Hi,
I set up my Mikrotik hap lite a few months ago and I'm quite happy with it - except for one thing.
I'm using the device as a home-router with PPPOE. The clients can access the internet without any problem but the router itself isn't able to connect to the internet until
I disable the "drop all" rules. So I believe I have a mistake in my firewall config.
Here is my current config (ROS 6.34.6 (bugfix)):
/ip firewall filter
add chain=input connection-state=established connection-type=""
add chain=input connection-state=related connection-type=""
add chain=input in-interface=bridge-local
add action=drop chain=input connection-state=invalid connection-type=""
add action=drop chain=input
add chain=forward connection-state=established
add chain=forward connection-state=related
add chain=forward dst-address=!192.168.88.0/24 in-interface=bridge-local
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
/ip firewall service-port
Can someone please tell me what I need to configure so that the router is able to connect to the internet itself?
Thanks in advance,
tmp
Re: Router can't access internet/PING/DNS - Clients are able to connect!
/ip firewall nat
add action=masquerade chain=srcnat comment="bridge configuration" \
out-interface=bridge-local
add action=masquerade chain=srcnat comment="bridge configuration" \
out-interface=bridge-local
Re: Router can't access internet/PING/DNS - Clients are able to connect!
Check that the router has valid DNS servers configured in /ip dns menu.
Re: Router can't access internet/PING/DNS - Clients are able to connect!
Thanks for your quick answers! The DNS-Servers are set correctly (to OpenDNS) and I also added the new NAT-rule but it still doesn't work.
If I disable the marked firewall rule, both ping and DNS works:
Do you have another suggestion?
If I disable the marked firewall rule, both ping and DNS works:
Do you have another suggestion?
Re: Router can't access internet/PING/DNS - Clients are able to connect!
The screenshot of your rules doesn't show enough information.
Some columns such as "connection-state" are not shown by default, and the default firewall rule set uses these fields.
Instead of posting a screenshot, open a terminal window and issue the command:
/ip firewall filter export compact
Copy and paste the results (and feel free to redact the public IP addresses that may appear with x.x.x.x)
Some columns such as "connection-state" are not shown by default, and the default firewall rule set uses these fields.
Instead of posting a screenshot, open a terminal window and issue the command:
/ip firewall filter export compact
Copy and paste the results (and feel free to redact the public IP addresses that may appear with x.x.x.x)
Re: Router can't access internet/PING/DNS - Clients are able to connect!
Code: Select all
[admin@MikroTik] > /ip firewall filter export compact
# jun/26/2016 20:58:36 by RouterOS 6.34.6
# software id = XXXXX
#
/ip firewall filter
add chain=input connection-state=established connection-type=""
add chain=input connection-state=related connection-type=""
add chain=input in-interface=bridge-local
add action=drop chain=input connection-state=invalid connection-type=""
add action=drop chain=input
add chain=forward connection-state=established
add chain=forward connection-state=related
add chain=forward dst-address=!192.168.88.0/24 in-interface=bridge-local
add action=drop chain=forward
Re: Router can't access internet/PING/DNS - Clients are able to connect!
You have set 'connection-type' to "" on the established/related rules so they don't match the established/related connections.
Through winbox, just edit the established/related rules and click on the arrow next to the 'Connection Type' field so that it will get gray.
Through winbox, just edit the established/related rules and click on the arrow next to the 'Connection Type' field so that it will get gray.
You do not have the required permissions to view the files attached to this post.
Re: Router can't access internet/PING/DNS - Clients are able to connect!
Cha0s, thanks a lot, this was the mistake I made while configuring the device. Everything works fine now!
Re: Router can't access internet/PING/DNS - Clients are able to connect!
i am also facing the same problem some time its ping is working some time its not is there any solution for it.