Unable to ping anything on the internet from RB

gmc · February 26, 2018, 8:54pm

I’ve got a RB750 running and clients on the LAN are working fine. I can browse and ping external web sites.

I am trying to get RB to auto upgrade and one of the post I’ve seen says try and ping the mikrotik site.

For some reason from the RB I’m unable to ping anything. I can ping my internal servers but unable to ping anything on the internet.

Saw one post where someone had a similar problem and someone suggested NAT. Doesn’t seem to help in my case.

RB 192.168.1.1

/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway name=pppoe-out1

/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade out-interface=pppoe-out1

Pinging google:

[admin@MikroTik] > ping 8.8.8.8
  SEQ HOST                                     SIZE TTL TIME  STATUS                                      
    0 8.8.8.8                                                 timeout                                     
    1 8.8.8.8                                                 timeout                                     
    2 8.8.8.8                                                 timeout

Any ideas what could be causing this?

I’ve tried creating a firewall rule to allow ICMP and can see the traffic being logged:

21:06:50 firewall,info icmp_ output: in:(none) out:pppoe-out1, proto ICMP (type 8,
 code 0), 109.146.x.x->8.8.8.8, NAT 109.146.x.x->8.8.8.8, len 56

sebastia · February 26, 2018, 9:28pm

Evening

Pls, provide your current config (/export hide-sensitive) so informed advice could be given.

gmc · February 27, 2018, 12:18pm

[admin@MikroTik] > /export hide-sensitive
# feb/27/2018 12:17:21 by RouterOS 6.38.3
# software id = W1IN-GJ0X
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
    ether5-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway name=pppoe-out1 \
    user=bthomehub@btbroadband.com
/ip neighbor discovery
set ether1-gateway discover=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/snmp community
set [ find default=yes ] addresses=192.168.1.0/24 name=B*QW15G
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
    ether2-master-local network=192.168.1.0
/ip dns static
add address=192.168.1.1 name=router
add address=54.230.9.12 name=upgrade.mikrotik.com
/ip firewall filter
add action=accept chain=output comment="default configuration" dst-address=\
    8.8.8.8 log=yes log-prefix=icmp_ out-interface=pppoe-out1 protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
    established disabled=yes
add action=drop chain=input comment="default configuration" in-interface=\
    pppoe-out1
add action=accept chain=forward comment="default configuration" \
    connection-state=established
add action=accept chain=forward comment="default configuration" \
    connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
    invalid
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade out-interface=pppoe-out1
add action=dst-nat chain=dstnat comment="Incoming NAT Rule" dst-port=80 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.202 to-ports=80
add action=dst-nat chain=dstnat dst-port=22 in-interface=pppoe-out1 protocol=\
    tcp to-addresses=192.168.1.202 to-ports=22
add action=dst-nat chain=dstnat dst-port=443 in-interface=pppoe-out1 protocol=\
    tcp to-addresses=192.168.1.202 to-ports=443
add action=dst-nat chain=dstnat dst-port=8088 in-interface=pppoe-out1 protocol=\
    tcp to-addresses=192.168.1.153 to-ports=8088
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24 port=81
set ssh address=192.168.1.0/24 port=2220
set api address=192.168.1.0/24 disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/snmp
set enabled=yes location="Somewhere in the World" trap-version=2
/system clock
set time-zone-name=Europe/London
/system ntp client
set enabled=yes primary-ntp=192.168.1.202 secondary-ntp=192.168.1.202
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
[admin@MikroTik] >

2frogs · February 27, 2018, 1:42pm

You need to re-enable the Input rule for Established, Related.

And you can remove your Output rule for 8.8.8.8.

gmc · February 27, 2018, 1:48pm

Lovely. That did the trick. Thanks very much.