Hi All
i have a problem when i try to open specific web site via mikrotik.
if i try to open it via normal router it opens.
this site is www.arabseed.com
the main site open but if you try to open any of it's link for example
http://www.arabseed.com/refresh-21886
it give me in internet explorer a blank page please mikrotik team help me to get rid of this error
i am using mikrotik 4.15 on pc with hotspot enableing cache
this problem is general problem not in just my mikrotik it is in all mikrotik you can test it in your routers
please help
Thanks
Re: problem with opening web site please help
Works perfectly fine for me here in the office behind a MikroTik. A router does not care what web site you are going to or what DNS name you have (baring configuring it to care with filtering traffic to certain IP addresses or using the proxy), it routes packets and doesn't care where they are headed. We will need your configuration to see if there is any problems with that.
Please post the results of the following commands in a code bracket.
Please post the results of the following commands in a code bracket.
Code: Select all
/ip firewall export
/ip route print detail
/ip proxy export
/ip hotspot export
Re: problem with opening web site please help
Thanks for replay
here is setting export what you asked for. kindly find it attahced
here is setting export what you asked for. kindly find it attahced
Last edited by stlony on Wed Dec 15, 2010 6:02 pm, edited 1 time in total.
Re: problem with opening web site please help
Code: Select all
/ip firewall export
# dec/15/2010 17:56:25 by RouterOS 4.15
# software id = W5EY-LHT9
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=5s tcp-close-timeout=5s \
tcp-close-wait-timeout=5s tcp-established-timeout=10m \
tcp-fin-wait-timeout=5s tcp-last-ack-timeout=5s tcp-syn-received-timeout=\
5s tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=5s \
udp-stream-timeout=3m udp-timeout=5s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=return chain=forward comment="Ping Replay Rule" disabled=no \
protocol=icmp
add action=accept chain=forward comment="Yoville Game" disabled=no dst-port=\
843 protocol=tcp
add action=accept chain=forward comment="" disabled=no dst-port=9339 \
protocol=tcp
add action=drop chain=forward comment="Block P2P Traffic" disabled=no p2p=\
all-p2p
add action=add-src-to-address-list address-list="ARP Users" \
address-list-timeout=0s chain=forward comment=\
"Add to Net Cut Address list" disabled=yes dst-address-type=unicast \
dst-port=137 protocol=udp src-address=10.10.10.0/24
/ip firewall mangle
add action=mark-packet chain=prerouting comment="Ping Rule" disabled=no \
new-packet-mark=Ping passthrough=yes protocol=icmp
add action=mark-packet chain=output comment="Cache Packets Rule" disabled=no \
dscp=4 new-packet-mark=Cache_Packets out-interface=LAN passthrough=no
/ip firewall nat
add action=accept chain=dstnat comment="Arab seed" disabled=no \
dst-address-list=Arabseed dst-port=80 protocol=tcp
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=10.10.10.0/23
add action=redirect chain=dstnat comment="Transparent Web Proxy Forward" \
disabled=no dst-port=80 protocol=tcp to-ports=8080
add action=dst-nat chain=dstnat comment="Samir RDP" disabled=no dst-address=\
10.0.0.1 dst-port=3389 protocol=tcp to-addresses=10.10.10.240
add action=netmap chain=srcnat comment="VPN Rule" disabled=no src-address=\
10.10.10.0/23 to-addresses=10.0.0.1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=yes
set sip disabled=no ports=5060,5061
set pptp disabled=yes
[Admin@MikroTik Maadi Server] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=10.0.0.138
gateway-status=10.0.0.138 reachable WAN distance=1 scope=255
target-scope=10
1 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=WAN
gateway-status=WAN reachable distance=0 scope=10
2 ADC dst-address=10.10.10.0/23 pref-src=10.10.10.250 gateway=LAN
gateway-status=LAN reachable distance=0 scope=10
[Admin@MikroTik Maadi Server] > /ip proxy export
# dec/15/2010 17:56:26 by RouterOS 4.15
# software id = W5EY-LHT9
#
/ip proxy
set always-from-cache=yes cache-administrator="" cache-hit-dscp=4 \
cache-on-disk=yes enabled=yes max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=1w max-server-connections=5000 \
parent-proxy=95.211.133.181 parent-proxy-port=80 port=8080 \
serialize-connections=no src-address=0.0.0.0
