firewall question?

sankofa411 · March 30, 2005, 4:41pm

Hi,

b4 I applied and filter rules I was able to use winbox as well as telnet from my local network into my router. After I applied this filter rules I am not able to use winbox nor telnet from my local network pc into my router. I have also setup maq. This is what I applied

/ip firewall rule input
add connection-state=invalid action=drop
comment=“Drop invalid connection packets”
add connection-state=established
comment=“Allow established connections”
add connection-state=related
comment=“Allow related connections”
add protocol=udp comment=“Allow UDP connections”
add protocol=icmp comment=“Allow ICMP messages”
add src-addr=68.57../22
comment=“Allow access from ‘trusted’ network 68.57../22”
add action=drop log=yes
comment=“Reject and log everything else”

The 68.57../22 is the providers network. My local interface Ip is
192.168.111.*/24

Do I have to use my local network Ip instaed of my isp network?

Any help will be appreciated

ThX

pedja · March 31, 2005, 12:21am

Have you tried to insert …

add src-addr=192.168.111.*/24 \
comment="Allow access from 'trusted' network 192.168.111.*/24"

…before the last drop all rule?

sankofa411 · March 31, 2005, 3:26am

Yes I tried inserting the local ip but I was unable to telnet or winbox. I even changed the last rule to the one you suggested and still did not work. I don’t know what to do next. Thank you for the advice pedja

Peace · March 31, 2005, 2:40pm

try to put a range of you IP’s

sankofa411 · March 31, 2005, 5:16pm

Thank you guys. I reset all my router config and started from scratch. yes you were right pedja I replaced the 68.57.. with the 192.168.. and that fixed the problem.

ThX