Community discussions

MikroTik App
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Part of my network does not have access to google.com

Mon Nov 11, 2024 12:56 am

Hi friends. I have an hotel, due to shortages in network technicians i decided to do it my self. The problem is that i already have a network set, and what the guy i paid did is what confuses me, while exploring some vpn features both wireguard and back to home i triggered something that make, as long as i know, two of my routers unable to access google.com. While trying to solve this issue I made them with no internet access at all, there are some pppoe configurations that i still don't understand and my guests are complaining, maybe you could help me, i will share my export
# 2024-11-10 20:52:05 by RouterOS 7.16.1
# software id = DW5L-9VCS
#
# model = RB4011iGS+
# serial number = HEC08YZ3AXE
/interface bridge
add comment="#PPPOE SERVER#" name=bridge1 port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] comment="#LINK CLARO#"
set [ find default-name=ether2 ] comment=\
    "#BRIDGE PPPOE CAM 2,3,4,5# #UPLINK FIBRA 1GB FUNDOS #Lucas BLOCO 4"
set [ find default-name=ether3 ] comment=\
    "#UPLINK FIBRA 1GB RESTAURANTE # Bloco 3"
set [ find default-name=ether4 ] comment=\
    "#UPLINK CBO UTP 100MB RESTAURANTE #"
set [ find default-name=ether5 ] comment="# NVD INTELBRAS #"
set [ find default-name=ether6 ] comment="\?\?Uplink app 311\?\?"
set [ find default-name=ether8 ] comment="Cip 850"
set [ find default-name=ether9 ] comment="Ramal Recep\E7\E3o"
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1-PPOE ranges=100.64.1.2-100.64.1.254
add name=pool2-Cameras ranges=172.16.20.70-172.16.20.100
add name=dhcp_pool2 ranges=172.16.20.70-172.16.20.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp_pool2 interface=bridge1 lease-time=1d10m name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8,1.1.1.1 local-address=100.64.1.1 \
    name=SERVER-PPPOE remote-address=pool1-PPOE
add local-address=100.64.1.1 name=plano_100MB rate-limit=100m/100m \
    remote-address=pool1-PPOE
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge1 interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether6 internal-path-cost=10 path-cost=10
add bridge=bridge1 comment="#RAMAL 9 RECEPCAO ##" interface=ether7 \
    internal-path-cost=10 path-cost=10
add bridge=bridge1 comment="##CIP 850 ##" interface=ether8 \
    internal-path-cost=10 path-cost=10
add bridge=bridge1 comment="#RAMAL 9 RECEPCAO ##" interface=ether9 \
    internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set enabled=yes loose-tcp-tracking=no udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/interface pppoe-server server
add authentication=chap,mschap1,mschap2 default-profile=SERVER-PPPOE \
    disabled=no interface=bridge1 max-mru=1480 max-mtu=1480 service-name=\
    PPPOE_SERVER
/ip address
add address=172.16.20.1/24 interface=bridge1 network=172.16.20.0
add address=172.16.20.61/8 interface=bridge1 network=172.0.0.0
add address=192.168.100.85/24 interface=bridge1 network=192.168.100.0
/ip cloud
set ddns-update-interval=1m
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=172.16.20.2 client-id=1:80:8f:e8:a3:5e:ee comment=NVD \
    mac-address=80:8F:E8:A3:5E:EE server=dhcp1
add address=172.16.20.3 client-id=1:48:51:cf:5e:4f:79 comment="CAM 01" \
    mac-address=48:51:CF:5E:4F:79 server=dhcp1
add address=172.16.20.4 client-id=1:48:51:cf:5e:4f:a3 comment="CAM 02" \
    mac-address=48:51:CF:5E:4F:A3 server=dhcp1
add address=172.16.20.35 client-id=1:68:ff:7b:cb:3:d3 comment=\
    "TP-LINK RADIO EXTERNO" mac-address=68:FF:7B:CB:03:D3 server=dhcp1
add address=172.16.20.5 client-id=1:48:51:cf:57:31:7 comment="CAM 05 IM5 S" \
    mac-address=48:51:CF:57:31:07 server=dhcp1
add address=172.16.20.6 client-id=1:18:d:2c:85:a7:2b comment=\
    "CAMERA RECEPCAO" mac-address=18:0D:2C:85:A7:2B server=dhcp1
add address=172.16.20.8 client-id=1:18:d:2c:85:a7:31 comment=\
    "CAMERA MIBO RESTAURANTE" mac-address=18:0D:2C:85:A7:31 server=dhcp1
add address=172.16.20.39 client-id=1:d8:77:8b:57:c:4 comment=\
    "RADIO INTELBRAS RESTAURANTE" mac-address=D8:77:8B:57:0C:04 server=dhcp1
add address=172.16.20.9 client-id=1:48:51:cf:45:77:c6 comment=\
    "camera recepcao" mac-address=48:51:CF:45:77:C6 server=dhcp1
add address=172.16.20.10 client-id=1:48:51:cf:7f:9b:ec comment="CAMERA  06" \
    mac-address=48:51:CF:7F:9B:EC server=dhcp1
add address=172.16.20.11 client-id=1:48:51:cf:5e:5b:e0 comment="CAM 07" \
    mac-address=48:51:CF:5E:5B:E0 server=dhcp1
add address=172.16.20.67 client-id=1:30:e1:f1:40:37:7d comment="CAM PARK" \
    mac-address=30:E1:F1:40:37:7D server=dhcp1
/ip dhcp-server network
add address=172.16.20.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=172.16.20.1
/ip dns
set servers=8.8.8.8,8.8.6.6,1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set show-dummy-rule=no
/ppp secret
add name=401 profile=SERVER-PPPOE service=pppoe
add name=kiko profile=plano_100MB service=pppoe
add name=402 profile=SERVER-PPPOE service=pppoe
add name=411 profile=SERVER-PPPOE service=pppoe
add name=412 profile=SERVER-PPPOE service=pppoe
add name=413 profile=SERVER-PPPOE service=pppoe
add name=414 profile=SERVER-PPPOE service=pppoe
add name=421 profile=SERVER-PPPOE service=pppoe
add name=301 profile=SERVER-PPPOE service=pppoe
add name=311 profile=SERVER-PPPOE service=pppoe
add name=312 profile=SERVER-PPPOE service=pppoe
add name=radio01 profile=SERVER-PPPOE service=pppoe
add name=radio02 profile=SERVER-PPPOE service=pppoe
add name=radio03 profile=SERVER-PPPOE service=pppoe
add name=radio04 profile=SERVER-PPPOE service=pppoe
add name=radio05 profile=SERVER-PPPOE service=pppoe
add name=radio06 profile=SERVER-PPPOE service=pppoe
add name=radio07 profile=SERVER-PPPOE service=pppoe
add name=radio08 profile=SERVER-PPPOE service=pppoe
add name=radio09 profile=SERVER-PPPOE service=pppoe
add name=radio10 profile=SERVER-PPPOE service=pppoe
add name=radio11 profile=SERVER-PPPOE service=pppoe
add name=radio12 profile=SERVER-PPPOE service=pppoe
add name=radio13 profile=SERVER-PPPOE service=pppoe
add name=radio14 profile=SERVER-PPPOE service=pppoe
add name=313 profile=SERVER-PPPOE service=pppoe
add name=314 profile=SERVER-PPPOE service=pppoe
add name=315 profile=SERVER-PPPOE service=pppoe
add name=316 profile=SERVER-PPPOE service=pppoe
add name=vpn
/system identity
set name=COQUILE
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
It was to early to try mikrotik but i totally unexpected that it would happen i hope it is something very obvious and you could help me, regards from Brazil!!
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 12:43 pm

