Hi all,
Im pretty new to mikrotik but slowly getting the hang of it. The main thing im struggling to get my head around is the firewall rules.
I’ve managed to unblock a few things for my needs but im struggling to get PPPTP VPN to work.
I can connect to the VPN fine but I cant access any devices on my network. If I also decide to use the mikrotik as the gateway, webpages wont load if I have this option switched on. See my firewall setup below.
/ip firewall filter
add action=drop chain=forward comment=
“Drop invalid connections through router” connection-state=invalid
add action=drop chain=forward comment=“Drop all traffic to-from addresses on
\"CountryIPBlocks\" address list” dst-address-list=CountryIPBlocks
add chain=forward comment=
“Allow new connections through router coming in LAN interface”
connection-state=new in-interface=ether2-master-local
add chain=forward comment=“Allow established connections through router”
connection-state=established
add chain=forward comment=“Allow related connections through router”
connection-state=related
add chain=forward comment=“Allow Plex” dst-port=32400 protocol=tcp
add chain=forward comment="Allow BT Vision " protocol=udp
add chain=forward comment=“Allow GRE Protocol 47 for PPTP” in-interface=
ether2-master-local protocol=gre
add action=drop chain=forward comment=
“Drop all other connections through the router”
add action=drop chain=input comment=
“Drop all traffic from addresses on "CountryIPBlocks" address list”
src-address-list=CountryIPBlocks
add chain=input comment=
“Allow everything from the LAN interface to the router”
ether2-master-local
add chain=input comment=“Allow established connections to
re OK because we aren’t allowing new connections” conne
established
add chain=input comment=“Allow related connections to the r
_because we aren’t allowing new connections” connectio
add chain=input comment=“Allow PPTP VPN” dst-port=1723 prot
add action=drop chain=input comment="Drop everything else t
[admin@008-HOME] >
If I disable the “Drop all other connections through the router” rule I can suddenly ping and access devices on my network and also browse websites using the mikrotik as the default gateway.
So something here tells me that I have PPPTP setup correctly as it works if I disable this specific firewall rule above. But I need to keep this rule enabled, so would someone be able to explain to me what Im doing wrong that is stoping traffic passing over the VPN but still allows me to establish a connection.
Ross