MikroTik

Hi,

I set up my Mikrotik hap lite a few months ago and I'm quite happy with it - except for one thing.
I'm using the device as a home-router with PPPOE. The clients can access the internet without any problem but the router itself isn't able to connect to the internet until
I disable the "drop all" rules. So I believe I have a mistake in my firewall config.
Here is my current config (ROS 6.34.6 (bugfix)):

/ip firewall filter
add chain=input connection-state=established connection-type=""
add chain=input connection-state=related connection-type=""
add chain=input in-interface=bridge-local
add action=drop chain=input connection-state=invalid connection-type=""
add action=drop chain=input
add chain=forward connection-state=established
add chain=forward connection-state=related
add chain=forward dst-address=!192.168.88.0/24 in-interface=bridge-local
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=pppoe-out1
/ip firewall service-port

Can someone please tell me what I need to configure so that the router is able to connect to the internet itself?

Thanks in advance,

tmp

/ip firewall nat
add action=masquerade chain=srcnat comment="bridge configuration" \
    out-interface=bridge-local

Check that the router has valid DNS servers configured in /ip dns menu.

Thanks for your quick answers! The DNS-Servers are set correctly (to OpenDNS) and I also added the new NAT-rule but it still doesn't work.
If I disable the marked firewall rule, both ping and DNS works:



 Do you have another suggestion?

The screenshot of your rules doesn't show enough information.
Some columns such as "connection-state" are not shown by default, and the default firewall rule set uses these fields.

Instead of posting a screenshot, open a terminal window and issue the command:
/ip firewall filter export compact

Copy and paste the results (and feel free to redact the public IP addresses that may appear with x.x.x.x)

Here are my firewall settings. Thanks again!

You have set 'connection-type' to "" on the established/related rules so they don't match the established/related connections.

Through winbox, just edit the established/related rules and click on the arrow next to the 'Connection Type' field so that it will get gray.

Cha0s, thanks a lot, this was the mistake I made while configuring the device. Everything works fine now!

i am also facing the same problem some time its ping is working some time its not is there any solution for it.