Did u check for any IP conflicts?
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 1:48 pm

Thank you for reply, How exactly I check this? And I found that ether2 and 3 does not have access and the routers connected on the switches tha are connected on those interfaces.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 2:34 pm

Thank you for reply, How exactly I check this? And I found that ether2 and 3 does not have access and the routers connected on the switches tha are connected on those interfaces.
Check in DHCP server > leases
Check in PPP > Active Connections

Also you have
/ip dns
set servers=8.8.8.8,8.8.6.6,1.1.1.1

8.8.6.6 ?

Googles DNS is 8.8.8.8 and 8.8.4.4
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 2:41 pm

The network config does not look very good, everything is on the same bridge.
Have you got any backup scripts of the router before you made the changes that messed it up?
 
erlinden
Forum Guru
Forum Guru
Posts: 2583
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 2:49 pm

Can you supply a network diagram with all devices involved?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12522
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 2:53 pm

The network config does not look very good, everything is on the same bridge.
Have you got any backup scripts of the router before you made the changes that messed it up?
Probably not, the ABCs of "Do it yourself" always skip lesson 1:
Before you get your hands on something, always make sure you can restore it to the way it was first.
Last edited by rextended on Mon Nov 11, 2024 2:55 pm, edited 1 time in total.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6605
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 2:55 pm

The network config does not look very good, everything is on the same bridge.
FWIW that is in most cases the advised way to setup things.
One bridge only.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12522
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 2:56 pm

The network config does not look very good, everything is on the same bridge.
FWIW that is in most cases the advised way to setup things.
One bridge only.

