Community discussions

MikroTik App
 
snowl
just joined
Topic Author
Posts: 2
Joined: Tue Apr 25, 2023 5:10 am

HTTP websites are returning RouterOS

Tue Apr 25, 2023 5:20 am

Hi all
I've been trying to install Ubuntu Server on a little home NUC for home use except it's been failing to connect to the mirror server. I investigated this and noticed _any_ http address returns the RouterOS page instead of the actual website.

Image

Image

I did a nslookup on au.archive.ubuntu.org and it seems to give me the correct IP address so I'm not sure what's happening here. I know it's not my computer since it's happening on all devices on my network.

Image

Here's my RouterOS config:
[admin@MikroTik] > export
# apr/25/2023 11:57:13 by RouterOS 6.48
# software id = 208M-3ZFP
#
# model = RBD52G-5HacD2HnD
# serial number = CDFD0D8FE730
/interface bridge
add admin-mac=08:55:31:22:60:9B auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid=Redacted station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
    country=australia disabled=no distance=indoors frequency=auto installation=\
    indoor mode=ap-bridge ssid=Redacted station-roaming=enabled \
    wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=0A:55:31:22:60:9F \
    master-interface=wlan1 multicast-buffering=disabled name=wlan3 ssid=\
    "redacted" wds-cost-range=0 wds-default-cost=0 wps-mode=\
    disabled
add disabled=no keepalive-frames=disabled mac-address=0A:55:31:22:60:A0 \
    master-interface=wlan1 multicast-buffering=disabled name=wlan4 ssid=\
    "redacted" wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=redacted \
    wpa2-pre-shared-key=redacted
/ip pool
add name=dhcp ranges=10.0.0.20-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
    ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=10.0.0.1/24 comment=defconf interface=bridge network=10.0.0.0
add address=10.0.0.25/8 comment="NUC IP address" interface=bridge network=\
    10.0.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=10.0.0.25 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=443 in-interface=all-ethernet \
    protocol=tcp to-addresses=10.0.0.25 to-ports=443
add action=dst-nat chain=dstnat dst-port=22 in-interface-list=WAN protocol=tcp \
    to-addresses=10.0.0.25 to-ports=22
add action=dst-nat chain=dstnat dst-port=5269 in-interface-list=WAN protocol=\
    tcp to-addresses=10.0.0.25 to-ports=5269
add action=dst-nat chain=dstnat dst-port=25 in-interface-list=WAN protocol=tcp \
    src-port="" to-addresses=10.0.0.25 to-ports=25
add action=dst-nat chain=dstnat dst-port=587 in-interface-list=WAN protocol=tcp \
    to-addresses=10.0.0.25 to-ports=587
add action=dst-nat chain=dstnat dst-port=993 in-interface-list=WAN protocol=tcp \
    to-addresses=10.0.0.25 to-ports=993
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=10.0.0.25 \
    to-ports=80
/system clock
set time-zone-name=Australia/Melbourne
/tool graphing interface
add store-on-disk=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] > 
Thanks :)
 
User avatar
BetaQuasi
just joined
Posts: 1
Joined: Tue Apr 11, 2023 8:39 am

Re: HTTP websites are returning RouterOS

Tue Apr 25, 2023 6:23 pm

Your NUC’s IP is 10.0.0.25? You’ve assigned that IP (as a /8?) to your bridge on the router…. remove that to start. Also your last dstnat rule for port 80 doesn’t define an incoming interface.
Last edited by BetaQuasi on Tue Apr 25, 2023 7:32 pm, edited 2 times in total.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: HTTP websites are returning RouterOS

Tue Apr 25, 2023 7:08 pm

You have a NAT for several ports to 10.0.0.25 - which I presume is your server. You do not however have a NAT for port 80. Therefore port 80 traffic is going to the router itself.

Add this (although you may really only want this to be from the WAN and not all-ethernet - else ALL port 80 traffic will be redirected to your server (including outbound) - same with your port 443 rule that I copied this from)
add action=dst-nat chain=dstnat dst-port=80 in-interface=all-ethernet \
    protocol=tcp to-addresses=10.0.0.25 to-ports=80
 
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: HTTP websites are returning RouterOS

Tue Apr 25, 2023 8:19 pm

These two NAT rules are wrong:
add action=dst-nat chain=dstnat dst-port=443 in-interface=all-ethernet in-interface-list=WAN \
protocol=tcp to-addresses=10.0.0.25 to-ports=443

add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN \
protocol=tcp to-addresses=10.0.0.25 to-ports=80
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: HTTP websites are returning RouterOS

Tue Apr 25, 2023 9:23 pm

Is not provided any relevant info to the final scope.

Paste this on terminal for fix all the errors, (or at least make all firewall errors omogeneous ;) )...
Do not forget the { }

fix code

{
/interface bridge
set bridge protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n station-roaming=disabled
set [ find default-name=wlan2 ] station-roaming=disabled
set wlan3 keepalive-frames=enabled multicast-buffering=enabled wds-cost-range=50-150 wds-default-cost=100
set wlan4 keepalive-frames=enabled multicast-buffering=enabled wds-cost-range=50-150 wds-default-cost=100
/ip firewall nat
set [find where dst-port="443"] !in-interface in-interface-list=WAN !to-ports
set [find where dst-port="22"] !to-ports
set [find where dst-port="5269"] !to-ports
set [find where dst-port="25"] !src-port !to-ports
set [find where dst-port="587"] !to-ports
set [find where dst-port="993"] !to-ports
set [find where dst-port="80"] in-interface-list=WAN !to-ports
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,!dude,tikapp"
}
 
snowl
just joined
Topic Author
Posts: 2
Joined: Tue Apr 25, 2023 5:10 am

Re: HTTP websites are returning RouterOS

Wed Apr 26, 2023 3:44 am

Thanks all, solved! Really appreciate it :)
 
celinedion
just joined
Posts: 1
Joined: Fri Jun 02, 2023 11:53 am

Re: HTTP websites are returning RouterOS

Fri Jun 02, 2023 11:59 am

Access your router's administration interface and review the settings related to DNS and URL filtering. Look for any settings that might be redirecting or blocking HTTP traffic.mapquest driving directions

Who is online

Users browsing this forum: cciprian, GoogleOther [Bot], sokalsondha and 40 guests