Hi, guys, sorry for posting like this but I have an emergency and no Mikrotik consultants in my country are available to help me.
I have a hap ac^3 device which I use as a router, I have another device from my ISP which is set to bridge mode and a cable from it is plugged into my hap’s eth1.
I’ve had both devices for about 1-2 years and everything worked fine. I have been on vacation this week and when I returned I have no internet. Nothing has changed and I mean this in the most literal way possible, as no one was home.
My computer and phone have no access to the internet, neither via cable nor via wireless.
My computer (wired, eth2) can connect to the hap just fine and I can ping a google IP address from the hap’s webfig but the computer can’t.
I’ve tried restarting the hap and the ISP device, no change.
I am attaching my router’s exported config.
Any help will be greatly appreciated! cfg.rsc (44 KB)
Since the hAP ac³ itself can successfully ping something in the internet, the ISP box and everything beyond should be OK.
Looking at LAN IP address and DHCP server settings, I cannot see anything strange either. The masquerade rule looks normal too. The only suspicious rule in the firewall is the first one in forward chain (comment=“Disable internet access”) as it matches on src-mac-address which is quite a new feature. Just to be sure, can you disable that rule and try pinging 8.8.8.8 from a PC connected to the hAP ac³ using a cable again? I can imagine that the rule actually does not match on a particular source MAC address and therefore affects all traffic.
If disabling that rule doesn’t help, can you ping 192.168.0.1 from the PC? If yes, set hw to no on the /interface bridge port row for the Ethernet port to which the PC is connected, start pinging 8.8.8.8 from the PC continuously, run /tool sniffer quick ip-address=8.8.8.8 in a command line window as wide as your screen allows, and post here the output of that command.
I should’ve said the “Disable internet” firewall rule is harmless, the src mac address is of a device that isn’t even powered on, the rule has been active for months working fine and nothing was changed recently. Anyway, I disabled it and nothing changed.
Something to note - from my computer (that has no internet) I can ping 8.8.8.8. Perhaps earlier I entered the IP address of Google wrong. I still can’t open a website using a web address and now I think something is wrong with my DNS situation.
When I try to ping “google.com” or open “google.com” in a browser from my computer I get “google.com’s IP address could not be found” (probably should’ve read that earlier). I can ping 172.217.17.142 (which is an IP I get when I try to ping “google.com” from the device I am writing this on using mobile hotspot) from my computer just fine but trying to open “172.217.17.142” in a browser says “google.com’s IP address could not be found”.
I don’t know if it is in the exported configuration but I am using Quad9’s DOH, however I believe I setup a backup DNS in case that was unreachable but maybe I’m mistaken?
My router’s DNS cache is almost barren, it has a PTR and A record for itself and 4 quad9 entries (2 AAA and 2 A, corresponding to the IPs in my DOH config).
From my internet-less comp I can ping both 9.9.9.9 and 149.112.112.112, which are my DOH IP addresses.
Any idea how I can look into this more?
Still, I will answer the rest of your post:
My PC can ping 192.168.0.1 just fine, I can open Webfig, too, as I’ve said.
Did what you asked, attaching the file (the comp’s IP is 192.168.0.2, file is archived so I can upload it).
If I recall from other posts recently Quad9 recently had a cert change that requires you to download a new one in order for DoH to work. Search the forum, it’s only been a few days. If you need an immediate fix, go to ip-> DNS and put 1.1.1.1 in the servers field. Uncheck the verify DoH certificate checkbox until you can update the cert. This should fix your issue
