I have for a long time had a very simple setup for home internet access via ADSL as follows:
ADSL line---[TP-link TD8817]---[GigE switch]---Laptop
|--PC
|--NAS
|--[Dlink wifi AP]--phones/tablets/etc.
The TD8817 was doing the PPPoE connection, as well as DHCP server, DNS forwarding server and NAT. Everything connected to the GigE switch (including in effect everything connected to the WiFi AP) was able to fully access the internet, and in particular Skype worked fine.
I recently bought a RouterBoard 2011UiAS-2HnD to consolidate switch/router/wifi and in order to enable me (in future, once I have this complex thing figured out!) to do some more interesting traffic prioritisation and more control over firewall, VPN etc. Also, I discovered my TD8817 had been hacked with a DNS injection malware of some kind (I cannot remember the details now anymore, was a few months ago, upshot was that it caused popup adverts to appear on all my tablets and smartphones), and my particular hw version number doesn’t have an updated firmware with a fix for that vulnerability (later hw revisions do have a fix), so I wanted to just use it as a dumb PPPoE bridge instead of a full router.
So, my new physical setup became this:
ADSL line---[TP-link TD8817]---[RB2011UiAS-2HnD-IN]---Laptop
|--PC
|--NAS
|--(via wifi)--phones/tablets/etc.
So the GigE switch and Dlink WiFi AP are no longer in the picture, and the TD8817 is configured to be only a dumb PPPoE bridge, and all NAT/DHCP/PPPoE_client/DNS etc. is disabled on it.
I used the webfig interface “Quick Set” to configure “Home AP”, and entered my PPPoE auth details, my DHCP server range, enabled NAT (and later uPnP for good measure, which didn’t help) and entered my desired wifi SSID and password etc. I am using RouterOS v6.32.3 and firmware 3.24.
Everything at first appeared to work fine, my laptop and PC and smartphones all had internet access, and I didn’t need to change any config on any of them (having used the same DHCP pool and WiFi SSID+password as before). However, I then subsequently noticed an oddity: my laptop could only use Skype while on WiFi, but not when using ethernet… The laptop appears to have full internet access (other than skype) on both WiFi and ethernet though. I need to use ethernet for high speed (GigE) access to my NAS for backups… (Note: I don’t use both simultaneously of course, when I have ethernet connected, I disable WiFi on the laptop, and only enable WiFi while the ethernet is disconnected). I have tried quitting and restarting Skype (for good measure, was never previously necessary) when switching from WiFi to ethernet (in case the problem was with something like connection tracking on the RB2011 firewall), but this didn’t help. The Skype client does appear to login successfully (it makes the login sound…), but no messages get through, no calls can be made, others cannot see me online etc.
I have not changed any other bridge/router/firewall etc. settings on the RB2011 for now, just left it to the defaults created by “Quick Set” for “Home AP”.
Any thoughts? The question is basically: why does Skype only work via WiFi via the RB2011, and not when going via ethernet? (keeping in mind it all used to work perfectly well without the RB2011, when using the (bottom of the barrel cheap) TPlink as the router). I’m going to dump some settings below (eliding some potentially sensitive details, like serial numbers and MAC addresses), please let me know what other info I can provide (I’ve literally used this RouterBoard for a single day now, so I’m a total noob with it). Apologies if this has been asked and answered before, I tried searching a bit, and did find other posts related to Skype and MikroTik, but not something that sounded similar to this (more like the opposite, posts asking how to block Skype, or how to increase Skype traffic priority etc.).
[admin@MikroTik] > system routerboard print
routerboard: yes
model: 2011UiAS-2HnD
serial-number: <elided>
current-firmware: 3.24
upgrade-firmware: 3.24
[admin@MikroTik] > ip export
# nov/04/2015 14:47:18 by RouterOS 6.32.3
# software id = 3RU6-M28Z
#
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.200
/ip address
add address=192.168.0.2/24 comment="default configuration" interface=ether2-master-local network=192.168.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=23h59m59s name=default
/ip dhcp-server lease
add address=192.168.0.100 comment=blackbox mac-address=<elided>
add address=192.168.0.171 client-id=<elided> mac-address=<elided> server=default
add address=192.168.0.110 comment=oldblackbox mac-address=<elided>
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" gateway=192.168.0.2 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.2 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
add chain=input protocol=icmp
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe-out1
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=pppoe-out1 type=external
[admin@MikroTik] > interface wireless print
Flags: X - disabled, R - running
0 R name="wlan1" mtu=1500 mac-address=<elided> arp=enabled interface-type=Atheros AR9300 mode=ap-bridge ssid="<elided>" frequency=auto band=2ghz-b/g/n
channel-width=20/40mhz-Ce scan-list=default wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no
bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default
compression=no
[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="bridge-local" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled mac-address=<elided> protocol-mode=rstp priority=0x8000 auto-mac=no
admin-mac=<elided> max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] > system package print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-mipsbe 6.32.3
1 system 6.32.3
2 X wireless-cm2 6.32.3
3 X ipv6 6.32.3
4 wireless-fp 6.32.3
5 hotspot 6.32.3
6 dhcp 6.32.3
7 mpls 6.32.3
8 routing 6.32.3
9 ppp 6.32.3
10 security 6.32.3
11 advanced-tools 6.32.3
