I’m starting a new topic because this is different than the last. I have the LAN side setup with 10. addressing and can ping the gateway at 10.10.1.1. I can also resolve host names using a DNS server on the WAN side at 192.169.1.14. The WAN side address is 192.168.1.220. I can ping external web addresses like google.com, but I cannot open the websites.
My export is
# feb/05/2026 11:12:39 by RouterOS 6.49.19
# software id = 4462-Q26S
#
# model = RB750Gr3
# serial number =
/interface ethernet
set [ find default-name=ether2 ] name="LAN 2"
set [ find default-name=ether3 ] name=LAN3
set [ find default-name=ether1 ] name=WAN-Ether1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=PoolDHCP ranges=10.10.1.100-10.10.1.254
/ip dhcp-server
add address-pool=PoolDHCP disabled=no interface=LAN3 lease-time=1d name=\
DHCPNew
/interface bridge port
add comment=defconf disabled=yes interface=WAN-Ether1
/interface detect-internet
set detect-interface-list=WAN
/interface list member
add interface=WAN-Ether1 list=WAN
add interface=LAN3 list=LAN
/ip address
add address=192.168.1.220 interface=WAN-Ether1 network=192.168.1.0
add address=10.10.1.1 interface=LAN3 network=10.10.1.0
/ip dhcp-client
add comment=defconf interface=WAN-Ether1
/ip dhcp-server network
add address=10.10.1.0/24 dns-server=192.168.1.14 gateway=10.10.1.1
/ip dns
set servers=192.168.1.14
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add check-gateway=ping distance=1 gateway=WAN-Ether1
add distance=1 dst-address=10.10.1.0/24 gateway=LAN3
/system clock
set time-zone-name=America/New_York
/system identity
set name=AWOD1
/system ntp client
set enabled=yes primary-ntp=192.5.41.40 secondary-ntp=192.5.41.41 \
server-dns-names=192.168.1.14
and my routes are;
# feb/05/2026 11:13:57 by RouterOS 6.49.19
# software id = 4462-Q26S
#
# model = RB750Gr3
# serial number =
/ip route
add check-gateway=ping distance=1 gateway=WAN-Ether1
add distance=1 dst-address=10.10.1.0/24 gateway=LAN3
The odd internal condition is that I’m using the device to subnet automated machiney to keep the normal business traffic from interfering with the automation equipment.
With your current configuration, if the WAN side has a DHCP server, then you probably are having ECMP routes for WAN, with one of the two routes being obviously wrong (the one you added manually).
Not that I didn’t care, it’s that I’m overwhelmed, hahaha. This is one of those things that is important and not urgent, so I have not yet had time to understand CSGXANNX’s helpful reply.
How do I save the /ip route print to a file? I tried /ip route print export file-filename but it didn’t like it.
[admin@AWOD1] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 WAN-Ether1 1
1 A S 10.10.1.0/24 LAN3 1
2 ADC 10.10.1.0/32 10.10.1.1 LAN3 0
3 ADC 192.168.1.0/32 192.168.1.220 WAN-Ether1 0
[admin@AWOD1] > /export
# feb/05/2026 15:04:01 by RouterOS 6.49.19
# software id = 4462-Q26S
#
# model = RB750Gr3
# serial number =
/interface ethernet
set [ find default-name=ether2 ] name="LAN 2"
set [ find default-name=ether3 ] name=LAN3
set [ find default-name=ether1 ] name=WAN-Ether1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=PoolDHCP ranges=10.10.1.100-10.10.1.254
/ip dhcp-server
add address-pool=PoolDHCP disabled=no interface=LAN3 lease-time=1d name=DHCPNew
/interface bridge port
add comment=defconf disabled=yes interface=WAN-Ether1
/interface detect-internet
set detect-interface-list=WAN
/interface list member
add interface=WAN-Ether1 list=WAN
add interface=LAN3 list=LAN
/ip address
add address=192.168.1.220/24 interface=WAN-Ether1 network=192.168.1.0
add address=10.10.1.1/24 interface=LAN3 network=10.10.1.0
/ip dhcp-server network
add address=10.10.1.0/24 dns-server=192.168.1.14 gateway=10.10.1.1
/ip dns
set servers=192.168.1.14
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add check-gateway=ping distance=1 gateway=WAN-Ether1
/system clock
set time-zone-name=America/New_York
/system identity
set name=AWOD1
/system ntp client
set enabled=yes primary-ntp=192.5.41.40 secondary-ntp=192.5.41.41 server-dns-names=192.168.1.14
and
[admin@AWOD1] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 WAN-Ether1 1
1 ADC 10.10.1.0/24 10.10.1.1 LAN3 0
2 ADC 192.168.1.0/24 192.168.1.220 WAN-Ether1 0
I can resolve host names but cannot get ping responses.
Which IP address has the gateway (the device/router on the other end of the cable connected to port WAN-ether1)?
192.168.1.1?
Try changing:
add check-gateway=ping distance=1 gateway=WAN-ether1 192.168.1.1
No! You have not! Look at the default route. It still has WAN-Ether1 as gateway, because you added it like this:
Please read what I wrote above:
The interface is an ethernet interface (not point-to-point like PPPoE for example), you can't have the default route specifying only the interface as gateway. Because the router will then use ARP even when you try to go to 8.8.8.8 for example, and that obviously won't work.
You have to set the gateway to the IP address of the WAN router. In the example above it was assumed that 192.168.1.1 is the address of this router. If it differs, then adjust that value in the command.
No problem, you are learning, and mistakes are cheap and plentiful. However attempt to be more disciplined especially adhering to the advice given, it gets rid of the obvious errors allowing us to hone in on the rest.
