Hi,
Have a RB951G-2HnD, running 6.43.4 (stable).
Router was hacked, so I did a Reset Configuration and reprogrammed it.
Since then, I had one of my remote offices could no longer connect VoIP to main office. I could see a SIP-UDP connection on port 5060, but the PBX never would show the remote office hitting it. I did a Reset Configuration on the remote office also and still no go.
In an attempt to get things working while everyone was gone for the holiday, I was working on the router thru Winbox and was clearing a duplicate bridge configuration when I lost connection. Could no longer connect thru Winbox, lost my VoIP connection, and my RDP connection to my Windows Server. Luckily I was able to connect back thru a remote session to another workstation (a Teamviewer like connection).
From home I can no longer ping the router. When I try to connect via Winbox, I can see the TCP State change to "syn received", but no connection.
Config is below. I'm hoping someone can help me before I have to make a two hour drive there to just put in a new unit.
Thanks,
Westley
nov/22/2018 19:21:05 by RouterOS 6.43.4
software id = EPDI-R7DI
model = 951G-2HnD
serial number = 469A02224783
/interface bridge
add admin-mac=D4:CA:6D:0D:A2:CF auto-mac=no fast-forward=no mtu=1500 name=
bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
country="united states" disabled=no distance=indoors frequency=auto mode=
ap-bridge ssid=Mand190 wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] name=ether3-slave-local
set [ find default-name=ether4 ] name=ether4-slave-local
set [ find default-name=ether5 ] name=ether5-slave-local
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik
unicast-ciphers=tkip,aes-ccm
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no name=defconf
add address-pool=dhcp authoritative=after-2sec-delay interface=bridge-local
lease-time=3d name=default
/system logging action
set 0 memory-lines=300
/interface bridge port
add bridge=bridge-local comment=defconf interface=ether2-master-local
add bridge=bridge-local comment=defconf interface=ether3-slave-local
add bridge=bridge-local comment=defconf interface=ether4-slave-local
add bridge=bridge-local comment=defconf interface=ether5-slave-local
add bridge=bridge-local comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add comment=defconf interface=bridge-local list=LAN
add comment=defconf interface=ether1-gateway list=WAN
add interface=ether1-gateway list=discover
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=bridge-local list=discover
add interface=ether2-master-local list=mactel
add interface=ether3-slave-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=ether5-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
/ip address
add address=192.168.4.2/24 comment=defconf interface=ether2-master-local
network=192.168.4.0
add address=A.B.C.D/30 interface=ether1-gateway network=A.B.C.D
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1-gateway
add comment="default configuration" dhcp-options=hostname,clientid interface=
ether1-gateway
/ip dhcp-server network
add address=192.168.4.0/24 comment=defconf gateway=192.168.4.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.4.2 name=router.lan
add address=192.168.4.2 name=router
/ip firewall address-list
add address=70.60.0.0/14 list=blocklist
add address=218.0.0.0/8 list=blocklist
add address=27.0.0.0/8 list=blocklist
add address=120.0.0.0/8 list=blocklist
add address=162.0.0.0/8 disabled=yes list=blocklist
add address=101.0.0.0/8 list=blocklist
add address=31.0.0.0/8 list=blocklist
add address=104.238.169.0/24 list=blocklist
add address=208.0.0.0/8 disabled=yes list=blocklist
add address=2.0.0.0/8 list=blocklist
add address=66.222.128.0/17 list=blocklist
add address=69.163.32.0/20 list=blocklist
add address=185.0.0.0/8 list=blocklist
add address=210.0.0.0/8 list=blocklist
add address=192.40.95.0/24 list=blocklist
add address=192.95.0.0/18 list=blocklist
add address=1.0.0.0/8 list=blocklist
add address=14.0.0.0/8 list=blocklist
add address=80.0.0.0/4 list=blocklist