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" disabled=no \
dst-port=23-25
add action=deny comment="Deny access from WAN to Web Proxy " disabled=no \
src-address=!10.10.10.0/23
add action=deny comment="Block All Banners" disabled=no dst-host=\
*yieldmanager* redirect-to=img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*googlesyndication.com* \
redirect-to=img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*doubleclick.net* \
redirect-to=img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*megaclick.com* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*loading321.com* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*fe.brandreachsys.com* \
redirect-to=img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*.advertising.com* \
redirect-to=img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*at.atwola.com* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=\
*adserving.cpxinteractive.com* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*server.cpmstar.com* \
redirect-to=img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*adserver.adtech.de* \
redirect-to=img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*www.linkonlineworld.com* \
redirect-to=img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=*clk.atdmt.com* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=ads.*.com* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=ad.*.com* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=ads.*.net* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
add action=deny comment="" disabled=no dst-host=ad.*.net* redirect-to=\
img31.imageshack.us/img31/4692/88153829.jpg
/ip proxy cache
add action=deny comment="" disabled=no path=*.zip
add action=deny comment="" disabled=no path=*.rar
add action=deny comment="" disabled=yes path=*.mp3
add action=deny comment="" disabled=yes path=*.pdf
add action=deny comment="" disabled=no path=*.wav
add action=deny comment="" disabled=yes path=*.flv
add action=deny comment="" disabled=no path=*.iso
/ip proxy direct
add action=allow comment="" disabled=no dst-address=10.10.10.0/23
add action=allow comment="" disabled=no dst-host=*student.guc.edu.eg*
add action=allow comment="" disabled=no dst-host=www.google.com
add action=allow comment="" disabled=no dst-host=*www.yahoo.com*
add action=allow comment="" disabled=no dst-host=www.msn.com
[Admin@MikroTik Maadi Server] > /ip hotspot export
# dec/15/2010 17:56:29 by RouterOS 4.15
# software id = W5EY-LHT9
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
add dns-name=www.wi-fi-internet.com hotspot-address=10.10.10.250 \
html-directory=hotspot http-proxy=0.0.0.0:0 login-by=http-chap name=\
Hotspot_Profile rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=no
/ip hotspot
add address-pool=Hotspot_Pool addresses-per-mac=1 disabled=no idle-timeout=5m \
interface=LAN keepalive-timeout=none name=hotspot1 profile=\
Hotspot_Profile
/ip hotspot user profile
set default advertise=no idle-timeout=none keepalive-timeout=1m name=default \
open-status-page=http-login rate-limit=\
"128K/416K 2M/4M 128K/416K \t120/120" shared-users=1 status-autorefresh=\
10m transparent-proxy=yes
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot walled-garden
add action=allow comment="" disabled=no dst-host=www.tvquran.com
add action=allow comment="" disabled=no dst-host=www.islamway.com
add action=allow comment="" disabled=no dst-host=www.way2allah.com
add action=allow comment="" disabled=no dst-host=www.mazameer.com
add action=allow comment="" disabled=no dst-host=www.alheweny.org
add action=allow comment="" disabled=no dst-host=www.quranflash.com
add action=allow comment="" disabled=no dst-host=www.dorar.net
add action=allow comment="" disabled=yes dst-host=ia331410.us.archive.org
add action=allow comment="" disabled=no dst-host=www.archive.org
add action=allow comment="" disabled=yes dst-host=ia331411.us.archive.org
add action=allow comment="" disabled=no dst-host=*.us.archive.org
[Admin@MikroTik Maadi Server] >
Re: problem with opening web site please help
Well you have two things in your proxy rule that won't do anything there, they are better placed in the firewall filter:
The proxies only works for HTTP, not telnet or SMTP, so having those rules there is meaningless. Also I believe it will take fewer resources to block proxy requests from address you don't want in the firewall filter than in the proxy itself.
