I have a 750gl and just started noticing (about a month ago) that I am getting drops between my laptop and the Internet. Laptop is hardwired to the same 16 port dumb switch as the rest of the lan. WAN port of router is connected to an Arris cable modem (no routing, wireless, etc. just a modem)
What I have noticed is that if I run constant pings from a couple of places my results are strange and as follows:
On my laptop: (192.168.88.184)
-
ping -t google.com will run fine but at intermittent points returns ‘Destination net unreachable’ - this will last between 8 or 10 to as many as 30 or 40 pings. Sometimes I’ll see one or two successful pings after a series of drops and then it repeats. Typically the second drop series can be long or short, just as the first. More often than not the dropouts happen in one series and it lasts about 25 pings (25 seconds). It does not seem to ever be an exact number though.
-
While this is happening, from the same laptop, pings to 192.168.88.1 (my 750gl) continue without problem
-
Also while this is happening, I have a terminal open in Winbox, pinging the same google IP as my laptop - this also continues without a problem
-
If my Winbox connection to the router is via MAC address, usually it persists and survives the dropouts. Sometimes though it does not. I can always log back in, in my experience.
-
Winbox via IP will always get dropped if the unreachable pings are more than just 1 or 2
-
Webfig (which is only via IP address) will also get dropped if more than 1 or 2 unreachable.
On another machine on my LAN: (192.168.88.220, seen via RDP right next to the Winbox in screencap) -
Pings to the same google IP as my laptop continued without trouble
It may go without saying, but during these ‘dropouts’ on my laptop I cannot access web pages or other internet services, streaming stutters and/or stops (depending on length of dropouts), and google voice calls cannot hear me. Incidentally, usually I can continue to hear the caller, which is strange. In short, I’m cut off from the WAN. LAN connectivity seems unaffected.
Here is /IP export compact hide-sensitive:
# may/14/2013 18:47:33 by RouterOS 5.20
# software id = XU5B-1DAN
#
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip ipsec proposal
set [ find default=yes ] lifetime=1h
/ip pool
add name=default-dhcp ranges=192.168.88.100-192.168.88.150
add name=vpn-clients-pptp-l2tp-ovpn ranges=192.168.88.152-192.168.88.164
add name=l2tp-pool ranges=10.0.31.101-10.0.31.199
add name="Faux WAN Pool" ranges=192.168.250.50-192.168.250.60
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=ether2-master-local \
lease-time=6h name=default
add address-pool="Faux WAN Pool" interface=ether3 name="Faux WAN DHCP"
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
ether2-master-local
add address=192.168.250.1/32 comment="Port 3 as faux WAN for VPN testing" \
disabled=yes interface=ether3 network=192.168.250.0
/ip dhcp-client
add default-route-distance=25 disabled=no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.88.12 client-id=1:0:1b:a9:6f:e3:2c mac-address=\
00:1B:A9:6F:E3:2C server=default
add address=192.168.88.11 client-id=1:3c:4a:92:f:c7:b1 mac-address=\
3C:4A:92:0F:C7:B1 server=default
add address=192.168.88.220 always-broadcast=yes comment=\
"Heartbeat Ubuntu LTS" mac-address=00:19:BB:4C:DA:75 server=default
add address=192.168.88.6 always-broadcast=yes client-id=1:0:c:29:20:52:74 \
mac-address=00:0C:29:20:52:74 server=default
add address=192.168.88.225 mac-address=00:0C:29:E0:8B:C8 server=default
add address=192.168.88.184 client-id=1:d0:67:e5:3a:53:30 mac-address=\
