I am wired connected to the Mikrotik router with DHCP server.
My Mac OS X receives DHCP IP address, but cannot ping router, when I look from another computer in firewall connections, it shows TCP state = syn received.
After that I set manual IP address, different from what I get from router, I can ping router, and the TCP state = established.
How to find the problem?
Post /export
Sounds easy enough to fix. Please upload the contents of the file created by this command on your router.
/export file=helpme compact hide-sensitive
The file should be called helpme.rsc. You can drag it to your desktop and open it with wordpad for easy copy and paste.
Sorry, the compact does not work for me. I have RouterOS 4.11
File:
feb/05/2014 16:07:50 by RouterOS 4.11
software id = N9FJ-3MUW
/interface ethernet
set 0 arp=proxy-arp auto-negotiation=yes comment=“” disabled=no full-duplex=
yes l2mtu=1526 mac-address=00:0C:42:93:7B:95 mtu=1500 name=WAN speed=
100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=
“” disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:93:7B:96
master-port=none mtu=1500 name=LAN speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=
“” disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:93:7B:97
master-port=none mtu=1500 name=ether3 speed=100Mbps
/interface pptp-server
add comment=“” disabled=no name=pptp-in1 user=“”
add comment=“” disabled=no name=“Starts Riga” user=starts-riga
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set default authentication-types=“” eap-methods=passthrough group-ciphers=“”
group-key-update=5m interim-update=0s management-protection=disabled
mode=none name=default radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=
none static-sta-private-algo=none static-transmit-key=key-0
supplicant-identity=MikroTik tls-certificate=none tls-mode=
no-certificates unicast-ciphers=“”
/ip hotspot profile
set default dns-name=“” hotspot-address=0.0.0.0 html-directory=hotspot
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap
name=default rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no
use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=
1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 comment=“” disabled=no enc-algorithms=3des
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.200
add name=dhcp_pool2 ranges=213.21.211.146-213.21.211.158
add name=vpn_pool ranges=192.168.1.75-192.168.1.99
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=
static disabled=no interface=LAN lease-time=3d name=dhcp1
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none
stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment=“” name=default only-one=default
use-compression=default use-encryption=default use-vj-compression=default
add change-tcp-mss=default comment=“” local-address=192.168.1.1 name=
vpn_global only-one=default remote-address=vpn_pool use-compression=
default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment=“” name=default-encryption
only-one=default use-compression=default use-encryption=yes
use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=
5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment=“” disabled=no
ignore-as-path-len=no name=default out-filter=“” redistribute-connected=
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0 routing-table=“”
/routing ospf instance
set default comment=“” disabled=no distribute-default=never in-filter=ospf-in
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=
auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment=“” disabled=no instance=default name=
backbone type=default
/snmp
set contact=“” enabled=no engine-boots=0 engine-id=“” location=“”
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-protocol=MD5 encryption-protocol=
DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100
disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0
syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet
boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes
enter-setup-on=any-key force-backup-booter=no silent-boot=no
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet
boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes
enter-setup-on=any-key force-backup-booter=no silent-boot=no
/user group
add comment=“” name=read policy=“local,telnet,ssh,reboot,read,test,winbox,pass
word,web,sniff,sensitive,!ftp,!write,!policy”
add comment=“” name=write policy=“local,telnet,ssh,reboot,read,write,test,winb
ox,password,web,sniff,sensitive,!ftp,!policy”
add comment=“” name=full policy=“local,telnet,ssh,ftp,reboot,read,write,policy
,test,winbox,password,web,sniff,sensitive”
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
/interface ethernet switch port
set (unknown)
set (unknown)
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=
default enabled=no keepalive-timeout=60 mac-address=FE:D5:66:3D:87:50
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=vpn_global
enabled=yes keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name=“” memory-limit=10
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.1.1/24 broadcast=192.168.1.255 comment=
“default configuration” disabled=no interface=LAN network=192.168.1.0
add address=xxx.xxx.xxx.xxx/28 broadcast=xxx.xxx.xxx.xxx comment=“” disabled=no
interface=WAN network=xxx.xxx.xxx.xxx
/ip arp
add address=192.168.1.124 comment=“” disabled=no interface=LAN mac-address=
88:30:8A:E8:5D:20
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.1.0/24 comment=“” gateway=192.168.1.1
add address=213.21.211.144/28 comment=“” gateway=213.21.211.145
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 servers=
192.168.1.10,208.67.222.222,208.67.220.220
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=WAN
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
192.168.1.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set WAN discover=yes
set LAN discover=yes
set ether3 discover=yes
set pptp-in1 discover=no
set “Starts Riga” discover=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0
parent-proxy-port=0 port=8080 serialize-connections=no src-address=
0.0.0.0
/ip route
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
xxx.xxx.xxx.xxx scope=30 target-scope=10
add comment=“” disabled=no distance=1 dst-address=192.168.1.0/24 gateway=
