Hello, im new with mikrotik and im trying to resolve some problem with my LAN.
I have problem with my network, every day it goes down from time to time, and it say the device or resource is not reachable ( primary DNS server ). In mikrotik say while resolving ip adress:could not get answer from DNS server.
In LAN i have few devices ( PLC and touchpanels ) with public IP adress( dont ask me how) 195.168.0.*** and i think this devices is reason why my network goes down from time to time. I have public IP from ISP 185.12.***.*** and lokal interface 192.168.1.1 .
Anyone who knows how to resolve this problem without changing IP adreses from public to local ( its to complicated in PLC and touchpanels).
Sory for my bad english.
Re: Public IP adress in LAN
First of all, check what has log to say about internet drop-outs.
It is unlikely that your PLCs and thouch pannels block your internet. Unless router is explicitly configured for them they won't even be able to communicate with router as router will have internal address 192.168.1.x which is not the same subnet as 195.168.0.x ... The other thing is that if router is properly configured to perform src-nat (masquerade) on all traffic leaving through WAN interface, those public address devices will get their src-address masked as well.
If you really need some more advice, post complete router's configuration (/export hide-sensitive).
It is unlikely that your PLCs and thouch pannels block your internet. Unless router is explicitly configured for them they won't even be able to communicate with router as router will have internal address 192.168.1.x which is not the same subnet as 195.168.0.x ... The other thing is that if router is properly configured to perform src-nat (masquerade) on all traffic leaving through WAN interface, those public address devices will get their src-address masked as well.
If you really need some more advice, post complete router's configuration (/export hide-sensitive).
Re: Public IP adress in LAN
Thank you very much for reply,
here is complete router's configuration:
> /export hide-sensitive
# mar/26/2019 14:34:12 by RouterOS 6.43.13
# software id = PU72-SN74
#
# model = 951Ui-2HnD
# serial number = 8D00086A3F50
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto mode=ap-bridge ssid="MikroTik Cardak" wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.250
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=wlan1 list=discover
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=bridge1 list=discover
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether3 list=mac-winbox
add interface=ether5 list=mactel
add interface=ether4 list=mac-winbox
add interface=wlan1 list=mactel
add interface=ether5 list=mac-winbox
add interface=wlan1 list=mac-winbox
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=185.12.79.79/23 interface=ether1 network=185.12.78.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set servers=195.222.32.10,195.222.60.60,8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment="Cardak strojarnica - DVR - device port" dst-address=185.12.79.79 dst-port=8000 protocol=tcp to-addresses=192.168.1.90 to-ports=8000
add action=dst-nat chain=dstnat comment="Cardak vodozahvat - DVR - device port" dst-address=185.12.79.79 dst-port=8001 protocol=tcp to-addresses=192.168.1.91 to-ports=8001
add action=dst-nat chain=dstnat comment="Cardak vodozahvat - DVR - RTSP port" dst-address=185.12.79.79 dst-port=554 protocol=tcp to-addresses=192.168.1.91 to-ports=554
add action=dst-nat chain=dstnat comment="Rujevica-usce strojarnica - DVR - device port" dst-address=185.12.79.79 dst-port=8002 protocol=tcp to-addresses=192.168.1.92 to-ports=8002
add action=dst-nat chain=dstnat comment="Rujevica-usce strojarnica - DVR - RTSP port" dst-address=185.12.79.79 dst-port=1092 protocol=tcp to-addresses=192.168.1.92 to-ports=1092
add action=dst-nat chain=dstnat comment="Rujevica-usce vodozahvat - DVR - device port" dst-address=185.12.79.79 dst-port=8003 protocol=tcp to-addresses=192.168.1.93 to-ports=8003
