Hi everyone!
I’m really new in Mikrotik configuration, I updated to 7.10 because I need to use Wireguard, after the update I can’t ping or access Winbox through gateway.
My network is working ‘fine’ the big problem is that. I can access Winbox through MAC but even DNS requests using router like a DNS server aren’t working and I need that because I have an static DNS entry.
Here’s my configuration:
# 1970-01-02 16:08:46 by RouterOS 7.10
# software id = N6YR-AIKD
#
# model = CCR1036-12G-4S
# serial number = XXXXXXXXX
/interface bridge
add name=Servidor_Bridge
add name=loopback
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-full,100M-full comment=\
"WAN 1 GANDALF"
set [ find default-name=ether2 ] comment="WAN" l2mtu=1500
set [ find default-name=ether3 ] comment="TRANSPORT"
set [ find default-name=ether5 ] comment="LAN"
set [ find default-name=ether6 ] comment=LAN2
set [ find default-name=ether7 ] comment="SSSS"
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=wifi_secure supplicant-identity=""
/ip pool
add name=PoolOficina ranges=192.168.10.100-192.168.10.250
add name=dhcp_pool1 ranges=192.168.30.120-192.168.30.254
add name=dhcp_pool2 ranges=192.168.32.2-192.168.32.254
add name=dhcp_pool3 ranges=192.168.50.2-192.168.50.254
add name=VPN ranges=20.20.20.20-20.20.20.254
add name=dhcp_pool5 ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool6 ranges=192.168.70.2-192.168.70.254
add name=dhcp_pool7 ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool8 ranges=192.168.70.2-192.168.70.254
add name=dhcp_pool9 ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool10 ranges=192.168.70.2-192.168.70.254
add name=dhcp_pool11 ranges=192.168.70.2-192.168.70.254
add name=dhcp_pool12 ranges=192.168.62.20-192.168.62.254
/ip dhcp-server
add address-pool=PoolOficina interface=ether5 lease-time=10m name=server1
add address-pool=dhcp_pool2 interface=ether6 lease-time=10m name=dhcp2
add address-pool=dhcp_pool3 interface=Servidor_Bridge lease-time=10m name=\
dhcp3
add address-pool=dhcp_pool9 disabled=yes interface="Trasporte K-40 " \
lease-time=10m name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add dns-server=8.8.8.8 local-address=20.20.20.1 name=VPN remote-address=VPN
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=yes name=default-v2 originate-default=always redistribute=\
connected,static,ospf,vpn,dhcp,modem router-id=255.255.255.31
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=to_ISP1
add fib name=to_ISP2
add fib name=airtek
add fib name=camaras
add fib name=galac
add fib name=NVR_TALLER
/interface bridge port
add bridge=Servidor_Bridge ingress-filtering=no interface=ether7
add bridge=Servidor_Bridge ingress-filtering=no interface=eoip1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set enabled=yes
/ip address
add address=192.168.10.1/24 interface=ether5 network=192.168.10.0
add address=255.255.255.31 interface=loopback network=255.255.255.31
add address=192.168.32.1/24 interface=ether6 network=192.168.32.0
add address=192.168.50.1/24 interface=ether7 network=192.168.50.0
add address=192.168.1.1/24 interface=ether6 network=192.168.1.0
add address=190.124.31.20/20 interface=ether2 network=190.124.16.0
add address=190.124.31.20 interface=ether2 network=190.124.31.20
add address=192.168.62.1/24 disabled=yes interface=eoip-tunnel_taller \
network=192.168.62.0
add address=192.168.30.1/24 disabled=yes interface="Trasporte K-40 " network=\
192.168.30.0
add address=38.25.190.251/17 disabled=yes interface=ether2 network=\
38.25.128.0
/ip dhcp-client
add disabled=yes interface=vlan14
add interface=ether2 use-peer-ntp=no
add interface=ether3
add disabled=yes interface=ether10
add add-default-route=no interface=eoip-tunnel_taller use-peer-dns=no \
use-peer-ntp=no
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1 netmask=24
add address=192.168.30.0/24 dns-server=8.8.8.8 gateway=192.168.30.1
add address=192.168.32.0/24 gateway=192.168.32.1
add address=192.168.50.0/24 dns-server=8.8.8.8 gateway=192.168.50.1
add address=192.168.62.0/24 dns-server=8.8.8.8 gateway=192.168.62.1
