I have seen a continual stream of ICMP packets from my WAN router to the Mikrotik pppoe-client that are blocked.
Where 192.168.1.1 is the WAN router and 192.168.1.33 is the initlal router IP address.
Invalid Input input: in:ether1 out:(unknown 0), src-mac f4:69:42:0f:e8:10, proto ICMP (type 3, code 1), 192.168.1.1->192.168.1.33, len 92
I presume that the WAN router is doing a status check. Is it OK to leave this blocked or what sort of rule should I use to allow this specifically - there is a general ICMP input rule already but it doesn’t seem to allow this particular traffic.
IANA specs say that ICMP type 3 code 1 is “Host Unreachable” … if the direction is right (from WAN router towards your device, src-mac maps to vendor “Askey Computer Corp.”), then this means it’s your router asking something from WAN router and it’s that device blocking access.
Check if you’ve got detect internet enabled on physical WAN port and try to disable it. You can actually disable this option altogether, I’ve never seen any real benefit of having it enabled (but can cause weird problems now and then).
Thanks for the response (I struggle to find my own posts here!!)
The Mac f4:69:42:0f:e8:10 seems to be for the Movistar Fibre router which is connected to Mikrotik ethernet 1.
I presume it is the Movistar router questioning the Mikrotik? The Mikrotik gets it’s initial IP (192.168.1.33) from the Movistar router before it creates the PPPoE connection.