I have 6.19 certified in my network (and I run my SIP through it) However 6.12 is also popular.
Regards Alexander Alexander Neilson Neilson Productions Limited [email protected] 021 329 681 022 456 2326 > On 30/01/2015, at 1:39 pm, Scott Reed <[email protected]> wrote: > > I don't remember if 6.5 is stable. I would move to 6.12. > I don't think that will fix the problem, but should make a more stable router. > > On 1/29/2015 7:25 PM, Casey Mills wrote: >> Running version 6.5 on a RB2011. >> >> I did reboot just a few minutes ago, no change. >> >> The connection table should clear on a reboot right? >> >> I really appreciate your suggestions! It is great to have someone to bounce >> idea off of. >> >> Casey >> >> >> >> >> *********** Firewall Rules **************** >> /ip firewall connection tracking >> set enabled=yes >> /ip firewall filter >> add chain=input comment="Allow all local traffic in" >> in-interface=bridge-local >> add chain=input comment="Allow all pings" protocol=icmp >> add chain=input comment="default configuration" connection-state=established >> add chain=input comment="default configuration" connection-state=related >> add action=drop chain=input comment="SSH Brute Force Rule01" dst-port=22 >> protocol=tcp src-address-list=ssh_blacklist >> add action=add-src-to-address-list address-list=ssh_blacklist >> address-list-timeout=8w4d chain=input comment="SSH Brute Force Rule02" >> connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3 >> add action=add-src-to-address-list address-list=ssh_stage3 >> address-list-timeout=1m chain=input comment="SSH Brute Force Rule03" >> connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2 >> add action=add-src-to-address-list address-list=ssh_stage2 >> address-list-timeout=1m chain=input comment="SSH Brute Force Rule04" >> connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1 >> add action=add-src-to-address-list address-list=ssh_stage1 >> address-list-timeout=1m chain=input comment="SSH Brute Force Rule05" >> connection-state=new dst-port=22 protocol=tcp >> add chain=input comment="Open SSH Port" dst-port=22 >> in-interface=ether1-gateway protocol=tcp >> add action=drop chain=input comment="Drop all other traffic coming from >> Internet" in-interface=ether1-gateway >> add chain=forward comment="default configuration" >> connection-state=established >> add chain=forward comment="default configuration" connection-state=related >> add action=drop chain=forward comment="default configuration" >> connection-state=invalid >> /ip firewall nat >> add action=masquerade chain=srcnat comment=Hairpin-Test src-address= >> 192.168.55.0/24 >> add action=dst-nat chain=dstnat comment=Foscam-1 dst-port=8080 protocol=tcp >> to-addresses=192.168.55.200 to-ports=8080 >> add action=dst-nat chain=dstnat comment=Foscam-2 dst-port=8081 protocol=tcp >> to-addresses=192.168.55.201 to-ports=8081 >> add action=dst-nat chain=dstnat comment=IX2 dst-port=80 >> in-interface=ether1-gateway protocol=tcp to-addresses=192.168.55.54 >> to-ports=80 >> add action=dst-nat chain=dstnat comment=IX2 dst-port=443 >> in-interface=ether1-gateway protocol=tcp to-addresses=192.168.55.54 >> to-ports=443 >> add action=dst-nat chain=dstnat comment=IX2 dst-port=50500 protocol=tcp >> to-addresses=192.168.55.54 to-ports=50500 >> add action=dst-nat chain=dstnat comment="IX2 FTP" dst-port=21 protocol=tcp >> to-addresses=192.168.55.54 to-ports=21 >> add action=dst-nat chain=dstnat comment=Casey7-RDP dst-port=3389 >> protocol=tcp to-addresses=192.168.55.52 to-ports=3389 >> add action=dst-nat chain=dstnat comment=HTPC7-Plex dst-port=32400 >> protocol=tcp to-addresses=192.168.55.50 to-ports=32400 >> add action=dst-nat chain=dstnat comment=HTPC7-CetonApp dst-port=5832 >> protocol=tcp to-addresses=192.168.55.50 to-ports=5832 >> add action=dst-nat chain=dstnat comment=VOIP dst-port=5060 protocol=tcp >> to-addresses=192.168.55.55 to-ports=5060 >> add action=dst-nat chain=dstnat comment=VOIP dst-port=5060 protocol=udp >> to-addresses=192.168.55.55 to-ports=5060 >> add action=dst-nat chain=dstnat comment=VOIP dst-port=5061 protocol=udp >> to-addresses=192.168.55.55 to-ports=5061 >> add action=dst-nat chain=dstnat comment=VOIP dst-port=5061 protocol=tcp >> to-addresses=192.168.55.55 to-ports=5061 >> add action=dst-nat chain=dstnat comment=VOIP dst-port=10000-20000 >> protocol=udp to-addresses=192.168.55.55 to-ports=10000-20000 >> /ip firewall service-port >> set sip disabled=yes >> *********************************************************************** >> >> On Thu, Jan 29, 2015 at 7:07 PM, Alexander Neilson <[email protected] >>> wrote: >>> You would still see it leaving your interface if the upstream was blocking >>> it. >>> >>> Can you post privatised firewall rules etc so we can see what you have in >>> place? >>> >>> What software version are you running? >>> >>> Have you rebooted after changes? Cleared your connections table? There is >>> a bug where firewall rule changes don't take effect until a reboot. Also if >>> an existing connection in the contrac table then no matter the change it >>> won't be reflected until that connection has cleared. >>> >>> Like others I run asterisk sip servers through mikrotiks so I know it >>> works. Just trying to find issues. >>> >>> Regards >>> >>> Alexander >>> >>> Alexander Neilson >>> Neilson Productions Ltd >>> [email protected] >>> 021 329 681 >>> >>>> On 30/01/2015, at 12:48 pm, Casey Mills <[email protected]> wrote: >>>> >>>> I'm using my Android phone as one of the extensions. This works from >>> inside >>>> and outside my network. But connecting to the SIP trunk with the FreePBX >>>> box is not working. In torch I can see the traffic getting to the local >>>> bridge. But that traffic is not making it out the WAN port. I am able to >>>> ping both SIP provider servers. >>>> >>>> I have watched the counters in my filter rules and NAT, I can't find >>> where >>>> the traffic is stopping. >>>> >>>> Comcast is my upstream, they could be blocking it but they are minding >>>> their Ps and Qs trying to get the Time Warner merger approved. >>>> >>>> Casey >>>> >>>>> On Thu, Jan 29, 2015 at 6:34 PM, Scott Reed <[email protected]> wrote: >>>>> >>>>> All of our phones are FreePBX through Mikrotiks ( several to get out to >>>>> the Internet and I don't recall doing anything special to get them to >>> work. >>>>> Do the normal network stuff, traceroute, etc. Make sure you have >>>>> connectivity. >>>>> Any chance your upstream is blocking SIP traffic? >>>>> >>>>> >>>>>> On 1/29/2015 5:21 PM, Casey Mills wrote: >>>>>> >>>>>> I setup a FreePBX server and wanted to test a few SIP trunking >>> services. >>>>>> The SIP packets are not making it through the router from the inside >>> of my >>>>>> network. I thought it might be a fluke with the first provider, so I >>>>>> signed >>>>>> up with a second. Same result. >>>>>> >>>>>> I simply can not figure out why they aren't making it through. My >>> leading >>>>>> theory is FreePBX/Asterisk is changing the packet IP address, somehow >>>>>> making it invalid. But I have tried setting the IP of the server to the >>>>>> internal and external IP. >>>>>> >>>>>> I am able to use an app on my phone and connect to the server from >>> outside >>>>>> of the network. Utilizing the dst-nat forwarding. >>>>>> >>>>>> Any ideas on where to start? >>>>>> >>>>>> Casey >>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL: <http://mail.butchevans.com/pipermail/mikrotik/ >>>>>> attachments/20150129/f155ae1c/attachment.html> >>>>>> _______________________________________________ >>>>>> Mikrotik mailing list >>>>>> [email protected] >>>>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>>>> >>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>> RouterOS >>>>>> >>>>>> >>>>>> ----- >>>>>> No virus found in this message. >>>>>> Checked by AVG - www.avg.com >>>>>> Version: 2015.0.5646 / Virus Database: 4273/9019 - Release Date: >>> 01/29/15 >>>>> -- >>>>> Scott Reed >>>>> Owner >>>>> NewWays Networking, LLC >>>>> Wireless Networking >>>>> Network Design, Installation and Administration >>>>> Mikrotik Advanced Certified >>>>> www.nwwnet.net >>>>> (765) 855-1060 (765) 439-4253 Toll-free (855) 231-6239 >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Mikrotik mailing list >>>>> [email protected] >>>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>> RouterOS >>>> -------------- next part -------------- >>>> An HTML attachment was scrubbed... >>>> URL: < >>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150129/81f51003/attachment.html >>>> _______________________________________________ >>>> Mikrotik mailing list >>>> [email protected] >>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> _______________________________________________ >>> Mikrotik mailing list >>> [email protected] >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150129/37050877/attachment.html> >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS >> >> >> ----- >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 2015.0.5646 / Virus Database: 4273/9022 - Release Date: 01/29/15 >> >> > > -- > Scott Reed > Owner > NewWays Networking, LLC > Wireless Networking > Network Design, Installation and Administration > Mikrotik Advanced Certified > www.nwwnet.net > (765) 855-1060 (765) 439-4253 Toll-free (855) 231-6239 > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
