Hi all,
So I have zerotier up and running on my personal devices with no issues. Using cell or home wifi. I can ping said devices via zerotier ip’s.
The only device I can not seem to ping is my router running a zerotier interface.
The interface has traffic going across it via torch. But when I ping ---- I get no response back. Under connections---- I can see the zerotier making connections.
Do yall have any guidance on the best way to trouble shoot?
Firewall rules in the Input chain?
New to posting stuff in the code box. Hopefully I did that correctly.
I have disabled the zerotier interface rules— they where being used for testing.
Edit — forgot to add that I added the zerotier to a bridge. Thinking that might fix it. — It did not.
/ip firewall layer7-protocol
add name=rdp regexp="rdpdr.*cliprdr.*rdpsnd\""
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=tcp
add action=drop chain=input dst-port=53 in-interface-list=WAN protocol=udp
add action=accept chain=output disabled=yes out-interface=zerotier1
add action=accept chain=forward disabled=yes out-interface=zerotier1
add action=accept chain=input disabled=yes in-interface=zerotier1
add action=accept chain=input comment="allow ICMP" protocol=icmp
add action=accept chain=forward connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=fasttrack-connection chain=forward comment="fast-track for established,related" connection-state=\
established,related hw-offload=yes
add action=accept chain=forward comment="accept established,related" connection-state=established,related
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=accept chain=input in-interface-list=LAN
add action=accept chain=forward in-interface-list=LAN
add action=accept chain=input comment="allow Winbox" in-interface=bridge1 port=8291 protocol=tcp
add action=accept chain=input comment="allow SSH" in-interface=bridge1 port=22 protocol=tcp
add action=accept chain=forward protocol=tcp src-port=80
add action=accept chain=forward protocol=tcp src-port=443
add action=accept chain=forward layer7-protocol=rdp
add action=drop chain=input comment="drop invalid" connection-state=invalid log=yes
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=input log=yes
add action=drop chain=forward
add action=log chain=forward log=yes
add action=log chain=input log=yes log-prefix=log
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
I dont think its a firewall thing— mainly cause I see the connections going out— I feel more like I messed up a configuration of the zerotier part
update — so I can ping the ip of the zerotier router — ie my router on the zerotier interface — via ping from the MT router.
But I can not ping the zerotier network from the interface.
So update — I can see torch traffic on the zero tier interface. I can see traffic across the firewall from said interface.
I see routes in the routes table.
I am stumped.
So what I did to fix – made the subnets match and turned on bridge mode for the router, on zerotier side.