add action=dst-nat chain=dstnat comment="Rujevica-usce vodozahvat - DVR - RTSP port" dst-address=185.12.79.79 dst-port=1093 protocol=tcp to-addresses=192.168.1.93 to-ports=1093
add action=dst-nat chain=dstnat comment="Botasnica-usce strojarnica - DVR - device port" dst-address=185.12.79.79 dst-port=8004 protocol=tcp to-addresses=192.168.1.94 to-ports=8004
add action=dst-nat chain=dstnat comment="Botasnica-usce strojarnica - DVR - RTSP port" dst-address=185.12.79.79 dst-port=1094 protocol=tcp to-addresses=192.168.1.94 to-ports=1094
add action=dst-nat chain=dstnat comment="Botasnica-usce vodozahvat - DVR - device port" dst-address=185.12.79.79 dst-port=8005 protocol=tcp to-addresses=192.168.1.95 to-ports=8005
add action=dst-nat chain=dstnat comment="Botasnica-usce vodozahvat - DVR - RTSP port" dst-address=185.12.79.79 dst-port=1095 protocol=tcp to-addresses=192.168.1.95 to-ports=1095
add action=masquerade chain=srcnat comment="Cardak strojarnica - DVR - local use" dst-address=192.168.1.90 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Cardak vodozahvat - DVR - local use" dst-address=192.168.1.91 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Rujevica strojarnica - DVR - local use" dst-address=192.168.1.92 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Rujevica vodozahvat - DVR - local use" dst-address=192.168.1.93 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Botasnica strojarnica - DVR - local use" dst-address=192.168.1.94 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Botasnica vodozahvat - DVR - local use" dst-address=192.168.1.95 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip route
add distance=1 gateway=185.12.78.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ppp secret
add name=vpn
/system clock
set time-zone-name=Europe/Sarajevo
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
[senad@MikroTik] >
Also i have a lot of device conected in LAN( DVR, other PLC, other touch panels; two VPN routers, few computers...)
here is complete router's configuration:
> /export hide-sensitive
# mar/26/2019 14:34:12 by RouterOS 6.43.13
# software id = PU72-SN74
#
# model = 951Ui-2HnD
# serial number = 8D00086A3F50
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto mode=ap-bridge ssid="MikroTik Cardak" wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.250
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=wlan1 list=discover
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=bridge1 list=discover
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether3 list=mac-winbox
add interface=ether5 list=mactel
add interface=ether4 list=mac-winbox
add interface=wlan1 list=mactel
add interface=ether5 list=mac-winbox
add interface=wlan1 list=mac-winbox
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=185.12.79.79/23 interface=ether1 network=185.12.78.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set servers=195.222.32.10,195.222.60.60,8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment="Cardak strojarnica - DVR - device port" dst-address=185.12.79.79 dst-port=8000 protocol=tcp to-addresses=192.168.1.90 to-ports=8000
add action=dst-nat chain=dstnat comment="Cardak vodozahvat - DVR - device port" dst-address=185.12.79.79 dst-port=8001 protocol=tcp to-addresses=192.168.1.91 to-ports=8001
add action=dst-nat chain=dstnat comment="Cardak vodozahvat - DVR - RTSP port" dst-address=185.12.79.79 dst-port=554 protocol=tcp to-addresses=192.168.1.91 to-ports=554
add action=dst-nat chain=dstnat comment="Rujevica-usce strojarnica - DVR - device port" dst-address=185.12.79.79 dst-port=8002 protocol=tcp to-addresses=192.168.1.92 to-ports=8002
add action=dst-nat chain=dstnat comment="Rujevica-usce strojarnica - DVR - RTSP port" dst-address=185.12.79.79 dst-port=1092 protocol=tcp to-addresses=192.168.1.92 to-ports=1092
add action=dst-nat chain=dstnat comment="Rujevica-usce vodozahvat - DVR - device port" dst-address=185.12.79.79 dst-port=8003 protocol=tcp to-addresses=192.168.1.93 to-ports=8003
