Problem with Internet Connectivity

RouterOS Beginner Basics
1

Dear Sir/Madam,

I have configured my new Routerboard 750 (v5.14) for a fibre connection.
My ISP gave me the Network range of IPs, the Subnet (/29) and the Gateway and DNS.

I have carried out a number of troubleshooting tests:

  • From the router I get a reply when I ping an Internet site (eg http://www.google.com)
  • From a workstation on the subnet 192.168.88.0/24 when I ping an Internet site, DNS works fine though I receive no reply
  • From a workstation on the subnet 192.168.88.0/24 when I tracert I get the internal router IP (192.168.88.1) and stop there, i.e. I am not managing to reach the external IP. On the other hand from a workstation I can ping my external IP and my gateway.

I believe the issue is related to NAT or Routing. Below find details for the firewall/router config (please note that I have masked the Public IPs)

Thanks and Regards,

Keith

[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 [GATEWAY] 1
1 ADC 192.168.88.0/24 192.168.88.1 ether2-master-l… 0
2 ADC [NETWORK] [PUBLIC IP] ether1-gateway 0

[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=input action=accept protocol=icmp

1 ;;; default configuration
chain=input action=accept connection-state=established

2 ;;; default configuration
chain=input action=accept connection-state=related

3 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade protocol=0 src-address=192.168.88.0/24
dst-address=[Gateway Address]out-interface=ether1-gateway

[admin@MikroTik] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU MAX-L2MTU

0 R ether1-gateway ether 1500 1520 1520
1 R ether2-master-local ether 1500 1520 1520
2 X ether3-slave-local ether 1500 1520 1520
3 X ether4-slave-local ether 1500 1520 1520
4 X ether5-slave-local ether 1500 1520 1520

2

I would try this masquerade instead of yours.

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1-gateway
3

Done thanks, I changed masquerade and working fine now. :smiley:
Will remove post!