Hi,
I'm using a NAT to hide my private network on Internet and I set it up like this (user manual ):

/ip firewall nat add chain=srcnat action=masquerade out-interface=isdn-out1

Internet works fine except some websites like: http://www.microsoft.com, http://www.xbitlabs.com, http://www.anandtech.com.....

Does anybody know what is the problem?

I had a similar problem to this, I solved it by adding routes. For example the addresses that you have shown point to 208.65.201.** so I put a route in for any traffic destined for 208.65.201.* to go through your providers gateway.

Have you try to do several checking? Ping, tracert, etc?

cabana: ...it still doesn't work

valens: I can't ping...Request timed out....but, when I tracert look what's happening:


C:\>tracert http://www.microsoft.com

Tracing route to lb1.www.ms.akadns.net [207.46.198.30]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.1.1
2 1 ms 2 ms 2 ms 10.1.30.1
3 11 ms 5 ms 2 ms 192.168.0.1
4 5 ms 3 ms 4 ms 212.200.31.41
5 68 ms 54 ms 5 ms 212.200.232.53
6 11 ms 9 ms 4 ms 212.200.232.58
7 28 ms 35 ms 27 ms t2a4-ge1-0.de-fra.eu.bt.net [166.49.147.157]
8 26 ms 81 ms 29 ms t2c1-ge6-0.de-fra.eu.bt.net [166.49.172.11]
9 109 ms 173 ms 44 ms t2c1-p2-0.uk-glo.eu.bt.net [166.49.195.109]
10 456 ms 322 ms 45 ms t2c1-p4-2.uk-eal.eu.bt.net [166.49.208.9]
11 155 ms 445 ms 431 ms t2c1-p4-0.us-ash.eu.bt.net [166.49.164.110]
12 425 ms 497 ms 519 ms 166-49-151-134.eu.bt.net [166.49.151.134]
13 451 ms 409 ms 410 ms 207.46.47.65
14 395 ms 200 ms 245 ms pos6-2.wst-76cb-1b.ntwk.msn.net [207.46.35.97]
15 342 ms 295 ms 436 ms pos1-0.wst-12ix-1b.ntwk.msn.net [207.46.36.214]
16 518 ms 261 ms 199 ms pos1-0.tke-12ix-2b.ntwk.msn.net [207.46.155.13]
17 267 ms 203 ms 245 ms po11.tuk-65ns-mcs-1a.ntwk.msn.net [207.46.224.216]
18 * * * Request timed out.
19 * * * Request timed out.
20 *

It stops on 18 hops, and somethimes stops on 12 hop. Am I crazy or what, what's going on here...
I have reinstalled mikrotik on another computer with minimal settings (just DHCP for LAN, NAT, ISDN client) and still doesn't work!
Note: ISDN line (these websites) works fine when I try it on Win XP!

Possibly a MTU problem? Sites like google come up because they are smaller than 1500 bytes but larger ones might not.

PS - a lot of akamai sites wont ping - they block ICMP for a good reason.

I've changed MTU from 1500 to 1480....guess what...doesn't work!

a lot of akamai sites wont ping - they block ICMP for a good reason

I can't access http://www.microsoft.com via http also.

Don't change MTU. Mangle MSS instead. Also you'll probably need to go a lot smaller than 1480. 1360 is usually a good starting point.

Regards

Andrew

Don't change MTU. Mangle MSS instead. Also you'll probably need to go a lot smaller than 1480. 1360 is usually a good starting point.

I've tried with MTU 1360, it doesn't help.

Can you explain me what and how to mangle?
Thanks!

Just a quick hint, i was having same problems, If you are running a static ip on your WAN interface then u have to enter a route manually too!!! I didnt know this because i used to use DHCP client for my WAN interface. the Route i added is this:
ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.

I hope this helps

Joe

all, please read this:
http://alive.znep.com/~marcs/mtu/

it will explain why certain webpages migh not work, and how to solve it.

I am having a problem once I do this :
http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways

I set this up and some users with routers would connect fine and if they had a VOIP router they could use the VOIP but the problem was when they tried to surf the internet. They could not see any pages. Now You talk about the MTU, my question is Do I change the mtu on the clients router or on the MT interface that serves the Client?

Thanks

Daniel

Couldn't, theoretically, be the problem related to your ISP DNS server? IIRC we once had such problem, so we flushed caches, and as we have two ISPs, we switched to other DNS servers from the second ISP. Maybe some cache problem, dunno ...

-pekr-

Hello,

Well the problem was fixed by doing this from another thread:

Just a quick hint, i was having same problems, If you are running a static ip on your WAN interface then u have to enter a route manually too!!! I didnt know this because i used to use DHCP client for my WAN interface. the Route i added is this:
ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.
I hope this helps

Joe

Thanks to joe all I had to do was to set the distance to 0 and I also changed the TCP MSS option to yes on my pppoe profiles. Now it works good. It was simple to do the load balance and customers are happy.

Hello,

Well the problem was fixed by doing this from another thread:

Just a quick hint, i was having same problems, If you are running a static ip on your WAN interface then u have to enter a route manually too!!! I didnt know this because i used to use DHCP client for my WAN interface. the Route i added is this:
ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.

I hope this helps

Joe

Thanks to joe all I had to do was to set the distance to 0 and I also changed the TCP MSS option to yes on my pppoe profiles. Now it works good. It was simple to do the load balance and customers are happy.

Hello,

Well the problem was fixed by doing this from another thread:

Just a quick hint, i was having same problems, If you are running a static ip on your WAN interface then u have to enter a route manually too!!! I didnt know this because i used to use DHCP client for my WAN interface. the Route i added is this:
ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.
I hope this helps

Joe

Thanks to joe all I had to do was to set the distance to 0 and I also changed the TCP MSS option to yes on my pppoe profiles. Now it works good. It was simple to do the load balance and customers are happy.

ADD NEW ROUTER WITH DESTINATION of 0.0.0.0/0
GATEWAY X.X.X.X What ever you ISP gateway is
And i set my Distance to 0 or none, and that seemed to have fixed the problem.


Hi Joe, I tried this but I cant change it wont accept 0/none in distance.. Min is 1-255...