Hi everyone
I recently bought my first Mikrotik router (hAP ax3) and I am learning how to set it up. However I am struggling with my very first config. Everything seems to work apart of DNS. I can ping IPs in Command Prompt, but I cannot ping domains (see screenshot) and I also cannot not access any websites in my browser. Where is my mistake? Does anyone have any ideas?
My config is as follows:
2024-07-21 18:36:55 by RouterOS 7.15
software id =
model =
serial number =
/interface bridge
add name=Bridge-LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1-ISP
set [ find default-name=ether2 ] name=ether2-LAN
set [ find default-name=ether3 ] name=ether3-LAN
set [ find default-name=ether4 ] name=ether4-LAN
set [ find default-name=ether5 ] name=ether5-LAN
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-a configuration.mode=ap
.ssid=Test5
/interface list
add name=WAN
add name=LAN
/interface wifi channel
add band=2ghz-ax disabled=no name=channel1 width=20/40mhz-eC
/interface wifi configuration
add country=Luxembourg disabled=no mode=ap name=Config-2.4G ssid=test2
/interface wifi datapath
add bridge=Bridge-LAN disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa3-psk disabled=no name=Sec-Profile1 wps=disable
/interface wifi
set [ find default-name=wifi2 ] channel=channel1 configuration=Config-2.4G
configuration.mode=ap .ssid=TEST99 datapath=datapath1 disabled=no security=
Sec-Profile1
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool1 ranges=172.16.0.20-172.16.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=Bridge-LAN lease-time=8h name=dhcp1
/interface bridge port
add bridge=Bridge-LAN interface=ether2-LAN path-cost=10
add bridge=Bridge-LAN interface=ether3-LAN
add bridge=Bridge-LAN interface=ether4-LAN
add bridge=Bridge-LAN interface=ether5-LAN
add bridge=Bridge-LAN interface=wifi1
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set rp-filter=strict tcp-syncookies=yes
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=ether1-ISP list=WAN
add interface=Bridge-LAN list=LAN
/ip address
add address=172.16.0.1/24 interface=Bridge-LAN network=172.16.0.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=ether1-ISP
/ip dhcp-server network
add address=172.16.0.0/24 dns-server=172.16.0.1 gateway=172.16.0.1
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip firewall filter
add action=accept chain=input comment=
"defconf: accept established,related,untracked" connection-state=
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN"
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy"
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy"
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=
"defconf: accept established,related, untracked" connection-state=
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid"
connection-state=invalid
add action=drop chain=forward comment=
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-ISP
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes port=2200
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ipv6 firewall filter
add action=drop chain=input comment="Drop all IPv6 ICMP traffic" protocol=
icmpv6
add action=drop chain=input comment="Drop all other IPv6 traffic"
add action=drop chain=forward comment="Drop all IPv6 forward traffic"
add action=drop chain=output comment="Drop all IPv6 output traffic"
/ipv6 nd
set [ find default=yes ] disabled=yes
/system clock
set time-zone-name=Europe/Luxembourg
/system identity
set name=XMTK
/system logging
add topics=dns
/system note
set show-at-login=no
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
