DHCP server not handing out IP's

whissama · September 4, 2018, 7:37am

I have a routerboard hex series MikroTik Router. Everything was working perfect i could ssh into my websites via the internal IP’s using WinSCP or Putty but then a few days ago i tried to get into one of them using an IP but could not get in then tried others one and was met with the same problem. I then went on different forums and was told could be a DHCP server problem. After that i tried to create a test Virtual Machine in Xenserver just to see if an IP would be given out but when installing the Operating System it said DHCP is slow or not responding, this made me realize it has to be something to do with it. I have a basic DHCP setup. I also restarted the server and the router but that made no difference. I can still connect to the WIFI. I can ping the internal IP’s.

I have absolutely no idea what to do next. My main thing is that with this issue i can’t SSH into the websites. Is this a common issue and is there a way to fix it? Thanks.
Also if any screen shots is need please say.

Anumrak · September 4, 2018, 10:49am

Better screens or post your config here without private data.

whissama · September 4, 2018, 11:35am

Here is the config hope i never took out too much:

[X@xxx ] > /export

sep/04/2018 13:04:09 by RouterOS x

/interface ethernet
set [ find default-name=ether1 ] comment="" name="ether1 (WAN)"
set [ find default-name=ether2 ] name="ether2 (LAN)"
set [ find default-name=ether3 ] name="ether3(Servers)"
/interface pppoe-client
add add-default-route=yes disabled=no interface="ether1 (WAN)" name=XXX password=XXX user=XXX
/ip neighbor discovery
set "ether1 (WAN)" comment="X"
set pppoe-out1 comment="X"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool1 ranges=X.X.X.X-X.X.X.X
add name=Vpn-pool ranges=X.XX.XX.X-X.XX.XX.X
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 disabled=no interface="ether2 (LAN)" name=dhcp1
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 local-address=X.XX.XX.Xname=Xremote-address=Vpn-pool use-encryption=required
/queue simple
add max-limit=10M/10M name=Servers target="ether3(Servers)"
add max-limit=10M/10M name=LAN target=X.XX.X.0/24
add max-limit=64k/64k name=VPN_Users target=XX.XX.XX.0/24
/interface l2tp-server server
set authentication=X,Xdefault-profile=VPN-L2TP enabled=yes keepalive-timeout=disabled
/ip address
add address=XX.XX.XX.XX/30 interface="ether1 (WAN)" network=XX.XX.XX.0
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X comment="CLIENT LAN" interface="ether2 (LAN)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
add address=X.X.X.X interface="ether3(Servers)" network=X.X.X.X
/ip arp
add address=X.X.X.X interface="ether3(Servers)" mac-address=X.X.X.X
/ip dhcp-server lease
add address=X.X.X.X client-id=X.X.X.X mac-address=X.X.X.X server=dhcp1
add address=X.X.X.X always-broadcast=yes client-id=1:X.X.X.Xc mac-address=X.X.X.X server=dhcp1
/ip dhcp-server network
add address=X.X.X.X/24 dns-server=X.X.X.X,8.8.8.8,8.8.4.4 gateway=X.X.X.X netmask=24
/ip dns
set allow-remote-requests=yes servers=X.X.X.X
/ip firewall address-list
add address=X.X.X.X list=Allowed_LAN1
add address=X.X.X.X list=Allowed_LAN2
/ip firewall filter
add action=accept chain=forward comment="Outgoing: Allow Traffic from X/X to Servers" in-interface="ether2 (LAN)" out-interface="ether3(Servers)" src-address-list=Allowed_LAN1
add action=accept chain=forward comment="Outgoing: Allow Traffic from X/X to Servers" dst-address-list=Allowed_LAN2 in-interface="ether2 (LAN)" out-interface="ether3(Servers)"
add action=accept chain=forward comment="Incoming: Allow Traffic from X/X to Servers" dst-address-list=Allowed_LAN1 in-interface="ether3(Servers)" out-interface="ether2 (LAN)"
add action=accept chain=forward comment="Incoming: Allow Traffic from X/X to Servers" dst-address-list=Allowed_LAN2 in-interface="ether3(Servers)" out-interface="ether2 (LAN)"
add action=drop chain=forward disabled=yes dst-address=X.X.X.X/24 src-address=X.X.X.X/24
add chain=input comment="accept established connection packets" connection-state=established
add chain=input comment="accept related connection packets" connection-state=related
add chain=input comment="Accept Bandwidth Test" dst-port=X-X protocol=tcp
add chain=input comment="Accept Bandwidth Test" dst-port=X-X protocol=udp
add action=drop chain=input comment="allow only local IPs to use DNS" dst-port=X protocol=udp src-address=!X.X.X.X
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid
add action=drop chain=input comment="drop invalid packets" connection-state=invalid
add action=drop chain=input comment= protocol=tcp psd=X,X,X,X
add action=tarpit chain=input comment= connection-limit=X,X protocol=X src-address-list=black_list
add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input connection-limit=X,X protocol=X
add action=drop chain=input dst-port=X protocol= src-address-list=X_blacklist
add action=drop chain=input dst-port=X protocol= src-address-list=X_blacklist
add action=add-src-to-address-list address-list= address-list-timeout= chain=input connection-state=new dst-port= protocol= src-address-list=
add action=add-src-to-address-list address-list= address-list-timeout=1m chain=input connection-state=new dst-port= protocol=tcp src-address-list=
add action=add-src-to-address-list address-list= address-list-timeout=1m chain=input connection-state=new dst-port= protocol=tcp src-address-list=
add action=add-src-to-address-list address-list= address-list-timeout=1m chain=input connection-state=new dst-port= protocol=
add action=add-src-to-address-list address-list= address-list-timeout= chain=input comment= protocol=tcp psd=
add action=add-src-to-address-list address-list= address-list-timeout= chain=input comment= protocol=tcp tcp-flags=
add action=add-src-to-address-list address-list= address-list-timeout= chain=input comment= protocol=tcp tcp-flags=
add action=add-src-to-address-list address-list= address-list-timeout= chain=input comment= protocol=tcp tcp-flags=
add action=add-src-to-address-list address-list= address-list-timeout= chain=input comment= protocol=tcp tcp-flags=
add action=add-src-to-address-list address-list= address-list-timeout= chain=input comment= protocol=tcp tcp-flags=
add action=add-src-to-address-list address-list= address-list-timeout= chain=input comment= protocol=tcp tcp-flags=
add action=drop chain=input comment="dropping port scanners" src-address-list="port scanners"
add action=jump chain=input comment="jump to chain ICMP" jump-target=ICMP protocol=icmp
add action=jump chain=input comment="jump to chain services" jump-target=services
add chain=input comment="Allow Broadcast Traffic" dst-address-type=broadcast
add action=drop chain=input comment="drop everything else"
