Community discussions

 
freshfrench
just joined
Topic Author
Posts: 13
Joined: Fri Dec 08, 2017 2:15 am

No Internet Connection on my new setup

Sun Aug 12, 2018 4:28 pm

I just want to ask if i'm missing something with my setup.

Current setup:
I have a DSL modem setup in bridge mode and connected to the Internet/WAN port of my Mikrotik hEX RB750Gr3. LAN ports are connected to multiple wireless routers.

New setup:
I upgraded to a fiber line and the ISP provided me with a fiber modem/wireless router. Thinking it would be the same setup as my previous one, i connected the LAN port of the new fiber modem to the WAN/Internet port of Mikrotik hEX RB750Gr3. But sadly, it's not working. Mikrotik LAN IP is 192.168.0.9 and i've also set the LAN IP of the new fiber modem to 192.168.0.2.

Appreciate the help! Thanks!
 
szt
just joined
Posts: 12
Joined: Mon Aug 06, 2018 9:43 pm
Location: Czech Republic
Contact:

Re: No Internet Connection on my new setup

Sun Aug 12, 2018 5:16 pm

Could you please export and post here the whole configuration ? (by "/export hide-sensitive file=config" command) ?

Generally, bridge/PPPoE interface is a virtual interface upon physical ether1 port of your Mikrotik. When change to fiber modem, you should set correct addresses (or DHCP clients (by "/ip dhcp-client add interface=ether1 disabled=no default-route-distance=1" command )) on your ether1 interface directly. You should also set correct default gateway, correct interface in scrnat NAT chain (ether1 instead of PPPoE) and change the input firewall rules to block unwanted traffic on your ether1 port.

Also, when "192.168.0.9 and 192.168.0.2" are on the same subnet (I assume /24 mask), the same subnet cannot be on WAN and LAN simutanelously. If you want to have the same subnet on fiber modem LAN interface and on the Mikrotik LAN interface, you should connect the fibre modem to the Mikrotiks LAN, not WAN interface (and disable DHCP server on Mikrotik to make sure Mikrotik will act as sole AP).

You want you Mikrotik to act as a router and AP, or only as AP?
 
freshfrench
just joined
Topic Author
Posts: 13
Joined: Fri Dec 08, 2017 2:15 am

Re: No Internet Connection on my new setup

Sun Aug 12, 2018 5:37 pm

Could you please export and post here the whole configuration ? (by "/export hide-sensitive file=config" command) ?

Generally, bridge/PPPoE interface is a virtual interface upon physical ether1 port of your Mikrotik. When change to fiber modem, you should set correct addresses (or DHCP clients (by "/ip dhcp-client add interface=ether1 disabled=no default-route-distance=1" command )) on your ether1 interface directly. You should also set correct default gateway, correct interface in scrnat NAT chain (ether1 instead of PPPoE) and change the input firewall rules to block unwanted traffic on your ether1 port.

Also, when "192.168.0.9 and 192.168.0.2" are on the same subnet (I assume /24 mask), the same subnet cannot be on WAN and LAN simutanelously. If you want to have the same subnet on fiber modem LAN interface and on the Mikrotik LAN interface, you should connect the fibre modem to the Mikrotiks LAN, not WAN interface (and disable DHCP server on Mikrotik to make sure Mikrotik will act as sole AP).

You want you Mikrotik to act as a router and AP, or only as AP?
# aug/12/2018 22:34:36 by RouterOS 6.42.6
# software id = CLL5-S1LL
#
# model = RouterBOARD 750G r3
# serial number = 6F3807BEF965
/interface bridge
add admin-mac=64:D1:54:04:A8:08 auto-mac=no comment=\
"created from master port" name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add comment="Block Torrents" name=block-torrents regexp="^(\\x13bittorrent pro\
tocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|ge\
t /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.150
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge1 lease-time=12h name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether2-master
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=bridge1 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox
add interface=ether1 list=WAN
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.0.9/24 comment=defconf interface=ether3 network=\
192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip dhcp-server lease
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.9 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.0.9 name=router
/ip firewall address-list
add address=192.168.0.0/26 comment="allowed to access internet" list=\
allowed-add
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
# p2p matcher is obsolete please use layer7 matcher instead
add action=add-src-to-address-list address-list=Torrent-Conn \
address-list-timeout=2m chain=forward p2p=all-p2p src-address=\
192.168.0.0/24 src-address-list=!allow-bit
add action=add-src-to-address-list address-list=Torrent-Conn \
address-list-timeout=2m chain=forward layer7-protocol=block-torrents \
src-address=192.168.0.0/24 src-address-list=!allow-bit
add action=drop chain=forward dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905,3030 protocol=tcp \
src-address-list=Torrent-Conn
add action=drop chain=forward dst-port=\
!0-1024,8291,5900,5800,3389,14147,5222,59905,3030 protocol=udp \
src-address-list=Torrent-Conn
add action=drop chain=forward disabled=yes src-mac-address=EC:1F:72:E3:C9:3D
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
0.89.168.192-255.89.168.192
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
0.89.168.192-255.89.168.192
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
/ppp secret
add name=vpn
/system clock
set time-zone-name=Asia/Manila
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
 