As for why you cannot access that website, I didn't see anything in your firewall to prevent it, so I'm guessing it's tied to the proxy itself. Try setting always-from-cache=yes to no, and test. If that doesn't work, disable the transparent proxy rule, and disable it in the hotspot profile and sign back in and see what happens. If it works then, re-enable the proxy and disable all of the deny rules, try again, if it works, enable the rules one by one until you run across the one causing your problem.
Code: Select all
add action=deny comment="block telnet & spam e-mail relaying" disabled=no \
dst-port=23-25
add action=deny comment="Deny access from WAN to Web Proxy " disabled=no \
src-address=!10.10.10.0/23
As for why you cannot access that website, I didn't see anything in your firewall to prevent it, so I'm guessing it's tied to the proxy itself. Try setting always-from-cache=yes to no, and test. If that doesn't work, disable the transparent proxy rule, and disable it in the hotspot profile and sign back in and see what happens. If it works then, re-enable the proxy and disable all of the deny rules, try again, if it works, enable the rules one by one until you run across the one causing your problem.
Re: problem with opening web site please help
This may be the problem.
If ether1 is not your wan interface, then change that.
Then remove the masquerade with the src-address.
It will masquerade your localnet, but when you go through the proxy, it is not masquerading the proxy server (127.0.0.1). At least that is what I have discovered.
Add this rule:/ip firewall nat
(snip)
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=10.10.10.0/23
Code: Select all
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1Then remove the masquerade with the src-address.
It will masquerade your localnet, but when you go through the proxy, it is not masquerading the proxy server (127.0.0.1). At least that is what I have discovered.
Re: problem with opening web site please help
thank you both for your replays
now i need to know why Mikrotik not opening this site while enabling proxy.
for solution i did found one (by putting site ip addresses before Proxy Rule in nat section and accept it) but it is not logical to do this for every site does not work
For this error i had fixed it but nothing changed it is the same.This may be the problem.Add this rule:/ip firewall nat
(snip)
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=10.10.10.0/23If ether1 is not your wan interface, then change that.Code: Select all/ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
Then remove the masquerade with the src-address.
It will masquerade your localnet, but when you go through the proxy, it is not masquerading the proxy server (127.0.0.1). At least that is what I have discovered.
i discovered that when i disable the proxy at all, the site works normally (i discover this after i tried working with proxy but disabling all rules and cache (also does not work)) please Feklar try to open this links with enabling proxy in Mikrotik you will find that it won't work as i did.Well you have two things in your proxy rule that won't do anything there, they are better placed in the firewall filter:
The proxies only works for HTTP, not telnet or SMTP, so having those rules there is meaningless. Also I believe it will take fewer resources to block proxy requests from address you don't want in the firewall filter than in the proxy itself.Code: Select alladd action=deny comment="block telnet & spam e-mail relaying" disabled=no \ dst-port=23-25 add action=deny comment="Deny access from WAN to Web Proxy " disabled=no \ src-address=!10.10.10.0/23
As for why you cannot access that website, I didn't see anything in your firewall to prevent it, so I'm guessing it's tied to the proxy itself. Try setting always-from-cache=yes to no, and test. If that doesn't work, disable the transparent proxy rule, and disable it in the hotspot profile and sign back in and see what happens. If it works then, re-enable the proxy and disable all of the deny rules, try again, if it works, enable the rules one by one until you run across the one causing your problem.
now i need to know why Mikrotik not opening this site while enabling proxy.
for solution i did found one (by putting site ip addresses before Proxy Rule in nat section and accept it) but it is not logical to do this for every site does not work
Re: problem with opening web site please help
Is the parent proxy working? Have you tired it without the parent proxy?
/ip proxy
set always-from-cache=yes cache-administrator="" cache-hit-dscp=4 \
cache-on-disk=yes enabled=yes max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=1w max-server-connections=5000 \
parent-proxy=95.211.133.181 parent-proxy-port=80 port=8080 \
serialize-connections=no src-address=0.0.0.0
Re: problem with opening web site please help
yes i did (i try with pure proxy setting (default also without cache))
also there is a strange thing happen with the parent proxy. parent proxy can not retrieve this link for me also (give me error from apache proxy server). it maybe a problem from the site but i think Mikrotik router need to solve this problem for such sites in web proxy.
also there is a strange thing happen with the parent proxy. parent proxy can not retrieve this link for me also (give me error from apache proxy server). it maybe a problem from the site but i think Mikrotik router need to solve this problem for such sites in web proxy.
