Hi,
ich hab da ein kleines Problem und da fiel mir irgendwann ein, dass hier ja auch Mikrotik Profis sind.
Mein Setup: Ne Fritzbox als Modem (Ich weiß nicht optimal aber es sollte funktionieren) die keinerlei Verbindung aufbaut. Dahinter dann nen Mikrotik C53UiG+5HPaxD2HPaxD der sich per PPPOE mit dem DSL der Telekom verbindet.
Internet ist auch stabil und funktioniert soweit alles.
Ich hab intern auf nem Unraid auch den ein oder andern Gameserver laufen für mich und meine Freunde und da fangen die Probleme an. Connectet man von außen also außerhalb des Lans alles super aber wenn ich von internem LAN connecte habe ich Pingzeiten jenseits des Todes (das höchste was ich mal sah war was mit 300000 )
Ich hab im Mikrotik Forum auch schon nen Thread und das ein oder andere gefunden aber die richtige Lösung war leider noch nicht dabei. Mikrotik Forenthread
Ich bin allerdings wirklich kein Mikrotik Profi oder Netzwerkprofi daher bin ich sehr schnell ratlos was das sein könnte.
Ich vermute ihr braucht auch noch die config, das wäre aktuell diese hier
# 2025-03-26 15:20:00 by RouterOS 7.18.2
# software id = KEEF-Y536
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HGX0A9Z41FA
/interface bridge
add admin-mac=F4:1E:57:2A:33:61 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
1G-baseT-half,1G-baseT-full,2.5G-baseT rx-flow-control=auto \
tx-flow-control=auto
set [ find default-name=ether5 ] advertise=1G-baseT-half,1G-baseT-full
/interface wifi
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
configuration.country=Germany .mode=ap .ssid=Dingsbums disabled=no \
security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
configuration.country=Germany .mode=ap .ssid=Dingsbums disabled=no \
security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/interface pppoe-client
add add-default-route=yes allow=pap,chap,mschap2 disabled=no interface=ether1 \
max-mru=1500 max-mtu=1500 name=telekom user=\
#######################
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.2.10-192.168.2.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=23h30m name=defconf
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=\
LAN wan-interface-list=WAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=telekom list=WAN
add interface=ether1 list=WAN
/ip address
add address=192.168.2.1/24 comment=defconf interface=bridge network=\
192.168.2.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=192.168.2.141 client-id=1:b0:41:6f:e:98:51 mac-address=\
B0:41:6F:0E:98:51 server=defconf
add address=192.168.2.43 client-id=1:52:54:0:93:36:c1 mac-address=\
52:54:00:93:36:C1 server=defconf
add address=192.168.2.42 client-id=1:52:54:0:5b:1b:68 mac-address=\
52:54:00:5B:1B:68 server=defconf
add address=192.168.2.40 client-id=1:52:54:0:79:24:fb mac-address=\
52:54:00:79:24:FB server=defconf
add address=192.168.2.50 client-id=1:e4:5f:1:27:28:b2 mac-address=\
E4:5F:01:27:28:B2 server=defconf
/ip dhcp-server network
add address=192.168.2.0/24 comment=defconf dns-server=192.168.2.1 gateway=\
192.168.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.2.1 comment=defconf name=router.lan type=A
/ip firewall address-list
add address=######################## comment=WAN-IP list=WAN-IP
add address=192.168.2.0/24 comment="Lan Subnet" list=LAN-subnet
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input in-interface=!telekom src-address=\
192.168.2.0/24
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
"Mark connections for hairpin NAT" dst-address-list=WAN-IP \
new-connection-mark="Hairpin NAT" src-address-list=LAN-subnet
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" connection-mark=\
"Hairpin NAT"
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=80 protocol=\
tcp to-addresses=192.168.2.43 to-ports=80
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=443 \
protocol=tcp to-addresses=192.168.2.43 to-ports=443
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=25565-25620 \
protocol=tcp to-addresses=192.168.2.141
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=25565-25620 \
protocol=udp to-addresses=192.168.2.141 to-ports=25565-25620
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=27000-27050 \
protocol=tcp to-addresses=192.168.2.141
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=27000-27050 \
protocol=udp to-addresses=192.168.2.141
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=25621-25710 \
log=yes log-prefix=gametcp protocol=tcp to-addresses=192.168.2.141
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=25621-25710 \
log=yes log-prefix=gameudp protocol=udp to-addresses=192.168.2.141
/ip service
set telnet address=192.168.2.0/24
set www disabled=yes
set ssh address=192.168.2.0/24
set api address=192.168.2.0/24
set winbox address=192.168.2.0/24
set api-ssl address=192.168.2.0/24
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=telekom type=external
/ipv6 address
add address=::1 from-pool=telekom.ipv6 interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=telekom pool-name=telekom.ipv6 request=\
prefix
/ipv6 dhcp-server
add address-pool=telekom.ipv6 interface=bridge name=server1 prefix-pool=\
telekom.ipv6
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack6" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/ipv6 nd
set [ find default=yes ] hop-limit=64 interface=bridge
/system clock
set time-zone-name=Europe/Berlin
/system note
set show-at-login=no
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system routerboard wps-button
set enabled=yes on-event=wps-accept
/system scheduler
add interval=1d name=backup policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2025-03-25 start-time=01:13:44
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :foreach iface in=[/interface/wifi find where (configuration.mode=\"a\
p\" && disabled=no)] do={\r\
\n /interface/wifi wps-push-button \$iface;}\r\
\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=no down-script="" host=192.168.2.141 http-codes="" test-script=\
"" type=simple up-script=""
/tool sniffer
set filter-ip-address=192.168.2.141/32
Ich hoffe hier ist noch der ein oder andere Profi der mir weiterhelfen kann