Community discussions

Search found 9 matches

by peterpan15
Mon Oct 14, 2019 8:20 pm
Forum: Beginner Basics
Topic: Static DNS server replies not handled as "related" by firewall
Replies: 12
Views: 917

Re: Static DNS server replies not handled as "related" by firewall

OK guys, I found out that these strange/bogus "DNS replies" to port 5678 (neighbor discovery) stopped as soon as I turned off "internet detection". I assume it probed Google 8.8.8.8 and/or DHCP-acquired DNS servers.
Thanks
by peterpan15
Mon Sep 30, 2019 8:13 pm
Forum: Beginner Basics
Topic: Static DNS server replies not handled as "related" by firewall
Replies: 12
Views: 917

Re: Static DNS server replies not handled as "related" by firewall

May sound stupid but recreate your established and related rule as a totally new rule, drag it to the top and then see if it works. Had this very recently and the only reason I could think was #mikrotik. alas, it didn't work - anyway, thanks for a promising hint. I thought this might be timed-out a...
by peterpan15
Mon Sep 30, 2019 8:03 pm
Forum: Beginner Basics
Topic: Static DNS server replies not handled as "related" by firewall
Replies: 12
Views: 917

Re: Static DNS server replies not handled as "related" by firewall

May sound stupid but recreate your established and related rule as a totally new rule, drag it to the top and then see if it works. Had this very recently and the only reason I could think was #mikrotik. alas, it didn't work - anyway, thanks for a promising hint. I thought this might be timed-out a...
by peterpan15
Mon Sep 30, 2019 7:54 pm
Forum: Beginner Basics
Topic: Static DNS server replies not handled as "related" by firewall
Replies: 12
Views: 917

Re: Static DNS server replies not handled as "related" by firewall

They are marked as "established" in the connection tracking table....right?
I think only TCP connections can be "established".
"Related" is a virtual state used for tracking UDP (stateless) connections.
by peterpan15
Mon Sep 30, 2019 5:24 pm
Forum: Beginner Basics
Topic: Static DNS server replies not handled as "related" by firewall
Replies: 12
Views: 917

Static DNS server replies not handled as "related" by firewall

Hi everyone, can anyone give me a hint as to why replies from static DNS servers (ISP or Google 8.8.8.8) are not handled as "related" by rule 1 but instead I have to make a special rule (5) for them? (The RB serves as DNS server for the local LAN.) 0 chain=forward action=passthrough 1 chain=input ac...
by peterpan15
Mon Sep 09, 2019 9:48 pm
Forum: Beginner Basics
Topic: Traffic flowing only through wlan2, not wlan1
Replies: 0
Views: 251

Traffic flowing only through wlan2, not wlan1

2GHz wlan1 in ap bridge mode 5GHz wlan2 in ap bridge mode both wlan1 and wlan2 (including ether2-5) are bridged Clients can successfully connect to both wlans but traffic is only seen on wlan1 Any thoughts why? /interface bridge add admin-mac=74:4D:28:72:9F:C2 auto-mac=no comment=defconf name=bridge...
by peterpan15
Sat Sep 07, 2019 4:27 pm
Forum: Beginner Basics
Topic: Winbox connecting very slow via VPN
Replies: 1
Views: 354

Winbox connecting very slow via VPN

Hello everyone,
when connecting to the router via VPN (PPTP) with Winbox, there is a long delay (above 20 seconds). Without VPN it only takes some 3 seconds.
Can anyone give me a hint?
Thanks!
by peterpan15
Wed Sep 04, 2019 11:09 am
Forum: Beginner Basics
Topic: Private IP on WAN interface - how to NAT incoming traffic?
Replies: 2
Views: 320

Re: Private IP on WAN interface - how to NAT incoming traffic?

Oh, thanks a lot - will give it a try. I probably messed it up with my dstnat experiments :-)
by peterpan15
Wed Sep 04, 2019 10:06 am
Forum: Beginner Basics
Topic: Private IP on WAN interface - how to NAT incoming traffic?
Replies: 2
Views: 320

Private IP on WAN interface - how to NAT incoming traffic?

My hAP ac lite has a static <private IP> address on the WAN interface behind which all outgoing traffic is masqueraded. In order to be reachable via Internet, my ISP has reserved a <public IP address> from which he forwards all incoming traffic back to the mentioned <private IP>. I'm new to Mikrotik...