- Пинг есть интернета нет микротик
- Нет Интернета внутри локалки. От слова «совсем».
- Пинг есть интернета нет микротик
- Пинг из терминала есть, а внутри сети нет
- Пинг есть интернета нет микротик
- Re: Initial setup, ping works, but clients can not reach Internet
- Re: Initial setup, ping works, but clients can not reach Internet
- Re: Initial setup, ping works, but clients can not reach Internet
- Re: Initial setup, ping works, but clients can not reach Internet
- Re: Initial setup, ping works, but clients can not reach Internet
Пинг есть интернета нет микротик
Обнаружена блокировка рекламы: Наш сайт существует благодаря показу онлайн-рекламы нашим посетителям. Пожалуйста, подумайте о поддержке нас, отключив блокировщик рекламы на нашем веб-сайте.
Нет Интернета внутри локалки. От слова «совсем».
Подскажите, пожалуйста, где и в каком месте мне надо поправить руки.
Имеется следующее:
RB1100AHx4, Интернет получаем от провайдера, подключение статическое.
Первый порт назначил «наружу» (Port1WAN1), второй резервный под второй канал Интернета от другого провайдера (в данный момент не используется).
Порты второй группы объединил в свитч. Port6LAN1 — master port.
Port7LAN2, Port8LAN3, Port9LAN4 — slave для Port6LAN1.
Всё по инструкции: сделал bridge по имени LAN, указал там Port6LAN1.
По той же инструкции указал правило для NAT (masquerade) и правила Firewall (забегая вперёд: позже их делал неактивными и удалял, но это ни на что не влияло).
Интернет на интерфейсе WAN1 есть, Гугл пингуется.
В локалке Интернета нет.
DHCP поднят на ядре внутри локалки, но я подключался непосредственно к Mikrotik ноутом с прописанным статическим адресом.
Конфигурацию прилагаю:
# jun/24/2018 21:01:42 by RouterOS 6.38.4
# software > #
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether1 ] comment=WAN name=Port1WAN1
set [ find default-name=ether2 ] name=Port2WAN2
set [ find default-name=ether6 ] comment=LAN name=Port6LAN1
set [ find default-name=ether7 ] master-port=Port6LAN1 name=Port7LAN2
set [ find default-name=ether8 ] master-port=Port6LAN1 name=Port8LAN3
set [ find default-name=ether9 ] master-port=Port6LAN1 name=Port9LAN4
/interface list
add name=BridgeLAN
/interface bridge port
add bridge=LAN interface=Port6LAN1
/ip address
add address=6.202.62.34/30 comment=»External IP» interface=Port1WAN1 network=\
6.202.62.32
add address=172.16.100.254/24 comment=»Internal IP» interface=Port6LAN1 \
network=172.16.100.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,6.202.62.33
/ip firewall filter
add action=accept chain=input connection-state=established in-interface=\
Port1WAN1
add action=accept chain=input connection-state=related in-interface=Port1WAN1
add action=drop chain=input in-interface=Port1WAN1
add action=jump chain=forward in-interface=Port1WAN1 jump-target=customer
add action=accept chain=customer connection-state=established
add action=accept chain=customer connection-state=related
add action=drop chain=customer
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Port1WAN1
/ip route
add comment=Gateway distance=1 gateway=6.202.62.33
/ip upnp interfaces
add interface=Port1WAN1 type=external
add interface=Port2WAN2 type=internal
add interface=Port6LAN1 type=internal
add interface=Port7LAN2 type=internal
add interface=Port8LAN3 type=internal
add interface=Port9LAN4 type=internal
add interface=LAN type=internal
/system clock
set time-zone-name=Europe/Moscow
Где и что я делаю не так?
Заранее большое спасибо за любые ответы.
Пинг есть интернета нет микротик
Обнаружена блокировка рекламы: Наш сайт существует благодаря показу онлайн-рекламы нашим посетителям. Пожалуйста, подумайте о поддержке нас, отключив блокировщик рекламы на нашем веб-сайте.
Пинг из терминала есть, а внутри сети нет
Добрый вечер) В общем мои навыки в маршрутизации печаль-тоска. Но интерес имеется:D на днях был куплен Mikrotik hAP ac2, настроен по гуглу.
И тут началось:D
Интернета нет. Спустя >40 попыток его до сих пор нет:D причем из tools->ping есть, из консоли компа — ни-фи-га. В общем мозгоштурм ни к чему хорошему не привел, гугл аналогично. Вот конфиг, подскажите пожалуйста, в каком месте печаль:D
# feb/14/2021 18:53:36 by RouterOS 6.48.1
# software > #
# model = RBD52G-5HacD2HnD
# serial number = C6140D8D8889
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=WAN1 name=ISP1 password=\
####### use-peer-dns=yes user=#######
/interface wireless
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods=»» group-ciphers=\
tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=my_wifi \
supplicant-identity=»» unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=\
wcgb3goc wpa2-pre-shared-key=wcgb3goc
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
mode=ap-bridge security-profile=my_wifi ssid=Mikrotik2.4
/interface wireless nstreme
set wlan1 enable-polling=no
/ip pool
add name=pool1 ranges=192.168.88.100-192.168.88.200
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge1 lease-time=30m name=dhcp1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add disabled=no interface=WAN1
/ip dhcp-server network
add address=192.168.88.0/24 dns-none=yes gateway=192.168.88.1 netmask=24
/ip firewall filter
add action=accept chain=input disabled=yes protocol=icmp
add action=accept chain=input connection-state=new disabled=yes dst-port=\
80,8291,22 in-interface=bridge1 protocol=tcp src-address=192.168.88.0/24
add action=accept chain=input connection-state=new disabled=yes dst-port=53,123 \
protocol=udp src-address=192.168.88.0/24
add action=accept chain=input connection-state=established,related disabled=yes
add action=accept chain=output connection-state=!invalid disabled=yes
add action=accept chain=forward connection-state=established,new disabled=yes \
in-interface=bridge1 out-interface=WAN1 src-address=192.168.88.0/24
add action=accept chain=forward connection-state=established,related disabled=\
yes in-interface=WAN1 out-interface=bridge1
add action=drop chain=input disabled=yes
add action=drop chain=output disabled=yes
add action=drop chain=forward disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=WAN1 src-address=\
192.168.88.0/24
/system clock
set time-zone-name=Europe/Moscow
/system package update
set channel=long-term
[hoba@MikroTik] >
Пинг есть интернета нет микротик
I am setting up the Router in my signature on my small 50 devices network (including phones, virtual clients, tablets and everything you can think of) and the Router is connected to WAN via Port 1 and to the Switch via Port 2 (the switch in my signature, running SWOS) . I can reach the Router both via Winbox and Webfig, have defined standard 192.168.1.1/24 (NOT *.88.*) network and after doing the basics in the guide: https://help.mikrotik.com/docs/display/ . figuration I end up with getting an IP for the Internet — Dynamic Public IP — , can do the ping tests and my clients are connected to LAN, but not WAN. I obviously suspect something in the bridging between Ether1 (WAN) and Ether2 (LAN). The guide was followed with great care but at one point the CLI command for the NAT would not allow me to enter the «ether1» in the syntax, it would not take the number, despite me pressing the «1» key on the keyboard. Many times, harder and harder, repeating, deleting, new terminal, still no joy.
I manage to set that in the GUI after some trial and error but still no Internet access.
I will of course start over with this, but I have three questions:
1. How do you disable the autocomplete command in Terminal (I prefer a GUI). I realize it is handy for many, but since I use it as little as possible it tends to be confusing and frustrating. Make a better GUI.
2. Could Terminal be browser sensitive when running WebFig, since it seems to run better in Edge than in Firefox, the latter being my browser of choice in my OS of choice, Windows 10 21H1.
3. Is the guide updated for ROS version 6.48.3? Are you SURE about that? Are there any differences in the guide?
Posts: 11192 Joined: Tue Feb 25, 2014 12:49 pm Location: Italy Contact:
Re: Initial setup, ping works, but clients can not reach Internet
do not set ether1, you must set what give you the (dynamic) public ip
1) Stop use Ctrl+V. do not paste nothing, enable autocomplete.
2) use WinBox
3) I not mind
Re: Initial setup, ping works, but clients can not reach Internet
1. How do you disable the autocomplete command in Terminal (I prefer a GUI). I realize it is handy for many, but since I use it as little as possible it tends to be confusing and frustrating. Make a better GUI.
2. Could Terminal be browser sensitive when running WebFig, since it seems to run better in Edge than in Firefox, the latter being my browser of choice in my OS of choice, Windows 10 21H1.
3. Is the guide updated for ROS version 6.48.3? Are you SURE about that? Are there any differences in the guide?
It is not really clear to me why you are using the CLI when you prefer the GUI. There are two great GUIs available for MikroTik.
Examples are often given as CLI because that is easier to do in a manual (instead of screenshots) but you can enter the same commands using GUI.
It is known that the CLI screen in Winbox behaves a bit erratic. When you want to use CLI please use a dedicated tool like PuTTY or the OS built-in telnet/ssh
tool instead.
The most common issue for users using the Winbox CLI window is that Ctrl characters do something different than they are commonly used for.
See https://wiki.mikrotik.com/wiki/Manual:Console
Unfortunately the RB1100 model is for professionals and does not include the default settings that the lower-end devices have. That is so much
easier when you want to setup a router as a beginner!
Posts: 901 Joined: Thu Jul 14, 2016 9:29 pm Location: Belgium
Re: Initial setup, ping works, but clients can not reach Internet
How is your ISP connection delivered ? Through cable-modem/fiber so your «ether1» receives a public IP through DHCP ? Or do you connect with a PPPoE connection ?
I think the most efficient is to provide a full config so expert-user can very quickly spot anomalies.
/export hide-sensitive file=anynameyouwish or something.
Posts: 65 Joined: Wed Nov 14, 2012 7:14 am Location: New Jersey, USA
Re: Initial setup, ping works, but clients can not reach Internet
1. Make sure all your LAN ports are in a bridge and the WAN port it not.
2. Give your Bridge an IP address (which it sounds like you already did)
3. Source NAT/Masquerade (sounds like you already have that)
4. Make sure no firewall rules are blocking anything. Best to allow EST, REL, NEW forwarding from LAN
These are just some thoughts to consider.
Posts: 16657 Joined: Sun Feb 18, 2018 11:28 pm Location: Nova Scotia, Canada Contact:
Re: Initial setup, ping works, but clients can not reach Internet
Assuming you are using vlans,
The best guide for this at least for the router part of the setup you should use.
Default rules you should have.
/ip firewall filter
add action=accept chain=input comment=»defconf: accept established,related,untracked» connection-state=established,related,untracked
add action=drop chain=input comment=»defconf: drop invalid» connection-state=invalid
add action=accept chain=input comment=»defconf: accept ICMP» protocol=icmp
add action=drop chain=input comment=»defconf: drop all not coming from LAN» in-interface-list=!LAN
add action=accept chain=forward comment=»defconf: accept in ipsec policy» ipsec-policy=in,ipsec
add action=accept chain=forward comment=»defconf: accept out ipsec policy» ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=»defconf: fasttrack» connection-state=established,related
add action=accept chain=forward comment=»defconf: accept established,related, untracked» connection-state=established,related,untracked
add action=drop chain=forward comment=»defconf: drop invalid» connection-state=invalid
add action=drop chain=forward comment=»defconf: drop all from WAN not DSTNATed» connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=»defconf: masquerade» ipsec-policy=out,none out-interface-list=WAN
From there you should have connectivity as required.
Once you have absorbed the provided link and have a working config
post it here /export hide-sensitive file=anynameyouwish
as well as screenshots of the vlan and vlans SWOS screens for additional comments and pointers