Community discussions

MikroTik App
  4. RouterOS
  5. General

Cannot access some sites  [SOLVED]

Post Reply
 
User avatar
victorsoares
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:
Contact victorsoares

Cannot access some sites

Tue Jun 12, 2018 8:37 pm

Hi everyone,

I'm testing a rB2011 iLS with a dedicated IP address that the company I'm working with is going to provide to some customers. Everything works fine, but I can't access some websites like netflix.com and clarin.com. I have no ideia of what is going on. I have no rules set on my firewall. The IP comes from a CCR1036+, then goes to a ONU set on a specific VLAN and then goes to the RB.

Here is a traceroute to netflix.com
Code: Select all
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST
 1 ***.***.***.***(rb address)        0%    4   2.1ms     2.2     0.8     4.4
 2 ***.***.***.***(ccr address)       0%    4   1.9ms     1.9     1.7     2.1
 3 ***.***.***.***(link address)      0%    4   2.8ms     3.6     2.8     5.3
 4 ***.***.***.***(link address)      0%    4   3.7ms     3.9     2.9     5.7
 5 177.84.165.37                     50%    4   7.2ms     7.4     7.2     7.5
 6 206.41.108.77                     75%    4 timeout   137.8   137.8   137.8
 7 206.41.108.16                      0%    4 132.9ms   133.4   132.8   134.6
 8 52.93.37.91                        0%    3 137.3ms   138.6   137.3   140.9
 9 52.93.37.10                        0%    3 132.9ms     133   132.9   133.2
10 54.239.42.190                      0%    3 158.6ms     160   158.5   162.8
11                                  100%    3 timeout
12 54.239.108.50                      0%    3 174.1ms   173.2   163.6     182
13 54.239.110.144                     0%    3   154ms     154   153.7   154.2
14 54.239.110.147                     0%    3 176.5ms   170.9   165.9   176.5
15 54.239.111.35                      0%    3 157.7ms   158.1   157.7   158.4
16 52.93.24.92                      33..    3 timeout   176.3   163.2   189.3
17 72.21.197.221                      0%    3 162.3ms     160   158.1   162.3
18                                  100%    3 timeout
19                                  100%    3 timeout
20                                  100%    3 timeout
21                                  100%    3 timeout
22                                  100%    3 timeout
And here are my interfaces:
Code: Select all
# jun/12/2018 14:33:27 by RouterOS 6.40.8
# software id = 64XT-A6MH
#
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  ;;; gateway
       name="ether1" default-name="ether1" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=4C:5E:0C:38:68:A7 fast-path=yes 
       last-link-up-time=jun/12/2018 11:57:22 link-downs=0 

 1  RS name="ether2" default-name="ether2" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=4C:5E:0C:38:68:A8 fast-path=yes 
       last-link-down-time=jun/12/2018 14:26:45 
       last-link-up-time=jun/12/2018 14:26:48 link-downs=11 

 2  XS name="ether3" default-name="ether3" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=4C:5E:0C:38:68:A9 fast-path=yes link-downs=0 

 3  XS name="ether4" default-name="ether4" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=4C:5E:0C:38:68:AA fast-path=yes link-downs=0 

 4  XS name="ether5" default-name="ether5" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=4074 
       mac-address=4C:5E:0C:38:68:AB fast-path=yes link-downs=0 

 5  XS name="ether6" default-name="ether6" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 
       mac-address=4C:5E:0C:38:68:AC fast-path=yes link-downs=0 

 6  XS name="ether7" default-name="ether7" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 
       mac-address=4C:5E:0C:38:68:AD fast-path=yes link-downs=0 

 7  XS name="ether8" default-name="ether8" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 
       mac-address=4C:5E:0C:38:68:AE fast-path=yes link-downs=0 

 8  XS name="ether9" default-name="ether9" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 
       mac-address=4C:5E:0C:38:68:AF fast-path=yes link-downs=0 

 9  XS name="ether10" default-name="ether10" type="ether" mtu=1500 
       actual-mtu=1500 l2mtu=1598 max-l2mtu=2028 
       mac-address=4C:5E:0C:38:68:B0 fast-path=yes link-downs=0 

10  X  name="sfp1" default-name="sfp1" type="ether" mtu=1500 actual-mtu=1500 
       l2mtu=1598 max-l2mtu=4074 mac-address=4C:5E:0C:38:68:A6 fast-path=yes 
       link-downs=0 

11  R  ;;; dhcp
       name="bridge1" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1598 
       mac-address=4C:5E:0C:38:68:A9 fast-path=yes 
       last-link-up-time=jun/12/2018 12:32:45 link-downs=0
I'm running ROS version 6.40.8 firmware 3.41

Thanks in advance for any help provided.
Last edited by victorsoares on Wed Jun 13, 2018 2:21 pm, edited 1 time in total.
Top
 
User avatar
victorsoares
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:
Contact victorsoares

Re: Cannot access some sites

Tue Jun 12, 2018 8:51 pm

Another thing, I can ping to websites like www.crucial.com from the RB and from my desktop, but cannot access the website never or less.
Top
 
User avatar
routik
Member Candidate
Member Candidate
Posts: 118
Joined: Wed Oct 14, 2009 5:40 pm
Location: Abuja-Nigeria
Contact:
Contact routik

Re: Cannot access some sites

Tue Jun 12, 2018 10:00 pm

Another thing, I can ping to websites like www.crucial.com from the RB and from my desktop, but cannot access the website never or less.
What about your DNS settings q? What DNS are you using?

Sent from my LG-H810 using Tapatalk

Top
 
User avatar
victorsoares
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:
Contact victorsoares

Re: Cannot access some sites

Tue Jun 12, 2018 10:24 pm

I'm using Google's DNS, 8.8.8.8 and 8.8.4.4. Tried Cloudflare's DNS too, but no success.
Top
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:
Contact evince

Re: Cannot access some sites

Wed Jun 13, 2018 11:49 am

Hello, check if you don't have a TCP/MSS problem.
Top
 
User avatar
victorsoares
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:
Contact victorsoares

Re: Cannot access some sites

Wed Jun 13, 2018 2:18 pm

Is there a way to analyze that? I tried creating a change MSS rule but had no success either.
Top
 
User avatar
victorsoares
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:
Contact victorsoares

Re: Cannot access some sites  [SOLVED]

Wed Jun 13, 2018 10:55 pm

Finally I found out what was going on. I was missing a rule to change mss. After the rule was applied everything started working fine. Here is how I put the rule.
Code: Select all
/ip firewall mangle print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=yes 
      tcp-flags=syn protocol=tcp out-interface=ether1 tcp-mss=1361-65535 log=no 
      log-prefix="" 

 1    chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=yes 
      tcp-flags=syn protocol=tcp in-interface=ether1 tcp-mss=1361-65535 log=no 
      log-prefix=""
Top
Post Reply

Who is online

Users browsing this forum: baragoon, BoraHorza, GoogleOther [Bot], Jetstream and 205 guests
  4. RouterOS
  5. General