add chain=services comment="accept localhost" dst-address=X.X.X.X src-address-list=X.X.X.X
add chain=services comment="allow MACwinbox " dst-port=X protocol=X
add chain=services comment="allow WINBOX" dst-port=X protocol=tcp
add chain=services comment="Bandwidth server" dst-port=X protocol=X
add chain=services dst-port=X protocol=X
add chain=services comment=" MT Discovery Protocol" dst-port=Xprotocol=X
add chain=services comment="allow X" protocol=X
add chain=services comment="allow X" protocol=X
add chain=services comment="allow X" dst-port=X protocol=X
add chain=services comment="allow X" dst-port=X protocol=X
add chain=services comment="Allow X" disabled=yes dst-port=X protocol=X
add chain=services comment="allow X" disabled=yes dst-port=X-X protocol=X
add chain=services comment="Allow X" dst-port=X protocol=X
add chain=services comment="Allow X" dst-port=X protocol=X
add chain=services comment="allow X and EoIP" protocol=X
add chain=services comment="allow DNS request" dst-port=X protocol=X
add chain=services comment="Allow DNS request" dst-port=X protocol=X
add chain=services comment=UPnP disabled=yes dst-port=X protocol=X
add chain=services comment=UPnP disabled=yes dst-port=X protocol=X
add chain=services comment="allow DHCP" disabled=yes dst-port=X-X protocol=X
add chain=services comment="allow X X" disabled=yes dst-port=X protocol=X
add chain=services comment="allow X" disabled=yes protocol=ipencap
add chain=services comment="allow X for Hotspot" disabled=yes dst-port=X protocol=X
add chain=services comment="allow X for Hotspot" disabled=yes dst-port=X protocol=X
add action=accept chain=services comment="allow X connections" dst-port=X,X,X protocol=X
add action=accept chain=services comment="allow X" protocol=X-X
add action=accept chain=services comment="allow X" protocol=X-X
add chain=services comment="allow X" disabled=yes dst-port=X-X protocol=X
add action=return chain=X
add chain=forward comment="allow established connections" connection-state=X
add chain=forward comment="allow related connections" connection-state=X
add action=drop chain=forward comment="drop invalid connections" connection-state=X
add action=drop chain=virus comment="Drop Worm" disabled=yes dst-port=X-X protocol=X
add action=drop chain=virus comment="Drop Worm" disabled=yes dst-port=X-X protocol=X
add action=drop chain=virus comment="Drop Worm" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Worm" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment=________ disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment=________ disabled=yes dst-port=X-X protocol=X
add action=drop chain=virus comment="Drop " disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment=________ disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="ndm requester" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="ndm server" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="screen cast" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment=hromgrafx disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment=cichlid disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment=Worm disabled=yes dst-port=X-X protocol=X
add action=drop chain=virus comment="Bagle Virus" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Beagle" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop MyDoom" disabled=yes dst-port=X-X protocol=X
add action=drop chain=virus comment="Drop " disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment=Worm disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment=Worm disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Sasser" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Beagle.B" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop MyDoom.B" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop NetBus" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop Kuang2" disabled=yes dst-port=X protocol=X
add action=drop chain=forward dst-port=X out-interface=pppoe-out1 protocol=X
add action=drop chain=forward dst-port=X out-interface=pppoe-out1 protocol=X
add action=drop chain=forward comment="drop X X X" dst-port=X protocol=tcp src-address-list=X
add action=drop chain=virus comment="Drop SubSeven" disabled=yes dst-port=X protocol=X
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=yes dst-port=X protocol=X
add action=jump chain=forward comment="jump to the X X" jump-target=X
add chain=forward comment="Allow X" dst-port=X protocol=X
add action=accept chain=forward comment="Allow X" dst-port=X protocol=X
add chain=forward comment="Allow X" dst-port=X protocol=X
add chain=forward comment="allow X" protocol=X
add chain=forward comment="allow X" protocol=X
add chain=forward comment="allow X" protocol=X
add action=drop chain=forward comment="drop everything else" log=yes
add action=accept chain=input comment="Allow Incoming VPN: X" dst-port=X log-prefix=X protocol=X
add action=accept chain=input comment="Allow Incoming X X: X" dst-port=X log-prefix=X protocol=X
add action=accept chain=input comment="Allow Incoming X X: X" dst-port=X log-prefix=X protocol=X
add action=accept chain=input comment="Allow Incoming X X: X" log-prefix=X X=X-X
add action=accept chain=input comment="Allow Incoming X X: X" log-prefix=X X=X-X
/ip firewall nat
add action=dst-nat chain=dstnat comment="TO " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=masquerade chain=srcnat comment="Standard NAT" out-interface=pppoe-out1 src-address=!X.X.X.X
add action=dst-nat chain=dstnat comment="Incoming Port HTTP: X.com " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTP: X.org " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTPS: X.org " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTP: X.com " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTP: X.com " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTPS: X.com " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTP: X.com " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTPS: X.com " dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTP: X.com" dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTPS: X.com" dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTPS: X.net" dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
add action=dst-nat chain=dstnat comment="Incoming Port HTTP: X.net" dst-address=X.X.X.X dst-port=X protocol=X to-addresses=X.X.X.X to-ports=X
/ip firewall raw
add action=drop chain=prerouting dst-port=X protocol=X
add action=drop chain=prerouting dst-port=X protocol=X
/system clock
set time-zone-autodetect=no time-zone-name=X.X.X.X
/system identity
set name="X.X.X.X "
/system ntp client
set enabled=yes primary-ntp=X.X.X.X secondary-ntp=X.X.X.X
/system routerboard settings
set memory-frequency=X protected-routerboot=X

