Need expert help.. I am setting up a ccr1036 and for the life of me cannot get the firewall to work.. it configured everything exactly like my ccr1016 where the firewall is working.
Eventually I want to use the sftp+ ports to get faster than 1g connections, but I even tested on the standard ethernet ports just like my ccr1016.
I have confirmed fast path is off, and both are in bridging mode, as I need a bridging firewall as my default gw is on the same subnet as my 13 private ips.
see the attached pics.. Pulling my hair out here. thanks..
thanks in advance.. i ( i also added the pics as png attachments as the inline dont seem to be coming up)
here is testing showing the firewall NOT working on the ccr1026 here is the testing showing firewall working on my ccr1016
Ur kidding me right?
You bought an over $1000 router and you cannot provide a decent network diagram or export of the config?
Moreover don’t you have certification/training… I mean thats an expensive router for a homeowner.
Why dont you switch, I will send you a hex already setup and you send me the 1036.
firured it ouit.. it was this setting. that does not show up in the interface.. the only way seems to be set it in the command line, and it is a strange one to set.. took me forever to figure out the set and get options dont work.. you need to use the edit which brings it up in vi
the use-ip-firewall needed to be set..
am i missing something ie is there a way to do this in the ui?
Yes. The IP firewall only operates on packets forwarded through, or input/output to/from, the Mikrotik itself. Enabling that setting forces packets bridged to be also processed unless handled by hardware offload (not applicable to the CCR1036). See packet flow here https://help.mikrotik.com/docs/display/ROS/Packet+Flow+in+RouterOS.
If you do not need stateful firewalling the more limited bridge filter may be sufficient.
am i missing something ie is there a way to do this in the ui?
In Winbox select Bridge, in the Bridge window select the Bridge tab, there is a Settings button to the right of the usual Add / Remove / Enable / Disable / Comment / Filter buttons.
Open mouth insert spoon…
Pretty please provide your config so that I may assist the almighty Igkahn ( also known as cCmOoaPB → “cannot configure myself out of a paper bag” )
/export file=anynameyouwish ( minus router serial number and any public WANIP information ).
There is no GUI setting for use-ip-firewall ??
There is the standard
/ip firewall filter ( input chain: to the router or router services, forward chain: through the router lan to lan, lan to wan, wan to lan )
/ip nat
/ip mangle
/ip raw
All found in winbox under IP, and selecting sub-menu FIREWALL.
There is also a setting under the BRIDGE menu selection, to the far right of the popup called FILTERS ( just before NAT)
One uses the + symbol to create a rule in any of these areas and the rule is automatically enabled after hitting apply OK.
One can disable or delete the rule or move the rule in some cases to the required position order.
“Our MOAB subscription service - fully automated and updated 3 times each day because of its very dynamic nature as previously unknown sources get added in - identifies over 600 million unique IP addresses of known malicious or suspicious entities [the Bad Guys] that shouldn’t be allowed access to your Internet connection and Network.”
