Input rules work any any port you choose (they also work from the LAN side as well).
Firewall filters and queue trees occasionally get "confused" when interfaces are changed out from under them. When you detect rules in either of these places that should be getting hit but aren't, a good first line of attack is: export the rules to a file delete the live rules re-import the rules from the file Creating the rules fresh in this manner flushes whatever accumulated cruft is confusing the old ones. Sometimes just disabling the rules and then re-enabling them works as well, but not as reliably (I used this approach yesterday to correct a predefined queue tree that wasn't shaping traffic on a new gateway interface right after my bandwidth provider activated it.) As for OSPF, make sure the router IDs on the two new towers are unique; a duplication could cause these symptoms. > On Jan 7, 2017, at 12:53 PM, Terri Kelley <net...@farm-market.net> wrote: > > So short version. Due to new land owners we had to chop down a tower, B. > Towers A and C were either side passing through B. All running OSPF. We now > pass through two new towers going from A to C and ospf flaps like crazy at > times. No difference in configs other than changing the neighbors. All are > configured that same way as the old path. So it should work. It doesn’t. > > Along with that, the filter rules are the same as always but for some reason > the counters are no longer incrementing on the input rules for A and C. The > only exception is accept related connections. The only difference I can tell > is there is no longer anything plugged into ether1 on A and C. Switching not > not being used, they just like most on my network are multi port routers. > > So I guess my two questions are, does port 1 have to be used for the input > rules to work? And if that is the case could that cause the flap on OSPF? > > Thanks, > > -- > Terri Kelley > Network Engineer > 254-697-6710 > Farm to Market Broadband > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20170107/da493501/attachment.html> > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -- Grand Avenue Broadband -- Wireless Internet Service Circle City to Wickenburg and surrounding areas http://grandavebb.com _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
