Web pages and iTunes don´t load properly or don`t load at all

Hermann · August 25, 2017, 11:34am

Hi all.
I´m new to MIKROTIK world and I´m not a network profesional, but I try to do the best I can.
I have a RB951G - 2Hnd ROUTER,
My ISP is TELEFONICA in Spain. As far as I know it uses a pppoe server and 2 VLAN to bring me FTTH internet and TV services,
My config is :

/interface bridge
add name=bridge-local
/interface wireless
#set 0 band=2ghz-b/g/n country=spain disabled=no ht-rxchains=0,1 ht-txchains=\
#    0,1 tx-power=17 tx-power-mode=all-rates-fixed mode=ap-bridge \
#	wireless-protocol=802.11

set 0 band=2ghz-b/g/n country=spain disabled=no rx-chains=0,1 tx-chains=0,1 tx-power=17 tx-power-mode=all-rates-fixed mode=ap-bridge wireless-protocol=802.11

/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface vlan
add interface=ether1-gateway name=vlan3 vlan-id=3
add interface=ether1-gateway name=vlan6 vlan-id=6
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=vlan6 \
    max-mru=1492 max-mtu=1492 name=pppoe-out1 password=adslppp \
	use-peer-dns=yes user=adslppp@telefonicanetpa
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\
    aes-ccm mode=dynamic-keys unicast-ciphers=aes-ccm \
    wpa-pre-shared-key=mikrotik wpa2-pre-shared-key=mikrotik
/ip pool
add name=dhcp ranges=192.168.1.201-192.168.1.249
add name=vpn ranges=192.168.3.10-192.168.3.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=dhcp1
/ppp profile
set 1 dns-server=192.168.3.250 local-address=192.168.3.250 remote-address=vpn
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/interface pptp-server server
set authentication=mschap2 enabled=yes
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=wlan1
add address=192.168.100.10/24 interface=ether1-gateway
/ip dhcp-client
add add-default-route=no disabled=no interface=vlan3 use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input disabled=yes dst-port=23,80 in-interface=pppoe-out1 protocol=\
    tcp
add chain=input dst-port=8291 in-interface=pppoe-out1 protocol=tcp
add chain=input dst-port=1723 in-interface=pppoe-out1 protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=\
    pppoe-out1
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
/ip firewall mangle
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3
add action=set-priority chain=postrouting new-priority=1 out-interface=\
    pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=vlan3
add action=dst-nat chain=dstnat disabled=yes dst-port=80 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=192.168.1.125
add action=dst-nat chain=dstnat disabled=yes dst-port=21 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=192.168.1.125
/ip route
add distance=255 gateway=255.255.255.255
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=pppoe-out1 type=external
/routing rip interface
add interface=vlan3 passive=yes receive=v2
/routing rip network
add network=10.0.0.0/8
/system clock
set time-zone-name=Europe/Madrid
/system ntp client
set enabled=yes primary-ntp=163.117.202.33 secondary-ntp=\
    89.248.104.162

My question is simple: What I´m doing wrong because some web pages does not load or not properly and, why iTunes does not work at all???
I know there is lots of people with this config that does not have any problem at all .
DNS problems?? Apple problems ??
Thank you in advance to anyone who could help me.

pukkita · August 25, 2017, 11:38am

ROS version?

Firmware version? (System > Routerboard Current Firmware)

Looks like MTU problem.

Does your pppoe-out1 enter Running state? Open a New Terminal and issue the following commands, posting them back here:

/ip address print
/ip route print
/interface print

Have you had a look at the WAN status on the Movistar ONT?

Hermann · August 25, 2017, 11:48am

Thanks very much Pukkita…

[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                     
 0   ;;; default configuration
     192.168.10.1/24    192.168.10.0    wlan1                                         
 1   192.168.100.10/24  192.168.100.0   ether1-gateway                                
 2 D 10.22.3.212/18     10.22.0.0       vlan3                                         
 3 D 2.xxx.yyy.zzz/32     192.168.144.1   pppoe-out1   
                                  
[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          pppoe-out1                0
 1   S  0.0.0.0/0                          255.255.255.255         255
 2 ADC  10.22.0.0/18       10.22.3.212     vlan3                     0
 3 ADr  10.31.255.128/27                   10.22.0.1               120
 4 ADC  192.168.10.0/24    192.168.10.1    bridge-local              0
 5 ADC  192.168.100.0/24   192.168.100.10  ether1-gateway            0
 6 ADC  192.168.144.1/32   2.xxx.yyy.zzz     pppoe-out1                0
 
[admin@MikroTik] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU
 0  R  ether1-gateway                      ether            1500  1598       4074
 1  RS ether2-master-local                 ether            1500  1598       4074
 2   S ether3-slave-local                  ether            1500  1598       4074
 3   S ether4-slave-local                  ether            1500  1598       4074
 4   S ether5-slave-local                  ether            1500  1598       4074
 5   S wlan1                               wlan             1500  1600       2290
 6  R  bridge-local                        bridge           1500  1598
 7  R  pppoe-out1                          pppoe-out        1448
 8  R  vlan3                               vlan             1500  1594
 9  R  vlan6                               vlan             1500  1594

Hermann · August 25, 2017, 11:54am

ROS version? 6.40.1

Firmware version? (System > Routerboard Current Firmware) 3.33

Does your pppoe-out1 enter Running state? Yes it works. In fact I am now connected to internet by the MIKROTIK

I cant enter Alcatel ONT, it would be so difficult now. But TV works fine and telephone is connected to ONT.

pukkita · August 25, 2017, 12:11pm

Try upgrading to 6.40.2, per its changelog:

*) pppoe-client - fixed wrong MRU detection over VLAN interfaces;

Not all Movistar ONTs expose VLANs anymore, that could be the reason others not experiencing problems if this fixes it.

Have seen some Movistar ONTs change from exposing VLANs to not exposing them after a Movistar initiated ONT conf/firmware upgrade, that’s why I asked regarding pppoe-out1 status.

Hermann · August 25, 2017, 12:13pm

Pukkita thank you very much.
I try and Ill tell you soon.

Hermann · August 25, 2017, 12:20pm

Hi Pukkita..
Sorry. I have change the interface to wireless. And that´s work fine !!! No problems with iTunes no problem with web pages.
So I think it could be the wire ???
Thank you .

pukkita · August 25, 2017, 1:17pm

Which interface? do you refer to a laptop?

Hermann · August 25, 2017, 4:10pm

I am connected through WIFI and all work correctly.
I do not know what the problem is but I think is a macbook problem. Otherwise, Why all services work fine in other dispositives?

pukkita · August 25, 2017, 4:30pm

Yes, looks like some kind of ethernet problem with that laptop.

Hermann · August 25, 2017, 4:42pm

Anyway Pukkita, thanks very much for your quick help and support.

pukkita · August 25, 2017, 6:48pm

You’re welcome!

strods · August 28, 2017, 1:24pm

Have you tried this?
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle#Change_MSS