Community discussions

 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

New RB450G☓4 Breaks Google and its Services (Solved)

Wed Aug 21, 2019 11:25 pm

So, my new RB450Gx4 went into production last night/early this morning and now Google, Google Play, and Gmail breaks...not understanding what's happening. My IP > Settings are the same and exact as the original RB450G that the new router replaced...see the image below. Firewall is default just as the older one. The issue seems to be when Google redirects to hhtps://accounts.google.com for the login screen or when searching, https://www.google.com...It's puzzling! Even strangely, YouTube gets through!
Screen Shot 2019-08-21 at 3.00.42 PM.png
You do not have the required permissions to view the files attached to this post.
Last edited by Nollitik on Fri Aug 23, 2019 7:10 pm, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 4627
Joined: Mon Apr 20, 2009 9:11 pm

Re: New RB450G☓4 Breaks Google and its Services

Thu Aug 22, 2019 12:17 am

Try to stretch "breaks" a little, into few sentences maybe... There's lot of ways how something can break, it would be good to understand what exactly is happening here. Try to describe it in a way that someone who doesn't see it can understand.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
anav
Forum Guru
Forum Guru
Posts: 2967
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: New RB450G☓4 Breaks Google and its Services

Thu Aug 22, 2019 4:56 pm

Posting part of settings is not all that helpful.
/export config hide-sensitive file=yourconfigaug22
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 6:06 am

Posting part of settings is not all that helpful.
/export config hide-sensitive file=yourconfigaug22
What am I doing wrong...see image below!
Screen Shot 2019-08-22 at 10.02.49 PM.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 6:19 am

Try to stretch "breaks" a little, into few sentences maybe... There's lot of ways how something can break, it would be good to understand what exactly is happening here. Try to describe it in a way that someone who doesn't see it can understand.
What I am saying is the original RB450G with the same exact routerOS with the same default firewall and the IP > Settings as shown above did not block google.com or gmail.google.com or Google play, etc.
Whereas the new RB450Gx4 with the same exact routerOS with the same default firewall and the same IP > Settings as shown above blocked those sties.
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 7:55 am

Posting part of settings is not all that helpful.
/export config hide-sensitive file=yourconfigaug22
What am I doing wrong...see image below!

Screen Shot 2019-08-22 at 10.02.49 PM.png
Delete the word "config"
In other words: /export hide-sensitive file=your-config-22-Aug
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1302
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 8:13 am

Or just
/export hide-sensitive 
Copy/Past result here.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 6:15 pm

Or just
/export hide-sensitive
Copy/Past result here.
Last night, I switched router back to the old and was able to visit google.com as well as gmail just to confirm. Here is the result from the new RB450x4


[Nolli@MikroTik] > /export hide-sensitive

# aug/23/2019 10:09:03 by RouterOS 6.45.3

# software id = 33B2-XGBT

#

# model = RB450Gx4

# serial number = ADBA0ACE537B

/interface bridge

add admin-mac=74:4D:28:21:60:52 auto-mac=no comment=defconf name=bridge

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip pool

add name=dhcp ranges=10.0.8.9-10.0.8.254

add name=pool1 ranges=172.17.9.45-172.17.9.54

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge lease-time=3d10m name=defconf

add address-pool=pool1 disabled=no interface=ether5 lease-time=3d10m name=server1

/interface bridge port

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=ether1 list=WAN

/ip address

add address=10.0.8.1/24 comment=defconf interface=ether2 network=10.0.8.0

add address=172.17.9.9/8 interface=ether2 network=172.0.0.0

/ip dhcp-client

add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1

/ip dhcp-server network

add address=10.0.8.0/24 comment=defconf gateway=10.0.8.1 netmask=24

add address=172.17.9.9/32 dns-server=172.17.9.9,192.168.1.1 gateway=172.17.9.9 netmask=24

/ip dns

set allow-remote-requests=yes servers=10.0.8.1

/ip dns static

add address=172.17.9.9 comment=defconf name=router.lan

/ip firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/system clock

set time-zone-name=America/Chicago

/system ntp client

set enabled=yes primary-ntp=193.29.63.150 secondary-ntp=204.2.134.163

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN

[Nolli@MikroTik] >

These are the two problems I see so far:
add address=172.17.9.9/8 interface=ether2 network=172.0.0.0
add address=172.17.9.9 comment=defconf name=router.lan
 
whatever
Member Candidate
Member Candidate
Posts: 100
Joined: Thu Jun 21, 2018 9:29 pm

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 6:27 pm

Your IP addresses are both assigned to ether2 which is part of the bridge, you probably meant to assign them to bride and ether5, like your dhcp servers.

Edit: 172.0.0.0/8 is not a private ip range!!! Don't use it on your LAN. Your configured netmask fucks up routing to any public 172.x.y.z IP.
 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 6:51 pm

Your IP addresses are both assigned to ether2 which is part of the bridge, you probably meant to assign them to bride and ether5, like your dhcp servers.

Edit: 172.0.0.0/8 is not a private ip range!!! Don't use it on your LAN. Your configured netmask fucks up routing to any public 172.x.y.z IP.
Yes, I just fixed it to ether5; however, when I set network address of ether5 to 172.17.9.0, the router switched it back to 172.0.0.0 which is not a private network...why?
Also, I didn't configured the netmask...the router did...ether5 is my guest network and I really only wanted a pool of eight addresses but the router wouldn't. So, I just accepted what the router did which is 172.17.9.45-172.17.9.54.
 
Sob
Forum Guru
Forum Guru
Posts: 4627
Joined: Mon Apr 20, 2009 9:11 pm

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 6:55 pm

You need to fix the mask, because it explains your problem, quite a few of Google's networks are in 172.0.0.0/8.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 7:09 pm

Okay, I fixed it...all is well!
Screen Shot 2019-08-23 at 11.05.58 AM.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Nollitik
Member Candidate
Member Candidate
Topic Author
Posts: 211
Joined: Tue Dec 07, 2010 8:16 am

Re: New RB450G☓4 Breaks Google and its Services

Fri Aug 23, 2019 7:13 pm

You need to fix the mask, because it explains your problem, quite a few of Google's networks are in 172.0.0.0/8.
Oh, now wonder...thank you for sharing!
 
anav
Forum Guru
Forum Guru
Posts: 2967
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: New RB450G☓4 Breaks Google and its Services (Solved)

Sat Aug 24, 2019 12:05 am

My apologies for writing the export command incorrectly.
You are in charge of the router, whip that netmask into shape!!!
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: Baidu [Spider] and 112 guests