) beginner's eyes, so I'm here for help. This is my configuration:
This is mostly the default configuration with the just the additions mentioned above. Did I make any obvious mistake?
Thanks a lot to anybody willing to help!
I have recently purchased an hEX router (RB750Gr3) and I'm having (noob) troubles configuring it. My home internet setup is as follows: I have a 5G FWA connection, my ISP installed a ZTE MC7010 on the roof acting as antenna and modem, from which I get an ethernet cable that is supposed to connect to the WAN port of the ISP provided router. I wish to get rid of the latter in favour of the hEX.
Connecting the router to the internet, starting from the default configuration of RouterOS version 7.13.4, was trivial: I just had to connect the cable from the ZTE antenna to port 1, create a VLAN with vlan-ID 1038 on ether1 as per the ISP recommendation and setup the DHCP client on the newly created vlan1 interface.
I can correctly ping, e.g. 8.8.8.8, from the router's tool, however all LAN ports are not connected to the internet. Nothing suspicious comes up to my (very) beginner's eyes, so I'm here for help. This is my configuration:
Code:
# 2024-03-03 11:06:00 by RouterOS 7.13.4# software id = **ELIDED**## model = RB750Gr3# serial number = **ELIDED**/interface bridgeadd admin-mac=**ELIDED** auto-mac=no comment=defconf name=bridge/interface vlanadd interface=ether1 name=vlan1 vlan-id=1038/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge lease-time=10m name=defconf/portset 0 name=serial0/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0/ip dhcp-clientadd comment=defconf interface=vlan1/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\ 192.168.88.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN#error exporting "/ip/ssh" (timeout)/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" \ dst-port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system clockset time-zone-name=Europe/Rome/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANThis is mostly the default configuration with the just the additions mentioned above. Did I make any obvious mistake?
Thanks a lot to anybody willing to help!
Statistics: Posted by cronosh — Sun Mar 03, 2024 12:42 pm