i cannot ping out to the internet from my pc which is getting a dhcp address from ether2, but i am able to ping out to the internet from ether1 which is the internet port. I know it is a route but not sure what is going on I have a staic IP on the internet. Weird thing is that is when i ping it is doing a dns lookup so it is getting out but just not pinging


/ip address
add address=64.122.42.210/30 broadcast=64.122.42.211 comment=“” disabled=no
interface=internet network=64.122.42.208
add address=192.168.12.1/24 broadcast=192.168.12.255 comment=“” disabled=no
interface=ether2 network=192.168.12.0
add address=192.168.13.1/24 broadcast=192.168.13.255 comment=“” disabled=no
interface=wlan1 network=192.168.13.0

/ip route
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
64.122.42.209 scope=30 target-scope=10
add disabled=no distance=1 dst-address=192.168.0.0/24 gateway=10.0.0.15
scope=30 target-scope=10

/interface pptp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 comment=“”
connect-to=209.40.226.123 disabled=yes max-mru=1460 max-mtu=1460 mrru=
disabled name=xxxxxx password=“xxxxxxxx” profile=default-encryption
user=portland
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment=“” disabled=no full-duplex=yes
mac-address=00:0C:42:32:5C:86 mtu=1500 name=internet speed=100Mbps
set 1 arp=proxy-arp auto-negotiation=yes bandwidth=unlimited/unlimited
comment=“” disabled=no full-duplex=yes mac-address=00:0C:42:32:5C:87
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=
“” disabled=no full-duplex=yes mac-address=00:0C:42:32:5C:88 master-port=
none mtu=1500 name=ether3 speed=100Mbps

Please remove the username and password from your pptp-client config.

Do you have a masquerade rule in /ip firewall nat?

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
internet
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no
set pptp disabled=no

Are you able to ping from wlan1? Do the clients connected to ether2 receive a default route from the dhcp server?

For example:

[admin@rb450] > ip dhcp-server network print
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN    
 0 192.168.88.0/24    192.168.88.1   
[admin@rb450] >

ip dhcp-server network print

ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN

0 192.168.12.0/24 192.168.12.1 192.168.12.1
1 192.168.13.0/24 192.168.13.1 192.168.13.1

Everything looks correct to me. Do you have any firewall filter rules that could be blocking the outgoing traffic?

see above for the firewall settings just right out of the box

I noticed on ether2 you have arp=proxy-arp. Do you have add-arp=yes on the dhcp server? Try enabling arp temporarily on that interface and see what happens.

it started working all of a sudden i didn’t change anything. So thanks for your help.

I was thinking like you had arp set to reply-only, so add-arp=yes does not need to be set on the dhcp server. Glad it started working… for whatever reason.