I am using RB750 configured with PPPoE client on port 1. PPPoE client says it is connected. ISP assigned an ip address. But I cannot get any internet connection. Ping from router gets nothing.
Here are my configures.
[admin@MikroTik] > ip firewall export
# jan/02/1970 00:17:28 by RouterOS 4.5
# software id = YESW-SR6F
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="" disabled=no dst-port=8291 protocol=tcp
add action=accept chain=input comment="" disabled=no dst-port=23 protocol=tcp
add action=accept chain=input comment="" disabled=no dst-port=22 protocol=tcp
add action=accept chain=input comment="default configuration" disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established disabled=no in-interface=\
ether1-gateway
add action=accept chain=input comment="default configuration" connection-state=related disabled=no in-interface=\
ether1-gateway
add action=drop chain=input comment="default configuration" disabled=yes in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no out-interface=ether1-gateway \
dst-address=0.0.0.0/0
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] > ip address export
# jan/02/1970 00:17:54 by RouterOS 4.5
# software id = YESW-SR6F
#
/ip address
add address=192.168.88.1/24 broadcast=192.168.88.255 comment="default configuration" disabled=no interface=\
ether2-local-master network=192.168.88.0
[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 192.168.88.255 ether2-local-master
1 D 122.150.60.4/32 203.134.4.180 0.0.0.0 pppoe-out1
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 203.134.4.180 1
1 ADC 192.168.88.0/24 192.168.88.1 ether2-local-ma... 0
2 ADC 203.134.4.180/32 122.150.60.4 pppoe-out1 0
[admin@MikroTik] > /interface pppoe-client print
Flags: X - disabled, R - running
0 R name="pppoe-out1" max-mtu=1480 max-mru=1480 mrru=disabled interface=ether1-gateway
user="username" password="password" profile=default service-name="" ac-name=""
add-default-route=yes dial-on-demand=yes use-peer-dns=yes allow=pap,chap,mschap1,mschap2
00:10:25 pppoe,ppp,info pppoe-out1: initializing...
00:10:25 pppoe,ppp,info pppoe-out1: waiting for packets...
00:10:26 pppoe,ppp,info pppoe-out1: dialing...
00:10:26 pppoe,ppp,info pppoe-out1: authenticated
00:10:26 pppoe,ppp,info pppoe-out1: connected
ROS runing on your device is ancient. Upgrade it to latest available for your device (globally that would be 6.46.x, I’m not sure if your vintage RB750 is still supported).
Probably you’d be better off setting dial-on-demand=no on pppoe-client configuration.
And enable your last firewall rule (drop everything else), without it your router will get hacked within minutes after you establish internet connectivity. At the same time, add another rule similar to the last one, but using in-interface=pppoe-out1.
750’s are fine with recent RouterOS - I have one running v6.44.6 doing minor stuff, but due to the limited RAM disable packages you are not using (e.g. hotspot, ipv6, mpls, routing, wireless).
Not sure if you can upgrade directly from 4.5 to 6.x, going via 5.26 may work or use netinstall.
There are still significant vulnerabilities in versions prior to v6.44.x.
Having upgraded from such an old version I would strongly suggest resetting to the default configuration, disable the default WAN DHCP client, add a PPPoE client, add the PPPoE client interface to the WAN interface list - the last step is important as it enables NAT for LAN to WAN traffic.
Which obviously is wrong, your out interface is not eth1 but the PPPoE client… This wrong rule does not keep the router from having access to the Internet, but your Lan…
So i am not sure that resetting the router did the trick, i just suppose the second time you did configure the router you made the correct rule on your NAT…
However i do agree, in some cases we have to first reset and then install a new ROS, in case of very old versions just like you had. But i do not consider it a must.
In case something does not work as it should or breaks, you can manually most of the times fix it…
which should have worked fine, so given the mimimal configuration changes and the huge jump in versions resetting to get a better default configuration seemed prudent.