But ping and /tool fetch url don’t work from mikrotik itself.
- Ping 1.1.1.1 says “no route to host”,
- Ping cnn.com says:
invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
while resolving ip-address: could not get answer from dns server
- /tool fetch url="http://1.1.1.1" says:
status: failed
failure: closing connection: <connect failed: Network is unreachable> 1.1.1.1:80 (4)
What did I configure improperly? Please help!
Config attached.
Code: Select all
/export hide-sensitive terse
# jan/27/2022 12:19:46 by RouterOS 6.49.2
# software id = GPDH-SMCN
#
# model = RBD52G-5HacD2HnD
# serial number =
/interface bridge add admin-mac=48:8F:5A:BD:23:68 auto-mac=no comment=defconf name=bridge
/interface ethernet set [ find default-name=ether1 ] name=ISP1-Megafon
/interface ethernet set [ find default-name=ether2 ] name=ISP2-Beeline
/interface ethernet set [ find default-name=ether5 ] name=LAN-Home
/interface l2tp-client add connect-to=107.172.217.150 keepalive-timeout=disabled name=l2tp-out1 use-ipsec=yes user=vpnuser
/interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=in
door mode=ap-bridge ssid=md10 wireless-protocol=802.11
/interface wireless set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installat
ion=indoor mode=ap-bridge ssid=md10-5 wireless-protocol=802.11
/interface bonding add disabled=yes mode=balance-alb name=bonding1 slaves=ISP1-Megafon,ISP2-Beeline
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf
/port set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none stop-bits=1
/interface ppp-client add apn=internet dial-on-demand=no disabled=no info-channel=1 name=ppp-out1 phone=*99# port=usb1 user=beeline
/interface bridge port add bridge=bridge comment=defconf interface=ether3
/interface bridge port add bridge=bridge comment=defconf interface=ether4
/interface bridge port add bridge=bridge comment=defconf interface=LAN-Home
/interface bridge port add bridge=bridge comment=defconf interface=wlan1
/interface bridge port add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings set discover-interface-list=LAN
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add comment=defconf interface=ISP1-Megafon list=WAN
/interface list member add interface=ISP2-Beeline list=WAN
/ip address add address=192.168.88.1/24 comment=defconf interface=LAN-Home network=192.168.88.0
/ip address add address=10.0.0.1/24 interface=bonding1 network=10.0.0.0
/ip dhcp-client add add-default-route=no comment=defconf disabled=no interface=ISP1-Megafon
/ip dhcp-client add add-default-route=no disabled=no interface=ISP2-Beeline
/ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns set allow-remote-requests=yes
/ip dns static add address=192.168.88.1 comment=defconf name=router.lan
/ip dns static add address=159.148.172.226 disabled=yes name=upgrade.mikrotik.com
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrack
ed
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-
interface-list=WAN
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ISP1-Megafon new-connection-mark=ISP1_conn
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ISP2-Beeline new-connection-mark=ISP2_conn
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=I
SP1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=I
SP2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
/ip firewall mangle add action=accept chain=prerouting dst-address=192.168.100.0/24 in-interface=bridge
/ip firewall mangle add action=accept chain=prerouting dst-address=192.168.9.0/24 in-interface=bridge
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=bridge new-routing-mark=to_ISP1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=bridge new-routing-mark=to_ISP2 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=to_ISP1
/ip firewall mangle add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_ISP2
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat out-interface=ISP1-Megafon
/ip firewall nat add action=masquerade chain=srcnat out-interface=ISP2-Beeline
/ip firewall nat add action=masquerade chain=srcnat disabled=yes out-interface=ppp-out1
/ip route add check-gateway=ping distance=1 gateway=192.168.100.1 routing-mark=to_ISP1
/ip route add check-gateway=ping distance=1 gateway=192.168.9.1 routing-mark=to_ISP2
/ip route add comment=ISP1 disabled=yes distance=1 gateway=192.168.100.1
/ip route add comment=ISP2 disabled=yes distance=1 gateway=192.168.9.1
/system clock set time-zone-name=Europe/Moscow
/system scheduler add disabled=yes interval=3s name=schedule1 on-event="/system script run script1" policy=ftp,reboot,read,write,policy,test,password,sni
ff,sensitive,romon start-date=jan/26/2022 start-time=17:28:30
/system script add dont-require-permissions=no name=script1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":
global rx1 \"0\"\
\n:global rx2 \"0\"\
\n\
\n/interface monitor-traffic ISP1-Megafon once do={:global rx1 \$(\"rx-bits-per-second\");}\
\n/interface monitor-traffic ISP2-Beeline once do={:global rx2 \$(\"rx-bits-per-second\");}\
\n\
\nif (\$rx1>\$rx2) do={/ip route enable [find comment=ISP2]} else={/ip route enable [find comment=ISP1]}\
\nif (\$rx1>\$rx2) do={/ip route disable [find comment=ISP1]} else={/ip route disable [find comment=ISP2]}\
\n"
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN