hello
i have a problem but i dont know the problem in my mikrotik router or my provider upstream
this is my mikrotik router firewall configuration
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; drop invalid connections
chain=forward protocol=tcp connection-state=invalid action=drop
1 ;;; allow already established connections
chain=forward connection-state=established action=accept
2 ;;; allow related connections
chain=forward connection-state=related action=accept
3 chain=forward src-address=0.0.0.0/8 action=drop
4 chain=forward dst-address=0.0.0.0/8 action=drop
5 chain=forward src-address=127.0.0.0/8 action=drop
6 chain=forward dst-address=127.0.0.0/8 action=drop
7 chain=forward src-address=224.0.0.0/3 action=drop
8 chain=forward dst-address=224.0.0.0/3 action=drop
9 chain=forward protocol=tcp action=jump jump-target=tcp
10 chain=forward protocol=udp action=jump jump-target=udp
11 chain=forward protocol=icmp action=jump jump-target=icmp
12 ;;; deny TFTP
chain=tcp protocol=tcp dst-port=69 action=drop
13 ;;; deny RPC portmapper
chain=tcp protocol=tcp dst-port=111 action=drop
14 ;;; deny RPC portmapper
chain=tcp protocol=tcp dst-port=135 action=drop
15 ;;; deny NBT
chain=tcp protocol=tcp dst-port=137-139 action=drop
16 ;;; deny cifs
chain=tcp protocol=tcp dst-port=445 action=drop
17 ;;; deny NFS
chain=tcp protocol=tcp dst-port=2049 action=drop
18 ;;; deny NetBus
chain=tcp protocol=tcp dst-port=12345-12346 action=drop
19 ;;; deny NetBus
chain=tcp protocol=tcp dst-port=20034 action=drop
20 ;;; deny BackOriffice
chain=tcp protocol=tcp dst-port=3133 action=drop
21 ;;; deny DHCP
chain=tcp protocol=tcp dst-port=67-68 action=drop
22 ;;; deny TFTP
chain=udp protocol=udp dst-port=69 action=drop
23 ;;; deny PRC portmapper
chain=udp protocol=udp dst-port=111 action=drop
24 ;;; deny PRC portmapper
chain=udp protocol=udp dst-port=135 action=drop
25 ;;; deny NBT
chain=udp protocol=udp dst-port=137-139 action=drop
26 ;;; deny NFS
chain=udp protocol=udp dst-port=2049 action=drop
27 ;;; deny BackOriffice
chain=udp protocol=udp dst-port=3133 action=drop
28 ;;; drop invalid connections
chain=icmp protocol=icmp icmp-options=0:0 action=accept
29 ;;; allow established connections
chain=icmp protocol=icmp icmp-options=3:0 action=accept
30 ;;; allow already established connections
chain=icmp protocol=icmp icmp-options=3:1 action=accept
31 ;;; allow source quench
chain=icmp protocol=icmp icmp-options=4:0 action=accept
32 ;;; allow echo request
chain=icmp protocol=icmp icmp-options=8:0 action=accept
33 ;;; allow time exceed
chain=icmp protocol=icmp icmp-options=11:0 action=accept
34 ;;; allow parameter bad
chain=icmp protocol=icmp icmp-options=12:0 action=accept
35 ;;; deny all other types
chain=icmp action=drop
i use static router, ether 1: ip from my upstream provider ether 2: my public ip that have advertise,x.x.x.1/29
our client get ip public from my public ip x.x.x.x/29
the problem is my clien have branch office in other place use another isp cannot access the server, that branch office cannot ping to my ip (server/x.x.x.18/29)
he want test the voip, i have do like this
from http://www.dnsstuff.com (x.x.x.18/29) —> can ping get reply
from http://lg.mohonmaaf.com/index.cgi (x.x.x.18/29) —> local internet exchange (indonesia) ----> Request Time Out
i am confuse the problem on our router or the problem on our provider upstream, beside that i am test my router disable all firewall,…it’s same can’t ping…
anyone can give an advice
i am very thank you for the advice