Re: problem with opening web site please help
if parent proxy cannot open the page, neither will proxy in the RouterOS. Check if anything else is working properly, also note that RouterOS proxy works with HTTP and does NOT with HTTPS.
Re: problem with opening web site please help
There are challenges with the webpages also. This is the only code returned by http://www.arabseed.com/refresh-21886
The php code has challenges also. There are <html> and <head> tags in the document body. ??<meta http-equiv='refresh' content='0; url=http://forum.arabseed.com/showthread.php?p=857400'>
Re: problem with opening web site please help
This mean that mikrotik proxy does not suport this kind of pages??There are challenges with the webpages also. This is the only code returned by http://www.arabseed.com/refresh-21886The php code has challenges also. There are <html> and <head> tags in the document body. ??<meta http-equiv='refresh' content='0; url=http://forum.arabseed.com/showthread.php?p=857400'>
Re: problem with opening web site please help
Not only mikrotik. Most proxy servers face similar issues with such pages.This mean that mikrotik proxy does not suport this kind of pages??
Re: problem with opening web site please help
I don't use meta refresh to redirect because it is a bit unreliable. But I use this when I do:
Last I checked, the proxy won't cache dynamic pages. And that dynamic page is loaded with warnings and a couple errors, according to my Firefox error console.
Code: Select all
<html>
<head>
<meta http-equiv='refresh' content='0; url=http://forum.arabseed.com/showthread.php?p=857400'>
</head>
</html>Re: problem with opening web site please help
Then what i did is most good solution or there is best one??
for solution i did found one (by putting site ip addresses before Proxy Rule in nat section and accept it) but it is not logical to do this for every site does not work
Re: problem with opening web site please help
How many sites don't work besides the one you listed in your original post? How about http://www.yahoo.com? Or http://www.google.com? Do they work? They are both dynamic pages.
ADD: Have you tried going to the forum webpage direct without the meta refresh?
http://forum.arabseed.com/showthread.php?p=857400
ADD: Have you tried going to the forum webpage direct without the meta refresh?
http://forum.arabseed.com/showthread.php?p=857400
Re: problem with opening web site please help
I agree with you no doubt that Mikrotik is a very high performance server.How many sites don't work besides the one you listed in your original post? How about http://www.yahoo.com? Or http://www.google.com? Do they work? They are both dynamic pages.
but if the two sites is dynamic pages why mikrotik didn't open the one we have problem with? (sorry if i have weak knowledge for understanding the previous posts)
Re: problem with opening web site please help
Try going direct to the forum site. Does it work without the meta refresh page?
http://forum.arabseed.com/showthread.php?p=857400
http://forum.arabseed.com/showthread.php?p=857400
Re: problem with opening web site please help
No it did not work the same
i tried the same link you give me
http://forum.arabseed.com/showthread.php?p=857400
but the main site work
http://www.arabseed.com/
i tried the same link you give me
http://forum.arabseed.com/showthread.php?p=857400
but the main site work
http://www.arabseed.com/
Re: problem with opening web site please help
Try this:
And you are certain you are not blocking anything on that page with the proxy, by either domain name or file type? I noticed a Flash Player app running on that page.
You might try a simple php page in that same server.
Save as "test.php" on forum.arabseed.com website.
http://forum.arabseed.com/test.php
If it says "Test Page", then it must be something on your showthread.php page causing the fail.
Code: Select all
/ip proxy direct
add action=allow dst-host=forum.arabseed.comYou might try a simple php page in that same server.
Code: Select all
<html><body>Test Page</body></html>http://forum.arabseed.com/test.php
If it says "Test Page", then it must be something on your showthread.php page causing the fail.
