Hello All,
I can’t get my app on iOs to connect and am wondering what I might have done in my config to block access.
After 6 seconds Error is connection refused. Nothing is logged by my router, all drop rules are set to log. Which IP service does the app use? I’ve allowed access to several services from the IP address of my phone.
Matt
RouterOS 6.45.2 (Firmware updated to RouterOS 6.45.2 too)
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n basic-rates-a/g=48Mbps,54Mbps
basic-rates-b=“” country=australia disabled=no frequency=2462
frequency-mode=regulatory-domain installation=indoor mode=ap-bridge ssid=
Network supported-rates-a/g=48Mbps,54Mbps supported-rates-b=“”
wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n basic-rates-a/g=54Mbps
channel-width=20/40mhz-Ce country=australia disabled=no distance=indoors
frequency=5280 frequency-mode=regulatory-domain installation=indoor mode=
ap-bridge rate-set=configured ssid=Network supported-rates-a/g=
54Mbps wps-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=“” mode=
dynamic-keys supplicant-identity=MikroTik
add name=default_dhcp ranges=192.168.88.50-192.168.88.254
/ip dhcp-server
add address-pool=default_dhcp disabled=no interface=bridge name=dhcp1
/tool user-manager customer
set admin access=
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
/ip address
add address=192.168.88.1/24 interface=bridge network=192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ip firewall address-list
add list=..
add address=192.168.88.2-192.168.88.254 comment=
“Need to change if I set up more dhcp servers and or vlans?” list=
allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment=“6to4 relay Anycast [RFC 3068]” list=
not_in_internet
/ip firewall filter
add action=drop chain=input comment=“drop ssh brute forcers” disabled=yes
dst-port=**** protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist
address-list-timeout=1w3d chain=input connection-state=new disabled=yes
dst-port=**** protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3
address-list-timeout=1m chain=input connection-state=new disabled=yes
dst-port=**** protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2
address-list-timeout=1m chain=input connection-state=new disabled=yes
dst-port=**** protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1
address-list-timeout=1m chain=input connection-state=new disabled=yes
dst-port=**** protocol=tcp
add action=accept chain=input comment=“default configuration” connection-state=
established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=fasttrack-connection chain=forward comment=FastTrack
connection-state=established,related
add action=accept chain=forward comment=“Established, Related”
connection-state=established,related
add action=drop chain=forward comment=“Drop invalid” connection-state=invalid
log=yes log-prefix=invalid
add action=drop chain=forward comment=
“Drop incoming packets that are not NATted” connection-nat-state=!dstnat
connection-state=new in-interface=ether1 log=yes log-prefix=!NAT
add action=drop chain=forward comment=“Drop incoming from internet which is not
public IP. Edit when more dhcp servers or vlans setup?” in-interface=
ether1 log=yes log-prefix=!public src-address-list=not_in_internet
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add comment=“quad zero to modem” distance=1 gateway=*********
/ip service
set telnet disabled=yes
set ftp disabled=yes port=22
set www address=192.168.88./32
set ssh address=192.168.88./32,port=****
set www-ssl address=192.168.88./32
set api address=192.168.88./32
set winbox address=192.168.88.**/32 port=****
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote strong-crypto=yes
/system clock
set time-zone-name=Australia/Sydney
/system identity
set name=HapAC2
/tool user-manager database
set db-path=flash/user-manager