951ui 3G modem... strange

mnuir · April 4, 2017, 10:36am

951ui with supported 3d dongle. Connection to RB with wifi and Ethernet.

Tried default config, set 3g, firewall scrnat-masquerade
DNS got from provider, also tried manually set it in dhcp and address settings. Also tried 8.8.8.8

No internet connection. PC connected on wifi/ethernet - no internet connection.
Android connected on wifi says “no internet connection” BUT terminal emulator ping to anywhere work fine.
Tried ping on RB, directly from routeros, ping works fine… google yahoo so on. No problem.
But still no internet.

Any ideas? Please help.

th0massin0 · April 4, 2017, 11:13am

Do you see modem interface? Could you tell more details about your dongle (brand/model/software version/software type:hilink,non-hilink)?
Please attach output of /export compact

mnuir · April 4, 2017, 12:07pm

[admin@MikroTik] >> put [resolve google.com server 8.8.8.8]
173.194.44.71
[admin@MikroTik] > put [resolve ns.google.com]
216.239.32.10
[admin@MikroTik] > ip firewall export hide-sensitive

apr/04/2017 14:57:46 by RouterOS 6.38.5

software id = T24W-TVVM

/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related"
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=
"ppp-out1 mts 3g"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related"
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=
invalid
add action=drop chain=forward comment=
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat
connection-state=new in-interface="ppp-out1 mts 3g"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=
"ppp-out1 mts 3g"
[admin@MikroTik] >

Windows:
C:\Users\User1>ping ns.google.com
I could not find the node ns.google.com while verifying the connection.
Check the host name and try again.

mnuir · April 4, 2017, 12:08pm

[admin@MikroTik] > /export compact

apr/04/2017 15:06:52 by RouterOS 6.38.5

software id = T24W-TVVM

/interface bridge
add admin-mac=4C:5E:0C:51:95:6D auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no distance=indoors frequency=auto mode=
ap-bridge multicast-helper=full ssid="-=Bulat=-" tx-power=22 tx-power-mode=all-rates-fixed
wireless-protocol=802.11 wmm-support=enabled
/ip neighbor discovery
set ether1 discover=no
/interface wireless nstreme
set wlan1 enable-polling=no
/interface wireless security-profiles
set [ find default=yes ] wpa-pre-shared-key=80293333117 wpa2-pre-shared-key=88888888
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/port
set 0 name=usb1
/interface ppp-client
add apn=mts dial-on-demand=no disabled=no name="ppp-out1 mts 3g" password=mts port=usb1 user=mts
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1
/ip address
add address=192.168.0.1/16 comment=defconf interface=ether2-master network=192.168.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=
established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface="ppp-out1 mts 3g"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=
established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=
established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=
!dstnat connection-state=new in-interface="ppp-out1 mts 3g"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface="ppp-out1 mts 3g"
/system clock
set time-zone-name=Europe/Minsk
/system note
set note="!!!!! DEFAULT ADMIN ACCOUNT HAD NO PASSWORD AND DEVICE WAS HACKED! Account auto-protected. PLE
ASE AUDIT DEVICE."
/system watchdog
set watch-address=8.8.8.8
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge

mnuir · April 4, 2017, 12:09pm

modem:

blajah · April 4, 2017, 1:34pm

try to disable dhcp client on ether1, and also post status of ppp-out1 interface, just to see IP you are getting from carrier. Post default route/routes. If you can ping from router itself, can you ping something with source address of your lan? Can you post traceroute from router and PC?

sash7 · April 4, 2017, 1:38pm

ping google from RB terminal and see TTL, maybe is 1?

Then try to set ttl in number you get from ping - on mangle postrouting, where out-interface=“your 3g device”

Maybe this provider block internet access if see different ttl from you (they try to prevent sharing)

mnuir · April 4, 2017, 2:55pm

ping and trace from RB:
[admin@MikroTik] > ping google.com
SEQ HOST SIZE TTL TIME STATUS
0 173.194.32.136 56 53 169ms
1 173.194.32.136 56 53 65ms
2 173.194.32.136 56 53 63ms
3 173.194.32.136 56 53 65ms
4 173.194.32.136 56 53 67ms
5 173.194.32.136 56 53 55ms
6 173.194.32.136 56 53 66ms
7 173.194.32.136 56 53 66ms
sent=8 received=8 packet-loss=0% min-rtt=55ms avg-rtt=77ms max-rtt=169ms

[admin@MikroTik] /tool> traceroute google.com

ADDRESS LOSS SENT LAST AVG BEST WORST STD-D

1 46.216.255.249 96.. 27 timeout 228.4 228.4 228.4
2 172.30.65.70 96.. 27 timeout 120 120 120
3 172.30.65.105 96.. 27 timeout 60.1 60.1 60.1
4 195.50.15.54 96.. 27 timeout 49.8 49.8 49.8
5 188.254.103.221 96.. 26 timeout 59.9 59.9 59.9
6 79.133.94.86 96.. 26 timeout 79.9 79.9 79.9
7 72.14.233.106 96.. 26 timeout 110 110 110
8 108.170.232.47 96.. 26 timeout 69.8 69.8 69.8
9 173.194.44.78 0% 26 59.1ms 63.2 54.8 80 5

mnuir · April 4, 2017, 3:04pm

3g modem

mnuir · April 4, 2017, 3:04pm

3g modem

mnuir · April 4, 2017, 3:17pm

routes

sash7 · April 4, 2017, 4:34pm

ok, try to add new rule

/ip firewall mangle
 add chain=postrouting out-interface=xxx action=change-ttl new-ttl=set:56

change xxx with your 3g interface

test…

mnuir · April 4, 2017, 8:49pm

done, works!!!

mnuir · April 4, 2017, 10:45pm

Big thanks for help to all geek people.