add action=dst-nat chain=dstnat comment="Rujevica-usce vodozahvat - DVR - RTSP port" dst-address=185.12.79.79 dst-port=1093 protocol=tcp to-addresses=192.168.1.93 to-ports=1093
add action=dst-nat chain=dstnat comment="Botasnica-usce strojarnica - DVR - device port" dst-address=185.12.79.79 dst-port=8004 protocol=tcp to-addresses=192.168.1.94 to-ports=8004
add action=dst-nat chain=dstnat comment="Botasnica-usce strojarnica - DVR - RTSP port" dst-address=185.12.79.79 dst-port=1094 protocol=tcp to-addresses=192.168.1.94 to-ports=1094
add action=dst-nat chain=dstnat comment="Botasnica-usce vodozahvat - DVR - device port" dst-address=185.12.79.79 dst-port=8005 protocol=tcp to-addresses=192.168.1.95 to-ports=8005
add action=dst-nat chain=dstnat comment="Botasnica-usce vodozahvat - DVR - RTSP port" dst-address=185.12.79.79 dst-port=1095 protocol=tcp to-addresses=192.168.1.95 to-ports=1095
add action=masquerade chain=srcnat comment="Cardak strojarnica - DVR - local use" dst-address=192.168.1.90 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Cardak vodozahvat - DVR - local use" dst-address=192.168.1.91 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Rujevica strojarnica - DVR - local use" dst-address=192.168.1.92 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Rujevica vodozahvat - DVR - local use" dst-address=192.168.1.93 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Botasnica strojarnica - DVR - local use" dst-address=192.168.1.94 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Botasnica vodozahvat - DVR - local use" dst-address=192.168.1.95 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip route
add distance=1 gateway=185.12.78.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ppp secret
add name=vpn
/system clock
set time-zone-name=Europe/Sarajevo
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
[senad@MikroTik] >
Also i have a lot of device conected in LAN( DVR, other PLC, other touch panels; two VPN routers, few computers...)
Re: Public IP adress in LAN
When I rebot router connection goes up for 30 sec or 1 min and after that goes down.
Re: Public IP adress in LAN
One issue I see is that you have a mismatch in you primary subnet............
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
Re: Public IP adress in LAN
Apart from what @anav noted (but doesn't really explain failing internet link) nothing in the config really jumps out. Perhaps lack of firewall rules governing chain=forward ... the default IPv4 firewall is (as of ROS 6.44.1) this:
It depends on interface lists WAN and LAN.
You can check it on your RB executing command /system default-configuration print and scroll down a page or two ...
Again: what does /log print show about behaviour at the time of internet fall-out?
Code: Select all
/ip firewall filter
add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
It depends on interface lists WAN and LAN.
You can check it on your RB executing command /system default-configuration print and scroll down a page or two ...
Again: what does /log print show about behaviour at the time of internet fall-out?
Re: Public IP adress in LAN
@mkx
Here is /system default>configuration
:log info Starting_defconf_script_;
-- [Q quit|D dump|right|down]
[/code]
In log there is nothing about connection break /log print
15:08:22 system,info router rebooted
15:08:25 bridge,info "bridge1" mac address changed to CC:2D:E0:BE:83:12
15:08:32 interface,info ether1 link up (speed 100M, full duplex)
15:08:32 interface,info ether3 link up (speed 100M, full duplex)
15:20:20 dhcp,info dhcp1 deassigned 192.168.1.99 from AC:EE:9E:25:D3:49
15:37:16 dhcp,info dhcp1 deassigned 192.168.1.97 from D8:68:C3:B4:BF:A7
15:37:17 dhcp,info dhcp1 assigned 192.168.1.97 to D8:68:C3:B4:BF:A7
16:20:55 dhcp,info dhcp1 deassigned 192.168.1.97 from D8:68:C3:B4:BF:A7
16:33:02 pptp,info TCP connection established from 37.203.68.207
16:33:03 pptp,ppp,info,account vpn logged in, 192.168.89.255
16:33:03 pptp,ppp,info <pptp-vpn>: authenticated
16:33:03 pptp,ppp,info <pptp-vpn>: using encoding - MPPE128 stateless
16:33:04 pptp,ppp,info <pptp-vpn>: connected
16:33:14 system,info,account user senad logged in from 192.168.89.255 via winbox
16:34:35 system,info,account user senad logged in from 192.168.89.255 via telnet
16:35:31 system,info,account user senad logged in from 192.168.89.255 via winbox
16:35:39 system,info detect-internet settings changed by senad
16:35:39 interface,info ether1 detect UNKNOWN
16:35:39 interface,info ether3 detect LAN
16:35:39 interface,info <pptp-vpn> detect UNKNOWN
16:35:39 interface,info bridge1 detect LAN
16:35:42 system,info,account user senad logged out from 192.168.89.255 via winbox
16:35:42 system,info,account user senad logged out from 192.168.89.255 via telnet
16:35:45 interface,info ether1 detect WAN
16:35:45 interface,info <pptp-vpn> detect WAN
16:35:48 system,info,account user senad logged in from 192.168.89.255 via telnet
16:36:27 system,info,account user senad logged out from 192.168.89.255 via winbox
16:36:27 system,info,account user senad logged out from 192.168.89.255 via telnet
16:36:35 pptp,ppp,info <pptp-vpn>: terminating... - disconnected
16:36:35 pptp,ppp,info,account vpn logged out, 213 1150683 383351 1885 1571
16:36:35 pptp,ppp,info <pptp-vpn>: disconnected
16:36:58 pptp,info TCP connection established from 37.203.68.207
16:36:59 interface,info <pptp-vpn> detect UNKNOWN
16:36:59 pptp,ppp,info,account vpn logged in, 192.168.89.255
16:36:59 pptp,ppp,info <pptp-vpn>: authenticated
16:36:59 pptp,ppp,info <pptp-vpn>: using encoding - MPPE128 stateless
16:37:00 pptp,ppp,info <pptp-vpn>: connected
16:37:05 interface,info <pptp-vpn> detect WAN
16:37:30 system,info,account user senad logged in from 192.168.89.255 via winbox
16:38:08 system,info,account user senad logged in from 192.168.89.255 via telnet
16:38:43 system,info,account user senad logged out from 192.168.89.255 via winbox
16:38:43 system,info,account user senad logged out from 192.168.89.255 via telnet
16:38:52 system,info,account user senad logged in from 192.168.89.255 via winbox
16:39:21 system,info,account user senad logged in from 192.168.89.255 via web
16:40:00 system,info,account user senad logged in via local
16:40:16 system,info,account user senad logged out via local
16:41:31 system,info,account user senad logged in via local
16:42:04 system,info,account user senad logged in from 192.168.89.255 via telnet
16:42:50 system,info,account user senad logged out from 192.168.89.255 via winbox
16:42:50 system,info,account user senad logged out from 192.168.89.255 via telnet
16:42:54 system,info,account user senad logged in from 192.168.89.255 via winbox
16:43:21 system,info,account user senad logged out from 192.168.89.255 via web
16:43:21 system,info,account user senad logged out via local
16:44:57 system,info,account user senad logged out from 192.168.89.255 via winbox
16:45:02 pptp,ppp,info <pptp-vpn>: terminating... - disconnected
16:45:02 pptp,ppp,info,account vpn logged out, 482 660206 6255349 6121 8515
16:45:02 pptp,ppp,info <pptp-vpn>: disconnected
16:49:49 pptp,info TCP connection established from 37.203.68.207
16:49:50 interface,info <pptp-vpn> detect UNKNOWN
16:49:50 pptp,ppp,info,account vpn logged in, 192.168.89.255
16:49:50 pptp,ppp,info <pptp-vpn>: authenticated
16:49:50 pptp,ppp,info <pptp-vpn>: using encoding - MPPE128 stateless
16:49:50 pptp,ppp,info <pptp-vpn>: connected
16:49:56 interface,info <pptp-vpn> detect WAN
16:52:49 dhcp,info dhcp1 assigned 192.168.1.97 to D8:68:C3:B4:BF:A7
16:53:04 system,info,account user senad logged in from 192.168.1.100 via winbox
16:53:16 system,info,account user senad logged in from 192.168.1.100 via telnet
16:57:14 system,info,account user senad logged out from 192.168.1.100 via telnet
16:57:18 system,info,account user senad logged in from 192.168.1.100 via telnet
@anav
on ether1 i have WAN and on ether3 i have connected LAN, i dont understand you about missmatch,
What i need to do with primary subnet?
