Hallo i am newbie
i have a problem with my Mikrotik routers. some website can’t access but i can ping. the error is “this site can’t be reached”
whats the problem? with my firewall?
my config:
Please help me and give me the best answer
To me it looks like you are running into mtu issues. Depending on the encapsulation of your internet connection you may add a rule to clamp to pmtu via mangle
can you give me the example of rule?
my dns conf like this " /ip dns set allow-remote-requests=yes cache-max-ttl=1d cache-size=5000KiB max-udp-packet-size=512"
Make max udp packet size 4096
nichky
October 15, 2018, 6:35pm
7
set up dns, as i can see you dns looks like blank
Please send a screenshot, picture, or more detailed information about the error you are receiving:
For Example:
System Hardware
Thanks and good luck, we are here to try and help!
It looks like you get your internet through PPPoE. In that case MTU varies between 1480 and 1492 normally. Also, try clamping your mss with your pmtu with a simple rule like this:
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface="WAN" passthrough=yes protocol=tcp \
tcp-flags=syn tcp-mss=1361-65535
add action=change-mss chain=forward in-interface="WAN" new-mss=clamp-to-pmtu passthrough=yes protocol=tcp \
tcp-flags=syn tcp-mss=1361-65535
Also - and this is just a recommendation - give your firewall some love. I saw a bunch of accept rules but no drop rules for the rest of the chain. This is basically the same thing as having no firewall at all.
i have change but no effect, you have any solution?
i have change and fill the blank with google DNS 8.8.8.8 , 8.8.4.4 but no effect, you have any solution?
It looks like you get your internet through PPPoE. In that case MTU varies between 1480 and 1492 normally. Also, try clamping your mss with your pmtu with a simple rule like this:
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface="WAN" passthrough=yes protocol=tcp \
tcp-flags=syn tcp-mss=1361-65535
add action=change-mss chain=forward in-interface="WAN" new-mss=clamp-to-pmtu passthrough=yes protocol=tcp \
tcp-flags=syn tcp-mss=1361-65535
Also - and this is just a recommendation - give your firewall some love. I saw a bunch of accept rules but no drop rules for the rest of the chain. This is basically the same thing as having no firewall at all.
i was try to add this rules but not effect too. for my drop rules i was disable because that can drop udp packet or port 39752 for request to IP cloud server. and than i can’t use IP cloud cause was dropped
Please send a screenshot, picture, or more detailed information about the error you are receiving:
For Example:
System Hardware
Thanks and good luck, we are here to try and help!
OS : Windows 10
sorry guys, i want to tell you about this problem. i was created vpn server in routerboard and then if i turn on VPN connection, all websites can open and load normaly. but if i turn off VPN, i dont open and load again
Hallo i am newbie
i have a problem with my Mikrotik routers. some website can’t access but i can ping. the error is “this site can’t be reached”
whats the problem? with my firewall?
my config:
Please help me and give me the best answer
anyone can help me. please i need help
