Can't access certain web pages!!!

vmiro · May 10, 2006, 10:06am

Hi,
I’m using a NAT to hide my private network on Internet and I set it up like this (user manual ):

/ip firewall nat add chain=srcnat action=masquerade out-interface=isdn-out1

Internet works fine except some websites like: http://www.microsoft.com, http://www.xbitlabs.com, http://www.anandtech.com…

Does anybody know what is the problem?

cabana · May 10, 2006, 12:36pm

I had a similar problem to this, I solved it by adding routes. For example the addresses that you have shown point to 208.65.201.** so I put a route in for any traffic destined for 208.65.201.* to go through your providers gateway.

valens · May 10, 2006, 3:19pm

Have you try to do several checking? Ping, tracert, etc?

vmiro · May 10, 2006, 4:23pm

cabana: …it still doesn’t work

valens: I can’t ping…Request timed out…but, when I tracert look what’s happening:

C:>tracert http://www.microsoft.com

Tracing route to lb1.www.ms.akadns.net [207.46.198.30]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.1.1
2 1 ms 2 ms 2 ms 10.1.30.1
3 11 ms 5 ms 2 ms 192.168.0.1
4 5 ms 3 ms 4 ms 212.200.31.41
5 68 ms 54 ms 5 ms 212.200.232.53
6 11 ms 9 ms 4 ms 212.200.232.58
7 28 ms 35 ms 27 ms t2a4-ge1-0.de-fra.eu.bt.net [166.49.147.157]
8 26 ms 81 ms 29 ms t2c1-ge6-0.de-fra.eu.bt.net [166.49.172.11]
9 109 ms 173 ms 44 ms t2c1-p2-0.uk-glo.eu.bt.net [166.49.195.109]
10 456 ms 322 ms 45 ms t2c1-p4-2.uk-eal.eu.bt.net [166.49.208.9]
11 155 ms 445 ms 431 ms t2c1-p4-0.us-ash.eu.bt.net [166.49.164.110]
12 425 ms 497 ms 519 ms 166-49-151-134.eu.bt.net [166.49.151.134]
13 451 ms 409 ms 410 ms 207.46.47.65
14 395 ms 200 ms 245 ms pos6-2.wst-76cb-1b.ntwk.msn.net [207.46.35.97]
15 342 ms 295 ms 436 ms pos1-0.wst-12ix-1b.ntwk.msn.net [207.46.36.214]
16 518 ms 261 ms 199 ms pos1-0.tke-12ix-2b.ntwk.msn.net [207.46.155.13]
17 267 ms 203 ms 245 ms po11.tuk-65ns-mcs-1a.ntwk.msn.net [207.46.224.216]
18 * * * Request timed out.
19 * * * Request timed out.
20 *

It stops on 18 hops, and somethimes stops on 12 hop. Am I crazy or what, what’s going on here…
I have reinstalled mikrotik on another computer with minimal settings (just DHCP for LAN, NAT, ISDN client) and still doesn’t work!
Note: ISDN line (these websites) works fine when I try it on Win XP!

changeip · May 10, 2006, 4:38pm

Possibly a MTU problem? Sites like google come up because they are smaller than 1500 bytes but larger ones might not.

PS - a lot of akamai sites wont ping - they block ICMP for a good reason.

vmiro · May 10, 2006, 5:00pm

I’ve changed MTU from 1500 to 1480…guess what…doesn’t work!

a lot of akamai sites wont ping - they block ICMP for a good reason

I can’t access http://www.microsoft.com via http also.

andrewluck · May 10, 2006, 6:53pm

Don’t change MTU. Mangle MSS instead. Also you’ll probably need to go a lot smaller than 1480. 1360 is usually a good starting point.

Regards

Andrew

vmiro · May 10, 2006, 9:20pm

I’ve tried with MTU 1360, it doesn’t help.

Can you explain me what and how to mangle?
Thanks!

jhydzik · May 11, 2006, 4:01am

Just a quick hint, i was having same problems, If you are running a static ip on your WAN interface then u have to enter a route manually too!!! I didnt know this because i used to use DHCP client for my WAN interface. the Route i added is this:
ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.

I hope this helps

Joe

normis · May 11, 2006, 7:07am

all, please read this:
http://alive.znep.com/~marcs/mtu/

it will explain why certain webpages migh not work, and how to solve it.

dannyboy · May 18, 2006, 9:14pm

I am having a problem once I do this :
http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Gateways

I set this up and some users with routers would connect fine and if they had a VOIP router they could use the VOIP but the problem was when they tried to surf the internet. They could not see any pages. Now You talk about the MTU, my question is Do I change the mtu on the clients router or on the MT interface that serves the Client?

Thanks

Daniel

pekr · May 21, 2006, 4:57pm

Couldn’t, theoretically, be the problem related to your ISP DNS server? IIRC we once had such problem, so we flushed caches, and as we have two ISPs, we switched to other DNS servers from the second ISP. Maybe some cache problem, dunno …

-pekr-

dannyboy · May 22, 2006, 11:07pm

Hello,

Well the problem was fixed by doing this from another thread:

Just a quick hint, i was having same problems, If you are running a static ip on your WAN interface then u have to enter a route manually too!!! I didnt know this because i used to use DHCP client for my WAN interface. the Route i added is this:
ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.
I hope this helps

Joe

Thanks to joe all I had to do was to set the distance to 0 and I also changed the TCP MSS option to yes on my pppoe profiles. Now it works good. It was simple to do the load balance and customers are happy.

dannyboy · May 22, 2006, 11:07pm

Hello,

Well the problem was fixed by doing this from another thread:

Just a quick hint, i was having same problems, If you are running a static ip on your WAN interface then u have to enter a route manually too!!! I didnt know this because i used to use DHCP client for my WAN interface. the Route i added is this:
ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.

I hope this helps

Joe

Thanks to joe all I had to do was to set the distance to 0 and I also changed the TCP MSS option to yes on my pppoe profiles. Now it works good. It was simple to do the load balance and customers are happy.

dannyboy · May 22, 2006, 11:07pm

Hello,

Well the problem was fixed by doing this from another thread:

Just a quick hint, i was having same problems, If you are running a static ip on your WAN interface then u have to enter a route manually too!!! I didnt know this because i used to use DHCP client for my WAN interface. the Route i added is this:
ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.
I hope this helps

Joe

Thanks to joe all I had to do was to set the distance to 0 and I also changed the TCP MSS option to yes on my pppoe profiles. Now it works good. It was simple to do the load balance and customers are happy.

baskogMT · October 11, 2016, 8:39am

ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.

Hi Joe, I tried this but I cant change it wont accept 0/none in distance.. Min is 1-255…