Community discussions

MikroTik App
 
xerorbattler
just joined
Topic Author
Posts: 1
Joined: Thu Oct 21, 2021 4:46 pm

RouterOS drops devices very often

Thu Oct 21, 2021 6:07 pm

Hello there, I bought Mikrotik hAP ac³ with RouterOS about month ago. I tried (with some help) setup my home network and it just barely works. So could anyone please help me?
My current network layout is displayed in image bellow:
current_setup.png
I am connected to provider router placed in shared space of apartment building. Provider uses MAC to IP mapping. Cable leads to my entrance room where is connected do SG108 switch and from switch there are wires to each room (some rooms are not displayed on image). I have small home server (game server for few friends, web server, teamspeak server and ftp server) which requires public IP address. I recently bought a console and I figured out that I need public IP for that console too (because of online play hosting). Provider won't give me another public IP so my decision was to buy some sort of router, finally I decided for Mikrotik which I hoped to be central point of my home network (wished setup is on the end of the post).

Now I have big connectivity issues with hAP ac³ on my current setup. Mikrotik stops to service devices inside of its NAT network. As you can see screen from uptimerobot which is trying to connect to my server. My TeamSpeak server drops clients every minute or so. Same for game servers.
connectivity.png
.
It works fine when server is connected directly to SG108 switch, but I need to use public IP for two devices. I presume some gravely mistake in configuration which follows:

