No http traffic on pppoe connection

RouterOS General
1

Hi all.
I have a RB750 with RouterOS v3.29.
The first port is setup to connect to WAN with pppoe.
All works fine, traffic goes to internet.
I can ping sites, my email works etc. BUT no http traffic, I cannot surf the internet?
Could anyone perhaps suggest what my problem could be?

Here is my current config on RB750...

[admin@MikroTik] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU

0 R ether1-gateway ether 1500 1526
1 R ether2-master-remote ether 1500 1524
2 R ether3-local ether 1500 1524
3 ether4-pabx ether 1500 1524
4 X ether5-monitor ether 1500
5 R pppoe-mweb pppoe-out 1392
[admin@MikroTik] /interface>
[admin@MikroTik] /interface>
[admin@MikroTik] /ip> address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.1.1/24 192.168.1.0 192.168.1.255 ether2-master-remote
1 D 41.213.47.195/32 41.213.32.1 0.0.0.0 pppoe-mweb
[admin@MikroTik] /ip>
[admin@MikroTik] /ip> service print
Flags: X - disabled, I - invalid

NAME PORT ADDRESS CERTIFICATE

0 telnet 23 0.0.0.0/0
1 ftp 21 0.0.0.0/0
2 www 80 0.0.0.0/0
3 ssh 22 0.0.0.0/0
4 www-ssl 443 0.0.0.0/0 none
5 api 8728 0.0.0.0/0
6 winbox 8291 0.0.0.0/0
[admin@MikroTik] /ip>
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=change-mss new-mss=1430 tcp-flags=syn protocol=tcp
[admin@MikroTik] /ip>
[admin@MikroTik] /ip>
[admin@MikroTik] /ip> firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=pppoe-mweb
[admin@MikroTik] /ip>


[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; default configuration
chain=input action=accept protocol=icmp

1 ;;; Drop Invalid connections
chain=input action=drop connection-state=invalid

2 ;;; Allow Established connections
chain=input action=accept connection-state=established

3 ;;; Allow UDP
chain=input action=accept protocol=udp

4 ;;; Allow ICMP
chain=input action=accept protocol=icmp

5 ;;; Allow access to router from known network
chain=input action=accept src-address=192.168.1.0/24

6 ;;; Allow access to router from known network
chain=input action=accept src-address=192.168.0.0/24

7 ;;; Drop anything else
chain=input action=drop

8 ;;; drop invalid connections
chain=forward action=drop connection-state=invalid protocol=tcp

9 ;;; allow already established connections
chain=forward action=accept connection-state=established
10 ;;; allow related connections
chain=forward action=accept connection-state=related

11 chain=forward action=drop src-address=0.0.0.0/8

12 chain=forward action=drop dst-address=0.0.0.0/8

13 chain=forward action=drop src-address=127.0.0.0/8

14 chain=forward action=drop dst-address=127.0.0.0/8

15 chain=forward action=drop src-address=224.0.0.0/3

16 chain=forward action=drop dst-address=224.0.0.0/3

17 chain=forward action=jump jump-target=tcp protocol=tcp

18 chain=forward action=jump jump-target=udp protocol=udp

19 chain=forward action=jump jump-target=icmp protocol=icmp

20 ;;; deny TFTP
chain=tcp action=drop protocol=tcp dst-port=69

21 ;;; deny RPC portmapper
chain=tcp action=drop protocol=tcp dst-port=111

22 ;;; deny RPC portmapper
chain=tcp action=drop protocol=tcp dst-port=135

23 ;;; deny NBT
chain=tcp action=drop protocol=tcp dst-port=137-139

24 ;;; deny cifs
chain=tcp action=drop protocol=tcp dst-port=445

25 ;;; deny NFS
chain=tcp action=drop protocol=tcp dst-port=2049

26 ;;; deny NetBus
chain=tcp action=drop protocol=tcp dst-port=12345-12346

27 ;;; deny NetBus
chain=tcp action=drop protocol=tcp dst-port=20034

28 ;;; deny BackOriffice
chain=tcp action=drop protocol=tcp dst-port=3133

29 ;;; deny DHCP
chain=tcp action=drop protocol=tcp dst-port=67-68

30 ;;; deny TFTP
chain=udp action=drop protocol=udp dst-port=69

31 ;;; deny PRC portmapper
chain=udp action=drop protocol=udp dst-port=111

32 ;;; deny PRC portmapper
chain=udp action=drop protocol=udp dst-port=135
33 ;;; deny NBT
chain=udp action=drop protocol=udp dst-port=137-139

34 ;;; deny NFS
chain=udp action=drop protocol=udp dst-port=2049

35 ;;; deny BackOriffice
chain=udp action=drop protocol=udp dst-port=3133

36 ;;; drop invalid connections
chain=icmp action=accept protocol=icmp icmp-options=0:0

37 ;;; allow established connections
chain=icmp action=accept protocol=icmp icmp-options=3:0

38 ;;; allow already established connections
chain=icmp action=accept protocol=icmp icmp-options=3:1

39 ;;; allow source quench
chain=icmp action=accept protocol=icmp icmp-options=4:0

40 ;;; allow echo request
chain=icmp action=accept protocol=icmp icmp-options=8:0

41 ;;; allow time exceed
chain=icmp action=accept protocol=icmp icmp-options=11:0

42 ;;; allow parameter bad
chain=icmp action=accept protocol=icmp icmp-options=12:0

43 ;;; deny all other types
chain=icmp action=drop

[admin@MikroTik] /ip firewall filter>

2

Maybe you didn’t enter proper DNS settings?

3

Hi nightstar…

No, I didn’t enter any static DNS, DNS is derived from DHCP via PPPoE.
All other internet traffic is working fine, I can ping any website with no problems.

4

Try to lower mss value in change mss rule.

5

Hi there.

I’ve got it working now!!!
I changed the MSS value down to 1350.