D0:67:E5:3A:53:30 server=default
add address=192.168.88.101 client-id=1:0:11:32:17:b4:43 comment=\
"1503 Syn 412+" mac-address=00:11:32:17:B4:43 server=default
add address=192.168.88.151 client-id=1:0:c:42:fd:6e:9 mac-address=\
00:0C:42:FD:6E:09 server=default
add address=192.168.88.210 client-id=1:0:c:29:f6:56:7f comment=\
"TKL Lamp Stack" mac-address=00:0C:29:F6:56:7F server=default
add address=192.168.88.105 client-id=1:0:11:32:17:b4:44 mac-address=\
00:11:32:17:B4:44 server=default
add address=192.168.88.161 client-id=1:0:c:29:92:1a:3f comment=\
"UniFi Server for NAD Office" mac-address=00:0C:29:92:1A:3F server=\
default
add address=192.168.88.162 client-id=1:0:c:29:d6:6:8b comment=\
"Unifi Server for La Villa" mac-address=00:0C:29:D6:06:8B server=default
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.8.8,4.4.4.4
/ip dns static
add address=192.168.88.1 name=router
add address=192.168.88.162 name=unifi ttl=5m
add address=192.168.88.220 name=HeartBeat ttl=5m
add address=192.168.88.210 name=lamp_stack ttl=5m
add address=192.168.88.6 name=Six ttl=5m
add address=192.168.88.100 name=LV6610Broken ttl=5m
add address=192.168.88.12 name=BRN001BA96FE32C ttl=5m
add address=192.168.88.11 name=HP0FC7B1 ttl=5m
add address=192.168.88.184 name=Sniper1 ttl=5m
add address=192.168.88.151 name=MikroTik ttl=5m
add address=192.168.88.103 name=android-694ab7f174d54dbc ttl=5m
add address=192.168.88.225 name=pbx.local ttl=5m
add address=192.168.88.105 name="Fifteen\00" ttl=5m
/ip firewall filter
add chain=input comment="IPSEC VPN" dst-port=500 protocol=udp
add chain=input comment="IPSEC VPN" dst-port=1701 protocol=udp
add chain=input comment="IPSEC VPN" dst-port=4500 protocol=udp
add chain=input comment="IPSEC VPN" protocol=ipsec-esp
add chain=input comment="IPSEC VPN" protocol=ipsec-ah
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input comment="Accept WinBox on WAN" dst-port=8291 in-interface=\
ether1-gateway protocol=tcp
add chain=input comment="Accept 'Tik API on WAN" dst-port=8728 in-interface=\
ether1-gateway protocol=tcp
add chain=input comment="Accept SSH on WAN" dst-port=2122 in-interface=\
ether1-gateway protocol=tcp
add action=passthrough chain=input comment="Accept PPTP on WAN" disabled=yes \
in-interface=ether1-gateway protocol=gre
add chain=input comment="Accept PPTP on WAN" disabled=yes dst-port=1723 \
in-interface=ether1-gateway protocol=tcp
add chain=input comment="Accept WebFig on WAN" disabled=yes dst-port=8880 \
in-interface=ether1-gateway protocol=tcp
add chain=input comment="Allow Webfig from WAN" disabled=yes dst-port=80 \
protocol=tcp
add action=log chain=input comment="default configuration" disabled=yes \
in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
/ip firewall nat
add chain=srcnat comment="Accept Non-Routable (RFC1912) 192.168.x.x address so\
\_they don't get masqueraded by the NAT engine.\r\
\n\r\
\nThis is req'd for the source traffic to remain 'interesting' for the IPS\
EC Engine (e.g. sourced at 192.168.88.0/24)" dst-address=192.168.0.0/16 \
src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment="La Villa UniFi in-bound PAT " \
dst-port=47276 protocol=tcp to-addresses=192.168.88.162 to-ports=8080
add action=redirect chain=dstnat comment=\
"Block Webfig on WAN (ether1) and redirect port to 8880 for others" \
dst-address=192.168.88.1 dst-port=80 in-interface=!ether1-gateway \
protocol=tcp to-ports=8880
add action=dst-nat chain=dstnat comment=\
"Transmission torrent client on Ubuntu" dst-port=51413 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.220 to-ports=51413
add action=dst-nat chain=dstnat comment=\
