Hi All,
I’ve got an RB750GL running ROS 6.1, freshly set up out of the box. At present it’s a very simple set up:
ether1 - attached to an ADSL modem, RB is doing the PPPoE authentication for the ADSL, IP address assigned dynamically.
ether2 - attached to the LAN on 192.168.1.0/24.
My problem is that simple queues are not working at all. I’ve even created a catch-all queue for the whole network, like so:
add name=rest-of-network priority=7/7 target=192.168.1.0/24 total-priority=7
When I run torch with 192.168.1.0/24 as the source and 0.0.0.0/0 as the destination (on ether2), I see all of the traffic, it just appears that the simple queues are not picking this up.
I’ve got simple queues set up at work on our CCR1036 and a clients RB450G and it seems to work fine, it’s just this one instance where I can’t get it to work! Am I missing something?
My whole config (sanitised) is as follows:
/interface ethernet
set 0 comment=WAN
set 1 comment=LAN
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip pool
add name=dhcp_pool1 ranges=192.168.1.50-192.168.1.200
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=1d name=dhcp1
/ppp profile
add change-tcp-mss=yes name=Xilo-ADSL only-one=yes use-mpls=no
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mru=1432 max-mtu=1432 name=OMITTED password=OMITTED profile=\
Xilo-ADSL use-peer-dns=yes user=OMITTED
/ip neighbor discovery
set Xilo-ADSL discover=no
/queue simple
add name=vuplussolo2-livingroom priority=1/1 target=192.168.1.3/32 total-priority=1
add name=skyboxf5-bedroom priority=2/2 target=192.168.1.4/32 total-priority=2
add name=ps3-craigsroom target=192.168.1.6/32
add name=rest-of-network priority=7/7 target=192.168.1.0/24 total-priority=7
/system logging action
set 3 remote=192.168.1.5
/ip address
add address=192.168.1.254/24 interface=ether2 network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.254 gateway=192.168.1.254
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add chain=forward comment="Allow LAN interface to anywhere" in-interface=ether2
add chain=forward comment="Allow established traffic to/from anywhere" connection-state=established
add chain=forward comment="Allow related traffic to/from anywhere" connection-state=related
add chain=forward comment="Allow TCP Port 5001 to Synology NAS" dst-address=192.168.1.5 dst-port=5001 protocol=tcp
add action=drop chain=forward comment="Drop invalid traffic to/from anywhere" connection-state=invalid
add action=drop chain=forward comment="Drop everything else to/from anywhere"
add chain=input comment="Allow LAN interface to router" in-interface=ether2
add chain=input comment="Allow OMITTED to router" src-address=OMITTED/29
add chain=input comment="Allow OMITTED to router" src-address=OMITTED/29
add chain=input comment="Allow established traffic to/from Router" connection-state=established
add chain=input comment="Allow related traffic to/from Router" connection-state=related
add chain=input comment="Allow ICMP PING to router" protocol=icmp
add action=drop chain=input comment="Drop invalid traffic to/from Router" connection-state=invalid
add action=log chain=input comment="Log everything else to/from Router" log-prefix="FW INPUT"
add action=drop chain=input comment="Drop everything else to/from Router"
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT Outbound LAN Traffic" out-interface=Xilo-ADSL src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment="Forward TCP Port 5001 to Synology NAS" dst-port=5001 in-interface=Xilo-ADSL \
protocol=tcp to-addresses=192.168.1.5 to-ports=5001
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip proxy
set max-cache-size=none
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8000
set www-ssl port=8443
set api disabled=yes
/system clock
set time-zone-name=Europe/London
/system ntp client
set enabled=yes mode=unicast primary-ntp=129.67.1.160 secondary-ntp=129.67.1.164
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
If anyone could shed some light on this problem I’d be most appreciative.
Thanks,
Verta.