Hi,
I have L2TP tunnel with my two objects.. It works "good" But in first object I have IPTV (IGMP proxy) and when I watch TV so to tunnel go unnecessary traffic.. How can I filter it via firewall?
Thank you.
Re: L2TP client firewall rules
Plz describe better your setup
Print out your igmp-proxy setup
Code: Select all
/interface ethernet print
/interface bridge printCode: Select all
/routing igmp-proxy exportMTCNA MTCRE MTCTCE MTCWE MTCUME MTCSE MTCIPv6E
Mikrotik Consultant status since September 2016
Mikrotik Consultant status since September 2016
Re: L2TP client firewall rules
Code: Select all
[admin@MK] > /interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 R ether1 1500 00:0C:42:FD:0F:E1 enabled none switch1
1 RS ether2/PC_Z 1500 00:0C:42:FD:0F:E2 enabled none switch1
2 RS ether3/NAS 1500 00:0C:42:FD:0F:E3 enabled none switch1
3 S ether4/STUL_Z 1500 00:0C:42:FD:0F:E4 enabled none switch1
4 S ether5/POSTEL_Z 1500 00:0C:42:FD:0F:E5 enabled none switch1
5 RS ether6/VOIP 1500 00:0C:42:FD:0F:E6 enabled none switch2
6 RS ether7/TV 1500 00:0C:42:FD:0F:E7 enabled none switch2
7 ether8 1500 00:0C:42:FD:0F:E8 enabled none switch2
8 ether9 1500 00:0C:42:FD:0F:E9 enabled none switch2
9 ether10 1500 00:0C:42:FD:0F:EA enabled none switch2
10 S sfp1 1500 00:0C:42:FD:0F:E0 enabled none switch1 Code: Select all
[admin@MK] > /interface bridge print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto
mac-address=00:0C:42:FD:0F:E2 protocol-mode=rstp priority=0x8000 auto-mac=no
admin-mac=00:0C:42:FD:0F:E2 max-message-age=20s forward-delay=15s transmit-hold-count=6
ageing-time=5m
Code: Select all
[admin@MK] > /routing igmp-proxy export
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan/IPTV upstream=yes
add interface=bridge1
Re: L2TP client firewall rules
Code: Select all
/interface bridge port printMTCNA MTCRE MTCTCE MTCWE MTCUME MTCSE MTCIPv6E
Mikrotik Consultant status since September 2016
Mikrotik Consultant status since September 2016
Re: L2TP client firewall rules
Code: Select all
[admin@MK] > /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 I ether4/STUL_Z bridge1 0x80 10 none
1 I ether5/POSTEL_Z bridge1 0x80 10 none
2 ether6/VOIP bridge1 0x80 10 none
3 I sfp1 bridge1 0x80 10 none
4 wlan1 bridge1 0x80 10 none
5 ether7/TV bridge1 0x80 10 none
6 ether3/NAS bridge1 0x80 10 none
7 ether2/PC_Z bridge1 0x80 10 none
8 D l2tp-tunnel bridge1 0x80 10 noneRe: L2TP client firewall rules
Got it!Code: Select all[admin@MK] > /interface bridge port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST HORIZON 0 I ether4/STUL_Z bridge1 0x80 10 none 1 I ether5/POSTEL_Z bridge1 0x80 10 none 2 ether6/VOIP bridge1 0x80 10 none 3 I sfp1 bridge1 0x80 10 none 4 wlan1 bridge1 0x80 10 none 5 ether7/TV bridge1 0x80 10 none 6 ether3/NAS bridge1 0x80 10 none 7 ether2/PC_Z bridge1 0x80 10 none 8 D l2tp-tunnel bridge1 0x80 10 none
The l2tp-tunnel is bridged to bridge1
Try to remove l2tp-tunnel from bridge1 or you have to use ip firewall on your bridge to filter outgoing multicast traffic on you l2tp interface.
Here is a good howto:
https://u-to-l.blogspot.se/2012/06/deal ... ic-on.html
MTCNA MTCRE MTCTCE MTCWE MTCUME MTCSE MTCIPv6E
Mikrotik Consultant status since September 2016
Mikrotik Consultant status since September 2016
Re: L2TP client firewall rules
Ok, now it good. Thank you. Perfect 