Community discussions

MikroTik App
 
NMCI
just joined
Topic Author
Posts: 12
Joined: Mon Dec 07, 2020 8:38 pm

Detect-internet - limited access

Mon Dec 07, 2020 9:30 pm

Hi, warm greetings to all members of the forum.

I would like to ask what the correct configuration would be in my case.

My isp gave me a segment of public ips but they are not routed and gave me the following instructions, assign the IP 172.16.90.2/30 on the port I have assigned to wan, and I have available ips 168.1xx.xxx.xx8-168.1xx.xx.x35. I understand that I should apply src-nat targeted to my LAN pool, but this way with the Internet on my LAN devices, but the router (rb3011) has no Internet access, I try to ping and the answer is "timeout". I also want to know how to reconfigure the "detect Internet" to use the mikrotik app as it marks the interface traffic but the status is" available on wan (limited access)"



I would like you to explain to me everything step by step, to be able to achieve the objectives since I sought and I do not get the right answers to my problems.

Thank you all for your time..
You do not have the required permissions to view the files attached to this post.
 
NMCI
just joined
Topic Author
Posts: 12
Joined: Mon Dec 07, 2020 8:38 pm

Re: Detect-internet - limited access

Wed Mar 17, 2021 8:14 pm

I would appreciate a help
 
sarah
newbie
Posts: 27
Joined: Mon Feb 29, 2016 1:41 am

Re: Detect-internet - limited access

Thu Mar 18, 2021 7:51 am

Please share your full configuration.
/export hide-sensitive
 
User avatar
ingdaka
Trainer
Trainer
Posts: 452
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: Detect-internet - limited access

Thu Mar 18, 2021 12:38 pm

As you make src-nat for your LAN, when you ping from router it self. And 172... is not routed on Internet so is normal that you will not have access from router!

If you want to make for example 8.8.8.8 ping-able from router you should add src-nat
add chain=srcnat dst-address=8.8.8.8 action=src-nat to-addresses=168.xxxxxxxxx
 
