Community discussions

MikroTik App
just joined
Topic Author
Posts: 7
Joined: Sun May 01, 2022 4:02 am

Ping is possible, no internet access (http)

Wed Oct 26, 2022 9:58 pm

Hi guys,

I have a RBD52G with default configuration which I wanted to connect to the internet via a Fritzbox.

When I’m in the FBs LAN ( I can access the internet properly.
When I’m in the MTs LAN (, I can ping addresses (from both WiFi client and routers terminal) but I can’t open any website. I also can access my FB

In Quick Set, NAT is activated, so in the firewall section masquerade is enabled on the srcnat chain with out.interface must WAN.

With /tool traceroute on the last shown IP ( belongs to Google…

[admin@MikroTik] > /tool traceroute 
1 0% 319 0.3ms 0.3 0.3 0.9 0.1
2 0% 319 9.3ms 21.1 8.2 143.5 17.2
3 0% 319 12ms 21.2 5.9 128.4 18
4 0% 319 8.9ms 22.4 7.9 187.4 19.6
5 0% 319 12.9ms 23.9 8.1 171.9 20
6 0% 319 16ms 27.1 13.3 99.2 15.7
7 0% 319 31ms 27 13.4 121.9 17.5
8 0% 319 15.8ms 26.3 12.9 118.1 17.9
9 0% 319 18ms 26.9 12.9 144.1 19.3
10 0% 319 15ms 26 12.9 97 14.6
11 0% 319 16.5ms 26 12 109.2 16.7

So my question is: What do I need to do / configure to be able to access the internet properly?

I’m quite new to Mikrotik and routerOS, so any help is highly appreciated!

Many thanks in advance and best regards
User avatar
Forum Guru
Forum Guru
Posts: 14362
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Ping is possible, no internet access (http)

Wed Oct 26, 2022 10:04 pm

You are fired quickset is a word most people have set on their forum settings to then ignore all posts from a user...........

Also the lack of a config file is a real turn-off
/export file=anynameyouwish (minus serial number and any public wanip Info)
just joined
Topic Author
Posts: 7
Joined: Sun May 01, 2022 4:02 am

Re: Ping is possible, no internet access (http)

Wed Oct 26, 2022 10:26 pm

Thank you for your very quick (and honest) reply.

Here’s my config:
# oct/26/2022 21:18:49 by RouterOS 6.49.6
# software id = 1758-TR55
# model = RBD52G-5HacD2HnD
# serial number = XXXXXXXXX
/interface bridge
add admin-mac=DC:2C:6E:E9:71:DC auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country=germany disabled=no distance=indoors frequency=auto installation=\
    indoor mode=ap-bridge ssid=XXXXXXXXX wireless-protocol=802.11 wps-mode=\
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country=germany disabled=no distance=indoors frequency=\
    auto installation=indoor mode=ap-bridge ssid=XXXXXXXXX wireless-protocol=\
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=XXXXXXXXX \
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address= comment=defconf interface=bridge network=\
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address= comment=defconf dns-server= gateway=\ netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address= comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
add action=drop chain=forward comment="defconf: drop invalid" \
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Berlin
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
just joined
Topic Author
Posts: 7
Joined: Sun May 01, 2022 4:02 am

Re: Ping is possible, no internet access (http)

Wed Oct 26, 2022 10:34 pm

I found the error - the old DNS gateway was still in use ( Sorry for this unnecessary issue and a nice evening to all!

Who is online

Users browsing this forum: Amazon [Bot], bozko, dpaiha and 54 guests