Re: problem with opening web site please help
it didn't workTry this:And you are certain you are not blocking anything on that page with the proxy, by either domain name or file type? I noticed a Flash Player app running on that page.Code: Select all/ip proxy direct add action=allow dst-host=forum.arabseed.com
By try this rule before, i discovered that "/ip proxy direct" prevent site from going via parent proxy not to via Mikrotik proxy, even it did not count if you did not set a parent proxy
and for this i think i must be admin for this site to do this and i am not admin in itYou might try a simple php page in that same server.Save as "test.php" on forum.arabseed.com website.Code: Select all<html><body>Test Page</body></html>
http://forum.arabseed.com/test.php
If it says "Test Page", then it must be something on your showthread.php page causing the fail.
Re: problem with opening web site please help
Then unblock everything in your proxy. domain names, file types, and all. Then try it. If it works, start adding blocks back until it doesn't. It downloads a LOT of different pages, probably some you have blocked by wildcard domain names. I would suspect the "ad.*.com" and "ads.*.com" blocks. That site is almost nothing but ads. Watch the download bar at the bottom of your browser as the page loads.
That site has some challenges. It has a "Can't navigate away from this page" routine on the default page (http://forum.arabseed.com). I do not recommend going here. Lots and lots of ads. Minutes to download, and was still downloading ads when I finally had to abort the browser session.
That site has some challenges. It has a "Can't navigate away from this page" routine on the default page (http://forum.arabseed.com). I do not recommend going here. Lots and lots of ads. Minutes to download, and was still downloading ads when I finally had to abort the browser session.
Re: problem with opening web site please help
Really i am very thankful for your help
i tried to to open the site with a default proxy settings without any other rule it didn't work. i wonder that Feklar say that it is working with him via mikrotik but i am sure he test it via mikrotik without using mikrotik web-proxy just enable check box for web-proxy and find what happen, not working not just in my mikrotik but also in any mikrotik using web-proxy server.Then unblock everything in your proxy. domain names, file types, and all. Then try it. If it works, start adding blocks back until it doesn't. It downloads a LOT of different pages, probably some you have blocked by wildcard domain names. I would suspect the "ad.*.com" and "ads.*.com" blocks. That site is almost nothing but ads. Watch the download bar at the bottom of your browser as the page loads.
Re: problem with opening web site please help
You are correct. I cannot open that website (http://forum.arabseed.com) with the proxy enabled. That is the ONLY website I could not load from my extensive Favorites list. That includes PayPal and Authorize.net. Makes you wonder, doesn't it? 
Re: problem with opening web site please help
Correct, I didn't use the proxy at all to test. Also based off of your comment that it won't load for your parent proxy either (I'm assuming it's Squid or some other open source proxy), I'm guessing that particular web site just doesn't work for proxies. I don't have much experience with proxies, but my understanding is that you can program your web site in such a way that it will not service them when it detects them.
If that is the case, then your best solution would probably be to set up a NAT rule that will bypass the transparent proxy for that web sites IP address if it's popular enough for your end users, and keep adding sites to the list that have the problem as you come across them. The other thing you could do is contact support and see what they have to say about it.
If that is the case, then your best solution would probably be to set up a NAT rule that will bypass the transparent proxy for that web sites IP address if it's popular enough for your end users, and keep adding sites to the list that have the problem as you come across them. The other thing you could do is contact support and see what they have to say about it.
Re: problem with opening web site please help
Thanks for your efforts and help
Re: problem with opening web site please help
stlony:
let your rule in firewall nat be like this:
Then this forum will work. Just adjust to your proxy port.
Surfer Tim looks that you right about firewall masquerade
But rule which stlony using is generic rule which is generated when you making hotspot setup ...
I also have this rule
and change it ...
So this is be maybe some kind of fix for mikrotik team in the near future
?
let your rule in firewall nat be like this:
Code: Select all
/ip firewall nat>
add action=redirect chain=dstnat comment="transparent proxy - hotspot net" disabled=\
no dst-address=!173.236.99.211 dst-port=80 in-interface=hotspot protocol=tcp \
src-address=192.168.3.0/24 to-ports=3130Surfer Tim looks that you right about firewall masquerade
Code: Select all
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1I also have this rule
and change it ...So this is be maybe some kind of fix for mikrotik team in the near future
?Re: problem with opening web site please help
I cannot open that website ( http://www.dualmarket.info/) with the proxy http://www.dualmarket.info/
Re: problem with opening web site please help
Oh sh** really there is another site which can be opened via proxy ...
then make litle difrent kind of rules like this:
First add the problematic hosts to address list:
Then make nat rule to redirect all traffic to local proxy but not sites which is not cashable:
Of course adjust network, interface name and port to your local ...
Hallo guys from mikrotik ... ding dong ... is anybody home ? it is time to fix webproxy package
then make litle difrent kind of rules like this:
First add the problematic hosts to address list:
Code: Select all
/ip firewall address-list
add address=173.236.99.214 comment="" disabled=no list=non-proxy
add address=173.236.99.211 comment="" disabled=no list=non-proxy Code: Select all
/ip firewall nat
add action=redirect chain=dstnat comment="transparent proxy - hotspot net" disabled=no dst-address-list=!non-proxy dst-port=80 in-interface=hotspot protocol=tcp src-address=192.168.3.0/24 to-ports=3130Hallo guys from mikrotik ... ding dong ... is anybody home ? it is time to fix webproxy package
Re: problem with opening web site please help
Why these sites not cacheable?
Re: problem with opening web site please help
I am having the same problem,however i dont have proxy enabled. I tried plugging the internet cable from router directly into a computer and all websites load properly, and when i put it back into router some of them dont load again. What could be the issue ?
Re: problem with opening web site please help
I have RouterOS 6.18 and facing same issue. Yahoo and IPChicken.com doesn't load when I use VPN on Mikrotik
Re: problem with opening web site please help
Hello!
Did not want to open a new topic, so I found a similar topic with an issue that I'm facing right now.
The main problem is that I can not open certain home pages, like time[.]is, speedtest[.]net and some internet banks.
The problem started when I set up an EOIP tunnel and bridged together to LANs to use the same subnet.
As for the error, I have managed to find that It could be related to packet fragmentation, because as the bridge interface is UP, I start to get ICMP error msg's: output: in:(none) out:ether2, proto ICMP (type 3, code 4), WAN_IP->DST_IP, NAT (LAN_IP->WAN_IP)->DST_IP, len 576
As soon as I disable the bridge, everything is OK.
I tried to allow all the ICMP traffic on all the chains, but that did not seem to work. Tried to decrease the MTU, also that did not work. Tried to set up a NAT rule, that uses a bridge interface as an exit interface, not ether2 (WAN), also that did not work.
Did not want to open a new topic, so I found a similar topic with an issue that I'm facing right now.
The main problem is that I can not open certain home pages, like time[.]is, speedtest[.]net and some internet banks.
The problem started when I set up an EOIP tunnel and bridged together to LANs to use the same subnet.
As for the error, I have managed to find that It could be related to packet fragmentation, because as the bridge interface is UP, I start to get ICMP error msg's: output: in:(none) out:ether2, proto ICMP (type 3, code 4), WAN_IP->DST_IP, NAT (LAN_IP->WAN_IP)->DST_IP, len 576
As soon as I disable the bridge, everything is OK.
I tried to allow all the ICMP traffic on all the chains, but that did not seem to work. Tried to decrease the MTU, also that did not work. Tried to set up a NAT rule, that uses a bridge interface as an exit interface, not ether2 (WAN), also that did not work.
Re: problem with opening web site please help
I have found the solution........
The problem was "as always" that I forgot the MTU.
By default on CCR 1036-12G-4S with ROS v6.33.1 if you set up a EOIP tunnel, the L3 MTU drops to 1408. At this point it was set automatic and I did not bother to change it.
After I got problems, as mentioned above, I started to TSHOOT it by changing the MTU. The web pages started to work at 1500 of MTU on EOIP tunnel interfaces. I did not change the physical ETHER interface MTU, just the virtual EOIP.
At the monemt I have set up on both sides of eoip-tun a MTU of size 1542.
Please explain me which is the correct size of MTU for EOIP tunnel?