Hello
good luck for us and keep spirit.

i have some problem with my routerboard RB2011 from 3 month ago until now. the problem is, i can't load some website and
appear error " this site can't be reached.". but i can ping the website normaly. whats wrong with my routerboard and the configuration to?
i have information from my internet service provider and he told my local connection have blocking ip or etc.
so..
maybe the great people from this forum can help me?
[Codebox=

/ip firewall filter
add action=accept chain=forward comment="allow semua akses internet ke client" dst-address=ip_gateway in-interface=pppoe-out out-interface=bridge1
add action=accept chain=input comment="Allow remot winbox dari public" dst-port=8291 in-interface=pppoe-out protocol=tcp
add action=accept chain=input comment="Allow NTP traffic" in-interface=pppoe-out protocol=udp src-port=123
add action=accept chain=input comment="Allow DNS Traffic" in-interface=pppoe-out protocol=udp src-port=53
add action=accept chain=input comment="Allow ping traceroute trafic" in-interface=pppoe-out protocol=icmp
add action=add-src-to-address-list address-list=spam address-list-timeout=30m chain=input comment="Log IP yang ditolak" connection-state=new in-interface=\
pppoe-out
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input protocol=gre
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=forward dst-port=1883 protocol=tcp
add action=accept chain=input dst-port=3000 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=forward comment=HTB-18SEP17 in-interface=bridge1 new-connection-mark=conn-new passthrough=yes
add action=mark-packet chain=forward connection-mark=conn-new new-packet-mark=packet-new passthrough=no
add action=mark-connection chain=prerouting comment=PING-TIME new-connection-mark=pingtime-conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=pingtime-conn new-packet-mark=Ping-Paket passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out
add action=masquerade chain=srcnat comment="NAT L2TP" out-interface=pppoe-out src-address=192.168.11.0/24
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.90.0/24
add action=dst-nat chain=dstnat dst-address=182.253.31.154 in-interface=pppoe-out protocol=tcp to-addresses=192.168.11.71 to-ports=80
add action=dst-nat chain=dstnat dst-port=3000 protocol=tcp to-addresses=192.168.11.60 to-ports=3000
=Untitled.txt][/Codebox]

thanks and god bless us

Useing Winbox direct from WAN is mi good idea ,
Is your ROS up to date?

Useing Winbox direct from WAN is mi good idea ,
Is your ROS up to date?

yes my routerOS and firmware is uptodate. and wy using winbox from wan?

Pretty sure there was a pretty bad bug in Winbox on earlier Router OS's or some combo of both that allowed sessions to be taken over which would normally be more risky from wan ports. Especially if you have an upstream provider even with an employee part of an organization that thinks it should be doing alleged ethical hacking trying to see if your network is vulnerable.