MikroTik

We've been seeing an increased problem where pages won't load yet we can ping normally. DNS appears to be resolving OK. Rebooting the client's computer temporarily fixes it.

This is happening more and more in several of our systems in different communities using different T1s from different providers, and in one case a satellite connection. Running Ad-aware and Spybot and updating AV software on the client machines doesn't seem to help. We're using various brands of wireless CPE and the only thing all systems have in common is Mikrotik routers at the POP, although some of them have been running for a couple years and have not had this problem until recently. I have a hunch, not yet verified, that the problem only happens when clients are not behind a router, and am wondering if the problem is a compatibility issue between Mikrotik and maybe a recent Windows update. Anybody else seeing this?

I've tried temporarily disabling web proxy and DNS cache in the MT but doesn't seem to make any difference.

Cameron

I had the same problem, so upgraded to 2.8.12 and once I did that it went away....

What version are you running?

The oldest is 2.5.14 but we're also seeing it with 2.8.10 and I think 2.8.11.

Cameron

Check your forward chain rules. We had the same problem and found out it was because we were blocking potential virus ports that email and web browsing were using. Especially xp machines. The reason that it comes back after you restart the machine is because it starts back the port counter. Everytime you make a request, the port the client uses, is incremented by one. When you reach the ports that your firewall could be blocking, it will time out till you either get above the blocked port or restart the machine. I believe, but can't remember, the ports that we were blocking were ports 1327-1398.

Hope this helps.

Dan

Try change the MTU

Regards
M.

Good suggestions. I've run into this before but had forgotten to check this. Turns out I'm not blocking any ports but did find that the destination ports in the NAT rules were set to zero instead of 0-65535. I've changed that now and we'll see if it makes any difference. It seems to me if this were the problem it wouldn't work at all rather than intermittently.
.
The MTU is set to the default 1500. 1600 seems to be the maximum allowed. If I were to try a different setting what would you suggest?

do you use mangle on your MT boxes to policy routing?

In fact we are starting to see some intermitent failure to mangle the packets into the MT boxes since 2.8.10
To fix the issue we had to switch to policy-route by src-address

The worst problems seems to be with customers behind the oldest MT in our network, running some version of 2.5. We're going to upgrade it in the next couple days. I think we can rule out customer computer problems, at least on some of them. I took the computer of one of my customers having the worst problems and put it in my office, where it worked fine. My office is on a different MT, running 2.7.8. Otherwise we're all connected to the same T1. Of course, it could be something on the wireless link between my POP and the customer, so I have to also make sure that's not the issue.

Looks like my problem was maybe a wireless link issue and not related to MT at all. Why it seemed to affect XP users only I don't know. Maybe it has something to do with the way XP constantly checks for network connectivity?