Community discussions

MikroTik App
 
jamajamajaaama
just joined
Topic Author
Posts: 4
Joined: Sun Aug 15, 2021 10:20 pm

What is wrong with my router?

Sun Aug 15, 2021 10:34 pm

Dear gurus, please help, this is weird.

Recently I purchased an small HAP ac2 router to serve as a home DHCPserver, one of the WIFI and firewall. It is located after the ISP optical modem.

Everything was working fine, pages opening, wife happy, until I noticed that some hosts as subdomains, f.e status.kali.org, secure.gravatar.com, pbs.twimg.com are not resolving. I noticed, because could not update Kali virtual machine, as it could not resolve distribution servers. I was thinking than maybe DNS is what to blame, but no - it is resolving the correct IP addresses.
Traceroute to all of the sites returns " Destination host unreachable."
C:\WINDOWS\system32>tracert status.kali.org
Tracing route to status.kali.org [192.124.249.56]
over a maximum of 30 hops:

  1  pc.name.lv [192.168.100.11]  reports: Destination host unreachable.

Trace complete.
When I connect my PC to the mobile phone hostspot, everything works fine. Sites are resolving and opening.

So please, wise mans/girls help me figure out, where I should start digging?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: What is wrong with my router?

Sun Aug 15, 2021 10:48 pm

Have you set the admin password?
If not, netinstall the router, set the password and then configure it from scratch.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: What is wrong with my router?

Sun Aug 15, 2021 11:03 pm

Remember these wise words!
To ERR is not Mikrotik, or something to that effect ;-)

Another wise sage once stated,

MT forum helpers do not have a crystal ball so please
/export hide-sensitive file=anynameyouwish
 
jamajamajaaama
just joined
Topic Author
Posts: 4
Joined: Sun Aug 15, 2021 10:20 pm

Re: What is wrong with my router?

Mon Aug 16, 2021 9:00 am

There is my cnfig rsc
# aug/16/2021 08:56:43 by RouterOS 6.48.3
# software id = 9IQJ-750S
#
# model = RBD52G-5HacD2HnD
# serial number = C6140E51A3A1
/interface bridge
add admin-mac=2C:C8:1B:8F:59:DA auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=latvia disabled=no distance=indoors frequency=auto installation=\
indoor mode=ap-bridge ssid=wireless-gar4g wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=latvia disabled=no distance=indoors frequency=\
auto installation=indoor mode=ap-bridge ssid=wireless-gar \
wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.100.5-192.168.100.99
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.0.1/8 comment=defconf interface=bridge network=192.0.0.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add comment=defconf dns-server=1.1.1.1,8.8.8.8 gateway=192.168.0.1
add address=192.0.0.0/8 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.0.1 \
netmask=8
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Riga
/system leds
add interface=ether1 leds=user-led type=interface-activity
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Remember these wise words!
To ERR is not Mikrotik, or something to that effect ;-)

Another wise sage once stated,

MT forum helpers do not have a crystal ball so please
/export hide-sensitive file=anynameyouwish
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: What is wrong with my router?  [SOLVED]

Mon Aug 16, 2021 10:14 am

Why you set /8 on your IPs?
Do not mix 10.0.0.0/8 concept with 192.168.0.0/16.
192.168.0.0/8 = IP range from 192.0.0.0 to 192.255.255.255
Only 192.168.x.x are private addresses, the others are all pubblic IPs used on Internet!!!
if you want use all 192.168.x.x space, from 192.168.0.0 to 192.168.255.255 you must use a /16


paste this inside terminal without omit { } !!!
{
/interface bridge set bridge protocol=none
/interface wireless set [ find default-name=wlan1 ] band=2ghz-g/n
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk
/interface detect-internet set detect-interface-list=none
/ip address set [find where address="192.168.0.1/8"] address=192.168.0.1/16
/ip dhcp-server network
remove [find]
add address=192.168.0.0/16 comment=defconf dns-server=1.1.1.1,8.8.8.8 gateway=192.168.0.1 netmask=16
}
 
jamajamajaaama
just joined
Topic Author
Posts: 4
Joined: Sun Aug 15, 2021 10:20 pm

Re: What is wrong with my router?

Mon Aug 16, 2021 10:43 am

Thank you!
It worked out, but still it is unclear for me, why this was related only for some subdomains, not all of them.


Why you set /8 on your IPs?
Do not mix 10.0.0.0/8 concept with 192.168.0.0/16.
192.168.0.0/8 = IP range from 192.0.0.0 to 192.255.255.255
Only 192.168.x.x are private addresses, the others are all pubblic IPs used on Internet!!!
if you want use all 192.168.x.x space, from 192.168.0.0 to 192.168.255.255 you must use a /16


paste this inside terminal without omit { } !!!
{
/interface bridge set bridge protocol=none
/interface wireless set [ find default-name=wlan1 ] band=2ghz-g/n
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk
/interface detect-internet set detect-interface-list=none
/ip address set [find where address="192.168.0.1/8"] address=192.168.0.1/16
/ip dhcp-server network
remove [find]
add address=192.168.0.0/16 comment=defconf dns-server=1.1.1.1,8.8.8.8 gateway=192.168.0.1 netmask=16
}
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: What is wrong with my router?

Mon Aug 16, 2021 10:50 am

The subdomain can have a different IP than the main domain.
If any subdomain has, for example, 192.78.44.15 it is unreachable because you tell your router that the domain is within your network rather than on the internet.

AND

All this DNS Root Servers are all inside 192.0.0.0/8 range, and on your configuration aren't reachables:
c.root-servers.net 192.33.4.12
e.root-servers.net 192.203.230.10
f.root-servers.net 192.5.5.241
g.root-servers.net 192.112.36.4
i.root-servers.net 192.36.148.17
j.root-servers.net 192.58.128.30
 
jamajamajaaama
just joined
Topic Author
Posts: 4
Joined: Sun Aug 15, 2021 10:20 pm

Re: What is wrong with my router?

Mon Aug 16, 2021 10:55 am

Ok, thank you very much for solving my mistery!
The subdomain can have a different IP than the main domain.
If any subdomain has, for example, 192.78.44.15 it is unreachable because you tell your router that the domain is within your network rather than on the internet.

AND

All this DNS Root Servers are all inside 192.0.0.0/8 range, and on your configuration aren't reachables:
c.root-servers.net 192.33.4.12
e.root-servers.net 192.203.230.10
f.root-servers.net 192.5.5.241
g.root-servers.net 192.112.36.4
i.root-servers.net 192.36.148.17
j.root-servers.net 192.58.128.30

Who is online

Users browsing this forum: No registered users and 29 guests