freshfrench
just joined
Topic Author
Posts: 13
Joined: Fri Dec 08, 2017 2:15 am

Re: No Internet Connection on my new setup

Sun Aug 12, 2018 5:46 pm

Could you please export and post here the whole configuration ? (by "/export hide-sensitive file=config" command) ?

Generally, bridge/PPPoE interface is a virtual interface upon physical ether1 port of your Mikrotik. When change to fiber modem, you should set correct addresses (or DHCP clients (by "/ip dhcp-client add interface=ether1 disabled=no default-route-distance=1" command )) on your ether1 interface directly. You should also set correct default gateway, correct interface in scrnat NAT chain (ether1 instead of PPPoE) and change the input firewall rules to block unwanted traffic on your ether1 port.

Also, when "192.168.0.9 and 192.168.0.2" are on the same subnet (I assume /24 mask), the same subnet cannot be on WAN and LAN simutanelously. If you want to have the same subnet on fiber modem LAN interface and on the Mikrotik LAN interface, you should connect the fibre modem to the Mikrotiks LAN, not WAN interface (and disable DHCP server on Mikrotik to make sure Mikrotik will act as sole AP).

You want you Mikrotik to act as a router and AP, or only as AP?
For your 2nd paragraph, i still need to make sense of this. The PPPoE is in my new fiber modem. The only way i can connect to the internet is via its wireless connection or LAN port. Now i connected one of its LAN port to my WAN port. What do you mean i should set the correct addresses? and what does "/ip dhcp-client add interface=ether1 disabled=no default-route-distance=1" mean?

For your 3rd paragraph, I had them on the same subnet because i want to be able to manage my network devices via the wireless routers connected to my mikrotik router. So are you saying the only way to achieve this is i make the connection between the fiber modem and mikrotik via the LAN ports? Which is better to handle the DHCP, the fiber modem or the mikrotik router?
 
szt
just joined
Posts: 12
Joined: Mon Aug 06, 2018 9:43 pm
Location: Czech Republic
Contact:

Re: No Internet Connection on my new setup

Sun Aug 12, 2018 5:55 pm

Thanks for the configuration. What about the 192.168.0.0/24 on both brigde1 and WAN interfaces ? Each interface should be on different subnet.

You configuration is strange mix of AP only and AP+router configuration. First of all, do you want your Mikrotik to act as AP only, or as AP+router ?
 
freshfrench
just joined
Topic Author
Posts: 13
Joined: Fri Dec 08, 2017 2:15 am

Re: No Internet Connection on my new setup

Sun Aug 12, 2018 6:02 pm

Thanks for the configuration. What about the 192.168.0.0/24 on both brigde1 and WAN interfaces ? Each interface should be on different subnet.

You configuration is strange mix of AP only and AP+router configuration. First of all, do you want your Mikrotik to act as AP only, or as AP+router ?
What's your recommendation then? The reason i bought the router was mainly to block torrents because this capability are not supported by basic wireless routers. I really don't know if what the best configuration for my setup actually. I forgot to mention that i only have a basic ideas on networking, i may need to process/research some of the things you will say here. :)
This is my network right now
https://ibb.co/k4XZQp
 
szt
just joined
Posts: 12
Joined: Mon Aug 06, 2018 9:43 pm
Location: Czech Republic
Contact:

Re: No Internet Connection on my new setup

Sun Aug 12, 2018 6:16 pm

Thanks for the picture. So, now it is clear that you want to use your Mikrotik as a router.

Could you please add intended IP addresses to your picture (to all interfaces) ? It would be very helpful for further configuration.

Here https://ibb.co/fyyAWU is my suggestion, you may choose another, but remember that green (WAN/ether1) and red(LAN/bridge1) subnets should be different. That's why I choose 192.168.0.0/24 for WAN subnet and 192.168.1.0/24 for LAN subnet.