192.168.4.1 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add comment=“” disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0
use-explicit-null=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id=“” comment=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
name=vpn_original profile=vpn_global routes=“” service=pptp
add caller-id=“” comment=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
name=didzis profile=vpn_global routes=“” service=pptp
add caller-id=“” comment=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
local-address=192.168.4.1 name=starts-riga profile=vpn_global
remote-address=192.168.4.2 routes=“” service=pptp
add caller-id=“” comment=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
name=nikolaev profile=vpn_global routes=“” service=pptp
/queue interface
set WAN queue=ethernet-default
set LAN queue=ethernet-default
set ether3 queue=ethernet-default
set pptp-in1 queue=default
set “Starts Riga” queue=default
/radius incoming
set accept=no port=3799
/routing bfd interface
set all comment=“” disabled=no interface=all interval=0.2sec min-rx=0.2sec
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m
gateway-selection=no-gateway origination-interval=5s preferred-gateway=
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=no redistribute-ospf=no redistribute-static=no
routing-table=main timeout-timer=3m update-timer=30s
/store
add comment=“” disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=Europe/Riga
/system clock manual
set dst-delta=+00:00 dst-end=“jan/01/1970 00:00:00” dst-start=
“jan/01/1970 00:00:00” time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set fan-mode=auto use-fan=main
/system identity
set name=RKN
/system logging
add action=memory disabled=no prefix=“” topics=info
add action=memory disabled=no prefix=“” topics=error
add action=memory disabled=no prefix=“” topics=warning
add action=echo disabled=no prefix=“” topics=critical
/system note
set note=“” show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=85.254.217.3 secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=
0.0.0.0 user=“”
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=
100
/tool e-mail
set from=<> password=“” server=0.0.0.0:25 username=“”
/tool graphing
set page-refresh=300 store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number=“” channel=0 keep-max-sms=0 receive-enabled=no
/tool sniffer
set file-limit=10 file-name=“” filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=
yes interface=all memory-limit=10 memory-scroll=no only-headers=no
streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
add chain=input action=accept protocol=icmp comment="Allow input Ping"
add chain=forward action=accept protocol=icmp comment="Allow forward Ping"
It does not help. As I see, there is one IP address, which my Mac OS X receives every time I connect using DHCP, and this address is blocked, because I cannot ping router, and also I don’t have an internet. If I use every other IP address, everything is OK.
I don’t see anything but it could be easy to miss in that messy export.
Upgrade to the most recent 6 release and post /export
feb/06/2014 14:06:08 by RouterOS 6.9
software id = N9FJ-3MUW
/interface ethernet
set [ find default-name=ether2 ] name=LAN
set [ find default-name=ether1 ] arp=proxy-arp name=WAN
/interface pptp-server
add name=“Starts Riga” user=starts-riga
add name=pptp-in1 user=“”
/ip neighbor discovery
set “Starts Riga” discover=no
set pptp-in1 discover=no
/interface wireless security-profiles
set [ find default=yes ] group-ciphers=“” supplicant-identity=MikroTik
unicast-ciphers=“”
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.200
add name=vpn_pool ranges=192.168.1.75-192.168.1.99
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
/port
set 0 name=serial0
/ppp profile
add local-address=192.168.1.1 name=vpn_global remote-address=vpn_pool
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
set 3 remote=0.0.0.0
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=vpn_global
enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.1.1/24 comment=“default configuration” interface=LAN
network=192.168.1.0
add address=xxx.xxx.xxx.xxx/28 interface=WAN network=xxx.xxx.xxx.xxx
/ip arp
add address=192.168.1.124 interface=LAN mac-address=88:30:8A:E8:5D:20
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set max-udp-packet-size=512 servers=
192.168.1.10,208.67.222.222,208.67.220.220
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
add action=masquerade chain=srcnat src-address=192.168.1.0/24
/ip proxy
set max-cache-size=none parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=xxx.xxx.xxx.xxx
add distance=1 dst-address=192.168.1.0/24 gateway=192.168.4.1
/ip traffic-flow
set cache-entries=4k
/ip upnp
set allow-disable-external-interface=no
/ppp secret
add name=vpn_original profile=vpn_global service=pptp
add name=didzis profile=vpn_global service=pptp
add local-address=192.168.4.1 name=starts-riga profile=vpn_global
remote-address=192.168.4.2 service=pptp
add name=nikolaev profile=vpn_global service=pptp
/queue interface
set WAN queue=ethernet-default
set LAN queue=ethernet-default
set ether3 queue=ethernet-default
/system clock
set time-zone-name=Europe/Riga
/system identity
set name=RKN
/system ntp client
set enabled=yes mode=unicast primary-ntp=85.254.217.3
/tool graphing interface
add
/tool sniffer
set file-limit=10KiB filter-mac-protocol=!ip filter-stream=yes memory-limit=
10KiB memory-scroll=no
Why do you have a static ARP entry? Also, you normally set proxy-arp on your LAN interface for VPNs and not on your WAN interface.
That means, I need proxy-arp on LAN interface, and ARP: enabled on WAN, right?
the shorter export is easier to read.
I agree with Cbrown, try disabling the static arp entries and see if that helps?
let us know what happens.
Correct and you also had a manual entry in /ip arp. Unless you have specific reason for having that there I would also remove that.
Thanks!
Looks like everything is OK now!
Good.
Which part fixed it?
I simply have to know, what are the ARP entries for?
Read this.
ha, i know what arp is 
I’m asking, what did he add the static entries to the router for?
My bad 