Hello, I am a new and beginner member with MikroTik. I am facing an issue related to accessing some websites. I’ve configured the most basic settings possible, just to distribute IPs in my workplace environment. I followed the step-by-step instructions from online videos and managed to configure the settings, but I am unable to access some websites. I’ve looked at some posts, and it seems to be related to MTU. I tried different values like 1492, 1500, and others, but the issue persists. Perhaps I am making the change the wrong way. I ask for patience as I am new to this topic. My MikroTik settings are:
Not to mention that you configured a PPPoE client AND server. You need to fix all this sh!t as this will cause a boatload of issues.
Really, if you are new at that point, hire someone who knows.
Anyway, provided that your ISP is the PPPoE server and you are the PPPoE client, set the max-mtu and max-mru to 1492, though 1452 seems to be a better value.
You didn’t need to speak so poorly; I know the settings are terrible. I wouldn’t be doing this if I weren’t forced to. It’s outside my area of expertise, but it was requested, and I need to deliver because support won’t be called this year. I made these settings based on videos I watched. I’m also looking into some ChatGPT configurations, but I’m confused because only some sites aren’t working. I’ll modify these lines as you informed me. Does that help with anything?
/ip pool
set dhcp_pool3 ranges=192.168.0.1-192.168.0.254
/ip address
set [ find interface=ether5 ] address=192.168.0.1/24 network=192.168.0.0
/interface pppoe-client
set [ find name=pppoe-out1 ] max-mru=1492
set [ find name=pppoe-out1 ] max-mtu=1492
You aren’t doing yourself a favor, you aren’t doing your boss a favor and you aren’t doing your business a favor by taking on things you know you have no knowledge of. ChatGPT is a terrible idea as you won’t be able to determine what is correct, what is not and what will break the whole thing.
Up to here, this will make sure you can access anything in the range 192.0.0.0-192.167.255.255 and 192.169.0.0 to 192.255.255.255. That’s quite a lot of sites.
This may or may not help. By default, MT sets the PPPoE MTU/MRU to 1460. You can also add the MSS Clamping that Kanzler posted, won’t hurt as MT should already have 2 mange rules to dynamically set the MSS.
The problem is there are several issues in sequence that need to be fixed in order for a single thing to work.
You have to remove the network 192.0.0.0/8, set the DNS server for the network “192.168.0.0/24”. Given the MT does DNS caching, I recommend that you set “dns-server=192.168.0.13” (the MT 's own address)
Once you are done with the above, please post your full config as an attachment. The following command exports the file, which you have to download.
Thank you for trying to help me. Yes, I understand that I’m not being helpful, but I would like to solve the problem that people complain to me about every day. We need to use MikroTik only to distribute IPs in our school environment, nothing more. I also added the code sent by JohnTRIVOLTA.
Here is the code after the changes you sent:
Here is the first wave. Review, implement and provide the export once you are done.
Please also provide the output of “/ip/firewall/filter export” and “/ip/firewall/nat export”
# New addressing scheme
# 192.168.0.1 - 19 - static IP and leases
# 192.168.0.20 - 254 - dynamic IP
# Fix the DHCP Pool
/ip pool set [find name=dhcp_pool3] ranges=192.168.0.20-192.168.0.254
# Fix the lease, change assigned IP from 192.167.255.255 to 192.168.0.19
/ip dhcp-server lease set [find mac-address=1E:93:72:1D:90:BC] address=192.168.0.19
# Fix the DHCP network definitions
# Provide the MT as DNS server
/ip dhcp-server network set [find address=192.168.0.0/24] dns-server=192.168.0.13
# Remove the bogus definitions
# Wrong mask
/ip dhcp-server network remove [find address=192.0.0.0/8]
# Wrong gateway
/ip dhcp-server network remove [find address=10.0.0.1/32]
# Fix the IP address
# Wrong mask
/ip address set [find interface=ether5] address=192.168.0.13/24
# Wrong network (will be fixed by the mask anyway)
/ip address set [find interface=ether5] network=192.168.0.0
# Remove the PPPoE server - not needed unless you're an ISP
/interface pppoe-server server/remove [find service-name=Rota1]
# Add an interface list for LAN - may fail as it should already exist
/interface/list/add name="LAN"
/interface/list/member/add list=LAN interface=ether5
# Add an interface list for WAN - may fail as it should already exist
/interface/list/add name="WAN"
# Attempt to remove ether1 from the LAN list
/interface/list/member/remove [find interface=ether1]
/interface/list/member/add list=WAN interface=ether1
Here is the second wave. More optional stuff but still important.
# Set the identity
/system identity
set name=mtrouter01
# Configure NTP to update the time
/system ntp client
set enabled=yes
/system ntp client servers
add address=br.pool.ntp.org
Thank you very much for your help; these lines have already made the websites work. I don’t even know how to thank you; I know it’s annoying to explain your work to someone completely inexperienced.
I have another small doubt; it’s not something important. We use internet phones here at the school, which connect to the switch where the MikroTik is located. The issue is that the SIP ports are being blocked automatically, and we have to keep changing from port 1060 to 1061, 1062, and others.
If it’s still necessary to execute any command, here are the requested lines:
Are you certain you issued all the commands? Some are not showing in the config you sent and some of the items that should have been removed are still there.
No idea what the issue with the phone system can be. Blocked where? 1060 is not a standard port for SIP.
And as usual, when you have the changes implemented, send an updated configuration. I will need to know how you connect to this device, whether that is from the LAN or from the WAN.
I added the rules, but the command ‘/ip/firewall/filter’ didn’t work, so I used ‘/ip firewall filter.’ Is there any issue?
When I removed that old rule, the specific websites that weren’t working before stopped working again. I didn’t quite understand the ‘add the permit at the bottom’ part. Are you saying to add the rules below?
The setup here is as follows: the internet comes from the internet service provider to their modem. I connect the MikroTik to this ISP modem, and from the MikroTik, I connect to the switches, which create the LAN for the entire school.
You are running version 6, I am checking against version 7 so some things are a bit different.
I do not understand what you mean by:
What old rule? The firewall one?
“Add the permit at the bottom part” means that the rules to accept the traffic go at the bottom. You had no rule in the forward chain so everything was accepted. “/ip/firewall filter” is fine.
If there are errors, please make a copy-paste of the command and the error message. As I said, I am using ROS7 and some commands may be different.
For NTP:
/system ntp client set primary-ntp=192.36.143.130
/system ntp client set secondary-ntp=200.160.0.8
