Good day
I have a mikrotik router board.
I have changed my WAN from PPPoE to a static IP.
But my router can ping its gateway but failing ping the internet. Kindly assist
# apr/16/2022 18:58:08 by RouterOS 6.45.9
# software id = NYXN-0HT3
#
# model = RB4011iGS+
# serial number = XXXXXXXXXX
/interface bridge
add admin-mac=XXXXXXXXX auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes interface=ether1 keepalive-timeout=disabled name=\
pppoe-out1 password=XXXXXXXXX use-peer-dns=yes user=\
XXXXXXXXXXXX
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add hotspot-address=192.168.88.1 login-by=mac,cookie,http-chap mac-auth-mode=\
mac-as-username-and-password name="MAC AUTH as USER"
add hotspot-address=192.168.88.1 name=hsprof1
add login-by=mac,cookie,http-chap mac-auth-mode=mac-as-username-and-password \
name="hsprof2 Mac Auth"
add name=hsprof3
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-12 ranges=192.168.10.20-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ip hotspot
add address-pool=dhcp disabled=no idle-timeout=none interface=bridge name=\
hotspot1 profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] address-pool=dhcp
add address-pool=dhcp idle-timeout=8h !keepalive-timeout mac-cookie-timeout=\
4w2d name=USERS shared-users=10
add address-pool=hs-pool-12 mac-cookie-timeout=4w2d name=Premium \
shared-users=5
add address-pool=dhcp !keepalive-timeout name=uprof1 shared-users=5
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
add address=192.168.10.1/24 comment="hotspot network" interface=bridge \
network=192.168.10.0
add address=X.X.X.X/30 interface=ether1 network=X.X.X.X
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=5.11.11.5,5.11.11.11 \
gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=5.11.11.5,5.11.11.11
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment=WINBOX dst-port=8291 protocol=tcp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.88.0/24
add action=dst-nat chain=dstnat dst-address=XXXXXXXX dst-port=8000 \
protocol=tcp to-addresses=192.168.88.4 to-ports=8000
/ip hotspot ip-binding
XXXXXXX
/ip hotspot user
XXXXX
/ip route
add distance=1 gateway=ether1
/system clock
set time-zone-name=Indian/Mauritius
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN