RounterOS cannot access to internet .

RouterOS General
1

Hello,

I'm new on RouterOS, installed it version 5.8 on P3 machine with 2 NIC, one NIC connect to ISP with static IP 203.186.174.150/255.255.255.252 and another NIC connect to LAN with 10.0.0.165/24.

Also used ip route add gateway=203.186.174.149 for default route.

[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 203.186.174.149 1
1 ADC 10.0.0.0/24 10.0.0.165 ether2 0
2 ADC 203.186.174.148/30 203.186.174.150 ether1 0

[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 10.0.0.165/24 10.0.0.0 ether2
1 203.186.174.150/30 203.186.174.148 ether1

[admin@MikroTik] > interface ethernet monitor ether1
status: link-ok
auto-negotiation: done
rate: 100Mbps
full-duplex: yes
default-cable-setting: standard

[admin@MikroTik] > interface ethernet monitor ether2
status: link-ok
auto-negotiation: done
rate: 100Mbps
full-duplex: yes
default-cable-setting: standard


Why the RouterOS itself cannot ping to internet ?

[admin@MikroTik] > ping 203.186.174.149
HOST SIZE TTL TIME STATUS
203.186.174.149 timeout
203.186.174.149 timeout
sent=2 received=0 packet-loss=100%

[admin@MikroTik] > ping hk.yahoo.com
HOST SIZE TTL TIME STATUS
203.186.94.22 timeout
203.186.94.22 timeout
sent=2 received=0 packet-loss=100%


What wrong ?

Please help !

2

Do you have a srcnat or masquerade in “/ip firewall nat”?

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1
3

No, I want to fix local machine first and then fix local lan.

4

The addressing looks like right for the WAN circuit - at least it’s consistent. Are you sure that’s the right IP address? If I had a quarter for every time I screwed up an octet somewhere I’d be rich.

If you’re sure - can you see an ARP entry for 203.186.174.149 in “/ip arp print”?
Is it possible there’s a firewall preventing ICMP in the way?
Do you possibly have to reboot the other side, or somehow else make sure that they have the right ARP entry for 203.186.174.150 (your IP)? Is there some long timeout ARP cache in the way, maybe? Do they hard code or other wise sticky your MAC address? Was there something else connected on that /30 before?