Routing problems

roho · October 2, 2018, 1:34pm

Hello everybody,

I’ve been configuring my Mikrotik RB1100AH as a router for some time now.

For a short time now it happens occasionally that I can not reach websites.

By means of ping I get the IP address, but I can not establish a connection.

 ping tumblr.com
  SEQ HOST                                     SIZE TTL TIME  STATUS                           
    0 66.6.32.31                                              timeout                          
    1 66.6.32.31                                              timeout                         
   sent=2 received=0 packet-loss=100%

My guess: Is the problem with the firewall settings?

Thanks for any solutions or suggestions

victorsoares · October 2, 2018, 7:50pm

tumblr is not a good example, it blocks ping requests, as some other sites do too. can you navigate on those sites? Also, please put your firewall rules (ip firewall filter export hide-sensitive) so we have a better idea of what might be going on.

roho · October 3, 2018, 2:09pm

Hi,

Although I can call the website, but the TLS handshake takes quite a long time.
I have also tried other websites to call, it usually takes a long time.
In these cases I do not get the whole content of the page displayed or “server not found”.

 ip firewall filter export hide-sensitive 
# oct/03/2018 16:07:55 by RouterOS 6.42.6
# software id = EBDI-CZTA
#
# model = 1100AH
# serial number = 
/ip firewall filter
add action=passthrough chain=forward comment="Allow NTP" dst-port=123 out-interface="WAN A1" protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=accept chain=icmp comment="Allow Echo replay" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment="Allow Net unrechable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="Allow Host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="Allow Host unreachable fragmentation" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="Allow Source quench" icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="Allow Echo request" icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="Allow Time exceed" icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=forward comment="Drop TFTP,PRC,NBT,NFS,BackOriffice" dst-port=69,111,135,137-139,2049,3133 protocol=udp
add action=drop chain=forward comment="Drop TFTP,RPC,NBT,CIFS,NFS,Netbus,BackOriffce,DHCP" dst-port=69,111,135,137-139,445,2049,12345-12346,20034,3133,67-68 protocol=tcp
add action=reject chain=forward comment="Drop NSFW" layer7-protocol="Block NSFW" protocol=tcp reject-with=tcp-reset
add action=reject chain=forward comment="Drop Stream" layer7-protocol="Block Stream" protocol=tcp reject-with=tcp-reset
add action=passthrough chain=forward comment="Allow Internet" dst-port=443,80,53 protocol=tcp
add action=passthrough chain=forward comment="Allow DNS" dst-port=53 protocol=udp
add action=reject chain=forward comment="Drop Dump" layer7-protocol="Block Dump" protocol=tcp reject-with=tcp-reset
add action=drop chain=forward comment="Drop ROPLOS --> WAN" src-mac-address=48:5B:39:AA:0B:90

WeWiNet · October 5, 2018, 10:16am

Isn’t “action=passthrough” just counting the packet and not actually accepting it?

Can you try with action accept?

WeWiNet · October 6, 2018, 5:27pm

In firewall “pass through” means not that packet is accepted, only passed to next rule…
Try with “accept” instead of “passthrough”.