Need Help, RB941 Cant Connect to Internet

WMRX · February 8, 2017, 6:39am

First at all, sorry for my bad english

I am newbie for networking, especially for mikrotik, i try to configure preconfigured mikrotik, at first its start normally on hotspot, but now the mikrotik cant even connect to internet.

here is the code :

# jan/03/1970 14:22:27 by RouterOS 6.25
# software id = 0DTE-WLHJ
#
/interface bridge
add admin-mac=4C:5E:0C:09:11:78 auto-mac=no disabled=yes name=bridge-local

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge \
    rx-chains=0,1 ssid="PT. STMB Hotspot" tx-chains=0,1 wireless-protocol=\
    802.11

/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local

/ip neighbor discovery
set ether1-gateway discover=no

/ip firewall layer7-protocol
add name="utube n fb" regexp="^.+(facebook.com|youtube).*\$"

/ip hotspot profile
set [ find default=yes ] dns-name=stmb.net hotspot-address=192.168.1.1 \
    html-directory=stmb1
add dns-name=stmb.net hotspot-address=192.168.88.1 html-directory=stmb1 \
    login-by=http-chap name=hsprof4

/ip pool
add name=hs-pool-6 ranges=192.168.1.2-192.168.1.199
add name=dhcp_pool1 ranges=192.168.0.4-192.168.0.199
add name=dhcp_pool2 ranges=192.168.0.5-192.168.0.199
add name=dhcp_pool3 ranges=192.168.0.1-192.168.0.250

/ip dhcp-server
add address-pool=hs-pool-6 disabled=no interface=wlan1 lease-time=3d name=\
    dhcp1
add address-pool=dhcp_pool3 disabled=no interface=ether2-master-local \
    lease-time=3d name=dhcp2

/ip hotspot
add address-pool=hs-pool-6 disabled=no interface=wlan1 name=hotspot1 profile=\
    hsprof4

/ip hotspot user profile
set [ find default=yes ] address-pool=hs-pool-6 mac-cookie-timeout=1h
add address-pool=hs-pool-6 mac-cookie-timeout=2h name=userregular rate-limit=\
    409600/819200 transparent-proxy=yes
add address-pool=hs-pool-6 mac-cookie-timeout=30m name=guest rate-limit=\
    131072/196608 session-timeout=30m shared-users=5 transparent-proxy=yes
add address-pool=hs-pool-6 mac-cookie-timeout=45m name=Reg2 rate-limit=\
    245760/409600 transparent-proxy=yes

/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1

/ip address
add address=192.168.1.251/32 comment="hotspot network" interface=wlan1 \
    network=192.168.1.0
add address=192.168.0.252/24 comment="hotspot network" interface=\
    ether2-master-local network=192.168.0.0
add address=192.168.0.201/24 interface=ether1-gateway network=192.168.0.0

/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ether1-gateway

/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.105 gateway=192.168.0.105

/ip dns
set allow-remote-requests=yes servers=192.168.0.105,8.8.8.8

/ip dns static
add address=192.168.88.1 name=router

/ip firewall address-list
add address=31.13.78.35 list=fb
add address=10.5.50.22 list=fb-allowed

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=\
    established,related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established,related disabled=yes
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid disabled=yes
add action=drop chain=forward comment="default configuration" \
    connection-nat-state=!dstnat connection-state=new disabled=yes \
    in-interface=ether1-gateway
add action=drop chain=forward disabled=yes layer7-protocol="utube n fb" \
    src-address=10.5.50.253
add action=reject chain=forward disabled=yes dst-address-list=fb \
    src-address-list=!fb-allowed

/ip firewall mangle
add action=add-dst-to-address-list address-list=fb chain=forward content=\
    facebook

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=ether1-gateway

/ip proxy
set cache-administrator="" cache-on-disk=yes

/ip proxy access
add action=deny dst-host=twitter.com dst-port=80 src-address=192.168.88.1

/ip route
add distance=1 gateway=192.168.0.105
add distance=1 gateway=192.168.0.105
add distance=1 gateway=192.168.0.50

/system routerboard settings
set cpu-frequency=650MHz

/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=wlan1
add interface=bridge-local

/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=wlan1
add interface=bridge-local

gustavomam · February 8, 2017, 7:39am

Hi WMRX

You should remove interface ether2-master-local and wlan1 from bridge, because your using it with different subnets, and if you are using Dhcp-server or hotspot couldn’t belong to a bridge interface by itself

Why are you using different gateways in the same subnet?, i think you only need one, or change distance if you have some backup router.
/ip route
add distance=1 gateway=192.168.0.105
add distance=1 gateway=192.168.0.105
add distance=1 gateway=192.168.0.50

