Have a new subnet from my isp so I set up a Mikrotik CHR as a VM (on Hyper-v server).
It seems to work ok but if I RDP into a windows machine on that subnet I can not get any browser responses back from within that vm. If I disable that final DROP all statement then the browser responses show up. I was under the impression that the initial forward rule (established,related) took care of allowing responses from requests being sent out?
Here are my rules on that subnet. Ping and Ping by name all return proper responses and I can access the Windows machine just fine, just not get any responses back from requests generated inside that VM on that new subnet.
[root@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Allow Established connections
chain=forward action=accept connection-state=established,related log=no
1 ;;; RDP allowed
chain=forward action=accept protocol=tcp src-address-list=RDP Allowed
dst-port=3389 log=no log-prefix=""
2 ;;; Allow ICMP
chain=forward action=accept protocol=icmp log=no log-prefix=""
3 ;;; Drop everything else
chain=forward action=drop protocol=tcp log=no log-prefix=""
[root@MikroTik] /ip firewall filter>