Re: [AFMUG] Weird IP issue

Wed, 04 May 2022 09:19:37 -0700 

Very minimal, really just basic input rules, nothing that would block the IP 
addresses from getting through. No NAT or Mangle rules on this router.

/ip firewall filter
add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
    connection-state=established,related
add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 protocol=\
    udp
add action=accept chain=input comment="ACCEPT DHCP" dst-port=67 protocol=udp
add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
    2000-3000 protocol=tcp
add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
    2000-3000 protocol=udp
add action=accept chain=input dst-port=5678 protocol=tcp
add action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
    THIS_ADMIN
add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
add action=drop chain=input comment="DROP ALL OTHER INPUT"


-- 
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE

Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com

This institution is an equal opportunity provider and employer.
Esta instituciĆ³n es un proveedor de servicios con igualdad de oportunidades.

----- Original Message -----
> From: "Josh Luthman" <j...@imaginenetworksllc.com>
> To: "AnimalFarm Microwave Users Group" <af@af.afmug.com>
> Sent: Wednesday, May 4, 2022 11:12:55 AM
> Subject: Re: [AFMUG] Weird IP issue

> Firewall filter rules?
> 
> Double check the gateway and subnet on the server.
> 
> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> 
> 
> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running RouterOS
> 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have two
> servers on that switch both in the the same public IP block. I can ping both
> servers from the router, and they can ping each other. One server is globally
> reachable and the other is not reachable other than from the router or switch
> itself. I plugged in my laptop and assigned it an IP in that same range and
> cannot reach it extrenally either. The router is using OSPF and I can see the
> route for that IP block from both sides of the router, but traceroutes/pings 
> to
> anything other than the server that is working stop at the router. No vlans or
> special configuration between the router and the switch, just basic IP, all
> ports on the switch are bridged. Forwarded ports (dstnat) don't appear to work
> from the router either.
> 
> I'm stumped, so I figured I would ask if anyone else has seen anything like 
> this
> and have a solution, or am I looking at a possible RouterOS 7 issue?
> 
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
> 
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> 
> This institution is an equal opportunity provider and employer.
> Esta instituciĆ³n es un proveedor de servicios con igualdad de oportunidades.
> 
> --
> AF mailing list
> [ mailto:AF@af.afmug.com | AF@af.afmug.com ]
> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com |
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ]
> 
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Reply via email to