Community discussions

MikroTik App
 
haha
just joined
Topic Author
Posts: 1
Joined: Tue Oct 06, 2020 8:08 am

Some websites are not loading.

Tue Oct 06, 2020 5:29 pm

Hello,

I have looked at some topics considering some websites not working, but none helped me.
I have set up a new RB4011iGS.
Config:
/export hide-sensitive
# jan/01/2002 07:05:43 by RouterOS 6.47.4
# software id = M61N-V7EK
#
# model = RB4011iGS+
# serial number = D4480CCAABC5
/interface bridge
add admin-mac=48:8F:5A:71:EF:5E auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] mac-address=74:83:C2:FA:6A:CC
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 10 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.1-192.168.1.254
add name=dhcp_pool1 ranges=192.168.3.10-192.168.3.30
add name=dhcp_pool2 ranges=192.168.4.100-192.168.4.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=ether3 lease-time=30m name=Ext
add address-pool=dhcp_pool2 disabled=no interface=ether4 lease-time=1d name=LocalLan
/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US up-port=1700
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/user group
set full policy=\
    local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0
add address=87.244.xxx.xxx/27 interface=ether1 network=87.244.xxx.xxx
add address=192.168.3.1/24 comment=Ext interface=ether3 network=192.168.3.0
add address=192.168.4.1/24 comment=LocalLan interface=ether4 network=192.168.4.0
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
add address=192.168.3.0/24 dns-server=192.168.3.1,217.119.121.225 domain=HPMExt gateway=192.168.3.1
add address=192.168.4.0/24 dns-server=192.168.4.1,217.119.121.225 domain=HPMLocalLan gateway=192.168.4.1
/ip dns
set allow-remote-requests=yes servers=217.119.121.225,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input comment="accept established, related" connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="allow ICMP" in-interface=ether1 protocol=icmp
add action=accept chain=input comment="allow winbox" in-interface=ether1 port=8291 protocol=tcp
add action=accept chain=input comment="allow ssh" in-interface=ether1 port=22 protocol=tcp
add action=drop chain=input comment="block everything else" in-interface=ether1
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=87.244.xxx.xxx
/ip service
set telnet disabled=yes
/system clock
set time-zone-name=Europe/Bratislava
/system identity
set name=HPMMikroTik
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool user-manager database
set db-path=user-manager
Quite few sites (www.whatismyipaddress.com, https://www.researchgate.net/, https://www.webex.com/, https://www.ardmediathek.de/daserste/, https://go.microsoft.com/, http://mediathek.daserste.de) are not working (timing out: ERR_CONNECTION_TIMED_OUT). I have also used SG TCP/IP Analyzer which outputted:
« SpeedGuide.net TCP Analyzer Results » 
Tested on: 2020.10.06 05:12 
IP address: 87.244.xxx.xxx 
Client OS/browser: Windows 10 (Chrome 85.0.4183.121) 
 
TCP options string: 020405b40103030801010402 
MSS: 1460 
MTU: 1500 
TCP Window: 131328 (not multiple of MSS) 
RWIN Scaling: 8 bits (2^8=256) 
Unscaled RWIN : 513 
Recommended RWINs: 64240, 128480, 256960, 513920, 1027840 
BDP limit (200ms): 5253kbps (657KBytes/s)
BDP limit (500ms): 2101kbps (263KBytes/s) 
MTU Discovery: ON 
TTL: 112 
Timestamps: OFF 
SACKs: ON 
IP ToS: 00000000 (0) 
I had used traceroute to
whatismyipaddress.com
from router:
[admin@HPMMikroTik] > /tool traceroute whatismyipaddress.com
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS
 1 87.244.xxx.xxx                     0%   46   3.2ms     1.2     0.5     3.3     0.9
 2 87.244.210.142                     0%   46   0.8ms     1.4     0.8     3.5     0.5
 3 87.244.210.254                     0%   46   1.3ms     1.4     0.8       6     0.8
 4 217.119.114.73                     0%   46   1.9ms     2.5     1.9     7.1       1
 5 185.171.140.154                    0%   46   3.5ms     4.8     3.3    32.5     4.6 <MPLS:L=1694,E=0 L=49213,E=0,T=1>
 6 185.171.140.152                    0%   46   3.5ms       6     3.4    42.1     7.6 <MPLS:L=1619,E=0 L=49213,E=0,T=2>
 7 185.171.140.148                    0%   46   6.6ms     4.6     3.4     6.9     1.1 <MPLS:L=3975,E=0 L=49213,E=0,T=3>
 8 185.171.140.57                     0%   46  12.5ms     5.7     3.1    36.4     5.3 <MPLS:L=2422,E=0 L=49213,E=0,T=4>
 9                                  100%   46 timeout
10                                  100%   46 timeout
11                                  100%   46 timeout
12                                  100%   46 timeout
13                                  100%   46 timeout
and from different network from different ISP:
C:\Users>tracert whatismyipaddress.com
Tracing route to whatismyipaddress.com [104.16.154.36]
over a maximum of 30 hops:
  1    <1 ms    <1 ms    <1 ms  xxxx.xxxx [192.168.1.1]
  2     *        *        *     Request timed out.
  3    21 ms    20 ms    26 ms  dupdevs-static-65.213-81-253.xx.xx [213.81.xx.xx]
  4     *        *        *     Request timed out.
  5    20 ms    22 ms    20 ms  brat-b1-link.telia.net [62.115.155.166]
  6    31 ms    31 ms    31 ms  win-bb2-link.telia.net [62.115.119.188]
  7    31 ms    36 ms    31 ms  prag-b3-link.telia.net [62.115.137.41]
  8    40 ms    40 ms    40 ms  cloudflare-ic-154352-prag-b3.c.telia.net [80.239.194.86]
  9    36 ms    36 ms    36 ms  104.16.154.36
Trace complete.
My PC is connected to ether2 which is bridged.
Any help would be appreciated.

Who is online

Users browsing this forum: Google [Bot], jerryroy1, justarankamateur and 48 guests