I have been experiencing an ambiguous problem with my rb150(3.10) during the last 3 months where support was not having the slightest idea about the root of this problem.
I use my rb150 to connect to the internet via pppoe protocol and often I was not able to surf the net and even connect to it via telnet/winbox (while ping,dhcp worked ok) which pushed me to restart it very often without knowing where the problem lays. As I wasn’t able to connect to it and surf the net I was assuming that the rb150 is not working somehow.
Just look at my input chain firewall:
[admin@MikroTik] > ip firewall filter print chain=input
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop invalid connections
chain=input action=drop connection-state=invalid
1 ;;; Allow established connections
chain=input action=accept connection-state=established
2 ;;; Allow related connections
chain=input action=accept connection-state=related
3 ;;; Allow UDP
chain=input action=accept protocol=udp
4 ;;; Allow ICMP
chain=input action=accept protocol=icmp
5 ;;; Allow connection to router from local network
chain=input action=accept in-interface=!pppoe-cable
6 ;;; Drop everything else
chain=input action=drop
Pay attention to the colored lines. Whenever the pppoe connection was not getting established this rule was getting Invalid (because this interface did not exist) and the next line matched was to drop everything which left me homeless. This experience fostered me to write on the forum and recommend two features for the next release.
- Please do something for the ‘!’ function it is often useless when used together with network interfaces.
There is a network concept which says ‘be liberal on what you receive and conservative on what you send’.
- Add a configurable parameter on ppp which would be the retry period between unsuccessful connection attempts to the ppp server. It is just spamming the other end and which should have the right to assume that I`m a buggy implementation or someone trying to do some sort of a password hack :S.