add address=192.168.70.0/24 dns-server=8.8.8.8 gateway=192.168.70.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.10.10 name=XXXXXXXXXXXX ttl=50s
add address=192.168.10.10 disabled=yes name=XXXXXXXXXXX
/ip firewall address-list
add address=192.168.10.188 disabled=yes list=lan
/ip firewall filter
add action=accept chain=forward connection-state=established,related
add action=fasttrack-connection chain=forward comment=\
FW_CONN_ESTABLISHED_Y_RELATED connection-state=established,related \
disabled=yes hw-offload=yes
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=192.168.30.0/24 \
new-routing-mark=camaras passthrough=no
add action=mark-routing chain=prerouting dst-address=192.168.50.0/24 \
new-routing-mark=galac passthrough=no
add action=mark-routing chain=prerouting dst-address=192.168.70.0/24 \
new-routing-mark=NVR_TALLER passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=airtek passthrough=\
no src-address=192.168.10.0/24
add action=mark-connection chain=input comment="MARCAJE DE ENTRADA" \
in-interface=ether2 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=input in-interface=ether1 \
new-connection-mark=ISP1_conn passthrough=yes
add action=mark-routing chain=output comment="MARCAJE DE SALIDA" \
connection-mark=ISP2_conn new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn \
new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting comment="MARCADO DE RUTA AIRTEK" \
connection-mark=ISP2_conn in-interface=ether5 new-routing-mark=to_ISP2 \
passthrough=yes
add action=mark-routing chain=prerouting comment="MARCADO DE RUTA GANDALF" \
connection-mark=ISP1_conn dst-address-type=!local in-interface=ether5 \
new-routing-mark=to_ISP1 passthrough=yes
add action=mark-connection chain=prerouting comment="BALANCEO DE CARGA" \
connection-mark=no-mark dst-address-type=!local in-interface=ether5 \
new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=\
both-addresses:10/2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn \
passthrough=yes per-connection-classifier=both-addresses:10/9
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn \
passthrough=yes per-connection-classifier=both-addresses:10/8
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn \
passthrough=yes per-connection-classifier=both-addresses:10/7
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn \
passthrough=yes per-connection-classifier=both-addresses:10/6
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn \
passthrough=yes per-connection-classifier=both-addresses:10/5
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn \
passthrough=yes per-connection-classifier=both-addresses:10/4
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn \
passthrough=yes per-connection-classifier=both-addresses:10/3
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether5 new-connection-mark=ISP2_conn passthrough=yes \
per-connection-classifier=both-addresses:10/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether5 new-connection-mark=ISP1_conn passthrough=yes \
per-connection-classifier=both-addresses:10/0
add action=mark-connection chain=prerouting comment=SALIDA connection-mark=\
no-mark in-interface=ether1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes in-interface=ether3 new-connection-mark=ISP3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether2 new-connection-mark=ISP2_conn passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=\
"AIRTEK **************NO TOCAR************" out-interface=ether2
add action=dst-nat chain=dstnat comment="Apertura de Puerto NOTOCAR" \
dst-port=443 in-interface=ether2 protocol=tcp to-addresses=192.168.10.10 \
to-ports=443
add action=masquerade chain=srcnat out-interface=ether3
add action=dst-nat chain=dstnat comment="Redireccion Servidor web" \
dst-address= PUBLIC_IP_ADDRESS dst-port=443 protocol=tcp to-addresses=\
192.168.10.10 to-ports=443
/ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=\
192.168.50.254 routing-table=galac
add disabled=no dst-address=0.0.0.0/0 gateway=XXXXXXXXXX routing-table=\
airtek
add disabled=no distance=2 dst-address=0.0.0.0/32 gateway=XXXXXXXXX
I would really appreciate your help!