Hi ilovepancakes, thank you so much for this test! I thought I was going crazy! None undestood my issues, but now, I have the certainty that only "operation-mode" will work with the FW-rules above! BTW: I also noticed, that you are not able to make Sonos Updates from a controller in a diffrent Subn...

Hi, we talk at cross purposes :-) My players are all connected to the LAN by Ethernet. The players are in vlan30, the controller in vlan10 FW between vlan10 and vlan30 is setup as above! Everything works, once controller is registered. BUT: If you start a fresh installed controller software on a cl...

Hi, only one last question! If you reset the controller on your MAC (disconnect from SONOS-Net), and if you then try to register the controller again to your existing SONOS-System. Does this work with the setup above, if your MAC is in a different Subnet than the Players? If you can test this,, it ...

Hi all, thank you for your reply, but it doesn´t change anything if I remove the RP. What I noticed is, that the SONOS players use different UDP-Ports for communication if they try to connect to a controller. I saw a lot of upd -FW-drops in a range between 30000-60000. If I open this range, connect...

Hi, it´s me again. I see that two FW-rules are not working because package counter is 0. But I do not know why! add chain=forward comment="Forward Sonos multicast traffic" dst-address=239.255.255.250 place-before=$plcBefore add chain=forward comment="Forward Sonos UPnP device discovery events from ...

Hi, I have Sonos players in VLAN99, PIM is active and FW rules are also implemented. It works, but not very well. A new controller can only be added to the system, if i put it temporarily in VLN99 . Same with SW-Updates. I cannot start SW-Updates from the "Controller-VLAN10, only if the controller ...

So - I needed to do this and was able to get it to work. I made a little script. You can edit the first 4 lines and copy/paste the whole thing and the rest is taken care of. First: You need to download the additional packages for your version, then install the "multicast..." package and reboot. Thi...

I recently implemented the same for Sonos by using igmp-proxy not PIM. Just need to add the interfaces into igmp-proxy and set which one is upstream, then apply the firewall rules for allowing UPnP traffic. That's it. According to Mikrotik Wiki igmp proxy is slightly lightweight than PIM, that's wh...

1) Fasttrack doesn't work for everything. I don't use it, so I'm not very good with it, but I read somewhere that even fasttracked connections need to let some packets take the normal path. 2) Yes. And if source address is 192.168.0.0/24, so no spoofing from LAN will be possible. There's no referen...

- fasttrack established,related - accept established,related,untracked - drop invalid - accept from LAN interface and 192.168.0.0/24 to WAN interface and not to NotPublic - jump to vlan80>LAN (where you allow what should pass) - jump to vlan70>LAN (same as previous) - accept dstnatted if not from N...

Safer (and sometimes easier) way is to construct a list of explicitly allowed connections and drop the rest at the end. Your current one is the opposite: drop watever you thought it should be dropped and (implicitly) allow the rest. Any way you do it, there's an essential rule missing in your curre...

New to RouterOS and below is my forward chain. I am wondering if there is anyway to accomplish the below but simplify the rules into a lower amount. Mostly I am referring to the drop rules in the forward chain. Kind of like how the input chain just has a drop all at the end, is there a better practi...

I'm in the same boat and get the same error, did you manage to find a fix for this?

Cheers,
Tugsynz

No, unfortunately. I still don't believe there is a way to add or customize a user agent for requests, although I have not tried to do it again on the latest versions of Router OS.

Yup, masquarade for bridge to local subnet in src-chain did the trick. Thank you all.

Do you mind sharing your final full config for NAT rules? I am trying to get this working and am having similar issues as you originally described.

Using the following code to try and update my Google DDNS record with current IP, everything seems to work correctly with communicating with Google but Google returns a "badagent" error since the request needs to send a valid user agent to be accepted by Google. How can I set and/or customize a user...

Would like a way to be able to send user agent header with the fetch tool. For example, Google DDNS with Google Domains and other DDNS providers can accept IP updates through HTTPS get requests, but they need a valid user agent sent with the request. Right now, a script to do this returns a "badagen...