My mikrotik router is suddenly no longer able to ping or reach certain websites. We have not made any recent configuration changes, however suddenly can no longer reach out to websites, both through ping or via web.
Using winbox, I can ping google no problem with no timeouts, however when reaching other sites it will timeout. No one on our internal website can reach these resources either.
Below is an output of our config.
The IPs we are trying to reach are 203.90.233.8, which are pingable from outside the network. The DNS server does resolve these IPs, only ping/webserver is not responding.
Thank you!
Code: Select all
# may/18/2022 01:07:02 by RouterOS 6.48.4
/interface bridge
add name=bridge-LAN
/interface ethernet
set [ find default-name=ether1 ] name=nuroWAN speed=10Gbps
set [ find default-name=sfp-sfpplus1 ] name=portLAN01
/interface ipip
add allow-fast-path=no ipsec-secret="password" local-address=\
2.2.2.2 name=iptunnel remote-address=3.3.3.3
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.0.2.100-10.0.2.254
add name=ldapvpn ranges=192.168.10.1-192.168.10.126
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-LAN name=dhcp1
/ppp profile
add dns-server=10.0.0.1 incoming-filter="" interface-list=LAN local-address=\
10.0.0.1 name=ldap-vpn outgoing-filter="" remote-address=ldapvpn \
use-encryption=required
/queue simple
add max-limit=350M/350M name=ip-tunnel target=iptunnel
/snmp community
add addresses=::/0 name=Devices
/interface bridge port
add bridge=bridge-LAN interface=portLAN01
/interface bridge settings
set use-ip-firewall=yes
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=ldap-vpn enabled=yes \
ipsec-secret= use-ipsec=required
/interface list member
add interface=nuroWAN list=WAN
add interface=bridge-LAN list=LAN
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=10.0.0.1/16 interface=portLAN01 network=10.0.0.0
add address=172.22.22.1/30 interface=tunnel network=172.22.22.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=no interface=nuroWAN
/ip dhcp-server network
add address=10.0.0.0/16 boot-file-name=ipxe.efi dns-server=10.0.0.1 gateway=\
10.0.0.1 netmask=16 next-server=10.0.5.86 ntp-server=10.0.0.1
/ip dns
set allow-remote-requests=yes servers=\
dns1,dns2,8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.10.1-192.168.10.126 list=OutVpn
/ip firewall filter
add action=accept chain=input protocol=gre
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input comment="accept established,related" \
connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="allow ICMP" in-interface=nuroWAN \
protocol=icmp
add action=accept chain=input comment="allow Winbox" in-interface=nuroWAN \
port=8291 protocol=tcp
add action=accept chain=input comment="allow SSH" in-interface=nuroWAN port=\
22 protocol=tcp
add action=accept chain=input dst-port=500,1701,4500 in-interface=nuroWAN \
protocol=udp
add action=drop chain=input comment="block everything else" in-interface=\
nuroWAN
/ip firewall mangle
add action=mark-routing chain=prerouting connection-limit=100,32 \
dst-address-type="" dst-limit=1,5,dst-address/1m40s hotspot="" limit=\
1,5:packet new-routing-mark=VpnRoute passthrough=no psd=21,3s,3,1 \
src-address=192.168.10.1-192.168.10.126 src-address-type="" tcp-flags=""
/ip firewall nat
add action=masquerade chain=srcnat dst-address=!10.0.0.0/16 out-interface=\
nuroWAN src-address=10.0.0.0/16
add action=src-nat chain=srcnat dst-address=10.0.0.1 src-address=\
192.168.10.1-192.168.10.126 src-address-list=OutVpn to-addresses=10.0.0.1
add action=masquerade chain=srcnat out-interface=nuroWAN
add action=dst-nat chain=dstnat comment=" port 4172 tcp" dst-address=\
1234 dst-port=4172 protocol=tcp to-addresses=10.0.5.84 \
to-ports=4172
add action=dst-nat chain=dstnat comment=" port 4172 udp" dst-address=\
12349 dst-port=4172 protocol=udp to-addresses=10.0.5.84 \
to-ports=4172
add action=dst-nat chain=dstnat comment=" port 443 tcp" dst-address=\
1234 dst-port=443 protocol=tcp to-addresses=10.0.5.84 \
to-ports=443
add action=dst-nat chain=dstnat comment=" port 60443 tcp" \
dst-address=1234 dst-port=60443 protocol=tcp to-addresses=\
10.0.5.84 to-ports=60443
/ip route
add check-gateway=ping distance=1 gateway=nuroWAN routing-mark=VpnRoute
add distance=1 dst-address=10.1.0.0/16 gateway=172.22.22.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=10.0.0.0/16,169.254.0.0/16
set api-ssl disabled=yes
/ip traffic-flow
set cache-entries=8k enabled=yes
/ip traffic-flow target
add dst-address=10.0.5.78
/ppp aaa
set use-radius=yes
/ppp profile
set *FFFFFFFE dns-server=10.0.0.1 local-address=10.1.0.0 remote-address=*2
/ppp secret
add local-address=10.0.3.227 name=vpn password=pw
add name=vpn_test password=Temp!234 profile=default-encryption
/radius
add address=10.0.5.79 domain=domain secret=pw service=ppp \
src-address=10.0.0.1
/snmp
set location=server_room trap-community=Devices trap-target=10.0.5.21 \
trap-version=2
/system identity
set name=router
/tool sniffer
set filter-interface=nuroWAN filter-ip-address=10.0.3.47/32 filter-port=4172