Hello,
I'm migrating from a RB750Gr3 router to rb5009ug_s_in. I've exported the configuration from one device and imported it in the new one and I can see that the router is able to connect to internet, since I checked for updates and I was able to download/upgrade the router. The issue I'm facing is that I'm not able to reach internet from any of the LAN ports connected to the router. I'm able to see the rest of devices in the same LAN, but I don't seem to be able to reach WAN. Since the rb5009ug_s_in router has a dedicated switch, I'm not sure if I need to configure anything else there in order to be able to fix this issue.
I'm checking that there are some remnants of the default IP in the configuration (192.168.88.1), not sure if that could be also a problem aside the routing.
This is the current configuration:
I'm migrating from a RB750Gr3 router to rb5009ug_s_in. I've exported the configuration from one device and imported it in the new one and I can see that the router is able to connect to internet, since I checked for updates and I was able to download/upgrade the router. The issue I'm facing is that I'm not able to reach internet from any of the LAN ports connected to the router. I'm able to see the rest of devices in the same LAN, but I don't seem to be able to reach WAN. Since the rb5009ug_s_in router has a dedicated switch, I'm not sure if I need to configure anything else there in order to be able to fix this issue.
I'm checking that there are some remnants of the default IP in the configuration (192.168.88.1), not sure if that could be also a problem aside the routing.
This is the current configuration:
Code:
# 2025-01-10 19:28:49 by RouterOS 7.16.2## model = RB5009UG+S+/interface bridgeadd admin-mac=F4:1E:57:83:0C:94 auto-mac=no comment=defconf name=local port-cost-mode=short/interface ethernetset [ find default-name=ether1 ] name=ether_isp/interface vlanadd interface=ether_isp name=vlan_isp vlan-id=20/interface pppoe-clientadd add-default-route=yes disabled=no interface=vlan_isp name=pppoe-out1 use-peer-dns=yes user=pppoe-user/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip smb usersset [ find default=yes ] disabled=yes/disk settingsset auto-media-interface=local auto-media-sharing=yes auto-smb-sharing=yes/interface bridge portadd bridge=local comment=defconf interface=ether2add bridge=local comment=defconf interface=ether3add bridge=local comment=defconf interface=ether4add bridge=local comment=defconf interface=ether5add bridge=local comment=defconf interface=ether6add bridge=local comment=defconf interface=ether7add bridge=local comment=defconf interface=ether8add bridge=local comment=defconf interface=sfp-sfpplus1/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=none/ip settingsset tcp-syncookies=yes/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface list memberadd comment=defconf interface=local list=LANadd comment=defconf interface=ether_isp list=WAN/ip addressadd address=192.168.3.1/23 interface=local network=192.168.2.0/ip cloudset update-time=no/ip dhcp-clientadd comment=defconf interface=ether_isp/ip dnsset allow-remote-requests=yes servers=1.1.1.1,1.0.0.1/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan type=A/ip firewall address-listadd address=192.168.3.2-192.168.3.254 list=allowed_to_routeradd address=0.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=172.16.0.0/12 comment=RFC6890 list=not_in_internetadd address=192.168.0.0/16 comment=RFC6890 list=not_in_internetadd address=10.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=169.254.0.0/16 comment=RFC6890 list=not_in_internetadd address=127.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=224.0.0.0/4 comment=Multicast list=not_in_internetadd address=198.18.0.0/15 comment=RFC6890 list=not_in_internetadd address=192.0.0.0/24 comment=RFC6890 list=not_in_internetadd address=192.0.2.0/24 comment=RFC6890 list=not_in_internetadd address=198.51.100.0/24 comment=RFC6890 list=not_in_internetadd address=203.0.113.0/24 comment=RFC6890 list=not_in_internetadd address=100.64.0.0/10 comment=RFC6890 list=not_in_internetadd address=240.0.0.0/4 comment=RFC6890 list=not_in_internetadd address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet/ip firewall filteradd action=accept chain=input comment="default configuration" connection-state=established,related \ disabled=yesadd action=accept chain=input disabled=yes src-address-list=allowed_to_routeradd action=accept chain=input disabled=yes protocol=icmpadd action=accept chain=input disabled=yes dst-port=51215 protocol=udpadd action=accept chain=input disabled=yes src-address=192.168.100.0/24 src-address-list=""add action=drop chain=input disabled=yesadd action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related \ disabled=yes hw-offload=yesadd action=accept chain=forward comment="Established, Related" connection-state=established,related \ disabled=yesadd action=drop chain=forward comment="Drop invalid" connection-state=invalid disabled=yes log-prefix=\ invalidadd action=drop chain=forward comment="Drop incoming packets that are not NAT`ted" connection-nat-state=\ !dstnat connection-state=new disabled=yes in-interface=ether_isp log=yes log-prefix=!NATadd action=jump chain=forward comment="jump to ICMP filters" disabled=yes jump-target=icmp protocol=icmpadd action=drop chain=forward comment="Drop incoming from internet which is not public IP" disabled=yes \ in-interface=ether_isp log=yes log-prefix=!public src-address-list=not_in_internetadd action=accept chain=icmp comment="echo reply" disabled=yes icmp-options=0:0 protocol=icmpadd action=accept chain=icmp comment="net unreachable" disabled=yes icmp-options=3:0 protocol=icmpadd action=accept chain=icmp comment="host unreachable" disabled=yes icmp-options=3:1 protocol=icmpadd action=accept chain=icmp comment="host unreachable fragmentation required" disabled=yes icmp-options=\ 3:4 protocol=icmpadd action=accept chain=icmp comment="allow echo request" disabled=yes icmp-options=8:0 protocol=icmpadd action=accept chain=icmp comment="allow time exceed" disabled=yes icmp-options=11:0 protocol=icmpadd action=accept chain=icmp comment="allow parameter bad" disabled=yes icmp-options=12:0 protocol=icmpadd action=drop chain=icmp comment="deny all other types" disabled=yes/ip firewall natadd action=masquerade chain=srcnat out-interface-list=WANadd action=dst-nat chain=dstnat dst-port=50010 in-interface-list=WAN protocol=tcp to-addresses=\ 192.168.3.111 to-ports=50010add action=dst-nat chain=dstnat dst-port=50101 in-interface-list=WAN protocol=tcp to-addresses=\ 192.168.3.111 to-ports=50101add action=dst-nat chain=dstnat dst-port=52100 in-interface-list=WAN protocol=tcp to-addresses=\ 192.168.3.111 to-ports=52100add action=dst-nat chain=dstnat dst-port=52112 in-interface-list=WAN protocol=tcp src-port="" to-addresses=\ 192.168.3.111 to-ports=52112add action=dst-nat chain=dstnat dst-port=51015 in-interface-list=WAN protocol=tcp to-addresses=\ 192.168.3.111 to-ports=51015add action=dst-nat chain=dstnat dst-port=50001-50009 in-interface-list=WAN protocol=udp to-addresses=\ 192.168.3.111 to-ports=50001-50009add action=dst-nat chain=dstnat dst-port=50001-50009 in-interface-list=WAN protocol=tcp to-addresses=\ 192.168.3.111 to-ports=50001-50009add action=dst-nat chain=dstnat dst-port=55111 in-interface-list=WAN protocol=tcp to-addresses=\ 192.168.3.111 to-ports=55111add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN protocol=tcp to-addresses=192.168.3.111 \ to-ports=80add action=dst-nat chain=dstnat disabled=yes dst-port=443 in-interface-list=WAN protocol=tcp to-addresses=\ 192.168.3.111 to-ports=443/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh address=192.168.3.0/24set api disabled=yesset winbox address=192.168.3.0/24set api-ssl disabled=yes/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 \ protocol=udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=\ in,ipsecadd action=drop chain=forward comment="defconf: drop everything else not coming from LAN" \ in-interface-list=!LAN/system clockset time-zone-name=Europe/Madrid/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=0.europe.pool.ntp.orgadd address=1.europe.pool.ntp.orgadd address=2.europe.pool.ntp.orgadd address=3.europe.pool.ntp.org/tool bandwidth-serverset enabled=no/tool mac-serverset allowed-interface-list=none/tool mac-server mac-winboxset allowed-interface-list=none/tool mac-server pingset enabled=noStatistics: Posted by Dwosky — Fri Jan 10, 2025 8:43 pm