I’m upgrading from a PC based 2.8.28 system to a routerboard 532 version 2.9.49 system.
Internet traffic from the private interface and the hotspot work fine, but the XP client PCs can’t see mapped drives on a windows 2003 server.
The hotspot interface is fed from wireless clients, the local PCs are on the private interface.
The PCs can ping the server at 172.20.0.100.
I think it must be a filter rule, and I’m assuming it’s in the forward rules since the router isn’t the intended target of the data (I rate my Mikrotik skill level at B-).
Can anyone see what might be causing the problem between these 2 rule sets?
2.8
ip firewall rule forward> print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; 1 - drop invalid connections
connection-state=invalid action=drop
1 ;;; 2 - Accept established connections
connection-state=established action=accept
2 ;;; 3 - Accept related connections
connection-state=related action=accept
3 src-address=172.20.0.241/32 dst-address=172.20.0.100/32 action=accept log=yes
4 ;;; 4 - virus test
action=jump jump-target=virus
5 ;;; 5 - limit access for unauthorized hotspot clients
action=jump jump-target=hotspot
6 ;;; 6 - account traffic for authorized hotspot clients
action=jump jump-target=hotspot
2.9 rules (can’t figure out how to get just forward rules…)
Most of these rule are from the wiki, manual or demo server.
\
jan/30/2008 22:13:51 by RouterOS 2.9.49
software id =
/ ip firewall filter
add chain=forward action=drop src-address=202.213.254.157 comment=“”
disabled=no
add chain=forward action=accept connection-state=established comment=“allow
established connections” disabled=no
add chain=forward action=accept connection-state=related comment=“allow
related connections” disabled=no
add chain=forward action=drop connection-state=invalid comment=“drop invalid
connections” disabled=no
add chain=forward action=jump jump-target=virus comment=“jump to the virus
chain” disabled=no
add chain=input action=jump jump-target=virus comment=“virus filter”
disabled=no
add chain=input action=drop dst-port=23 protocol=tcp comment=“drop ftp”
disabled=no
add chain=input action=accept src-address=192.168.100.0/24 comment=“From
private LAN” disabled=no
add chain=input action=accept src-address=192.168.0.0/24 comment=“From private
LAN” disabled=no
add chain=input action=add-src-to-address-list dst-port=4545 protocol=tcp
address-list=knock address-list-timeout=30s comment=“port knocking 1”
disabled=no
add chain=input action=add-src-to-address-list dst-port=4646 protocol=tcp
src-address-list=knock address-list=safe address-list-timeout=15m
comment=“port knocking 2” disabled=no
add chain=input action=accept src-address-list=safe comment=“” disabled=no
add chain=input action=accept protocol=gre comment=“pp2p tunnel” disabled=no
add chain=input action=accept connection-state=established comment=“Accept
established connections” disabled=no
add chain=input action=accept connection-state=related comment=“Accept related
connections” disabled=no
add chain=input action=drop connection-state=invalid comment=“Drop invalid
connections” disabled=no
add chain=input action=accept protocol=udp comment=“UDP” disabled=no
add chain=input action=accept protocol=icmp limit=50/5s,2 comment=“Allow
limited pings” disabled=no
add chain=input action=drop protocol=icmp comment=“Drop excess pings”
disabled=no
add chain=input action=drop dst-port=22 protocol=tcp comment=“SSH for secure
shell” disabled=no
add chain=input action=accept dst-port=8291 protocol=tcp comment=“winbox”
disabled=no
add chain=input action=drop connection-state=invalid comment=“drop invalid
packets” disabled=no
add chain=input action=drop protocol=tcp psd=21,3s,3,1 comment=“detect and
drop port scan connections” disabled=no
add chain=input action=tarpit protocol=tcp connection-limit=3,32
src-address-list=black_list comment=“suppress DoS attack” disabled=no
add chain=input action=add-src-to-address-list protocol=tcp
