Community discussions

MikroTik App
 
User avatar
Rim13
just joined
Topic Author
Posts: 2
Joined: Sun Jul 11, 2021 3:17 pm
Location: Moscow

Bridge don`t work correctly in the version above beta2.

Tue Sep 14, 2021 1:57 am

  1. RouterOS 7.1 beta2 all work. RouterOS 7.1 beta3 and up, including rc3 have problem;
  2. RB750Gr3;
  3. Using the configuration below for RouterOS 7.1 beta2 version. Bridge for wan interface and interface for IPTV is working correctly. IPTV receives all the necessary packages, updates and shows everything without problems.
    When using routeros 7.1 version higher than beta3, for example rc3, IPTV does not receive some of the packets and cannot start.;
  4. [mmmmm@Rrrrrr] > /export hide-sensitive
    # sep/14/2021 00:01:00 by RouterOS 7.1beta2
    # software id = NVNU-MDCM
    #
    # model = RB750Gr3
    # serial number = CC210B0F****
    /interface bridge
    add admin-mac=C4:0B:CB:FF:AA:AA auto-mac=no name=bridge-beeline
    add name=bridge-lan protocol-mode=none
    /interface ethernet
    set [ find default-name=ether1 ] mac-address=C4:0B:CB:FF:AA:AA name=ether1-ext
    set [ find default-name=ether3 ] name=ether3-comp
    set [ find default-name=ether5 ] name=ether5-iptv
    /interface wireguard
    add listen-port=51820 mtu=1420 name=wg
    /interface list
    add name=local
    add name=ISP
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip hotspot profile
    set [ find default=yes ] html-directory=flash/hotspot
    /ip pool
    add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
    /ip dhcp-server
    add address-pool=dhcp_pool0 disabled=no interface=bridge-lan lease-time=3d name=dhcp1
    /ip vrf
    add list=all name=main
    /certificate settings
    set crl-download=yes crl-use=yes
    /interface bridge port
    add bridge=bridge-lan interface=ether2
    add bridge=bridge-lan interface=ether3-comp
    add bridge=bridge-lan interface=ether4
    add bridge=bridge-beeline interface=ether5-iptv
    add bridge=bridge-beeline interface=ether1-ext
    /interface bridge settings
    set use-ip-firewall=yes
    /ip neighbor discovery-settings
    set discover-interface-list=local
    /interface list member
    add interface=bridge-lan list=local
    add interface=bridge-beeline list=ISP
    add interface=ether1-ext list=ISP
    /interface wireguard peers
    add allowed-address=0.0.0.0/0 interface=wg persistent-keepalive=10 public-key="XI6hPp1j2RFtrd8kojbfec0HFeCQnIyhXqdGoYxxXCQ="
    /ip address
    add address=192.168.1.1/24 interface=bridge-lan network=192.168.1.0
    add address=192.168.2.1/24 interface=wg network=192.168.2.0
    /ip arp
    add address=192.168.1.242 interface=bridge-lan mac-address=50:EC:50:0A:01:AA
    add address=192.168.1.16 interface=bridge-lan mac-address=24:4B:FE:8B:AA:F2
    add address=192.168.1.15 interface=bridge-lan mac-address=DC:B7:2E:AA:AA:92
    /ip cloud
    set ddns-enabled=yes ddns-update-interval=1h
    /ip dhcp-client
    add disabled=no interface=bridge-beeline
    /ip dhcp-server config
    set store-leases-disk=immediately
    /ip dhcp-server lease
    add address=192.168.1.242 mac-address=50:EC:50:0A:01:AA server=dhcp1
    add address=192.168.1.210 client-id=1:c4:34:aa:aa:ef:b mac-address=C4:34:AA:AA:EF:0B server=dhcp1
    add address=192.168.1.91 mac-address=DC:A6:AA:AA:96:69 server=dhcp1
    add address=192.168.1.16 client-id=1:24:4b:fe:8b:aa:f2 mac-address=24:4B:FE:8B:AA:F2 server=dhcp1
    add address=192.168.1.15 client-id=1:dc:b7:2e:56:a6:92 mac-address=DC:B7:2E:AA:AA:92 server=dhcp1
    /ip dhcp-server network
    add address=192.168.1.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.1.1 netmask=24
