Community discussions

 
Dudeplayz
just joined
Topic Author
Posts: 5
Joined: Tue Apr 02, 2019 11:58 am

ROS cant reach the internet, Local clients can

Wed Aug 14, 2019 3:57 pm

Hi,
I have the problem that the mikrotik cant ping or reach any internet address. The local network is working fine and any client or server can reach the internet without problems. Only the mikrotik itself cant ping anything which is not in local network. It also cant resolve DNS.

Here the firewall configuration:
/ip firewall address-list
add address=192.168.55.0/24 list=WAN
add address=192.168.56.0/24 list=WAN
add address=192.168.0.130 list="Internet Drop"
/ip firewall filter
add action=log chain=input disabled=yes in-interface=E6-WAN1-Fritz!Box log=yes log-prefix=Port-Log protocol=udp
add action=accept chain=input comment="VPN L2TP UDP 500, 1701, 4500" connection-state=new dst-port=500,1701,4500 \
    in-interface=E6-WAN1-Fritz!Box protocol=udp
add action=accept chain=input comment="VPN L2TP ESP" connection-state=new in-interface=E6-WAN1-Fritz!Box protocol=\
    ipsec-esp
add action=accept chain=input comment="VPN L2TP AH" disabled=yes protocol=ipsec-ah
add action=accept chain=input connection-state=established,related
add action=accept chain=input src-address=192.168.0.0/16
add action=drop chain=input log-prefix=Firewall-Drop-Log
add action=drop chain=forward dst-address=!192.168.0.0/16 src-address-list="Internet Drop"
add action=accept chain=forward dst-address=!192.168.0.0/16
add action=accept chain=forward connection-state=established,related
/ip firewall mangle
add action=accept chain=prerouting comment="Accept internal LAN" dst-address=192.168.0.0/16 src-address=\
    192.168.0.0/16
add action=mark-connection chain=output comment="Allow ROS -> WAN1" connection-mark=no-mark new-connection-mark=\
    WAN1-ROS passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1-ROS new-routing-mark=Main_Route passthrough=yes
add action=mark-connection chain=input comment="WAN -> MikroTik" connection-mark=no-mark in-interface=\
    E6-WAN1-Fritz!Box new-connection-mark=WAN1-ROS passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark in-interface=E7-WAN2-GigaCube new-connection-mark=\
    WAN2-ROS passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1-ROS new-routing-mark=Main_Route passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2-ROS new-routing-mark=Backup_Route passthrough=yes
add action=mark-connection chain=forward comment="WAN -> LAN" connection-mark=no-mark in-interface=\
    E6-WAN1-Fritz!Box new-connection-mark=WAN1-LAN passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark in-interface=E7-WAN2-GigaCube new-connection-mark=\
    WAN2-LAN passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1-LAN new-routing-mark=Main_Route passthrough=yes \
    src-address=192.168.0.0/16
add action=mark-routing chain=prerouting connection-mark=WAN2-LAN new-routing-mark=Backup_Route passthrough=yes \
    src-address=192.168.0.0/16
add action=mark-connection chain=prerouting comment="LAN -> WAN" connection-mark=no-mark dst-address=\
    !192.168.0.0/16 new-connection-mark=LAN-WAN passthrough=yes
add action=mark-routing chain=prerouting comment=WAN-Load_Balancing connection-mark=LAN-WAN new-routing-mark=\
    Main_Route passthrough=yes src-address=192.168.0.0/16
add action=mark-connection chain=prerouting comment="Sticky connections" connection-mark=LAN-WAN \
    new-connection-mark=Sticky_Main passthrough=yes routing-mark=Main_Route
add action=mark-connection chain=prerouting connection-mark=LAN-WAN new-connection-mark=Sticky_Backup passthrough=\
    yes routing-mark=Backup_Route
add action=mark-routing chain=prerouting connection-mark=Sticky_Main new-routing-mark=Main_Route passthrough=yes \
    src-address=192.168.0.0/16
add action=mark-routing chain=prerouting connection-mark=Sticky_Backup new-routing-mark=Backup_Route passthrough=\
    yes src-address=192.168.0.0/16
/ip firewall nat
add action=masquerade chain=srcnat out-interface=E6-WAN1-Fritz!Box
add action=masquerade chain=srcnat out-interface=E7-WAN2-GigaCube
I hope anybody can help. I have no idea what is the reason for this.

Best regards.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1298
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: ROS cant reach the internet, Local clients can

Fri Aug 16, 2019 12:21 am

Did not study config you posted, but will suggest you clean up the mangle rules, you have passthrough yes on all, and packets might change again with following mangle rule and results end up not as expected
MTCNA, MTCTCE, MTCRE & MTCINE

Who is online

Users browsing this forum: No registered users and 58 guests