please i need help, i have a mikroutik hap ac2, i had plug it to an ISP modem that give to the WAN interface a DHCP address 192.168.1.25....
the probleme, i can't ping from my lan this address.
the config line are :
ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.88.1/24 192.168.88.0 ether2
1 xx.xx.xx.xx/25 xx.xx.xx.xx ether5
2 D 192.168.1.25/24 192.168.1.0 ether1
ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.1.1 1
1 ADC xx.xx.xx.xx/25 xx.xx.xx.xx bridge 0
2 ADC 192.168.1.0/24 192.168.1.25 ether1 0
3 A S 192.168.1.1/32 0.0.0.0 ether1 1
4 ADC 192.168.88.0/24 192.168.88.1 bridge 0
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=accept src-address=xx.xx.xx.xx/25 dst-address=xx.xx.xx.xx/16 log=no log-prefix=""
1 chain=srcnat action=src-nat to-addresses=xx.xx.xx.xx/25 dst-address=xx.xx.xx.xx/16
2 X chain=srcnat action=src-nat to-addresses=xx.xx.xx.xx/16 dst-address=xx.xx.xx.xx/25
3 chain=srcnat action=masquerade log=no log-prefix=""
4 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none
ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 chain=input action=accept protocol=udp dst-port=500 log=no log-prefix=""
2 chain=output action=accept protocol=udp dst-port=500 log=no log-prefix=""
3 chain=input action=accept protocol=udp dst-port=4500 log=no log-prefix=""
4 chain=output action=accept protocol=udp dst-port=4500 log=no log-prefix=""
5 chain=input action=accept protocol=ipsec-esp log=no log-prefix=""
6 chain=output action=accept protocol=ipsec-esp log=no log-prefix=""
7 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked log=no log-prefix=""
8 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
9 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
10 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
11 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
12 ;;; defconf: accept in ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
13 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
14 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
15 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
16 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
17 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
thanks for advance for your help