webtrafic not working

helloe,

I have a strange problem.. on a
CCR1009-7G-1C-1S+

“wan” interface = combo1
DHCP client is enabled

“LAN” = LAN-Bridge
DHCP server is running

Issue:
When interface “COMBO1” is assigned a private IP from my cablemodem (cable modem is NAT’ing) - everything works fine. ping, DNS and web for the clients connected to the LAN-Bridge

When I change my cable modem to “bridge-mode” - the interface “combo1” is assigned a public IP adresse (including gw+dns servers) - and the only working for the clients is ping + DNS lookup - webtraffic doesn’r work


What have I missed?







Current Config:
</interface bridge
add name=LAN-Bridge
/caps-man configuration
add country=denmark datapath.bridge=LAN-Bridge name=BSV6 security.authentication-types=wpa2-psk security.passphrase=XXXX ssid=XXXXX
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool2 ranges=192.168.56.100-192.168.56.200
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=LAN-Bridge name=dhcp2
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/caps-man access-list
add action=accept interface=all signal-range=-80..120
add action=reject interface=all signal-range=-120..-81
/caps-man manager
set enabled=yes package-path=/ upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=LAN-Bridge
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=BSV6
/interface bridge port
add bridge=LAN-Bridge interface=ether6
add bridge=LAN-Bridge interface=ether7
/ip address
add address=192.168.56.1/24 interface=LAN-Bridge network=192.168.56.0
/ip dhcp-client
add disabled=no interface=combo1
/ip dhcp-server network
add address=192.168.56.0/24 dns-server=8.8.8.8 gateway=192.168.56.1
/ip firewall filter
add action=accept chain=forward connection-state=established,related,untracked in-interface=combo1 log=yes log-prefix=allowd out-interface=LAN-Bridge
/ip firewall nat
add action=masquerade chain=srcnat log=yes log-prefix=NAT_MASQ out-interface=combo1 src-address=192.168.56.0/24
/system clock
set time-zone-name=Europe/Copenhagen

Question: how does your cable modem identify itself to the Internet service provider?
Is there a username/password, or is it based on the MAC address of the cable modem?
When the cable modem is not in bridge mode, does it get a similar IP address? (sometimes you get an IP address that is the basis for the real login handshake)

The modem is having a simulator ip adress, 100.x.x.x

Identifycation is Mac based

The same MAC may be required in the CCR1009 WAN port …just a guess

Hi again,

I can see all ICMP + UDP traffic is working…

all TCP connections are stuck in “state” = Syn SENT

incomming logon attemps to the router itself are logged in the firewall log


any hint ?

Not 100% sure of these two rules…
/ip firewall filter
add action=accept chain=forward connection-state=established,related,untracked in-interface=combo1 log=yes log-prefix=allowd out-interface=LAN-Bridge
/ip firewall nat
add action=masquerade chain=srcnat log=yes log-prefix=NAT_MASQ out-interface=combo1 src-address=192.168.56.0/24

Typically the rules look like this.
(1) add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
"defconf: accept established,related, " connection-state=
established,related
(2) /ip firewall nat (for a dynamic wanip)
add action=masquerade chain=srcnat comment=“Outgoing traffic”
ipsec-policy=out,none out-interface=your ISP eth port

(1) There is no need for in interface or out interface portions that I am aware of?
(2) Masquerade rule does not normally have a source address?

As well without a full config and a bonus of a network diagram its hard to know.
/export hide-sensitive file=anynameyouwish

Thanks you all for information…

I’ve got the cablemodem replaced, and everything works like I expected