WMRX · February 10, 2017, 7:10am

i was remove ether2 and wlan1 from bridge and keep one gateway, still not working. is it because hotspot profile or dns static?

this is my configuration now:

# jan/03/1970 19:23:21 by RouterOS 6.25
# software id = 0DTE-WLHJ
#
/interface bridge
add admin-mac=4C:5E:0C:09:11:78 auto-mac=no disabled=yes name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge \
    rx-chains=0,1 ssid="PT. STMB Hotspot" tx-chains=0,1 wireless-protocol=\
    802.11

/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local

/ip neighbor discovery
set ether1-gateway discover=no

/ip firewall layer7-protocol
add name="utube n fb" regexp="^.+(facebook.com|youtube).*\$"

/ip hotspot profile
set [ find default=yes ] dns-name=stmb.net hotspot-address=192.168.1.1 \
    html-directory=stmb1
add dns-name=stmb.net hotspot-address=192.168.88.1 html-directory=stmb1 \
    login-by=http-chap name=hsprof4

/ip pool
add name=hs-pool-1 ranges=192.168.1.1-192.168.1.199
add name=dhcp_pool1 ranges=192.168.0.1-192.168.0.199

/ip dhcp-server
add address-pool=hs-pool-1 disabled=no interface=wlan1 lease-time=3d name=\
    dhcp1
add address-pool=dhcp_pool1 disabled=no interface=ether2-master-local \
    lease-time=3d name=dhcp2

/ip hotspot
add address-pool=hs-pool-1 disabled=no interface=wlan1 name=hotspot1 profile=\
    hsprof4

/ip hotspot user profile
set [ find default=yes ] address-pool=hs-pool-1 mac-cookie-timeout=1h
add address-pool=hs-pool-1 mac-cookie-timeout=2h name=userregular rate-limit=\
    409600/819200 transparent-proxy=yes
add address-pool=hs-pool-1 mac-cookie-timeout=30m name=guest rate-limit=\
    131072/196608 session-timeout=30m shared-users=5 transparent-proxy=yes
add address-pool=hs-pool-1 mac-cookie-timeout=45m name=Reg2 rate-limit=\
    245760/409600 transparent-proxy=yes

/interface bridge port
add bridge=bridge-local disabled=yes interface=ether2-master-local
add bridge=bridge-local disabled=yes interface=wlan1

/ip address
add address=192.168.1.254/24 comment="hotspot network" interface=wlan1 \
    network=192.168.1.0
add address=192.168.2.252/24 comment="hotspot network" disabled=yes \
    interface=ether2-master-local network=192.168.2.0
add address=192.168.0.201/24 disabled=yes interface=ether1-gateway network=\
    192.168.0.0
add address=192.168.0.254/24 interface=ether2-master-local network=\
    192.168.0.0

/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ether1-gateway

/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.105 gateway=192.168.0.105

/ip dns
set allow-remote-requests=yes servers=192.168.0.105

/ip dns static
add address=192.168.88.1 name=router

/ip firewall address-list
add address=31.13.78.35 list=fb
add address=10.5.50.22 list=fb-allowed

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=\
    established,related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established,related disabled=yes
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid disabled=yes
add action=drop chain=forward comment="default configuration" \
    connection-nat-state=!dstnat connection-state=new disabled=yes \
    in-interface=ether1-gateway
add action=drop chain=forward disabled=yes layer7-protocol="utube n fb" \
    src-address=10.5.50.253
add action=reject chain=forward disabled=yes dst-address-list=fb \
    src-address-list=!fb-allowed

/ip firewall mangle
add action=add-dst-to-address-list address-list=fb chain=forward content=\
    facebook

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=ether1-gateway

/ip hotspot ip-binding
add mac-address=BC:EE:7B:A2:DF:15 type=bypassed

/ip hotspot user
add name=admin password=admin123

/ip proxy
set cache-administrator="" cache-on-disk=yes

/ip proxy access
add action=deny dst-host=twitter.com dst-port=80 src-address=192.168.88.1

/ip route
add distance=1 gateway=192.168.0.105

/system routerboard settings
set cpu-frequency=650MHz

/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=wlan1
add interface=bridge-local

/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=wlan1
add interface=bridge-local

gustavomam · February 10, 2017, 7:14am

Please check if your DNS 192.168.0.105 is working

You can disable transparent proxy on your hoptspot profile

dgnevans · February 10, 2017, 7:16am

Which port is connected to your internet connection ?