Here is /system default>configuration
Code: Select all
/system default-configuration print
script: :global ssid;
#| RouterMode:
#| * WAN port is protected by firewall and enabled DHCP cli>
#| * Wireless and Ethernet interfaces (except WAN port ethe>
#| are part of LAN bridge
#| wlan1 Configuration:
#| mode: ap-bridge;
#| band: 2ghz-b/g/n;
#| tx-chains: 0;1;
#| rx-chains: 0;1;
#| ht-extension: 20/40mhz-XX;
#| LAN Configuration:
#| IP address 192.168.88.1/24 is set on bridge (LAN port)
#| DHCP Server: enabled;
#| WAN (gateway) Configuration:
#| gateway: ether1 ;
#| ip4 firewall: enabled;
#| NAT: enabled;
#| DHCP Client: enabled;
#| DNS: enabled;
:global defconfMode;-- [Q quit|D dump|right|down]
[/code]
In log there is nothing about connection break
Code: Select all
15:08:22 system,info router rebooted
15:08:25 bridge,info "bridge1" mac address changed to CC:2D:E0:BE:83:12
15:08:32 interface,info ether1 link up (speed 100M, full duplex)
15:08:32 interface,info ether3 link up (speed 100M, full duplex)
15:20:20 dhcp,info dhcp1 deassigned 192.168.1.99 from AC:EE:9E:25:D3:49
15:37:16 dhcp,info dhcp1 deassigned 192.168.1.97 from D8:68:C3:B4:BF:A7
15:37:17 dhcp,info dhcp1 assigned 192.168.1.97 to D8:68:C3:B4:BF:A7
16:20:55 dhcp,info dhcp1 deassigned 192.168.1.97 from D8:68:C3:B4:BF:A7
16:33:02 pptp,info TCP connection established from 37.203.68.207
16:33:03 pptp,ppp,info,account vpn logged in, 192.168.89.255
16:33:03 pptp,ppp,info <pptp-vpn>: authenticated
16:33:03 pptp,ppp,info <pptp-vpn>: using encoding - MPPE128 stateless
16:33:04 pptp,ppp,info <pptp-vpn>: connected
16:33:14 system,info,account user senad logged in from 192.168.89.255 via winbox
16:34:35 system,info,account user senad logged in from 192.168.89.255 via telnet
16:35:31 system,info,account user senad logged in from 192.168.89.255 via winbox
16:35:39 system,info detect-internet settings changed by senad
16:35:39 interface,info ether1 detect UNKNOWN
16:35:39 interface,info ether3 detect LAN
16:35:39 interface,info <pptp-vpn> detect UNKNOWN
16:35:39 interface,info bridge1 detect LAN
16:35:42 system,info,account user senad logged out from 192.168.89.255 via winbox
16:35:42 system,info,account user senad logged out from 192.168.89.255 via telnet
16:35:45 interface,info ether1 detect WAN
16:35:45 interface,info <pptp-vpn> detect WAN
16:35:48 system,info,account user senad logged in from 192.168.89.255 via telnet
16:36:27 system,info,account user senad logged out from 192.168.89.255 via winbox
16:36:27 system,info,account user senad logged out from 192.168.89.255 via telnet
16:36:35 pptp,ppp,info <pptp-vpn>: terminating... - disconnected
16:36:35 pptp,ppp,info,account vpn logged out, 213 1150683 383351 1885 1571
16:36:35 pptp,ppp,info <pptp-vpn>: disconnected
16:36:58 pptp,info TCP connection established from 37.203.68.207
16:36:59 interface,info <pptp-vpn> detect UNKNOWN
16:36:59 pptp,ppp,info,account vpn logged in, 192.168.89.255
16:36:59 pptp,ppp,info <pptp-vpn>: authenticated
16:36:59 pptp,ppp,info <pptp-vpn>: using encoding - MPPE128 stateless
16:37:00 pptp,ppp,info <pptp-vpn>: connected
16:37:05 interface,info <pptp-vpn> detect WAN
16:37:30 system,info,account user senad logged in from 192.168.89.255 via winbox
16:38:08 system,info,account user senad logged in from 192.168.89.255 via telnet
16:38:43 system,info,account user senad logged out from 192.168.89.255 via winbox
16:38:43 system,info,account user senad logged out from 192.168.89.255 via telnet
16:38:52 system,info,account user senad logged in from 192.168.89.255 via winbox
16:39:21 system,info,account user senad logged in from 192.168.89.255 via web
16:40:00 system,info,account user senad logged in via local
16:40:16 system,info,account user senad logged out via local
16:41:31 system,info,account user senad logged in via local
16:42:04 system,info,account user senad logged in from 192.168.89.255 via telnet
16:42:50 system,info,account user senad logged out from 192.168.89.255 via winbox
16:42:50 system,info,account user senad logged out from 192.168.89.255 via telnet
16:42:54 system,info,account user senad logged in from 192.168.89.255 via winbox
16:43:21 system,info,account user senad logged out from 192.168.89.255 via web
16:43:21 system,info,account user senad logged out via local
16:44:57 system,info,account user senad logged out from 192.168.89.255 via winbox
16:45:02 pptp,ppp,info <pptp-vpn>: terminating... - disconnected
16:45:02 pptp,ppp,info,account vpn logged out, 482 660206 6255349 6121 8515
16:45:02 pptp,ppp,info <pptp-vpn>: disconnected
16:49:49 pptp,info TCP connection established from 37.203.68.207
16:49:50 interface,info <pptp-vpn> detect UNKNOWN
16:49:50 pptp,ppp,info,account vpn logged in, 192.168.89.255
16:49:50 pptp,ppp,info <pptp-vpn>: authenticated
16:49:50 pptp,ppp,info <pptp-vpn>: using encoding - MPPE128 stateless
16:49:50 pptp,ppp,info <pptp-vpn>: connected
16:49:56 interface,info <pptp-vpn> detect WAN
16:52:49 dhcp,info dhcp1 assigned 192.168.1.97 to D8:68:C3:B4:BF:A7
16:53:04 system,info,account user senad logged in from 192.168.1.100 via winbox
16:53:16 system,info,account user senad logged in from 192.168.1.100 via telnet
16:57:14 system,info,account user senad logged out from 192.168.1.100 via telnet
16:57:18 system,info,account user senad logged in from 192.168.1.100 via telnet
Code: Select all
on ether1 i have WAN and on ether3 i have connected LAN, i dont understand you about missmatch,
What i need to do with primary subnet?
Re: Public IP adress in LAN
Firstly, I didnt mention etherport1 or etherport3.
Second follow the bouncing ball.
You have Five (lan type) ports on your router, eth2-eth5 and WLAN1
As per your bridgeport settings they are all under the Bridge.
In addition you are having the bridge act as your DHCP server for your SINGLE LAN.
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
Therefore it makes no sense at all to then try to create a LAN network associated with eth2 and specifically
to assign the LANIP address to ether2 vice the bridge.
Change
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
To
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
Second follow the bouncing ball.
You have Five (lan type) ports on your router, eth2-eth5 and WLAN1
As per your bridgeport settings they are all under the Bridge.
In addition you are having the bridge act as your DHCP server for your SINGLE LAN.
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
Therefore it makes no sense at all to then try to create a LAN network associated with eth2 and specifically
to assign the LANIP address to ether2 vice the bridge.
Change
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
To
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
Re: Public IP adress in LAN
@anav
Thank you for reply,
I realy apreciate yor trying to help me, im new with mikrotik and i dont understand all things.
Here is new setings for IP address
Thank you for reply,
I realy apreciate yor trying to help me, im new with mikrotik and i dont understand all things.
Here is new setings for IP address
Code: Select all
/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.1.1/24 192.168.1.0 bridge1
1 185.12.79.79/23 185.12.78.0 ether1
[senad@MikroTik] >/code]Re: Public IP adress in LAN
Looks good, as long as you understand why you needed the change.
Re: Public IP adress in LAN
Looks like detect-internet functionality is kicking in ... and it's known to mess things occasionally.
What does /interface detect-internet print show? If any field has value anything other than none, set it to none ...
What does /interface detect-internet print show? If any field has value anything other than none, set it to none ...
Re: Public IP adress in LAN
@mkx
I have turned this option( internet detect) today when i see it in winbox after update.
Now I turned it off. Problem occure before and after I turned this option.
Before mikrotik we have tenda router with the same settings (lan,wan, port forwarding) and everything worked well for two years. After new year 2019 problem started to occure. On tenda also say DNS server is not respondin conntact you ISP. From ISP say that from their side everything working well; that they can reach their modem on wich is connected our router. They say that we need to change router.
I have changed three router( two models of tenda and one from tpling ) and problem still occurs. After that from ISP say that we buying low cost router and that we need something like industrial router becaouse we have a lot of devices on LAN. They recomended mikrotik. We buy mikrotik, i heve configure it and problem still occurs. I want to say that problem occurs from monday to friday( somedays work well) from 10:00am to 19:00 pm ( not always in the same time ). On weekend we dont have internet breakdown.
Code: Select all
/interface detect-internet print
detect-interface-list: all
lan-interface-list: none
wan-interface-list: none
internet-interface-list: none
[senad@MikroTik] > /interface detect-internet print
detect-interface-list: none
lan-interface-list: none
wan-interface-list: none
internet-interface-list: none
[senad@MikroTik] >Now I turned it off. Problem occure before and after I turned this option.
Before mikrotik we have tenda router with the same settings (lan,wan, port forwarding) and everything worked well for two years. After new year 2019 problem started to occure. On tenda also say DNS server is not respondin conntact you ISP. From ISP say that from their side everything working well; that they can reach their modem on wich is connected our router. They say that we need to change router.
I have changed three router( two models of tenda and one from tpling ) and problem still occurs. After that from ISP say that we buying low cost router and that we need something like industrial router becaouse we have a lot of devices on LAN. They recomended mikrotik. We buy mikrotik, i heve configure it and problem still occurs. I want to say that problem occurs from monday to friday( somedays work well) from 10:00am to 19:00 pm ( not always in the same time ). On weekend we dont have internet breakdown.
Re: Public IP adress in LAN
The way you describe problems ... it points at your ISP ...
Re: Public IP adress in LAN
But how to get evidence.
They send some guy with some device, he connect it to their modem and say:see, there is 100/100 Mbit/s, the internet working well and afther that goes away.
I dont know what to do.
One more thing, hteir modem work in bridge mode.
They send some guy with some device, he connect it to their modem and say:see, there is 100/100 Mbit/s, the internet working well and afther that goes away.
I dont know what to do.
One more thing, hteir modem work in bridge mode.
Re: Public IP adress in LAN
In this location i cant.
I will send my ISP provider one more mail.
Thank you for help @mkx @anav
I will send my ISP provider one more mail.
Thank you for help @mkx @anav
Who is online
Users browsing this forum: haedertowfeq, miker3000 and 89 guests