I have set up a lab with two Mikrotik routers to learn more about networking and the product itself.
So i have two routers with two cables connected on ports one and two on each router.
OSPF, MPLS, VPLS working just nicely and tested the fail-over by unplugging a port and all works great. Need to read more on L2MTU here.
One of the routers has a wireless card built in so I connected to my home wifi and got internet working from a host connected through the VPLS tunnel.
Internet < R1 ---OSPF-MPLS-VLPS R2 - host connected to the internet from RS through VPLS tunnel
Now I am learning about firewall filter.
I added some rules and everything works except for my MPLS. There are no labels showing in the MPLS forwarding table.The issue is with the "drop everything else" rule at the bottom of the input chain rules.
If i disable the rule "the drop everything rule" on the input chain ldp starts working and I can see all my labels in the Forwarding Table.
Please note I am in learning mode and could use a little help here.
Below are the rules for my input chain. Note: there are not firewall filter on R2
I am sure it has something to do with the broadcast by MPLS to exchange labels but now sure how to proceed.
Any comments are welcome.
/ip firewall address-list
add address=188.8.131.52/24 list=Admin
add address=10.11.1.12/30 list=OSPF
add address=10.11.1.11/30 list=OSPF
ip firewall connection tracking set enabled=yes
/ip firewall filter
add action=accept chain=input in-interface=ether5 src-address-list=Admin comment="Allow Admin Access to Router"
add action=accept chain=input connection-state=established,related comment="Allow Established, Related Connections"
add action=accept chain=input src-address-list=OSPF comment="Allow OSPF"
add action=accept chain=input protocol=icmp comment="Allow ICMP"
add action=drop chain=input connection-state=invalid comment="Drop Invalid Connections"
add action=drop chain=input connection-nat-state=!dstnat connection-state=new in-interface=wlan1 protocol=tcp comment="Drop new connections from internet which are not dst-natted"
add action=drop chain=input dst-port=53 in-interface=wlan1 protocol=tcp comment="Drop external DNS requests"
add action=drop chain=input dst-port=53 in-interface=wlan1 protocol=udp comment="Drop external DNS requests"
add action=drop chain=input comment="Drop Everything Else"
add action=log chain=input log-prefix="Inbound Alet"