1

I got new ISP few days ago, and it's fiber line that according to ISP I can use with my MikroTik router.

In mail I got the following (made up IP, but same pattern):

WAN block 93.83.73.68/30

ISP port: 93.83.73.69

Your port: 93.83.73.70

Subnet mask 255.255.255.252

LAN block: 77.67.57.215/32

Subnet: 255.255.255.255

WAN block is used for interconnection between our network and the device at your location and can’t be used for Internet access, LAN block is given to you, registered in your name and is used for Internet access.

Up until now I used WAN IP + private block 192.168.88.0/24, but now my LAN block is a single public IP?

If I understood correctly it should be setup like this:

  • Set ISP facing port IP 93.83.73.70/30
  • Set Gateway IP 93.83.73.69
  • Set DNS IP 8.8.8.8, 8.8.4.4
  • Set LAN network and DHCP 192.168.88.0/24
  • Add Firewall NAT rule that like this:

add chain=srcnat src-address=192.168.88.0/24 action=src-nat to-addresses=77.67.57.215 out-interface=ether1

Am I missing something, it won't work still and ISP phone support wants to sell me their crappy router?

IP > Routes shows 93.83.73.69 as reachable via ether1.

//Updates after following instructions from the comments:

/ping 93.83.73.69 src-address=93.83.73.70

gets timeout and unreachable

/ping 93.83.73.69 src-address=93.83.73.70 interface=ether1 arp-ping=yes

gets timeout only

/ip arp print

shows gateway (93.83.73.69) ip address in the list but MAC is empty

During all this, sniffer is only showing:

SRC-MAC   DST-MAC            SRC-ADDRESS                     DST-ADDRESS
Ether1MAC FF:FF:FF:FF:FF:FF  93.83.73.70 who has 93.83.73.69? [empty, nothing]

Just for fun I disabled ARP on ether 1, and than sniffer starts showing DNS requests and pings from the computer, and src-address is 77.67.57.215 as expected because of src-nat. But they go nowhere.

serghei
  • 145
  • 8
Mario Vivante
  • 21
  • 3
  • The configuration seems okay; how are you testing and what packets do you see being sent/received on the WAN interface (using `/tool sniffer`)? – u1686_grawity Jan 21 '21 at 11:10
  • @user1686 I tried pinging from laptop and router 93.83.73.70, works; pinging 93.83.73.69 (gateway) not working, pinging 8.8.8.8 not working. I'll try sniffing, but I'm not that good with this. I'll look at sniffer in more detail and try it. – Mario Vivante Jan 21 '21 at 11:56
  • 1) Check if you can `/ping 93.83.73.69 src-address=93.83.73.70` directly from the router, that's the first thing you need to get working. If there's no response, check whether the ISP gateway's MAC address at least shows up under `/ip arp print`, and/or ping it with `arp-ping=yes`. (It's possible that the ISP's gateway will ignore regular ICMP ping, but it really cannot ignore ARP – it's _always_ going to respond to ARP queries from the hAP.) – u1686_grawity Jan 21 '21 at 13:05
  • 2) Maximize the terminal window (so all columns will fit), run `/tool sniffer quick interface=ether1`. Check if you can `/ping 8.8.8.8 src-address=192.168.88.1` from another terminal, this should get SNATed and the sniffer should show the packets as being sent from 77.67.57.215. 3) Try to ping 8.8.4.4 from another computer, this should also show up on the sniffer in the same way. – u1686_grawity Jan 21 '21 at 13:05
  • @user1686 I've updated my question with instructions from the comments, hope it helps narrow down the issue. – Mario Vivante Jan 22 '21 at 07:50
  • @user1686 thank you very much for your help, your comments helped me figure it out. – Mario Vivante Jan 22 '21 at 09:19

1 Answers1

1

After advisory from the comments I figured something must be wrong on ISP end, and yes, after yelling at them and saying that gateway is not responding, today they called me to apologize and ask for confirmation that the link is working fine now.

All good, configuration was fine all along.

Mario Vivante
  • 21
  • 3