connection-limit=10,32 address-list=black_list address-list-timeout=1d
comment=“detect DoS attack” disabled=no
add chain=input action=jump jump-target=ICMP protocol=icmp comment=“jump to
chain ICMP” disabled=no
add chain=input action=jump jump-target=services comment=“jump to chain
services” disabled=no
add chain=input action=accept dst-address-type=broadcast comment=“Allow
Broadcast Traffic” disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=0:0-255 limit=5,5
comment=“0:0 and limit for 5pac/s” disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=3:3 limit=5,5
comment=“3:3 and limit for 5pac/s” disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=3:4 limit=5,5
comment=“3:4 and limit for 5pac/s” disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=8:0-255 limit=5,5
comment=“8:0 and limit for 5pac/s” disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=11:0-255 limit=5,5
comment=“11:0 and limit for 5pac/s” disabled=no
add chain=virus action=drop dst-port=135-139 protocol=tcp comment=“Drop
Blaster Worm” disabled=no
add chain=virus action=drop dst-port=135-139 protocol=udp comment=“Drop
Messenger Worm” disabled=no
add chain=virus action=drop dst-port=445 protocol=tcp comment=“Drop Blaster
Worm” disabled=no
add chain=virus action=drop dst-port=445 protocol=udp comment=“Drop Blaster
Worm” disabled=no
add chain=virus action=drop dst-port=593 protocol=tcp comment=“"
disabled=no
add chain=virus action=drop dst-port=1024-1030 protocol=tcp comment="”
disabled=no
add chain=virus action=drop dst-port=1080 protocol=tcp comment=“Drop MyDoom”
disabled=no
add chain=virus action=drop dst-port=1214 protocol=tcp comment=“________”
disabled=no
add chain=virus action=drop dst-port=1363 protocol=tcp comment=“ndm requester”
disabled=no
add chain=virus action=drop dst-port=1364 protocol=tcp comment=“ndm server”
disabled=no
add chain=virus action=drop dst-port=1368 protocol=tcp comment=“screen cast”
disabled=no
add chain=virus action=drop dst-port=1373 protocol=tcp comment=“hromgrafx”
disabled=no
add chain=virus action=drop dst-port=1377 protocol=tcp comment=“cichlid”
disabled=no
add chain=virus action=drop dst-port=1433-1434 protocol=tcp comment=“Worm”
disabled=no
add chain=virus action=drop dst-port=2745 protocol=tcp comment=“Bagle Virus”
disabled=no
add chain=virus action=drop dst-port=2283 protocol=tcp comment=“Drop Dumaru.Y”
disabled=no
add chain=virus action=drop dst-port=2535 protocol=tcp comment=“Drop Beagle”
disabled=no
add chain=virus action=drop dst-port=2745 protocol=tcp comment=“Drop
Beagle.C-K” disabled=no
add chain=virus action=drop dst-port=3127-3128 protocol=tcp comment=“Drop
MyDoom” disabled=no
add chain=virus action=drop dst-port=3410 protocol=tcp comment=“Drop Backdoor
OptixPro” disabled=no
add chain=virus action=drop dst-port=4444 protocol=tcp comment=“Worm”
disabled=no
add chain=virus action=drop dst-port=4444 protocol=udp comment=“Worm”
disabled=no
add chain=virus action=drop dst-port=5554 protocol=tcp comment=“Drop Sasser”
disabled=no
add chain=virus action=drop dst-port=8866 protocol=tcp comment=“Drop Beagle.B”
disabled=no
add chain=virus action=drop dst-port=9898 protocol=tcp comment=“Drop
Dabber.A-B” disabled=no
add chain=virus action=drop dst-port=10000 protocol=tcp comment=“Drop
Dumaru.Y” disabled=no
add chain=virus action=drop dst-port=10080 protocol=tcp comment=“Drop
MyDoom.B” disabled=no
add chain=virus action=drop dst-port=12345 protocol=tcp comment=“Drop NetBus”
disabled=no
add chain=virus action=drop dst-port=17300 protocol=tcp comment=“Drop Kuang2”
disabled=no
add chain=virus action=drop dst-port=27374 protocol=tcp comment=“Drop
SubSeven” disabled=no
add chain=virus action=drop dst-port=65506 protocol=tcp comment=“Drop PhatBot,
Agobot, Gaobot” disabled=no
add chain=forward action=accept protocol=icmp comment=“allow ping” disabled=no
add chain=forward action=accept protocol=udp comment=“allow udp” disabled=no
add chain=forward action=drop comment=“drop everything else” disabled=yes
thanks