I set up a new AP using the RB750 as the router/bridge.
Port 1 = Bridge (backbone)
Port 2 = Ubiquity Nano M5
Port 5 = Local User Nat
Ports 1 and 2 are bridged
Routeros version 3.29
Everything was fine and the customer was working without any issues. I needed to add bandwidth shaping to limit the local user. I added the required rules and it wasn't working correctly. So I searched the forum and added in the bridge setting to use-ip-firewall=yes. Since it was late I decided to work on it the following morning. I received a call that morning from the client that they could not surf the internet so I ssh'd into the remote Nanostation M5 and I could ping using ip addresses but I could not by name. I finally back traced all of the changes and once I disabled in the bridge interface use-ip-firewall=no, the client could ping using names. DNS would resolve. Here are my standard rules which I use for every MT router. Is there something I am missing?
Code: Select all
/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid disabled=no
add action=accept chain=input comment="Allow Established connections" \
connection-state=established disabled=no
add action=accept chain=input comment="Allow UDP" disabled=no protocol=udp
add action=accept chain=input comment="Allow ICMP" disabled=no protocol=icmp
add action=accept chain=input comment=\
"Allow access to router from internal network only" disabled=no src-address=\
xxx.xxx.0.0/18
add action=drop chain=input comment="Drop anything else" disabled=no
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid disabled=no protocol=tcp
add action=accept chain=forward comment=\
"allow already established connections" connection-state=established \
disabled=no
add action=accept chain=forward comment="allow related connections" \
connection-state=related disabled=no
Thanks in advance for any assistance.
-Brian