Can ping router, but cannot ping or connect to WAN

RouterOS Beginner Basics
1

Hi there,

I just factory-reset my hexLite 750r2 router and patched it with the latest patch

But now I have a problem, I can ping the router (192.168.88.1) and use WinBox to connect to it from my PC (192.168.88.3), but now I cannot browse the internet nor ping outside IP (e.g. 8.8.8,8), it shows “timeout” and unable to resolve DNS. My DNS is set to 8.8.8.8 and 8.8.4.4, no changes to the Firewall and just added a VLAN for the PPoE connection.

Can someone please take a look at the settings and assist? Thanks!

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface=ether1 out-interface-list=WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
2

Exported config shows no sign of neither VLAN nor PPPoE.

3

I think it has to do with your dhcp client. It’s not creating a default route.

Cheers,

Sent from my cell phone. Sorry for the errors.

4

What make you think that?

I’ve a hAP lite running DHCP client on WAN and config as shown in export is exactly the same as in OP. It does create dynamic route entries, shown only using print command.

5

Your current config relies on DHCP to provide the WAN ip. Is that how you got your ip in the past? Do you have ip assigned? You can consult Winbox: IP/Addresses for that.

6

What I dont see is on the
/ip dhcp server-network, a typical reference to dns???

I do not remember what the IP dhcp client shows for normal config export.

7

My DNS is set to 8.8.8.8 and 8.8.4.4,

It’s on server. Also on clients?

8

You were talking about pppoe. That would have an option to create a default route.

OP doesn’t mention pppoe. Thus, I’m assuming that ethet1 runs without another service to connect to the internet. The OP would need to check the dhcp client option to create a default route

OP should check that and return with some feedback.

Cheers,



Sent from my cell phone. Sorry for the errors.

9

Good point! Checked options should be show on an export, although I’m not in front of my computer to validate.

Even if dns allows remote requests is checked, if the “use remote dns” option is unchecked, the router can’t act as a dns relay.

No DNS, no nothing :wink:


Sent from my cell phone. Sorry for the errors.

10

Err… For your information, I’m not doing DHCP on my PC, I do static IP which worked very well for me.

So do I disable DHCP? I remember I didn’t have to do that previously when I first setup this unit. That’s really weird.

here’s my ppoe and vlan config

/interface vlan
add interface=ether1 name=vlan500 vlan-id=500
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan500 max-mru=1492 max-mtu=1492 name=pppoe-out1 password=xxxxxx user=xxxxxx

11

What do /ip address print and /ip route print show?

Does pppoe-client actually start? For FW use, your new WAN interface is pppoe-out1, you should add it to the appropriate interface list.

12

Hi,

FYI, both the PPoE and the VLAN work just fine, it connects to the service provider with no problems.

13

Have you tried recycling your modem? When you use PPPoE, there should be to ip’s involved: private assigned to your port connected to modem, and public one of the PPPoE once connected / authenticated.

But there are none of the two, so is modem actually working? Some modems remember macs of interfaces, hence the recycle / restart of it…

Is the cable properly seated? do you see leds flashing? How many? 1 or 2?

14

I’m sure that the BTU modem is working because I can directly ping 8.8.8.8 using the ping tools in the hexLite router. I can also see the temporary IP assigned to it.

15

Where’s PPPoE terminated, on BTU modem? If yes, then you need to fix connectivity between RB and BTU. If you’re running DHCP client on RB to get connectivity towards BTU, you have to fix that, right now it’s not doing its job.

As it is now, router has not default route set up so it’s only logical it doesn’t know where to send packets outside of 192.168.88.0/24 network.

16

So what route and addresses should I add? Add to the routing table? Examples?

No I’m not relying on DHCP for connectivity, just static IP.

17

Let’s first figure out your actual network topology, it’s not clear to me. Where’s your internet terminated (VLAN and PPPoE you mentioned in your posts). How does that termination point connect to RB you’re trying to reconfigure. What are IP addresses involved.

18

BTU (vlan500) —> HexLiteRouter (PPoE/Vlan500, 192.168.88.1) —> PC (192.168.88.5)

You can reference the following setup guide as shown below:
https://www.mikrotik.com.my/setup-for-unifi/

I follow the guide without any modifications (apart from entering my username and password).

19

This topology does not agree with the setup of the RB you presented in previous posts and doesn’t agree with output of print commands … The posted setup contains nothing about VLAN and nothing about PPPoE client. I don’t see how the HEX lite could access anything on internet if the posted setup is complete and current.

20

Rule #1,
Ask for a diagram!

Rule #2
Ask for a config
(/export hide=sensitive file=mylatestconfig).

You guys kill me playing whackamole games without facts. :stuck_out_tongue_winking_eye: