Community discussions

 
andrefonsecacc
just joined
Topic Author
Posts: 2
Joined: Fri Sep 13, 2019 4:27 pm

Router cannot reach certain websites.

Fri Sep 13, 2019 4:35 pm

Hi,

Lately,i have some problems with my router, i cannot reach certain websites unless i add a route for each one of the sites. After i add the specific route the website is reachable.

Seaching for a long term solution rather than adding a route for each site i cannot reach.

Any ideias?
 
User avatar
nickshore
Member
Member
Posts: 473
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Router cannot reach certain websites.

Fri Sep 13, 2019 5:07 pm

If you show us your config it would help.

use /export and then we can see what is wrong.

Also provide the output of /ip route print

Regards
Nick
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
andrefonsecacc
just joined
Topic Author
Posts: 2
Joined: Fri Sep 13, 2019 4:27 pm

Re: Router cannot reach certain websites.

Fri Sep 13, 2019 5:24 pm

use /export and then we can see what is wrong.

Code: Select all

/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether6-master
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface ipip
add allow-fast-path=no disabled=yes ipsec-secret=Omniflow03062019 !keepalive \
local-address=94.61.62.63 name=ipip-tunnel1 remote-address=146.133.159.43
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa-pre-shared-key=Omninet2018 \
wpa2-pre-shared-key=Omninet2018
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed name=profile1-mac-filter \
radius-mac-authentication=yes supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=profile-guest supplicant-identity="" \
wpa2-pre-shared-key=omniguest
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=4 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=portugal disabled=no distance=indoors frequency=auto \
frequency-mode=regulatory-domain mode=ap-bridge security-profile=\
profile1-mac-filter ssid="OMNINET CORPORATEV" wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:F9:AE:C7 \
master-interface=wlan1 multicast-buffering=disabled name=wlan2 \
security-profile=profile-guest ssid=Omni-guest wds-cost-range=0 \
wds-default-cost=0
/ip ipsec mode-config
add name=enel
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-256-ctr,camellia-256 lifetime=1d name=ENEL
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=10.10.10.2-10.10.10.24
add name=VPN-Pool ranges=192.168.88.25-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge name=defconf
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=wlan2 name=dhcp1
/ppp profile
add local-address=VPN-Pool name=VPN-PPTP-Profile remote-address=VPN-Pool
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap1,mschap2 enabled=yes ipsec-secret=adminomniflow \
use-ipsec=yes
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add interface=wlan2 list=discover
add interface=ipip-tunnel1 list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
add interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
192.168.88.0
add address=10.10.10.1/24 interface=wlan2 network=10.10.10.0
add address=94.61.62.63/8 interface=ether2-master network=94.0.0.0
/ip arp
add address=192.168.88.82 interface=bridge
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.8.8,8.8.4.4,8.2.2.2,8.2.2.1 gateway=\
10.10.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=94.61.62.63 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related log-prefix=--teste
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input comment="--allow sstp" dst-port=443 protocol=\
tcp
add action=accept chain=input comment="--allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment=--allowIPSec dst-port=4500 protocol=udp
add action=accept chain=input comment=--allowl2tp dst-port=1701 protocol=udp
add action=accept chain=input comment=--greinputpptp protocol=gre
add action=accept chain=input comment="--tcp pptp port 1723" dst-port=1701 \
protocol=tcp
add action=accept chain=input comment="--TCP port 1723" dst-port=1723 \
protocol=tcp
add action=accept chain=input comment="--UDP port 1723" dst-port=723 \
protocol=udp
add action=accept chain=input comment="--accept remote desktop" dst-port=3389 \
protocol=tcp
add action=accept chain=input comment="--accept vnc client" dst-port=5900 \
protocol=tcp
add action=accept chain=input comment="--accept ping" protocol=icmp
add action=drop chain=forward comment=\
"block the guest network from accessing the private network" dst-address=\
192.168.88.0/24 log=yes src-address=10.10.10.2-10.10.10.24
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface=ether1
/ip firewall mangle
add action=change-mss chain=forward comment=Teste new-mss=clamp-to-pmtu \
passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward comment=\
"Clamp MSS to PMTU for Outgoing packets" disabled=yes new-mss=\
clamp-to-pmtu out-interface=all-ppp passthrough=no protocol=tcp \
tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1
add action=masquerade chain=srcnat comment="Mascarade Guest" out-interface=\
all-wireless src-address=10.10.10.2-10.10.10.24
add action=masquerade chain=srcnat comment="masq. vpn traffic" log=yes \
out-interface=ether1 src-address=192.168.88.0/24
add action=accept chain=srcnat comment="VPN NAT" dst-address=192.168.88.1 \
src-address=192.168.1.1
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=yes \
src-address=192.168.89.0/24
/ip ipsec policy
add comment="enel policy" disabled=yes dst-address=146.133.159.43/32 \
proposal=ENEL sa-dst-address=146.133.159.43 sa-src-address=0.0.0.0 \
src-address=192.168.88.0/24 tunnel=yes
add disabled=yes dst-address=192.168.88.0/24 sa-dst-address=94.61.62.63 \
sa-src-address=146.133.159.43 src-address=172.16.252.168/29 tunnel=yes
/ip route
add comment="--site test" distance=1 dst-address=94.23.77.32/32 gateway=\
192.168.1.1
add comment="--site teste" distance=1 dst-address=94.46.13.190/32 gateway=\
192.168.1.1
add comment=--primecentury distance=1 dst-address=94.46.163.142/32 gateway=\
192.168.1.1
add comment=--fibrenamics distance=1 dst-address=94.126.169.117/32 gateway=\
192.168.1.1
add comment=--norcam distance=1 dst-address=94.126.169.196/32 gateway=\
192.168.1.1
/ip service
set www-ssl disabled=no


Also provide the output of /ip route print

Code: Select all

/ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.1.1 1
1 ADC 10.10.10.0/24 10.10.10.1 wlan2 0
2 ADC 94.0.0.0/8 94.61.62.63 bridge 0
3 A S ;;; --site test
94.23.77.32/32 192.168.1.1 1
4 A S ;;; --site teste
94.46.13.190/32 192.168.1.1 1
5 A S ;;; --primecentury
94.46.163.142/32 192.168.1.1 1
6 A S ;;; --fibrenamics
94.126.169.117/32 192.168.1.1 1
7 A S ;;; --norcam
94.126.169.196/32 192.168.1.1 1
8 ADC 192.168.1.0/24 192.168.1.67 ether1 0
9 ADC 192.168.88.0/24 192.168.88.1 bridge 0

Who is online

Users browsing this forum: MSN [Bot] and 25 guests