[attachment=1]# oct/21/2021 14:51:07 by RouterOS 6.48.4
# software id = BXZN-H9JY
#
# model = RBD53iG-5HacD2HnD
# serial number = E7290D8486EE
/interface bridge
add admin-mac=08:55:31:F9:82:85 auto-mac=no comment=defconf fast-forward=no \
    name=local protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
    g-xerorbattler2-wifi wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
    mode=ap-bridge ssid=g-xerorbattler2-wifi-5g wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] loop-protect-disable-time=2m name=\
    ether1-PilsFree
set [ find default-name=ether2 ] loop-protect-disable-time=2m
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=local lease-time=1h name=defconf
/dude
set enabled=yes
/interface bridge port
add bridge=local comment=defconf interface=ether2
add bridge=local comment=defconf interface=ether3
add bridge=local comment=defconf interface=ether4
add bridge=local comment=defconf interface=ether5
add bridge=local comment=defconf interface=wlan1
add bridge=local comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=local list=LAN
add comment=defconf interface=ether1-PilsFree list=WAN
/ip address
add address=192.168.0.1/24 comment=defconf interface=local network=\
    192.168.0.0
add address=10.78.170.42/8 comment="public ip" interface=ether1-PilsFree \
    network=10.0.0.0
add address=10.78.170.61/8 comment="non public ip" disabled=yes interface=\
    ether1-PilsFree network=10.0.0.0
/ip dhcp-client
add comment=defconf interface=ether1-PilsFree
/ip dhcp-server config
set store-leases-disk=immediately
/ip dhcp-server lease
add address=192.168.0.254 client-id=1:0:1f:c6:9c:e:76 mac-address=\
    00:1F:C6:9C:0E:76 server=defconf
add address=192.168.0.252 client-id=00:e4:21:29:f6:94 comment=PS5 disabled=\
    yes mac-address=00:E4:21:1B:D9:FA server=defconf
add address=192.168.0.251 client-id=1:94:db:56:e3:a8:22 mac-address=\
    94:DB:56:E3:A8:22 server=defconf
add address=192.168.0.252 client-id=1:0:e4:21:29:f6:94 comment=ps5 \
    mac-address=00:E4:21:29:F6:94 server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
/ip dns
set servers=10.78.170.1,8.8.4.4,8.8.8.8
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
/ip firewall filter
add action=drop chain=input dst-port=53 protocol=udp
add action=drop chain=input dst-port=53 protocol=tcp
add action=accept chain=forward comment=web dst-port=80 protocol=tcp
add action=accept chain=forward comment="web https" dst-port=443 protocol=tcp
add action=accept chain=forward comment="SQL Server" dst-port=1433 protocol=\
    tcp src-address-list=10.78.170.46,10.111.219.97,10.78.170.41
add action=accept chain=forward comment=rdp dst-port=3389 protocol=tcp \
    src-address-list=10.78.170.46,10.111.219.97,10.78.170.41
add action=accept chain=forward comment="rdp (remote)" dst-port=38000 \
    protocol=tcp
add action=accept chain=forward comment=teamspeak disabled=yes dst-port=9987 \
    protocol=tcp
add action=accept chain=forward comment=teamspeak dst-port=9987 protocol=udp
add action=accept chain=forward comment=teamspeak dst-port=30033 protocol=tcp
add action=accept chain=forward comment=ps5 dst-port=1935,3478-3480,5223 \
    protocol=tcp
add action=accept chain=forward comment=ps5 dst-port=3074,3478-3479,3658,5223 \
    protocol=udp
add action=accept chain=forward comment=ftp disabled=yes dst-port=1313 \
    protocol=tcp
add action=accept chain=input comment=Winbox disabled=yes dst-port=8291 \
    protocol=tcp
add action=accept chain=input comment=Winbox dst-port=8291 protocol=tcp \
    src-address=10.78.170.46
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
    PublicIP passthrough=no src-address=10.0.0.0/25
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
    PrivateIP passthrough=no src-address=10.0.0.128/25
/ip firewall nat
add action=dst-nat chain=dstnat comment="ps5 tcp1935" dst-address=\
    10.78.170.42 dst-port=1935 protocol=tcp to-addresses=192.168.0.252 \
    to-ports=1935
add action=dst-nat chain=dstnat comment="ps5 tcp 3478" dst-address=\
    10.78.170.42 dst-port=3478 protocol=tcp to-addresses=192.168.0.252 \
    to-ports=3478
add action=dst-nat chain=dstnat comment="ps5 tcp 3479" dst-address=\
    10.78.170.42 dst-port=3479 protocol=tcp to-addresses=192.168.0.252 \
    to-ports=3479
add action=dst-nat chain=dstnat comment="ps5 tcp 3480" dst-address=\
    10.78.170.42 dst-port=3480 protocol=tcp to-addresses=192.168.0.252 \
    to-ports=3480
add action=dst-nat chain=dstnat comment="ps5 udp 3074" dst-address=\
    10.78.170.42 dst-port=3074 protocol=udp to-addresses=192.168.0.252 \
    to-ports=3074
add action=dst-nat chain=dstnat comment="ps5 udp 3478" dst-address=\
    10.78.170.42 dst-port=3478 protocol=udp to-addresses=192.168.0.252 \
    to-ports=3478
add action=dst-nat chain=dstnat comment="ps5 udp 3479" dst-address=\
    10.78.170.42 dst-port=3479 protocol=udp to-addresses=192.168.0.252 \
    to-ports=3479
add action=dst-nat chain=dstnat comment=http dst-address=10.78.170.42 \
    dst-port=80 protocol=tcp to-addresses=192.168.0.254 to-ports=80
add action=dst-nat chain=dstnat comment=https dst-address=10.78.170.42 \
    dst-port=443 protocol=tcp to-addresses=192.168.0.254 to-ports=443
add action=dst-nat chain=dstnat comment="SQL Server" dst-address=10.78.170.42 \
    dst-port=1433 protocol=tcp to-addresses=192.168.0.254 to-ports=1433
add action=dst-nat chain=dstnat comment=teamspeak dst-address=10.78.170.42 \
    dst-port=30033 protocol=tcp to-addresses=192.168.0.254 to-ports=30033
add action=dst-nat chain=dstnat comment=teamspeak dst-address=10.78.170.42 \
    dst-port=9987 protocol=udp to-addresses=192.168.0.254 to-ports=9987
add action=dst-nat chain=dstnat comment=ftp disabled=yes dst-address=\
    10.78.170.42 dst-port=1313 protocol=tcp to-addresses=192.168.0.254 \
    to-ports=1313
add action=masquerade chain=srcnat disabled=yes dst-address=10.78.170.61
add action=dst-nat chain=dstnat comment=rdp dst-address=10.78.170.42 \
    dst-port=3389 protocol=tcp to-addresses=192.168.0.254 to-ports=3389
add action=dst-nat chain=dstnat comment="rdp (remote)" dst-address=\
    10.78.170.42 dst-port=38000 protocol=tcp to-addresses=192.168.0.254 \
    to-ports=3389
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add disabled=yes distance=1 gateway=ether1-PilsFree pref-src=10.78.170.42 \
    routing-mark=PublicIP
add disabled=yes distance=1 gateway=ether1-PilsFree pref-src=10.78.170.61 \
    routing-mark=PrivateIP
add distance=1 gateway=10.78.170.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=xerorbattler2-MikroTik
/system leds
set 0 interface=wlan1 leds=led1,led2,led3,led4,led5 type=\
    wireless-signal-strength
set 1 leds=poe-led type=poe-out
/system routerboard settings
set cpu-frequency=auto
/system scheduler
add interval=1d name="Reboot Router Daily" on-event="/system reboot" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/01/1970 start-time=02:00:00
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
BTW: I have some sort of wished layout of my network which is displayed in image bellow, is it even possible to setup it? I can get two MACs with different assigned IP from provider.
wished_setup.png
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: F3BOli, mtkvvv, syahpian and 41 guests