Also, please post here a screenshot of your fibre modem LAN config, to make clear what is the address of LAN interface of the modem.
 
freshfrench
just joined
Topic Author
Posts: 13
Joined: Fri Dec 08, 2017 2:15 am

Re: No Internet Connection on my new setup

Sun Aug 12, 2018 6:32 pm

Thanks for the picture. So, now it is clear that you want to use your Mikrotik as a router.

Could you please add intended IP addresses to your picture (to all interfaces) ? It would be very helpful for further configuration.

Here https://ibb.co/fyyAWU is my suggestion, you should choose another, but remember that green (WAN/ether1) and reg(LAN/bridge1) subnet should not be the same. That's why I choose 192.168.0.0/24 for WAN subnet and 192.168.1.0/24 for LAN subnet.

Also, please post here a screenshot of your fibre modem LAN config, to make clear what is the address of LAN interface of the modem.
The LAN interfaces in the modem are not configurable. I can only set the local IP of the modem itself and set the DHCP start-stop addresses.
How do i set an static IP on the WAN/ether1 interface of the mikrotik router?
The local LAN IP of the mikrotik router will be 192.168.1.1 or I will set an IP on the the interfaces (ether2-5)?
 
szt
just joined
Posts: 12
Joined: Mon Aug 06, 2018 9:43 pm
Location: Czech Republic
Contact:

Re: No Internet Connection on my new setup

Sun Aug 12, 2018 6:53 pm

Q:How do i set an static IP on the WAN/ether1 interface of the mikrotik router?
A:When the modem has DHCP server, do not need to set static IP, you can set mikrotik to act as dhcp client on ether1 by
ip dhcp-client add interface=ether1 disabled=no default-route-distance=1

which is currently in your configuration

Alternatively, you can use the
add address=172.1.?.?/17 interface=ether1
command. In this case you should set your default gateway manually, by
 /ip route add distance=1 dst-address=0.0.0.0/0 gateway=172.1.?.?/17
(172.1.?.?/17 should be ip address of the fibre modem LAN interface)
.
Local lan IP on Mikrotik should be 192.168.0.9/24. This is OK, as 192.168.0.0/24 is not the same as 172.17.0.0/16.

So:
Currently you have
/ip address
 add address=192.168.0.9/24 comment=defconf interface=ether3 network=\
 192.168.0.0
command in your configuration, please replace it by
/ip address
 add address=192.168.0.9/24 comment=defconf interface=bridge1 network=\
 192.168.0.0

command. This will set this IP to all LAN interfaces which are member of bridge1 (ether2, ether3, ether4, ether5). (When interface etherx is member of some bridge, you should refer to the bridge itself, not to member interface etherx).

Finally please post here a screenshot from winbox.exe, submenu IP/routes to make sure that the default gateway is correctly set.

BTW, those two commands in your current config makes no sense, please disable them:
 add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
 0.89.168.192-255.89.168.192
 add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
 0.89.168.192-255.89.168.192
 
freshfrench
just joined
Topic Author
Posts: 13
Joined: Fri Dec 08, 2017 2:15 am

Re: No Internet Connection on my new setup

Tue Aug 14, 2018 6:15 pm

Q:How do i set an static IP on the WAN/ether1 interface of the mikrotik router?
A:When the modem has DHCP server, do not need to set static IP, you can set mikrotik to act as dhcp client on ether1 by
ip dhcp-client add interface=ether1 disabled=no default-route-distance=1

which is currently in your configuration

Alternatively, you can use the
add address=172.1.?.?/17 interface=ether1
command. In this case you should set your default gateway manually, by
 /ip route add distance=1 dst-address=0.0.0.0/0 gateway=172.1.?.?/17
(172.1.?.?/17 should be ip address of the fibre modem LAN interface)
.
Local lan IP on Mikrotik should be 192.168.0.9/24. This is OK, as 192.168.0.0/24 is not the same as 172.17.0.0/16.

So:
Currently you have
/ip address
 add address=192.168.0.9/24 comment=defconf interface=ether3 network=\
 192.168.0.0
command in your configuration, please replace it by
/ip address
 add address=192.168.0.9/24 comment=defconf interface=bridge1 network=\
 192.168.0.0

command. This will set this IP to all LAN interfaces which are member of bridge1 (ether2, ether3, ether4, ether5). (When interface etherx is member of some bridge, you should refer to the bridge itself, not to member interface etherx).

Finally please post here a screenshot from winbox.exe, submenu IP/routes to make sure that the default gateway is correctly set.

BTW, those two commands in your current config makes no sense, please disable them:
 add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
 0.89.168.192-255.89.168.192
 add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
 0.89.168.192-255.89.168.192
everything is working now! thank you very much for the support! i learned a lot! more power to you!

Who is online

Users browsing this forum: No registered users and 14 guests