No Internet access after migrating

RouterOS General
1

Hello, I just purchase another mikrotik CCR1009-7G-1C-1S+ which is pre-installed as RouterOS 6.40.8. I migrate all the backup to this new mikrotik and having problem accessing internet from Local LAN.

I can ping google.com with no problem. The MAC address has been reset. I looked through all my script but can’t really find where the problem are. I tried to downgrade the mikrotik to the version I had used RouterOS 6.38.7. But it seems not allowing to downgrade. Please Please help.


# jun/26/2018 21:10:29 by RouterOS 6.40.8
# model = CCR1009-7G-1C-1S+

/interface bridge
add arp=reply-only comment="bridge1: ether 3-5 as HOTSPOT" fast-forward=no \
    name=bridge1
add arp=reply-only comment="bridge2: ether 6-7 as LAN" fast-forward=no name=\
    bridge2

/interface ethernet
set [ find default-name=combo1 ] disabled=yes mac-address=64:D1:54:D3:98:B8
set [ find default-name=ether1 ] comment=Ether name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-WAN
set [ find default-name=ether3 ] arp=reply-only name=ether3-HOTSPOT
set [ find default-name=ether4 ] arp=reply-only name=ether4-HOTSPOT
set [ find default-name=ether5 ] arp=reply-only name=ether5-HOTSPOT
set [ find default-name=ether6 ] name=ether6-LAN
set [ find default-name=ether7 ] name=ether7-LAN
set [ find default-name=sfp-sfpplus1 ] disabled=yes mac-address=\
    64:D1:54:D3:98:B7

/interface pppoe-client
add comment=PPPOE disabled=no interface=ether1-WAN max-mru=1480 max-mtu=1480 \
    name="pppoe-out1 (ether1)" password=XXXX user=XXXX
/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip firewall layer7-protocol
add name=layer7-bittorrent-exp regexp="^(\\x13bittorrent protocol|azver\\x01\$|g\
    et /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GE\
    T /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"

/ip pool
add name=pool_HOTSPOT ranges=10.10.10.2-10.10.10.254
add name=pool_LAN ranges=10.10.20.2-10.10.20.254

/ip dhcp-server
add address-pool=pool_HOTSPOT authoritative=after-2sec-delay disabled=no \
    interface=bridge1 lease-time=1d name=HOTSPOT_dhcp
add address-pool=pool_LAN authoritative=after-2sec-delay disabled=no interface=\
    bridge2 lease-time=4h name=LAN_dhcp

/ip hotspot
add address-pool=pool_HOTSPOT disabled=no idle-timeout=1d interface=bridge1 \
    name=hotspot1 profile=HOTSPOT

/interface bridge port
add bridge=bridge1 interface=ether4-HOTSPOT
add bridge=bridge1 interface=ether5-HOTSPOT
add bridge=bridge2 interface=ether6-LAN
add bridge=bridge2 interface=ether7-LAN
add bridge=bridge1 interface=ether3-HOTSPOT

/ip address
add address=192.168.10.2/24 comment="WAN: ether1" disabled=yes interface=\
    ether1-WAN network=192.168.10.0
add address=192.168.20.2/24 comment="WAN: ether2" interface=ether2-WAN network=\
    192.168.20.0
add address=10.10.10.1/24 comment="HOTSPOT: bridge ether3-5" interface=bridge1 \
    network=10.10.10.0
add address=10.10.11.1/24 comment="LAN: bridge ether 6-7" interface=bridge2 \
    network=10.10.11.0
add address=10.0.10.1/24 comment="Access point IP to HOTSPOT" interface=bridge1 \
    network=10.0.10.0
add address=10.0.20.1/24 comment="Access point IP to LAN" interface=bridge2 \
    network=10.0.20.0

/ip cloud
set ddns-enabled=yes

/ip dhcp-server network
add address=10.10.10.0/24 comment="HOTSPOT pool" dns-server=10.10.10.1 gateway=\
    10.10.10.1
add address=10.10.20.0/24 comment="LAN pool" dns-server=10.10.20.1 gateway=\
    10.10.20.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall address-list
add address=192.168.20.0/24 comment="WAN1: 192.168.20.0/24" list=WAN2
add address=192.168.10.0/24 comment="WAN1: 192.168.10.0/24" list=WAN1
add address=10.10.10.0/24 comment="HOTSPOT: 10.10.10.0/24" list=HOTSPOT
add address=10.10.20.0/24 comment="LAN: 10.10.20.0/24" list=LAN
add address=10.10.10.0/24 comment="LAN_HOTSPOT: 10.10.10.0/24" list=LAN_HOTSPOT
add address=10.10.20.0/24 comment="LAN_HOTSPOT: 10.10.20.0/24" list=LAN_HOTSPOT

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=add-src-to-address-list address-list=bit-list address-list-timeout=\
    1m chain=forward comment="Block Bittorrent" dst-address-list=\
    !bit-unblock-list layer7-protocol=layer7-bittorrent-exp src-address-list=\
    !bit-unblock-list
add action=add-src-to-address-list address-list=bit-list address-list-timeout=\
    1m chain=forward dst-address-list=!bit-unblock-list layer7-protocol=\
    layer7-bittorrent-exp src-address-list=!bit-unblock-list src-address-type=\
    local
add action=drop chain=forward dst-port=!80,443 protocol=tcp src-address-list=\
    bit-list
add action=drop chain=forward protocol=udp src-address-list=bit-list

/ip firewall mangle
add action=accept chain=prerouting in-interface="pppoe-out1 (ether1)"
add action=accept chain=prerouting dst-address-list=WAN2
add action=accept chain=prerouting dst-address-list=LAN_HOTSPOT
add action=mark-connection chain=input comment="INPUT: mark connection" \
    connection-mark=no-mark in-interface="pppoe-out1 (ether1)" \
    new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    ether2-WAN new-connection-mark=WAN2_conn passthrough=yes
add action=mark-routing chain=output comment="OUTPUT: mark connection" \
    connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
add action=mark-connection chain=prerouting comment=\
    "PPC HOTSPOT: 4x for WAN1 (200Mbs) + 1x for WAN2 (50Mbs)" connection-mark=\
    no-mark dst-address-type=!local fragment=no hotspot=auth in-interface=\
    bridge1 new-connection-mark=WAN1_conn passthrough=yes \
    per-connection-classifier=src-address:5/0 src-address-list=HOTSPOT
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local hotspot=auth in-interface=bridge1 \
    new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
    src-address:5/1 src-address-list=HOTSPOT
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local hotspot=auth in-interface=bridge1 \
    new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
    src-address:5/2 src-address-list=HOTSPOT
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local hotspot=auth in-interface=bridge1 \
    new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
    src-address:5/3 src-address-list=HOTSPOT
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local hotspot=auth in-interface=bridge1 \
    new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
    src-address:5/4 src-address-list=HOTSPOT
add action=mark-connection chain=prerouting comment=\
    "PPC LAN: 4x for WAN1 (200Mbs) + 1x for WAN2 (50Mbs)" connection-mark=\
    no-mark dst-address-type=!local in-interface=bridge2 new-connection-mark=\
    WAN1_conn passthrough=yes per-connection-classifier=src-address:5/0 \
    src-address-list=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge2 new-connection-mark=WAN1_conn \
    passthrough=yes per-connection-classifier=src-address:5/1 src-address-list=\
    LAN
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge2 new-connection-mark=WAN1_conn \
    passthrough=yes per-connection-classifier=src-address:5/2 src-address-list=\
    LAN
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge2 new-connection-mark=WAN1_conn \
    passthrough=yes per-connection-classifier=src-address:5/3 src-address-list=\
    LAN
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge2 new-connection-mark=WAN2_conn \
    passthrough=yes per-connection-classifier=src-address:5/4 src-address-list=\
    LAN
add action=mark-routing chain=prerouting comment=\
    "Mark packets from each connection to to proper routes " connection-mark=\
    WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=masquerade chain=srcnat comment=\
    "NAT to make local IP to be able to go to extranet" out-interface=\
    "pppoe-out1 (ether1)"
add action=masquerade chain=srcnat out-interface=ether2-WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address-list=HOTSPOT
add action=masquerade chain=srcnat src-address-list=LAN
add action=accept chain=pre-hotspot dst-address-type=!local hotspot=auth

/ip route
add check-gateway=ping comment=Gateway distance=1 gateway="pppoe-out1 (ether1)" \
    routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=ether2-WAN routing-mark=to_WAN2
add check-gateway=ping comment=\
    "Failover: if one of the WAN fail, swtich to the next" distance=1 gateway=\
    "pppoe-out1 (ether1)"
add check-gateway=ping distance=2 gateway=ether2-WAN
2

You cannot migrate backup between different devices or versions. Reset the device and import exported configuration.

3

Hi Jarda,

Thank you for your reply. I tried what you have just suggested. Still no Internet Access from LAN.
Any suggestion?

4

Didn’t you received any errors during the import? Anything red in the winbox?