But not pppoe-server line on same bridge with LAN....
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21732
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 3:15 pm

Since you are running a business and actually want people to stay at your hotel..........surprized patrons havent burned it to the ground yet........ there is no shortage of help actually and the sort that can log into the router and assist live.

https://mikrotik.com/consultants
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 7:04 pm

Thank you for reply, How exactly I check this? And I found that ether2 and 3 does not have access and the routers connected on the switches tha are connected on those interfaces.
Check in DHCP server > leases
Check in PPP > Active Connections

Also you have
/ip dns
set servers=8.8.8.8,8.8.6.6,1.1.1.1

8.8.6.6 ?

Googles DNS is 8.8.8.8 and 8.8.4.4
That was my mistake 8.8,6.6 it had no DNS servers at all only the dynamic one, I thought that was the problem so I added 8.8.8.8 and the wrong 8.8.6.6.
I Indeed don't have a backup script my bad, I clicked on save as on top left and I didn't realized till I tried to load that it was just a interface save, 😕.
The only thing I did was create an wireguard interface, add a peer, then I realized that it didn't worked because my IP wasnt public, the I tried to setup a backtohome wireguard, I made all the steps and added my Smartphone through the qr code, then I left the office and tried to connect to internet on one of the rooms and there was no signal. I rapidly deleted all configurations that I made, but it didn't help, it was already on a mono bridge. I will try to explain the network diagram
Eth 1 isp
Eth 2 converts to fiber than it reconvertsnto Ethernet on the building 3 and 2, it goes to one switch, that goes to another two switches, then routers and cameras are connected to those.
Eth 3 the same as eth 2 but it goes to building 4
Eth 4 is the same but it does not go through fiber and provide access to building 1
Eth 5 is the office lan
The other ether are things like nvd the reception switch and the voip central.
I will check the IPS on leases and ppp and provide more info in a moment.
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 8:03 pm

Thank you for reply, How exactly I check this? And I found that ether2 and 3 does not have access and the routers connected on the switches tha are connected on those interfaces.
Check in DHCP server > leases
Check in PPP > Active Connections

Also you have
/ip dns
set servers=8.8.8.8,8.8.6.6,1.1.1.1

8.8.6.6 ?

Googles DNS is 8.8.8.8 and 8.8.4.4
I checked for duplicity and it does not have, on ppp side i noted that there are only 5 pppoe connections active, is that a problem? I still does not understand how pppoe works, but i know that which pppoe represents a router.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 8:30 pm

"5 pppoe connections active"

Do any of the IP's these clients have look duplicated or the same, ignore the gateway IP?
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 8:49 pm

"5 pppoe connections active"

Do any of the IP's these clients have look duplicated or the same, ignore the gateway IP?
I looked in active connections and the ips are xxx.xxx.xxx.250, .251, .252, .253, .254, so everything is ok. I connected my pc on the ether4 port and can't connect to internet, i was afraid there was some misconfiguration on the router used as access point in the restaurant, and i flagged this
https://ibb.co/yQKPw1m
when i disconnect my pc from the working wifi i receives a lot of packages from dns but i cant respond them.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 9:18 pm

set [ find default-name=ether4 ] comment= "#UPLINK CBO UTP 100MB RESTAURANTE #"

You connect to ether4 and have no internet, is your PC not getting an IP from the DHCP server?
Is there any errors in the log?
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 9:23 pm

set [ find default-name=ether4 ] comment= "#UPLINK CBO UTP 100MB RESTAURANTE #"

You connect to ether4 and have no internet, is your PC not getting an IP from the DHCP server?
No actually ether4 is configured as static ip 172.16.20.69, the dhcp pool starts after 172.16.20.70-254.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 9:29 pm

set [ find default-name=ether4 ] comment= "#UPLINK CBO UTP 100MB RESTAURANTE #"

