caribounet
join:2006-07-11
Schefferville, QC
3 edits | Satellite + Mikrotik hotspot = dns problem?...no MSN/hotmail
I'll start with this general description because I don't know all of the details needed by any helpers to solve the problem. I will follow up with the details needed as they are requested...
I'm getting my satellite bandwidth through a DW7700. When I connect via ethernet directly to the NIC on my computer I can get into hotmail/msn etc. sites to check mail. when I add the mikrotik hotspot most surfing goes without problems. I can log onto and through the hotspot login page and get onto the internet to surf... but...
www.hotmail.com gets this error:
"The connection was refused when attempting to contact login.live.com"
I can't get to a hotmail splash page, hotmail login window, nothing.... just the error. happens on all browsers, multiple computers...it's some setting in the Mikrotik box. From reading around the net I'm thinking a DNScache/proxy issue...but I don't know what/where to fix it...need some handholding. Like I said, I can google, Post this message here, etc., Just can't get onto that hotmail site...since most of my clients use my hotspot to check their e-mail this is a fatal flaw in the service I am attempting to deliver...Help please...
Little more description of my set-up:
dw7700:
-Satellite comes in through DW7700 modem (I have a static IP I can use, but not sure how to use it, so I'm not for the moment. The 7700 gateway address appears as 192.168.0.1 and that is also the dhcp server adress.
Mikrotik box
-I plug ether1 of the mikrotik box into the 7700 to get the internet, and plug ether2 of the Mikrotik box (which is enabled as a hotspot giving out adresses from 10.5.50.1/24 gateway...out to my wireless tranzeo 6000 AP
The Tranzeo radio has a static adress in the 10.5.50.1/24 range, but outside of the dhcp range of the hotspot...I think thats the way to do it...? besides some wireless CPEs and random wireless hotspot users, there are a few other radios associated together via WDS acting as "repeaters" (not sure if this is the right term.).
But the main issue is, I'm sure, something to do with dns settings in Mikrotik box since everything (login, surfing)seems to work as it should but hotmail site... |
|
Believer
join:2002-07-04
Baltimore, MD | Are you connecting the Mikrotik with PPPoE?
--
Comtrain Certified Tower Climber |
|
viperm
Carpe Diem
Premium
join:2002-07-09
Winchester, CA | reply to caribounet
What version of Mikrotik are you using? |
|
caribounet
join:2006-07-11
Schefferville, QC
2 edits | reply to caribounet
oops... |
|
caribounet
join:2006-07-11
Schefferville, QC | reply to Believer
pppoe question...Since I'm not quite sure, and I didn't go out of my way to do it...safe answer would be "No." ? Right? |
|
caribounet
join:2006-07-11
Schefferville, QC | reply to viperm
version 2.9.10 |
|
viperm
Carpe Diem
Premium
join:2002-07-09
Winchester, CA
| reply to caribounet
Can you upgrade to a newer version I think some of the fixes in the new 2.9.27 were what you are speaking of having problems with.. You can look on the release notes to be sure but its worth a look..
--
ComTrain Certified Tower Climber. American Tower Certified approved contractor |
|
caribounet
join:2006-07-11
Schefferville, QC | I'll go do that now & see...since things are not satisfactory now, definitely worth a try. Thanks, I'll be back shortly (I hope) |
|
caribounet
join:2006-07-11
Schefferville, QC | reply to viperm
upgraded, and still same issue... now what...? |
|
viperm
Carpe Diem
Premium
join:2002-07-09
Winchester, CA | reply to caribounet
Well I would try and go into walled garden and try and see if adding those websites to being accessible works to solve your problem.
--
ComTrain Certified Tower Climber. American Tower Certified approved contractor |
|
caribounet
join:2006-07-11
Schefferville, QC | Thanks for the suggestion. I'm not exactly sure how to do that...I'll read the manual, but can you give me some pointers? sometimes their manual is kind of difficult to apply... |
|
caribounet
join:2006-07-11
Schefferville, QC | reply to viperm
I'm not sure what to do next...no doubt whatsoever some setting in the Mikrotik box is preventing login to the hotmail/msn site...
No idea what to do next... |
|
bito
Premium
join:2001-10-08
Atlanta, GA
| reply to caribounet
I have seen a MTU mismatch between interfaces cause a problem getting into hotmail/yahoo, where basically the mismatch was eating the cookies (har har) and preventing login. However this was using PPPoE, so not sure if it would have the same effect in your case.
Check yahoo mail/personals/other cookie stuff and see if it does the same thing. |
|
caribounet
join:2006-07-11
Schefferville, QC | www.yahoo.com gets same type of error:
"The connection was refused when attempting to contact login.yahoo.com"
So any suggestions? how do I fix this...?
Doesn't happen when the Mikrotik box isn't there... |
|
caribounet
join:2006-07-11
Schefferville, QC
| reply to bito
In the case of an MTU missmatch...somewhere I'm remembering reading a suggestion of setting the MTU at 800 when hooked up to a satellite link like I have...I did it, but no difference...should I also adjust MTU on the wireless equipment (tranzeo 6000's) to match? Am I barking up the right tree or in the wrong forest? |
|
lutful
Premium
join:2005-06-16
Ottawa, ON | reply to caribounet
HotMail authentication is known to fail going through firewall and squid proxy. In squid.conf, adding "never_direct allow all" fixes that problem.
Mu hunch is that you have a similar issue. |
|
caribounet
join:2006-07-11
Schefferville, QC
| Found this on the mikrotik "changelog" list...
What's new in v2.9beta10: ...added - workaround in transparent web proxy for IE6 access to Hotmail Does anyone know how to check that this workaround is in place? and if it isn't how to put it there in the context of a hotspot configuration...???
Getting closer...I can feel it...Thanks everyone so far... |
|
viperm
Carpe Diem
Premium
join:2002-07-09
Winchester, CA
| reply to caribounet
You using webmin?
If so log into the device go to IP then to hotspot then click on the walled garden tab and add your sites in there. Make sure to choose server (being your hotspot server) type in the dest host I.E. login.yahoo.com dst port 80 and clcik action allow and okay. Once you have done that try to go to the that site you added to the walled garden..
--
ComTrain Certified Tower Climber. American Tower Certified approved contractor |
|
jarosoup
join:2003-01-14
 ·Qwest.net
1 edit | reply to caribounet
I think this is an MTU issue. Try adding a mangle rule like this:
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=clamp-to-pmtu comment="" disabled=no
If that doesn't help, you might needed to "fish" for the right value, by setting "new-mss=" to something less than 1492. You could try the value of 800 here. |
|
caribounet
join:2006-07-11
Schefferville, QC
| SUCCESS! I did a system reset and just rebuilt everything from scratch...Hotmail, yahoo, ebay...logins all work now.
I'm thinking this was all because after I upgraded to 2.9.27 I reloaded a previous config file instead of starting from scratch...I still can't access the router wirelessly via winbox, but I have another thread for that issue if anyone's feeling generous...Thanks everyone for the help here. |
|
