Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Newbie needing help  [SOLVED]

Post Reply
 
leahmarb
just joined
Topic Author
Posts: 7
Joined: Fri Feb 24, 2023 11:14 am

Newbie needing help

Fri Feb 24, 2023 11:27 am

Hi All,

I'm a complete newbie to networking and would greatly appreciate any support as my Mikrotik isn't getting Internet from my ISP's router for some reason that I can't work out.

My Mikrotik then connects to two other APs (unifi) and my hikvision security cameras. Everything seems to be fine on the LAN and I can see the cameras etc but nothing has access to the internet and even when I connect my laptop (through Wifi and wired) to the Mikrotik it doesn't get Internet.

Below is the output information that I get from the Mikrotik router. Does anyone spot an error in the settings? Thank you so much in advance for any help!
Code: Select all
# jan/02/1970 01:15:04 by RouterOS 6.40.4
# software id = QZPM-TQ8F
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 924C08A58F04
/interface bridge
add admin-mac=CC:2D:E0:DA:24:62 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-DA2467 wireless-protocol=\
    802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-DA2466 \
    wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Newbie needing help

Fri Feb 24, 2023 5:50 pm

Aside from seriously outdated system (but that's not breaking it), I don't see anything obviously wrong, it looks like good old default config from 2017. If you look at DHCP client (IP->DHCP Client), what does it say? Does it get any IP address? And you do have ISP's router connected to ether1, right?
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19352
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Newbie needing help

Fri Feb 24, 2023 5:58 pm

Yup, wont event discuss a config from that vintage.
Best to upgrade to the long term vers 6 firmware 6.47.9 or something and then implement a config.
You can download the export for this one to base your new config on for the most part,
Top
 
leahmarb
just joined
Topic Author
Posts: 7
Joined: Fri Feb 24, 2023 11:14 am

Re: Newbie needing help

Fri Feb 24, 2023 8:57 pm

Aside from seriously outdated system (but that's not breaking it), I don't see anything obviously wrong, it looks like good old default config from 2017. If you look at DHCP client (IP->DHCP Client), what does it say? Does it get any IP address? And you do have ISP's router connected to ether1, right?
Thank you I’ll update the system.

Under DHCP client there is an IP address in the field and yes I have ISP’s router connected to ether1.
Top
 
leahmarb
just joined
Topic Author
Posts: 7
Joined: Fri Feb 24, 2023 11:14 am

Re: Newbie needing help

Fri Feb 24, 2023 8:58 pm

Yup, wont event discuss a config from that vintage.
Best to upgrade to the long term vers 6 firmware 6.47.9 or something and then implement a config.
You can download the export for this one to base your new config on for the most part,
Thank you I’ll update as suggested.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Newbie needing help

Fri Feb 24, 2023 9:41 pm

How do you define "doesn't get Internet"? Regular web browsing doesn't work, but what if you try to open https://1.1.1.1/, does that work? Or ping to some numeric address (e.g. 1.1.1.1 again)? What about ping from router itself (open Terminal and try "ping 1.1.1.1")?
Top
 
leahmarb
just joined
Topic Author
Posts: 7
Joined: Fri Feb 24, 2023 11:14 am

Re: Newbie needing help

Fri Feb 24, 2023 9:50 pm

How do you define "doesn't get Internet"? Regular web browsing doesn't work, but what if you try to open https://1.1.1.1/, does that work? Or ping to some numeric address (e.g. 1.1.1.1 again)? What about ping from router itself (open Terminal and try "ping 1.1.1.1")?
All regular browsing returns the error "No Internet" even when I try to open https://1.1.1.1/ When I ping from the terminal it lists the ISP gateway and says in the status "net unreachable"
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Newbie needing help

Fri Feb 24, 2023 9:58 pm

So it looks like it's done by ISP's router for some reason. Does it work with some different router or directly connected PC? Could it be e.g. locked to specific device (its MAC address)?
Top
 
leahmarb
just joined
Topic Author
Posts: 7
Joined: Fri Feb 24, 2023 11:14 am

Re: Newbie needing help

Fri Feb 24, 2023 10:28 pm

So it looks like it's done by ISP's router for some reason. Does it work with some different router or directly connected PC? Could it be e.g. locked to specific device (its MAC address)?
I haven't tried a different router I will try that tomorrow. Ive directly connected and still couldn't get access to the Internet. Maybe this is an issue with the ISP and not the Mikrotik.

Ive updated and here is the new output incase it now shows an error.
Code: Select all
# jan/02/1970 00:17:16 by RouterOS 7.7
# software id = QZPM-TQ8F
#
# model = RB952Ui-5ac2nD
# serial number = 924C08A58F04
/interface bridge
add admin-mac=CC:2D:E0:DA:24:62 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether2-master
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=no_country_set disabled=no distance=indoors frequency=auto frequency-mode=\
    manual-txpower mode=ap-bridge ssid=MikroTik-DA2467 station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country=no_country_set disabled=no distance=indoors frequency=auto \
    frequency-mode=manual-txpower mode=ap-bridge ssid=MikroTik-DA2466 station-roaming=enabled wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
Thank you very much for all the feedback. It is greatly appreciated.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Newbie needing help

Fri Feb 24, 2023 10:36 pm

My idea was whether you're perhaps replacing some ISP-supplied router, it would be possible that ISP allows it but nothing else. Or is it completely new connection that never worked before?

Btw, you lost some rules in "/ip firewall filter". Those you previously had with chain=input, you want them back.
Top
 
leahmarb
just joined
Topic Author
Posts: 7
Joined: Fri Feb 24, 2023 11:14 am

Re: Newbie needing help

Fri Feb 24, 2023 10:38 pm

It's not a new connection it was working and suddenly stopped last week.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Newbie needing help  [SOLVED]

Fri Feb 24, 2023 10:42 pm

My guess is that it's something on ISP's side. So I'd ask them. Or do you have access to some ISP's device (modem or something) that you can (are able and allowed to) turn off and on again?
Top
 
leahmarb
just joined
Topic Author
Posts: 7
Joined: Fri Feb 24, 2023 11:14 am

Re: Newbie needing help

Sat Feb 25, 2023 9:36 am

Unfortunately, the ISP won't let me access their device so I've scheduled them to come out and check. Thank you very much for all the help.
Top
 
liviu2004
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Tue Jul 01, 2008 10:22 pm
Location: Rotterdam

Re: Newbie needing help

Sat Feb 25, 2023 8:39 pm

/ip dns
set allow-remote-requests=yes

That setting made my ISP to shut off internet to me, blaming my IP was used for malicious attacks. I had no clue what it did in those days. Is there a good good reason for you?
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Newbie needing help

Sat Feb 25, 2023 11:01 pm

Well, this allows your router to be used as DNS resolver. Which is something you may want for your devices in LAN, so not wrong. But if accessible from internet, your router would be open resolver, which is not good, because it really can be used for attacking others. But in OP's case the original config had firewall preventing access from internet (it's those chain=input rules that should be put back).
Top
Post Reply

Who is online

Users browsing this forum: alexmason, mkx, Rendy and 58 guests
  4. RouterOS
  5. Beginner Basics