You connect to ether4 and have no internet, is your PC not getting an IP from the DHCP server?
No actually ether4 is configured as static ip 172.16.20.69, the dhcp pool starts after 172.16.20.70-254.
"I connected my pc on the ether4 port and can't connect to internet"

Did you give your PC a static and then connect, check the current list of devices static IP's before you set it
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 9:36 pm

It seems that my mikrotik does not have connection, part of the hotel have internet because it connected by the modem switch, that is other thing that the guy who make the internet did, when i ping 8.8.8.8 or 1.1.1.1 from the terminal i get that the host is unreachable past 192.168.100.85 which is my local network ip shown at quick set. Any clue of what it means??
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 9:45 pm

Can you post a picture of your IP Routes > Routes List
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 9:57 pm

Can you post a picture of your IP Routes > Routes List
Here it is https://ibb.co/TqJN9bk
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 10:06 pm

192.168.100.85 is the mikrotik router IP that your ISP modem is handing out to it. Looking @ your route list u can see 192.168.100.0/24 ether1 and bridge1

The dhcp client should be on ether1 since that is the WAN port connect to the modem and ether1 should be removed from the bridge1


Can you post a picture of IP>Address >Address List?
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 10:20 pm

192.168.100.85 is the mikrotik router IP that your ISP modem is handing out to it. Looking @ your route list u can see 192.168.100.0/24 ether1 and bridge1

The dhcp client should be on ether1 since that is the WAN port connect to the modem and ether1 should be removed from the bridge1


Can you post a picture of IP>Address >Address List?
Here https://ibb.co/ZXJWbZv I added a dns on ip>dns and now i can ping google, before i only had this 181.213.132.2 dynamic server, my dhcp client also uses this server maybe the problem is this?
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 10:23 pm

Disable address 192.168.100.85/24 on bridge1 inside the address list
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 10:31 pm

Disable address 192.168.100.85/24 on bridge1 inside the address list
Interesting i can connect to internet, i can ping 8.8.8.8 but i cant connect to www.google.com
Pinging www.google.com [172.217.29.196] with 32 bytes of data:
Reply from 172.16.20.1: Destination host unreachable.
Reply from 172.16.20.1: Destination host unreachable.
Reply from 172.16.20.1: Destination host unreachable.
Reply from 172.16.20.1: Destination host unreachable.
i'm doing through my pc
[SORIANO@COQUILE] > tool/traceroute www.google.com
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV, STATUS
#  ADDRESS      LOSS  SENT  LAST     AVG    BEST  WORST  STD-DEV  STATUS                           
1               100%    10  timeout                                                                
2               100%    10  timeout                                                                
3               100%     9  timeout                                                                
4  172.16.20.1  0%       9  115.3ms  116.7   107  125.5  5.3      host unreachable from 172.16.20.1
5               0%       0  0ms                                                                    
-- [Q quit|D dump|C-z pause]
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 10:44 pm

On your PC can you run command prompt and type into command prompt ipconfig /all

Check and see what DNS servers appear on the list displayed
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 10:53 pm

On your PC can you run command prompt and type into command prompt ipconfig /all

Check and see what DNS servers appear on the list displayed
DNS Servers . . . . . . . . . . . : 8.8.8.8
1.1.1.1
I was wondering, i tried to setup a failover configuration before all begins, and for some minutes i did not have setted a srcnat masquerade on the right port, is it possible that i have been invaded and the dns server to google has been changed by a malicious one, because when i try to connect to google.com conection not secure appears.
This is my ping for google
Pinging www.google.com [172.217.29.196] with 32 bytes of data:
Reply from 172.16.20.1: Destination host unreachable.
Reply from 172.16.20.1: Destination host unreachable.
Reply from 172.16.20.1: Destination host unreachable.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 11:15 pm

I don't see any failover script or setup in the config export, the mikrotik is behind another router that likely has a firewall on it.
If you used googles dns as test for failover, this could be the issue.

Have you tried removing googles dns and just accept the dns from the ISP



ether1 is listed as WAN
bridge1 is LAN

You can remove
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

and add
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12522
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 11:28 pm

two of my routers unable to access google.com

Show the other working router configuration...

If the router is never powered down still press "undo"... :lol: :lol: :lol: (no jokes)

Greetings to Ubatuba.
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 11:37 pm

ooo
Last edited by C4rvalho on Tue Nov 12, 2024 12:29 am, edited 1 time in total.
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 11:42 pm

two of my routers unable to access google.com

Show the other working router configuration...

