Hello all,
I am new to MikroTik, I have a 3011 Router.
Layout
Ether1 WAN /29 subnet
Ether 2 LAN 192.168.1.0/24
Ether 3 to 10 is part of Lan Address
I can access my pc inside network from external and port forwarding to camera system is working fine too.
I can ping from inside the network to outside fine, dns resolving good.
Traceroute shows 192.168.1.1 twice which I thought was interesting.
But biggest problem is web browsing outside of the network is not working correctly, sometimes get the first page, but click a link and times out.
I figure it was firewall and removed most items down to a basic, did not make it better.
Here is my info I think you can use to help me understand what I did wrong.
Thanks in advance if you can help me.
[admin@IbeamIsp-LBC] /ip> export
# feb/09/2017 10:03:48 by RouterOS 6.38.1
# software id = TVTQ-HUHL
#
/ip pool
add name=dhcp ranges=192.168.1.50-192.168.1.254
/ip address
add address=98.6.39.202/29 interface=ether1 network=98.6.39.200
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge2 name=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=192.168.1.0/24 comment=LAN list=local
add address=192.168.1.0/24 list=support
add address=0.0.0.0/8 comment=RFC6890 list=NotPublic
add address=10.0.0.0/8 comment=RFC6890 list=NotPublic
add address=100.64.0.0/10 comment=RFC6890 list=NotPublic
add address=127.0.0.0/8 comment=RFC6890 list=NotPublic
add address=169.254.0.0/16 comment=RFC6890 list=NotPublic
add address=172.16.0.0/12 comment=RFC6890 list=NotPublic
add address=192.0.0.0/24 comment=RFC6890 list=NotPublic
add address=192.0.2.0/24 comment=RFC6890 list=NotPublic
add address=192.168.0.0/16 comment=RFC6890 list=NotPublic
add address=192.88.99.0/24 comment=RFC3068 list=NotPublic
add address=198.18.0.0/15 comment=RFC6890 list=NotPublic
add address=198.51.100.0/24 comment=RFC6890 list=NotPublic
add address=203.0.113.0/24 comment=RFC6890 list=NotPublic
add address=224.0.0.0/4 comment=RFC4601 list=NotPublic
add address=240.0.0.0/4 comment=RFC6890 list=NotPublic
/ip firewall filter
add chain=input comment="Accept established and related packets" connection-state=established,related
add action=drop chain=input comment="Drop invalid packets" connection-state=invalid
add action=drop chain=input comment="Drop all packets which are not destined to routes IP address" dst-address-type=!local
add action=drop chain=input comment="Drop all packets which does not have unicast source IP address" src-address-type=!unicast
add chain=forward comment="Accept established and related packets" connection-state=established,related
add action=drop chain=forward comment="Drop invalid packets" connection-state=invalid
add action=accept chain=forward connection-nat-state=dstnat connection-state=established,related in-interface=ether1
add action=drop chain=forward comment="Drop new connections from internet which are not dst-natted" connection-nat-state=!dstnat connection-state=new in-interface=ether1
/ip firewall nat
add action=dst-nat chain=dstnat comment=VideoSystem1 dst-port=80 protocol=tcp to-addresses=192.168.1.12 to-ports=80
add action=dst-nat chain=dstnat comment=VideoSystem2 dst-port=6036 protocol=tcp to-addresses=192.168.1.12 to-ports=6036
add action=accept chain=input comment="Local access to RB for Winbox" dst-port=8291 protocol=tcp src-address-list=local
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add check-gateway=arp distance=1 gateway=98.6.39.201
/ip service
set telnet disabled=yes