Page 1 of 1

I cannot get internet to work

Posted: Mon May 07, 2018 11:12 pm
by enumus
Hi everyone,

I have my mikrotik setup at home with VLANs, the VLAN6 is the one who provides internet, but I cannot get that in the LAN, I got packets moving around in eth1 and pppoe connection and even in the VLAN6, I also have packets moving in the ethernets that I am using and in the bridge, but it is no way to go to internet, I have the masquerade added in NAT but still no luck, don't know what I am missing. Here is my configuration:
/interface bridge
add arp=proxy-arp auto-mac=no comment=defconf \
fast-forward=no igmp-snooping=yes name=bridge
add fast-forward=no name=guest-bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=spain disabled=no distance=indoors frequency=auto mode=ap-bridge \
rx-chains=1 ssid=Privada tx-chains=1 tx-power-mode=\
all-rates-fixed wireless-protocol=802.11 wps-mode=disabled
/interface vlan
add interface=ether1-gateway name=vlan2 vlan-id=2
add interface=ether1-gateway name=vlan3 vlan-id=3
add interface=ether1-gateway name=vlan6 vlan-id=6
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=vlan6 max-mru=\
1492 max-mtu=1492 name=pppoe-out1 password=adslppp use-peer-dns=yes user=\
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=wifi-guest supplicant-identity="" \
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=CE:2D:E0:04:46:19 \
master-interface=wlan1 multicast-buffering=disabled name=wlan-guests \
security-profile=wifi-guest ssid=Invitados wds-cost-range=0 \
wds-default-bridge=guest-bridge wds-default-cost=0 wps-mode=disabled
/ip dhcp-server option
add code=240 name=option_para_deco value=\
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des
/ip pool
add name=dhcp ranges=
add name=vpn ranges=
add name=wlan-guest ranges=
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=default
add address-pool=wlan-guest disabled=no interface=guest-bridge name=\
/ppp profile
set *FFFFFFFE dns-server= local-address=vpn remote-address=vpn
/tool user-manager customer
set admin access=\
/interface bridge filter
add action=drop chain=output dst-address= ip-protocol=udp \
mac-protocol=ip out-interface=wlan1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=guest-bridge interface=wlan-guests
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes ipsec-secret=secreto use-ipsec=required
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-gateway list=WAN
/interface pptp-server server
set authentication=mschap2 enabled=yes
/interface wireless access-list
add signal-range=-80..120 vlan-mode=no-tag
add authentication=no forwarding=no signal-range=-120..-80 vlan-mode=no-tag
/ip address
add address= comment="default configuration" interface=bridge \
add address= interface=ether1-gateway network=
add interface=vlan2 network= . <= This is a fixed IP
add address= interface=guest-bridge network=
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=vlan3 use-peer-ntp=no
/ip dhcp-server network
add address= comment=defconf dns-server= gateway=\ netmask=24
add address= dhcp-option=option_para_deco dns-server=\ gateway= netmask=24
add address= dns-server= gateway=
/ip dns
set allow-remote-requests=yes
/ip dns static
add address= name=router
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment="Default configuration" protocol=icmp
add action=accept chain=input comment="Default configuration" \
add action=accept chain=input comment="Default configuration" \
add action=accept chain=input disabled=yes dst-port=23,80 in-interface=\
pppoe-out1 protocol=tcp
add action=accept chain=input dst-port=8291 in-interface=pppoe-out1 protocol=\
add action=accept chain=input dst-port=1723 in-interface=pppoe-out1 protocol=\
add action=drop chain=input comment="Default configuration" in-interface=\
add action=accept chain=forward comment="Default configuration" \
add action=accept chain=forward comment="Default configuration" \
add action=drop chain=forward comment="Default configuration" \
add action=drop chain=forward in-interface=guest-bridge out-interface=\
/ip firewall mangle
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan2
add action=set-priority chain=postrouting new-priority=1 out-interface=\
/ip firewall nat
add action=masquerade chain=srcnat comment="Default configuration" \
add action=masquerade chain=srcnat comment="Default configuration" \
add action=masquerade chain=srcnat comment="Default configuration" \
add action=masquerade chain=srcnat comment="Default configuration" \
add action=dst-nat chain=dstnat comment=VOD dst-address-type=local \
in-interface=vlan2 to-addresses=
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
/ip route
add distance=255 gateway=
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=pppoe-out1 type=external
/ppp secret
add name=eneko password=contraseƱa profile=default-encryption
/routing igmp-proxy interface
add alternative-subnets= interface=vlan2 upstream=yes
add interface=bridge
/routing rip interface
add interface=vlan3 passive=yes receive=v2
add interface=vlan2 passive=yes receive=v2
/routing rip network
add network=
add network=
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=MikroTik
/system ntp client
set enabled=yes primary-ntp= secondary-ntp=
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool user-manager database
set db-path=user-manager

Re: I cannot get internet to work

Posted: Tue May 08, 2018 9:31 pm
by MangleRule
Can you diagram what your goal is with the configuration? It is much easier to help if you have a diagram with your subnets, vlan ids, and maybe a basic traffic flow example. Without a diagram to reference, we have to sift through your configuration to try to guess what you are doing.

Re: I cannot get internet to work  [SOLVED]

Posted: Wed May 09, 2018 12:26 pm
by enumus
Hi MangleRule,

I've fixed yesterday. I went to a script found on internet and adding the lines with my modifications one by one, and I got internet working again. Thank you for the interest. Just for the sake of letting you know I have the following:

ISP Fiber service ==== ONT device ==== Mikrotik ==== PCs and APs

Basically my ISP is sending TV, Internet and Voice separated in different VLANs (VLAN 6 is internet) and the internet is encapsulated with an PPPoE call, so I have assigned a PPPoE Client to that VLAN6. What was happening is that I had what I thought is was right setup, and I reviewed for weeks trying to find what was wrong, but nothing worked, so I decided to start fresh and go one by one with the commands.

Cheers anyway šŸ˜Š

Re: I cannot get internet to work

Posted: Wed May 09, 2018 5:12 pm
by MangleRule
I'm glad to hear everything is working for you!