I have an 3011RB router with 2 WANs that have instaleld v 6.38.1
I configured more than 3 months ago and everything was ok until 2 days ago when I restarted the router.
Now on interface 1 i have a strange issue: The interface don't allow connection from internet.
I tried to debug and until now i don't figure out what can have.
- Router get IP on ether1.
- From Tools-> Ping i can ping through interface 1 with success
- From outside the router don't resound to ping and dont accept any new connection . (I cannot connect to windbox and other ports foarwarded - connection timeout issue )
- I tried to debug PING. I observe that i receive package but the router don't transmit (TX = 0)
- I disable all firewalls rules that drop the backage and the router dont resound at ping. (ICMP rule is active)
The firewall config is :
Code: Select all
0 XI chain=input action=accept in-interface=ether1-gemenii log=yes log-prefix=>
1 ;;; accept ICMP
chain=input action=accept protocol=icmp in-interface-list=WANs log=no
log-prefix=""
2 ;;; accept establieshed,related
chain=input action=accept connection-state=established,related log=no
log-prefix=""
3 ;;; Allow WinBox from outside - Gemenii
chain=input action=accept protocol=tcp in-interface=ether1-gemenii
dst-port=8291 log=no log-prefix=""
4 ;;; Allow WinBox from outside -telekom
chain=input action=accept protocol=tcp in-interface=ether2-telekom
dst-port=8291 log=no log-prefix=""
5 XI ;;; Allow HTTP from outside
chain=input action=accept protocol=tcp in-interface=ether1-gemenii
dst-port=80 log=no log-prefix=""
6 ;;; accept established,related
chain=forward action=accept connection-state=established,related log=no
log-prefix="filter_Rules"
7 XI ;;; fasttrack
chain=forward action=fasttrack-connection
connection-state=established,related log=no log-prefix=""
8 ;;; drop ssh brute forcers
chain=input action=drop protocol=tcp src-address-list=ssh_blacklist
dst-port=22 log=no log-prefix=""
9 chain=input action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist
address-list-timeout=1w3d dst-port=22 log=no log-prefix=""
10 chain=input action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3
address-list-timeout=1m dst-port=22 log=no log-prefix=""
protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3
address-list-timeout=1m dst-port=22 log=no log-prefix=""
11 chain=input action=add-src-to-address-list connection-state=new
protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2
address-list-timeout=1m dst-port=22 log=no log-prefix=""
12 chain=input action=add-src-to-address-list connection-state=new
protocol=tcp address-list=ssh_stage1 address-list-timeout=1m dst-port=22
log=no log-prefix=""
13 XI ;;; LOG Write
chain=output action=accept protocol=icmp out-interface=ether1-gemenii
log=yes log-prefix="icmp_output"
14 ;;; drop all from WAN
chain=input action=drop in-interface=ether1-gemenii log=no log-prefix=""
15 ;;; drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
16 ;;; drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