Anumrak · September 4, 2018, 1:20pm

Is your remote web server on the virtual host on physical PC? If yes, try to disable PC firewall temporary.

whissama · September 4, 2018, 1:55pm

Yes it is on a physical machine. I have disabled it and tried to SSH with putty however i still can’t get into the server.

Anumrak · September 4, 2018, 2:10pm

Well, that is good so far. Try to dump the incoming traffic with wireshark then. Can you see ssh session?

Be aware that if your ISP hide you behind his NAT, your nat translation won’t work.

bramwittendorp · September 4, 2018, 2:27pm

You’re only running a DHCP-server on ether2. From your config it says servers are connected on ether3. So it seems legit that you don’t recieve a dhcp-address on your server if it’s connected on ether3.

/ip dhcp-server
 add add-arp=yes address-pool=dhcp_pool1 disabled=no interface="ether2 (LAN)" name=dhcp1

Anumrak · September 4, 2018, 2:41pm

He said that his servers are virtual and located in his PC, but if they’re connected to ether3, it’s good note

whissama · September 4, 2018, 2:56pm

Sorry i must have understood incorrectly. This is the breakdown of the servers. There are 3 physical servers. 2 are running Xenserver. In those Xenservers there are individual Virtual Machines. The other physical server is a freenas. That is all the servers which are in ether3. Then ether2 is for the LAN which has a few PC’s but only 2 of these PC’s are able to reach the Servers (ether3). There are 2 subnets a x.x.1.0 and x.x.11.x.

whissama · September 4, 2018, 2:59pm

You’re only running a DHCP-server on ether2. From your config it says servers are connected on ether3. So it seems legit that you don’t recieve a dhcp-address on your server if it’s connected on ether3.
/ip dhcp-server
 add add-arp=yes address-pool=dhcp_pool1 disabled=no interface="ether2 (LAN)" name=dhcp1

Yes ether3 is on a different subnet as to ether2. ether3 is on 192.xxx.11.0 and ether2 is on 192.xxx.1.0 however 2 users are able to reach ether3 because of a firewall rule. Should i create another DHCP server (and address pool) for ether3? The thing is that it has worked like this since i got the router. When i want to add a new Virtual Machine i would just go to address list and add the ip’s and also go to the firewall and create a NAT rule for ports 80 and 443.

Anumrak · September 5, 2018, 8:55am

It can be 2 different dhcp servers or just one with wide ip address range like 192.168.0.0/20 connected to a bridge and interfaces ether2 and ether3 just added to that bridge.

I recommend to use 2 /24 servers.