Community discussions

MikroTik App
 
noob05
just joined
Topic Author
Posts: 1
Joined: Fri Sep 23, 2022 7:36 pm

WAN Access Problem

Fri Sep 23, 2022 11:07 pm

I've been messing with this for a while. Went through the forums- changed MAC to reflect old router, looked at firewall and NAT, established default gateway/route, checked on DHCP client....and I still CANNOT secure an IP address from my ISP. I talk with the ISP and everything looks good from their side...they see the Mikrotik MAC, and the link looks healthy....what am I doing wrong? Appreciate any help- I was relatively new to RouterOS...though I've spent a lot of time with it lately.... after a few restarts and resets- most of the settings are 'defconf'- I have to establish an internet connection before properly segmenting the network...didn't anticipate this hurdle. Old router/hardware still works well, and an IP address is dynamically assigned to my router by the ISP. Again- thanks in advance for thoughts or guidance!

[admin@Home_Route] > export compact hide-sensitive

# sep/23/2022 09:01:01 by RouterOS 6.47.10

# software id = ETJH-7EPS

#

# model = RB760iGS

/interface bridge

add admin-mac=xx:xx:xx:xx:xx auto-mac=no comment=defconf name=bridge

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip hotspot profile

set [ find default=yes ] html-directory=flash/hotspot

/ip pool

add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/ip dhcp-server

add address-pool=default-dhcp disabled=no interface=bridge name=defconf

/interface bridge port

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=sfp1

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=ether1 list=WAN

/ip address

add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

/ip dhcp-client

add comment=defconf disabled=no interface=ether1

/ip dhcp-server network

add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns

set allow-remote-requests=yes

/ip dns static

add address=192.168.88.1 comment=defconf name=router.lan

/ip firewall filter

add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/ip route

add distance=1 gateway=ether1

/system clock

set time-zone-name=US/Central

/system identity

set name=Home_Route

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: WAN Access Problem

Sat Sep 24, 2022 2:34 am

It seems fine, only your route (/ip route add distance=1 gateway=ether1) is nonsense, default route should come from DHCP client. I'm not sure if it's the problem, in my quick test the one from DHCP overrides this manual one, but I'm not completely sure right now whether it can go other way (which would break things). Anyway, you should remove it.

If it doesn't help, check what DHCP client says (/ip dhcp-client print detail).

And of course you must plug cable from ISP in ether1 and if you're cloning old router's MAC address, it must be done on ether1 (/interface ethernet set ether1 mac-address=xx:xx:xx:xx:xx:xx).

Who is online

Users browsing this forum: Ahrefs [Bot], BioMax, cdblue and 47 guests