Very minimal, really just basic input rules, nothing that would block the IP
addresses from getting through. No NAT or Mangle rules on this router.
/ip firewall filter
add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
connection-state=established,related
add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 protocol=\
udp
add action=accept chain=input comment="ACCEPT DHCP" dst-port=67 protocol=udp
add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
2000-3000 protocol=tcp
add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
2000-3000 protocol=udp
add action=accept chain=input dst-port=5678 protocol=tcp
add action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
THIS_ADMIN
add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
add action=drop chain=input comment="DROP ALL OTHER INPUT"
--
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE
Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com
This institution is an equal opportunity provider and employer.
Esta instituciĆ³n es un proveedor de servicios con igualdad de oportunidades.
----- Original Message -----
> From: "Josh Luthman" <[email protected]>
> To: "AnimalFarm Microwave Users Group" <[email protected]>
> Sent: Wednesday, May 4, 2022 11:12:55 AM
> Subject: Re: [AFMUG] Weird IP issue
> Firewall filter rules?
>
> Double check the gateway and subnet on the server.
>
> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> mailto:[email protected] | [email protected] ] > wrote:
>
>
> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running RouterOS
> 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have two
> servers on that switch both in the the same public IP block. I can ping both
> servers from the router, and they can ping each other. One server is globally
> reachable and the other is not reachable other than from the router or switch
> itself. I plugged in my laptop and assigned it an IP in that same range and
> cannot reach it extrenally either. The router is using OSPF and I can see the
> route for that IP block from both sides of the router, but traceroutes/pings
> to
> anything other than the server that is working stop at the router. No vlans or
> special configuration between the router and the switch, just basic IP, all
> ports on the switch are bridged. Forwarded ports (dstnat) don't appear to work
> from the router either.
>
> I'm stumped, so I figured I would ask if anyone else has seen anything like
> this
> and have a solution, or am I looking at a possible RouterOS 7 issue?
>
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
>
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
>
> This institution is an equal opportunity provider and employer.
> Esta instituciĆ³n es un proveedor de servicios con igualdad de oportunidades.
>
> --
> AF mailing list
> [ mailto:[email protected] | [email protected] ]
> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com |
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ]
>
> --
> AF mailing list
> [email protected]
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