If the router is never powered down still press "undo"... :lol: :lol: :lol:

Greetings to Ubatuba.
I realized that all my routers didnt have access to internet, at least the ones that were controlled by mikrotik, the network tech that made my network didnt centralize the whole network in the mikrotik and there are a lot of scatered routers connected directly in the modem. And the routers that i'm talking about are in reality soho routers used as access point, those arent mikrotik stuff. And greetings from here, Someday I will tourist in Italy :)
Last edited by C4rvalho on Tue Nov 12, 2024 12:32 am, edited 1 time in total.
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Mon Nov 11, 2024 11:47 pm

I don't see any failover script or setup in the config export, the mikrotik is behind another router that likely has a firewall on it.
If you used googles dns as test for failover, this could be the issue.

Have you tried removing googles dns and just accept the dns from the ISP



ether1 is listed as WAN
bridge1 is LAN

You can remove
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

and add
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
I just began to setup, and by that i mean i connected the other isp on eth10 and i took like 15 min to realise i needes the src masquerade, i heard that there are botfarms and all, thats why I'm afraid.
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Tue Nov 12, 2024 12:28 am

I don't see any failover script or setup in the config export, the mikrotik is behind another router that likely has a firewall on it.
If you used googles dns as test for failover, this could be the issue.

Have you tried removing googles dns and just accept the dns from the ISP



ether1 is listed as WAN
bridge1 is LAN

You can remove
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

and add
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
I added the firewall rule and deleted the other, i removed google dns from ip>dns and nothing changed, In ipconfig /all dns still 8.8.8.8 1.1.1.1, i need to change the dns server from the dhcp too?
I tracerouted www.google.com through terminal and i get there, now i just need to make my pc get, because it still don't.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Tue Nov 12, 2024 12:55 am

Yes remove from dhcp then flush pc using command prompt command ipconfig /release then ipconfig /renew

You might have to reboot router as you set long lease times on that dhcp
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Tue Nov 12, 2024 1:06 am

Yes remove from dhcp then flush pc using command prompt command ipconfig /release then ipconfig /renew

You might have to reboot router as you set long lease times on that dhcp
So progress have been made, i can access google just fine with the cable plugged on my pc, but my router that is the access point seems to be in other network it's ip is 10.0.0.123 i cant't ping it too, why is that so? Does pppoe have something to do? And thank you for your time helping me!
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Tue Nov 12, 2024 1:13 am

How is the device getting that IP address?
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Tue Nov 12, 2024 1:20 am

How is the device getting that IP address?
I cant access it from routeros, I went there and connected with my phone and saw the ip, the guy that installed the network also sent a excel explaining that he setted a network for the routers/access points and that network is the 10.0.0.1/24. But there is nothing like that in the routerOS, thats what confuses me.
Here is the excel
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Tue Nov 12, 2024 1:23 am

Give your pc a static IP within that subnet say 10.0.0.184 with gateway 10.0.0.1 and see if you can reach it using the PC
 
C4rvalho
just joined
Topic Author
Posts: 18
Joined: Mon Nov 11, 2024 12:36 am

Re: Part of my network does not have access to google.com

Tue Nov 12, 2024 1:43 am

Give your pc a static IP within that subnet say 10.0.0.184 with gateway 10.0.0.1 and see if you can reach it using the PC
I can't connect, sorry disabled the ethernet driver by mistake, i can ping 10.0.0.1, but i cant ping 10.0.0.123.
I torched ether 4 that is where the router is and i got that 10.0.0.123 ip https://ibb.co/92WTXcC
edit: Today I checked the wifi and it is working in the right network .172.16.20.1, using the right ddns provided by the isp, I can access internet , but cant access www.google.com :(
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: Part of my network does not have access to google.com

Wed Nov 13, 2024 11:23 am

Give your pc a static IP within that subnet say 10.0.0.184 with gateway 10.0.0.1 and see if you can reach it using the PC
I can't connect, sorry disabled the ethernet driver by mistake, i can ping 10.0.0.1, but i cant ping 10.0.0.123.
I torched ether 4 that is where the router is and i got that 10.0.0.123 ip https://ibb.co/92WTXcC
edit: Today I checked the wifi and it is working in the right network .172.16.20.1, using the right ddns provided by the isp, I can access internet , but cant access www.google.com :(
Can you run a traceroute on PC
press and hold windows key and r
type cmd in run
type tracert www.google.com in command prompt

Who is online

Users browsing this forum: No registered users and 17 guests