NMCI
just joined
Topic Author
Posts: 12
Joined: Mon Dec 07, 2020 8:38 pm

Re: Detect-internet - limited access

Wed Mar 31, 2021 12:57 am

Please share your full configuration.
/export hide-sensitive
# mar/30/2021 17:41:22 by RouterOS 6.48.1
# software id = UGV5-XJMH
#
# model = RB4011iGS+
# serial number = D4480CD433C1
/interface bridge
add name=LaN
/interface ethernet
set [ find default-name=ether1 ] comment=WaN
set [ find default-name=ether10 ] poe-out=off
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface list
add name=Lan
add name=WaN
add name=list1
/ip pool
add name=PPPoE_pool ranges=172.16.0.2-172.16.0.250
/queue simple
add limit-at=250M/250M max-limit=250M/250M name=Main priority=1/1 queue=\
    pcq-upload-default/pcq-download-default target=172.16.0.0/24 total-queue=\
    default
/ppp profile
add bridge=LaN change-tcp-mss=yes insert-queue-before=bottom local-address=\
    172.16.0.1 name=profile1 parent-queue=Main queue-type=default \
    remote-address=PPPoE_pool use-compression=no use-encryption=no use-mpls=\
    no use-upnp=yes
/interface bridge port
add bridge=LaN interface=ether2
add bridge=LaN interface=ether3
add bridge=LaN interface=ether4
add bridge=LaN interface=ether7
add bridge=LaN interface=ether6
add bridge=LaN interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=all
/interface detect-internet
set detect-interface-list=WaN
/interface list member
add interface=LaN list=Lan
add interface=ether1 list=WaN
/interface pppoe-server server
add default-profile=profile1 disabled=no interface=LaN keepalive-timeout=35 \
    max-mtu=1492 one-session-per-host=yes service-name="PPPo E"
/ip address
add address=172.24.116.10/30 comment=WaN interface=ether1 network=\
    172.24.116.8
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=20480KiB \
    max-concurrent-queries=10000 max-concurrent-tcp-sessions=2000 servers=\
    8.8.8.8,8.8.4.4
/ip firewall address-list
add address=172.16.0.2-172.16.1.247 list=PPPoE
/ip firewall filter
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input connection-state=invalid
add action=add-src-to-address-list address-list=Nat1 address-list-timeout=6h \
    chain=forward connection-state=new dst-address-type=!local \
    per-connection-classifier=src-address:5/0 src-address-list=PPPoE
add action=add-src-to-address-list address-list=Nat2 address-list-timeout=6h \
    chain=forward connection-state=new dst-address-type=!local \
    per-connection-classifier=src-address:5/1 src-address-list=PPPoE
add action=add-src-to-address-list address-list=Nat3 address-list-timeout=6h \
    chain=forward connection-state=new dst-address-type=!local \
    per-connection-classifier=src-address:5/2 src-address-list=PPPoE
add action=add-src-to-address-list address-list=Nat4 address-list-timeout=6h \
    chain=forward connection-state=new dst-address-type=!local \
    per-connection-classifier=src-address:5/3 src-address-list=PPPoE
add action=add-src-to-address-list address-list=Nat5 address-list-timeout=6h \
    chain=forward connection-state=new dst-address-type=!local \
    per-connection-classifier=src-address:5/4 src-address-list=PPPoE
add action=accept chain=input src-address=172.16.0.0/24
/ip firewall nat
add action=redirect chain=dstnat comment=Dns dst-port=53,853 protocol=udp \
    to-ports=53
add action=redirect chain=dstnat dst-port=53,853 protocol=tcp to-ports=53
add action=src-nat chain=srcnat comment="Nat Rb" out-interface=ether1 \
    src-address=172.24.116.10 to-addresses=168.xxx.xxx.191
add action=src-nat chain=srcnat out-interface=ether1 src-address-list=Nat1 \
    to-addresses=168.xxx.xxx.188
add action=src-nat chain=srcnat out-interface=ether1 src-address-list=Nat2 \
    to-addresses=168.xxx.xxx.189
add action=src-nat chain=srcnat out-interface=ether1 src-address-list=Nat3 \
    to-addresses=168.xxx.xxx.190
add action=src-nat chain=srcnat out-interface=ether1 src-address-list=Nat4 \
    to-addresses=168.xxx.xxx.191
add action=src-nat chain=srcnat out-interface=ether1 src-address-list=Nat5 \
    to-addresses=168.xxx.xxx.192
add action=src-nat chain=srcnat comment="Nat Ap's" src-address=10.0.10.0/24 \
    to-addresses=168.xxx.xxx.192
/ip route
add distance=1 gateway=172.24.116.9
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=LaN type=internal
/ppp aaa
set use-radius=yes
/radius
add address=127.0.0.1 secret=12345 service=ppp,login timeout=3s
/radius incoming
set accept=yes
/system logging
add disabled=yes topics=dns
add disabled=yes topics=ospf
/system ntp server
set enabled=yes
/tool graphing interface
add interface=ether1
add interface=LaN
/tool graphing queue
add simple-queue=Main
/tool graphing resource
add
/tool romon
set enabled=yes
/user aaa
set use-radius=yes
 
NMCI
just joined
Topic Author
Posts: 12
Joined: Mon Dec 07, 2020 8:38 pm

Re: Detect-internet - limited access

Wed Mar 31, 2021 12:58 am

As you make src-nat for your LAN, when you ping from router it self. And 172... is not routed on Internet so is normal that you will not have access from router!

If you want to make for example 8.8.8.8 ping-able from router you should add src-nat
add chain=srcnat dst-address=8.8.8.8 action=src-nat to-addresses=168.xxxxxxxxx
how would you get the same router to have internet access.?

Who is online

Users browsing this forum: BartoszP, BioMax, cmmike, yakovz and 30 guests