So - I needed to do this and was able to get it to work. I made a little script. You can edit the first 4 lines and copy/paste the whole thing and the rest is taken care of. First: You need to download the additional packages for your version, then install the "multicast..." package and reboot. Thi...

I recently implemented the same for Sonos by using igmp-proxy not PIM. Just need to add the interfaces into igmp-proxy and set which one is upstream, then apply the firewall rules for allowing UPnP traffic. That's it. According to Mikrotik Wiki igmp proxy is slightly lightweight than PIM, that's wh...

1) Fasttrack doesn't work for everything. I don't use it, so I'm not very good with it, but I read somewhere that even fasttracked connections need to let some packets take the normal path. 2) Yes. And if source address is 192.168.0.0/24, so no spoofing from LAN will be possible. There's no referen...

- fasttrack established,related - accept established,related,untracked - drop invalid - accept from LAN interface and 192.168.0.0/24 to WAN interface and not to NotPublic - jump to vlan80>LAN (where you allow what should pass) - jump to vlan70>LAN (same as previous) - accept dstnatted if not from N...

Safer (and sometimes easier) way is to construct a list of explicitly allowed connections and drop the rest at the end. Your current one is the opposite: drop watever you thought it should be dropped and (implicitly) allow the rest. Any way you do it, there's an essential rule missing in your curre...

New to RouterOS and below is my forward chain. I am wondering if there is anyway to accomplish the below but simplify the rules into a lower amount. Mostly I am referring to the drop rules in the forward chain. Kind of like how the input chain just has a drop all at the end, is there a better practi...

I'm in the same boat and get the same error, did you manage to find a fix for this?

Cheers,
Tugsynz

No, unfortunately. I still don't believe there is a way to add or customize a user agent for requests, although I have not tried to do it again on the latest versions of Router OS.

Yup, masquarade for bridge to local subnet in src-chain did the trick. Thank you all.

Do you mind sharing your final full config for NAT rules? I am trying to get this working and am having similar issues as you originally described.

Using the following code to try and update my Google DDNS record with current IP, everything seems to work correctly with communicating with Google but Google returns a "badagent" error since the request needs to send a valid user agent to be accepted by Google. How can I set and/or customize a user...

Would like a way to be able to send user agent header with the fetch tool. For example, Google DDNS with Google Domains and other DDNS providers can accept IP updates through HTTPS get requests, but they need a valid user agent sent with the request. Right now, a script to do this returns a "badagen...