    /ip dns
    set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
    /ip firewall filter
    add action=add-src-to-address-list address-list="Honeypot Hacker" address-list-timeout=4w2d chain=input comment="block honeypot ssh rdp winbox" connection-state=\
        new dst-port=22,23,3389,8291 in-interface=bridge-beeline protocol=tcp
    add action=add-src-to-address-list address-list="Honeypot Hacker" address-list-timeout=4w2d chain=input comment="block honeypot asterisk" connection-state=new \
        dst-port=5060,20561 in-interface=bridge-beeline protocol=udp
    /ip firewall nat
    add action=masquerade chain=srcnat comment="nat for internet" out-interface=bridge-beeline
    add action=dst-nat chain=dstnat comment=nextcloud dst-port=80 in-interface=bridge-beeline protocol=tcp to-addresses=192.168.1.16 to-ports=80
    add action=dst-nat chain=dstnat dst-port=443 in-interface=bridge-beeline protocol=tcp to-addresses=192.168.1.16 to-ports=443
    add action=dst-nat chain=dstnat comment=ubuntu dst-port=2221 in-interface=bridge-beeline protocol=tcp to-addresses=192.168.1.16 to-ports=22
    /ip firewall raw
    add action=drop chain=prerouting in-interface=bridge-beeline src-address-list="Honeypot Hacker"
    /ip firewall service-port
    set ftp disabled=yes
    set tftp disabled=yes
    set irc disabled=yes
    set h323 disabled=yes
    set sip disabled=yes
    set pptp disabled=yes
    set udplite disabled=yes
    set dccp disabled=yes
    set sctp disabled=yes
    /ip hotspot service-port
    set ftp disabled=yes
    /ip service
    set telnet address=192.168.1.0/24 disabled=yes
    set ftp disabled=yes
    set www disabled=yes
    set ssh disabled=yes port=2200
    set api disabled=yes
    set winbox address=192.168.1.0/24,192.168.2.0/24
    set api-ssl disabled=yes
    /ip ssh
    set strong-crypto=yes
    /ip upnp
    set allow-disable-external-interface=yes enabled=yes
    /ip upnp interfaces
    add interface=bridge-lan type=internal
    add interface=bridge-beeline type=external
    /system clock
    set time-zone-name=Europe/Moscow
    /system clock manual
    set time-zone=+03:00
    /system identity
    set name=Rrrrrr
    /system logging
    set 1 action=disk
    set 2 action=disk
    set 3 action=disk
    /system ntp client
    set enabled=yes
    /system ntp client servers
    add address=88.147.254.230
    add address=88.147.254.235
    /system package update
    set channel=development
    /system routerboard settings
    set auto-upgrade=yes
    /tool bandwidth-server
    set enabled=no
    /tool mac-server
    set allowed-interface-list=local
    /tool mac-server mac-winbox
    set allowed-interface-list=local
    /tool sniffer
    set file-limit=5000KiB filter-interface=ether5-iptv filter-stream=yes memory-limit=1000KiB streaming-enabled=yes streaming-server=192.168.1.16
  5. The attachment contains an archive with two files. This is a packets sniffer dump via wireshark. The settings of tool packets sniffer are visible in the configuration above.
    File # 1 RouterOS 7.1 rc3, where IPTV is not receiving the required packets.
    File # 2 RouterOS 7.1 beta2, where everything works without problems.
    WireShark.zip
    .
You do not have the required permissions to view the files attached to this post.
 
User avatar
Rim13
just joined
Topic Author
Posts: 2
Joined: Sun Jul 11, 2021 3:17 pm
Location: Moscow

Re: Bridge don`t work correctly in the version above beta2.  [SOLVED]

Fri Dec 10, 2021 10:24 pm

I reset all settings.
Reintroduced them on a clean config.
And it all worked.

Who is online

Users browsing this forum: No registered users and 17 guests