Hello.
Roughly speaking, a month ago my mikrotik started acting weird. Every 2 minutes (sometimes 20, sometimes it goes hours) I’m losing my internet connection through the ISP gate. Pings looks like this:
Reply from 157.240.224.35: bytes=32 time=2ms TTL=57 //facebook
Reply from 157.240.224.35: bytes=32 time=3ms TTL=57
Request timed out.
Request timed out.
Request timed out.
Reply from 100.87.217.128: Destination host unreachable. /// this is my inner dynamic ISP’s IP
Reply from 100.87.217.128: Destination host unreachable.
////
And then it goes back to normal, but for 20-30 seconds I’m losing all connections and it’s pretty annoying. I checked with the ISP a few times and they assured me they can ‘see’ me and everything is fine on their side, which I did confirm by simply attaching the cable to my PC — over the cable everything works great (edit: this turned out to be a coincidence, look below into edit), so the problem is somewhere between the router and devices. I’ve been using this router for 2 years now and this is the first time I’m having issues with it, and I didn’t change any settings before this started.
Every device in the house drops at the same time.
I can ping the router itself.
Now, I’ve been lurking the forums and the internet for weeks and tried a few dozen different solutions, none of which worked, but I’m saying this because it might be the reason why my config is all over the place right now.
First thing I tried was disabling all the basic filter rules in firewall and NAT except for masquerade and then enabling all the default ones back. After that didn’t help I started going through tens of forum posts and trying what people were suggesting, but I really don’t understand what I’m doing and the insides of router os settings are too complicated for me. I never had mikrotiks before this one and I really don’t know what I’m doing, and I’m so desperate I already ordered a new router. Couldn’t even preview this post or send it because it just dropped out of the blue.
edit: I first had written this about WAN only because when I tested over cable everything worked but apparently it was a coincidence since these connection lost times are random and I got lucky. I’m sorry for misleading a bit, it seems the problem persists over the cable, too. So any connection is dropped now.
Thank you for any help
# may/20/2024 15:01:15 by RouterOS 6.49.15
# software id =
#
# model = RB951G-2HnD
# serial number =
/interface bridge
add admin-mac=C4:AD:34:B4:72:** auto-mac=no comment=defconf name=bridge protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=ukraine disabled=no distance=indoors frequency=2447 frequency-mode=superchannel installation=indoor mode=ap-bridge ssid=** wireless-protocol=802.11 wps-mode=disabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=** wpa2-pre-shared-key=**
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp always-broadcast=yes conflict-detection=no disabled=no interface=bridge lease-time=10h10m name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
/ip settings
set accept-redirects=yes accept-source-route=yes secure-redirects=no
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-relay
add dhcp-server=192.168.88.1 interface=bridge name=1
/ip dhcp-server lease
add address=192.168.88.52 client-id=1:8e:ce:a4:21:96:10 comment="anya ipad\?" mac-address= server=defconf
add address=192.168.88.51 client-id=1:be:c5:c8:8e:13:7b comment="my iphone" mac-address= server=defconf
add address=192.168.88.50 client-id=1:88:e9:fe:85:cd:3b comment="anya mac" mac-address= server=defconf
add address=192.168.88.47 client-id=1:da:df:cd:5a:31:16 comment="my ipad" mac-address= server=defconf
add address=192.168.88.133 client-id=1:1c:61:b4:bf:37:ac comment="my pc" mac-address= server=defconf
add address=192.168.88.46 comment="door sensor" mac-address= server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward disabled=yes dst-port=14795 protocol=tcp src-port=14795
add action=accept chain=forward disabled=yes dst-port=14795 protocol=udp src-port=14795
add action=accept chain=input disabled=yes protocol=icmp
add action=accept chain=input connection-state=established disabled=yes
add action=accept chain=input connection-state=related disabled=yes
add action=drop chain=input disabled=yes in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=2 disabled=yes dst-port=14795 protocol=udp to-addresses=91.123.151.104 to-ports=14795
add action=dst-nat chain=dstnat comment=1 disabled=yes dst-port=14795 protocol=tcp to-addresses=91.123.151.104 to-ports=14795
add action=dst-nat chain=dstnat comment=3 disabled=yes dst-port=14795 protocol=tcp to-addresses=192.168.88.254 to-ports=14795
add action=dst-nat chain=dstnat comment=4 disabled=yes dst-port=14795 protocol=udp to-addresses=192.168.88.254 to-ports=14795
add action=dst-nat chain=dstnat comment=5 disabled=yes dst-port=14795 protocol=tcp to-addresses=100.87.217.128 to-ports=14795
add action=dst-nat chain=dstnat comment=6 disabled=yes dst-port=14795 protocol=udp to-addresses=100.87.217.128 to-ports=14795
add action=dst-nat chain=dstnat disabled=yes protocol=icmp to-addresses=10.0.0.1
add action=dst-nat chain=dstnat disabled=yes dst-port=14795 protocol=tcp to-addresses=91.123.150.180 to-ports=14795
add action=dst-nat chain=dstnat disabled=yes dst-port=14795 protocol=udp to-addresses=91.123.150.180 to-ports=14795
add action=dst-nat chain=dstnat disabled=yes dst-address-list="" dst-port=14795 in-interface=bridge protocol=tcp to-addresses=192.168.88.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=0.0.0.0/0
set ssh disabled=yes
set api disabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
add interface=wlan1 type=internal