add address=112.0.0.0/5 list=blocklist
add address=122.0.0.0/8 list=blocklist
add address=124.0.0.0/7 list=blocklist
add address=126.0.0.0/7 list=blocklist
add address=186.0.0.0/7 list=blocklist
add address=189.0.0.0/8 list=blocklist
add address=222.0.0.0/7 list=blocklist
add address=103.0.0.0/8 list=blocklist
add address=213.0.0.0/8 list=blocklist
add address=91.0.0.0/8 list=blocklist
add address=221.0.0.0/8 list=blocklist
add address=121.0.0.0/8 list=blocklist
add address=190.0.0.0/8 list=blocklist
add address=49.0.0.0/8 list=blocklist
add address=66.23.129.253 list=VoIP
add address=66.23.138.162 list=VoIP
add address=66.23.190.100 list=VoIP
add address=66.23.190.200 list=VoIP
add address=209.193.79.80 list=VoIP
add address=97.80.38.130 list=VoIP
add address=97.80.37.26 list=VoIP
add address=68.15.166.228 list=VoIP
add address=102.0.0.0/8 list=blocklist
add address=105.0.0.0/8 list=blocklist
add address=106.0.0.0/8 list=blocklist
add address=109.0.0.0/8 list=blocklist
add address=110.0.0.0/8 list=blocklist
add address=111.0.0.0/8 list=blocklist
add address=112.0.0.0/8 list=blocklist
add address=113.0.0.0/8 list=blocklist
add address=114.0.0.0/8 list=blocklist
add address=115.0.0.0/8 list=blocklist
add address=116.0.0.0/8 list=blocklist
add address=117.0.0.0/8 list=blocklist
add address=118.0.0.0/8 list=blocklist
add address=119.0.0.0/8 list=blocklist
add address=123.0.0.0/8 list=blocklist
add address=124.0.0.0/8 list=blocklist
add address=125.0.0.0/8 list=blocklist
add address=126.0.0.0/8 list=blocklist
add address=133.0.0.0/8 list=blocklist
add address=141.0.0.0/8 list=blocklist
add address=145.0.0.0/8 list=blocklist
add address=150.0.0.0/8 list=blocklist
add address=151.0.0.0/8 list=blocklist
add address=153.0.0.0/8 list=blocklist
add address=154.0.0.0/8 list=blocklist
add address=163.0.0.0/8 list=blocklist
add address=171.0.0.0/8 list=blocklist
add address=175.0.0.0/8 list=blocklist
add address=176.0.0.0/8 list=blocklist
add address=177.0.0.0/8 list=blocklist
add address=178.0.0.0/8 comment="Teamviewer Master Servers" disabled=yes
list=blocklist
add address=179.0.0.0/8 list=blocklist
add address=180.0.0.0/8 list=blocklist
add address=181.0.0.0/8 list=blocklist
add address=182.0.0.0/8 list=blocklist
add address=183.0.0.0/8 list=blocklist
add address=186.0.0.0/8 list=blocklist
add address=187.0.0.0/8 list=blocklist
add address=188.0.0.0/8 list=blocklist
add address=191.0.0.0/8 list=blocklist
add address=193.0.0.0/8 list=blocklist
add address=194.0.0.0/8 list=blocklist
add address=195.0.0.0/8 list=blocklist
add address=196.0.0.0/8 list=blocklist
add address=197.0.0.0/8 list=blocklist
add address=200.0.0.0/8 list=blocklist
add address=201.0.0.0/8 list=blocklist
add address=202.0.0.0/8 list=blocklist
add address=203.0.0.0/8 list=blocklist
add address=211.0.0.0/8 list=blocklist
add address=212.0.0.0/8 list=blocklist
add address=217.0.0.0/8 list=blocklist
add address=219.0.0.0/8 list=blocklist
add address=220.0.0.0/8 list=blocklist
add address=222.0.0.0/8 list=blocklist
add address=223.0.0.0/8 list=blocklist
add address=5.0.0.0/8 list=blocklist
add address=25.0.0.0/8 list=blocklist
add address=36.0.0.0/8 list=blocklist
add address=37.0.0.0/8 list=blocklist
add address=39.0.0.0/8 list=blocklist
add address=41.0.0.0/8 list=blocklist
add address=42.0.0.0/8 list=blocklist
add address=43.0.0.0/8 list=blocklist
add address=44.0.0.0/8 list=blocklist
add address=46.0.0.0/8 disabled=yes list=blocklist
add address=51.0.0.0/8 list=blocklist
add address=57.0.0.0/8 list=blocklist
add address=58.0.0.0/8 list=blocklist
add address=59.0.0.0/8 list=blocklist
add address=60.0.0.0/8 list=blocklist
add address=61.0.0.0/8 list=blocklist
add address=62.0.0.0/8 list=blocklist
add address=77.0.0.0/8 list=blocklist
add address=78.0.0.0/8 list=blocklist
add address=79.0.0.0/8 list=blocklist
add address=80.0.0.0/8 list=blocklist
add address=81.0.0.0/8 list=blocklist
add address=82.0.0.0/8 list=blocklist
add address=83.0.0.0/8 list=blocklist
add address=84.0.0.0/8 list=blocklist
add address=85.0.0.0/8 list=blocklist
