We have four X.X.X.249/29 fix IP over a xDSL modem, provided by the ISP, and we have no access to it’s configuration.
On LAN1 we use a subnet trough a SMC router, LAN2 connected directly to a PC, all have fix IP, WAN access working fine on both line.
We would like to use a RB2011-UiAS (6.27) with 3rd fix IP on LAN3.
After reset, WAN IP, gateway, DNS configured to static. LAN configured also. On LAN side there are no connections between subnets, so there is no loop on the network. The router access is working fine via web, telnet, Winbox, etc. from LAN.
But, there is no internet access via RB2011.
If i try to update RouterOS, i have got “Could not resolve…” error.
No ping reply from WAN side, but the firewall counts the packets.
No reply from gateway and no reply from external IP while i try to ping them.
On Firewall/Connections tab shows up when the router try to connect to the DNS servers, but after 1 or 2 seconds the connection interrupted.
I tried to change cables, routerboard, PSU and my mind, but i have no idea what i did wrong…
Our network:
4 xDSL-> ETHX3240 → XXX.XXX.XXX.249/29 →
→ LAN1 → 3COM Router->192.166.0.0/24
→ LAN2 → direct to PC
→ LAN3 → RB2011-UiAS->192.167.0.0/24
→ LAN4 → no connection
1: correct IP/mask setting on the Mikrotik’s interface (make sure network is correct also)
2: correct default gateway configuration in ip > routes. (dst=0.0.0.0/0 gateway=x.x.x.249) – change 249 to whatever IP the dsl modem is using from that /29 range.
3: srcnat rules correctly match traffic from LAN going to Internet, and correctly src-nat to Mikrotik’s WAN / masquerade
4: no filter rules block traffic
5: Make sure correct IP/mask/gateway/DNS settings are being assigned to LAN hosts by DHCP.
6: make sure you’re actually getting a link on all ethernet interfaces in use
– this should fix 99.9% of problems. –
– anything after this is “strange” but possible source of issues: –
Arp is enabled on all interfaces (except non-arp interfaces like GRE tunnels)
IP Forwarding is enabled in the system menu
You don’t have route-mark set on any of your routes
No nat / filter rules are catching all traffic before the rules you intend to use to permit normal traffic
You’re not doing anything strange in the mangle table which might break things.
(if unsure, it’s usually safe to disable every mangle rule)
There are many more “strange case” things which could be wrong, but make sure the basics are good.
Can the router itself do pings to the Internet by both IP address and by hostname?
If so, then your problem is going to be most likely related to firewall rules, or bad information in DHCP.
I double-checked the list, all the settings are good, but no connection, router can ping itself, links on ports ok.
Tried to ask ISP’s technician, but he does not have free time, we arranged a meeting at friday.
If we find a solution, i will post here.