"La Villa UniFi inbound firmware request" disabled=yes dst-port=8443 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.162 \
to-ports=8443
add action=dst-nat chain=dstnat comment="NAD Office UniFi in-bound PAT " \
dst-port=8085 protocol=tcp to-addresses=192.168.88.161 to-ports=8080
add action=dst-nat chain=dstnat comment="Spiceworks mobile app PAT" disabled=\
yes dst-port=8880 protocol=tcp to-addresses=192.168.88.6 to-ports=80
add action=dst-nat chain=dstnat comment="Surveillance DVR on Port 8880" \
dst-port=8880 in-interface=ether1-gateway protocol=tcp to-addresses=\
192.168.88.150 to-ports=80
add action=dst-nat chain=dstnat comment="SSH Ubuntu-Server" dst-port=2022 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.220 \
to-ports=22
add action=dst-nat chain=dstnat comment=\
"Spiceworks HTTPS port (use for Remote Collectors)" dst-port=9676 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.6
add action=dst-nat chain=dstnat comment="temp Network Backup to Fifteen (NADS)\
\_ -58873 = PAT'd ssh from NA Office" dst-port=58873 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.105 to-ports=22
add action=dst-nat chain=dstnat comment=\
"temp Network Backup to Fifteen (NADS)" dst-port=873 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.88.105 to-ports=873
add action=dst-nat chain=dstnat comment="Port Forward to DSM on Fifteen" \
dst-port=5000 in-interface=ether1-gateway protocol=tcp to-addresses=\
192.168.88.105
add action=dst-nat chain=dstnat comment="Port Forward for BT on Fifteen DS" \
dst-port=16881 in-interface=ether1-gateway protocol=tcp to-addresses=\
192.168.88.105
add action=dst-nat chain=dstnat comment=\
"Port Forward DHT/UDP for BT on Fifteen DS" dst-port=6881 in-interface=\
ether1-gateway protocol=udp to-addresses=192.168.88.105
add action=dst-nat chain=dstnat comment="hairpin for Spice svr" disabled=yes \
dst-address=68.199.229.168 dst-port=8860 in-interface=ether1-gateway \
protocol=tcp to-addresses=192.168.88.6 to-ports=80
add action=masquerade chain=srcnat comment="default configuration" \
src-address=192.168.88.0/24 to-addresses=0.0.0.0
/ip firewall service-port
set pptp disabled=yes ports=1723
/ip ipsec peer
add address=69.116.13.190/32 comment="Moore Adjusters Peer"
add exchange-mode=main-l2tp generate-policy=yes hash-algorithm=sha1 \
nat-traversal=yes send-initial-contact=no
/ip ipsec policy
add comment="Peer Policy for Moore Adjusters, 2170" dst-address=\
192.168.168.221/32 sa-dst-address=69.116.13.190 sa-src-address=\
68.199.229.168 src-address=192.168.88.0/24 tunnel=yes
/ip neighbor discovery
set ether1-gateway disabled=yes
/ip service
set telnet disabled=yes
set ftp port=2121
set www port=8880
set ssh port=2122
set api disabled=no
/ip smb
set allow-guests=no domain=WORKGROUP enabled=yes interfaces=\
ether2-master-local
/ip smb shares
set [ find default=yes ] directory=/ name=Root
/ip smb users
add name=joel read-only=no
add name=joe read-only=no
And here is a screencap (reduced, hit the link below it for full size) showing all the pinging in simultaneous unison.
The two rightmost are my laptop. Note the one on the left (on my laptop, to google.com) shows one successful ping after a series of fails and then another series of fails following. I count 24 drops that time 
Then the connection is automagically back to ‘normal’
http://fhsny.com/hostforNNN/Clipboard06.png
ANY thoughts on how to even begin troubleshooting this bizarre behavior would be very much appreciated. This is now gotten to be beyond annoying. Just glad it’s in my own office and not on a customer premise but I really wanna get it worked out.
Thanks,
J.