add address=86.0.0.0/8 list=blocklist
add address=87.0.0.0/8 list=blocklist
add address=88.0.0.0/8 list=blocklist
add address=89.0.0.0/8 list=blocklist
add address=90.0.0.0/8 list=blocklist
add address=92.0.0.0/8 list=blocklist
add address=93.0.0.0/8 list=blocklist
add address=94.0.0.0/8 list=blocklist
add address=95.0.0.0/8 list=blocklist
add address=173.242.121.52 list=blocklist
add address=208.67.222.222 list=whitelist
add address=208.67.220.220 list=whitelist
add address=178.77.120.0/24 list=whitelist
add address=162.213.255.65 comment=SilhouetteLab.com list=whitelist
add address=97.80.37.26 comment=Hwy21 list=RDP
add address=97.80.38.130 comment=Cov190 list=RDP
add address=68.15.166.228 comment=Metairie list=RDP
add address=71.88.235.242 comment=BDR list=RDP
add address=97.82.226.199 comment=Rod list=RDP
add address=50.196.80.249 list=blocklist
add address=149.135.34.12 list=blocklist
add address=212.8.237.26 list=blocklist
add address=177.239.251.150 list=blocklist
add address=71.81.60.250 comment=Rod-Home list=RDP
add address=52.38.150.1 comment=Amazon list=RDP
add address=97.80.44.25 comment="Dr. Mitchell" list=RDP
add address=209.62.195.175 comment=Angelette-Picciola list=RDP
add address=216.201.171.0/24 list=blocklist
add address=185.176.40.75 list=whitelist
add address=77.238.26.217 comment=peazip.org list=whitelist
add address=202.221.179.17 list=whitelist
add address=195.211.102.118 list=whitelist
add address=52.38.150.1 comment="Allow access to PBX" list=PBX
add address=71.88.235.242 comment="Allow access to PBX" list=PBX
add address=71.88.235.242 list=VoIP
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment=blocklist src-address-list=blocklist
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment="defconf: accept established"
connection-state=established
add action=accept chain=input comment="accept related"
add action=accept chain=forward comment="defconf: accept established"
connection-state=established
add action=accept chain=forward comment="Accept related" connection-state=
related
add action=accept chain=forward protocol=udp src-address-list=VoIP src-port=
5060
add action=accept chain=forward dst-port=3389 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade"
out-interface=ether1-gateway
add action=dst-nat chain=dstnat dst-port=5060-5062 in-interface=
ether1-gateway protocol=udp src-address-list=VoIP to-addresses=
192.168.4.6 to-ports=5060-5062
add action=dst-nat chain=dstnat dst-port=10000-20000 in-interface=
ether1-gateway protocol=udp to-addresses=192.168.4.X to-ports=10000-20000
add action=dst-nat chain=dstnat dst-address=A.B.C.D dst-port=3389
protocol=tcp to-addresses=192.168.4.X to-ports=3389
add action=dst-nat chain=dstnat dst-port=69 in-interface=ether1-gateway
protocol=udp to-addresses=192.168.4.X to-ports=69
add action=dst-nat chain=dstnat comment=FreePBX disabled=yes dst-port=8086
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.4.X
to-ports=80
add action=dst-nat chain=dstnat comment=DVR dst-port=8000 in-interface=
ether1-gateway protocol=tcp to-addresses=192.168.4.X to-ports=8000
add action=dst-nat chain=dstnat dst-port=554 in-interface=ether1-gateway
protocol=tcp to-addresses=192.168.4.X to-ports=554
add action=dst-nat chain=dstnat dst-port=81 in-interface=ether1-gateway
protocol=tcp to-addresses=192.168.4.X to-ports=81
add action=dst-nat chain=dstnat dst-port=9100 protocol=tcp to-addresses=
192.168.4.X to-ports=9100
add action=dst-nat chain=dstnat dst-port=8888 in-interface=ether1-gateway
protocol=tcp src-address-list=PBX to-addresses=192.168.4.X to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=22222 protocol=tcp
src-address-list=PBX to-addresses=192.168.4.X to-ports=22
add action=dst-nat chain=dstnat dst-port=84 protocol=tcp to-addresses=
192.168.4.X to-ports=84
/ip route
add distance=1 gateway=A.B.C.D
/ip service
set api disabled=yes
/system clock
set time-zone-name=America/Chicago
/system identity
set name=Mandeville
/system ntp client
set enabled=yes server-dns-names=pool.ntp.org
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox