Set up router as PPPoE client, users can't access Internet

RouterOS Beginner Basics
1

Hello!

I just got an RB750GL mainly for educational purposes and am now experimenting using it in my network. I have pretty much no experience with RouterOS, but I do know a thing or two about the background theory.

My network right now looks like this:

ADSL MODEM->OpenWRT router doing PPPoE connection → RB750GL → PC

I upgraded the RB750GL to RouterOS 6.7 and set up routing via OSPF 2 and 3 between the OpenWRT and RB750GL (I’m aware that OSPF is overkill, but as I said, I got the router mostly so that I can experiment with it). The routers get the routes, the PC can access Internet and everything is fine.

After that I decided to try setting up RB750GL as PPPoE client. I disabled the OSPF processes and turned off the neighbor discovery on the ether1-gateway.

I connected the RB750GL to the modem and made a PPPoE client interface with following settings:

[admin@MikroTik] /interface pppoe-client> print
Flags: X - disabled, R - running
 0 X  name="pppoe-out1" max-mtu=1480 max-mru=1480 mrru=disabled interface=ether1-gateway
      user="username@providername" password="password" profile=default
      keepalive-timeout=disabled service-name="" ac-name="" add-default-route=yes
      default-route-distance=1 dial-on-demand=no use-peer-dns=yes
      allow=pap,chap,mschap1,mschap2

Router connected to the ISP and got it’s IP address and DNS servers via IPCP. I did a test ping to Google from the router and everything worked fine. Then I tried to connect to the Internet from the PC and it didn’t work. I set up packet sniffing on the ether1-gateway and noticed that whenever PC tries to communicate with the Internet, Wireshark would show that all of the packets are either retransmissions or out of order and would show no response from the Internet.

To me this looks like a firewall or NAT issue. What is confusing me is that when the RB750GL is connected to OpenWRT, NAT and firewall are fine.
As far as I know, the default settings for firewall and NAT should work fine. Only thing I changed in firewall was to let OSPF through.
Here are my NAT settings:

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; default configuration
     chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=ether1-gateway

Here are firewall filter settings:

[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; default configuration
     chain=input action=accept protocol=icmp

 1   chain=input action=accept protocol=ospf

 2   ;;; default configuration
     chain=input action=accept connection-state=established

 3   ;;; default configuration
     chain=input action=accept connection-state=related

 4   ;;; default configuration
     chain=input action=drop in-interface=ether1-gateway

 5   ;;; default configuration
     chain=forward action=accept connection-state=established

 6   ;;; default configuration
     chain=forward action=accept connection-state=related

 7   ;;; default configuration
     chain=forward action=drop connection-state=invalid

So any ideas what I could be doing wrong? I have a feeling it’s something obvious, but I can’t think of anything at the moment.

2

Whoops! Turns out that the solution was to set NAT at the virtual PPPoE interface and I had it set on the physical ether1-gateway interface.

3

Try change this

chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=ether1-gateway interface

into

chain=srcnat action=masquerade to-addresses=(the ip-address from your standard gateway) out-interface=pppoe interface

4

The nat rule should have the pppoe interface as out-interface.
Also change the filter rules.