Hello everybody.
I would like to ask you a question.
I have configured a RB750Gr3 as a load balancer with PPC mangle rules via pppoe wan interfaces (adsl routers in bridge mode)
The lan is configured via one ether port (no bridge) with ARP enabled, dhcp server on that interface, also DNS allows remote requests.
I am srcnat & maquerade the wan interface and the local network subnet
I have a very basic firewall set.
There is also a pptp vpn conf but it is disabled.
Everything works perfect, except the connection of 9 android pdas with a server which operates a reservation system on IIS port 80 all on the same lan.
They connect to the server via mikrotik groove A52Hhpn Level 4, configured via quick set as WISP AP.
Every day one one or two of the nine pda cannot connect on the server, something is blocking their access.
Before using the mikrotik router, we used the ISP's router (not mikrotik) on default configuration by ISP and there were not any issues.
So I assume that the problem is with mikrotik balancer router.
Any clue of what can be the problem because the balancer is necessary.
Re: Weird Lan behaviour with RB750Gr3
So there is also an external switch between the RB750, the Groove AP and the server?
Re: Weird Lan behaviour with RB750Gr3
Yes there are several switches.
Why?
Why?
Re: Weird Lan behaviour with RB750Gr3
Because in that case the RB750Gr3 is not involved at all and you have to look elsewhere.
One exception: the DHCP server assigns an address.
Maybe you have a rogue DHCP server on your network that sometimes assigns a wrong address to those devices.
One exception: the DHCP server assigns an address.
Maybe you have a rogue DHCP server on your network that sometimes assigns a wrong address to those devices.
Re: Weird Lan behaviour with RB750Gr3
I am desperate and cannot find the cause of the problem in RB750.
The problem on the PDAs, is random, every day one or two different PDAs cannot access the server, on different places via different Groove WiFi AP.
When we used the ISP's router we didn't have any issues at all.
The problem on the PDAs, is random, every day one or two different PDAs cannot access the server, on different places via different Groove WiFi AP.
When we used the ISP's router we didn't have any issues at all.
-
-
nescafe2002
Forum Veteran
- Posts: 897
- Joined:
- Location: Netherlands
Re: Weird Lan behaviour with RB750Gr3
Is the balancing necessary for the pdas? Can you set a fixed connection mark on pda-initiated connections? Did you load balance on ISP's router too?
Since pda bandwith is usually limited, I'd try to capture/stream their network traffic to Wireshark (continuous capture) to determine what is happening on packet level.
Since pda bandwith is usually limited, I'd try to capture/stream their network traffic to Wireshark (continuous capture) to determine what is happening on packet level.
Re: Weird Lan behaviour with RB750Gr3
LB is not necessary.
The PDAs are accessing a web page on IIS locally hosted on a server on the same LAN.
Here is my mangle conf.
0 chain=prerouting action=accept dst-address=192.168.0.0/24 log=no
log-prefix=""
1 chain=prerouting action=accept in-interface=pppoe-CYTA1
2 chain=prerouting action=accept in-interface=pppoe-CYTA2
3 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes src-address=192.168.0.0/24 dst-address-type=!local
per-connection-classifier=both-addresses-and-ports:2/0
4 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes src-address=192.168.0.0/24 dst-address-type=!local
per-connection-classifier=both-addresses-and-ports:2/1
5 chain=prerouting action=mark-routing new-routing-mark=to_wan1
passthrough=yes src-address=192.168.0.0/24 connection-mark=wan1_conn
6 chain=prerouting action=mark-routing new-routing-mark=to_wan2
passthrough=yes src-address=192.168.0.0/24 connection-mark=wan2_conn
7 ;;; Mark HTTPS
chain=prerouting action=mark-routing new-routing-mark=HTTPS
passthrough=no protocol=tcp dst-port=443 log=no log-prefix=""
How I will bypass the local traffic to the server's IP & port from the balancer ?
The PDAs are accessing a web page on IIS locally hosted on a server on the same LAN.
Here is my mangle conf.
0 chain=prerouting action=accept dst-address=192.168.0.0/24 log=no
log-prefix=""
1 chain=prerouting action=accept in-interface=pppoe-CYTA1
2 chain=prerouting action=accept in-interface=pppoe-CYTA2
3 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes src-address=192.168.0.0/24 dst-address-type=!local
per-connection-classifier=both-addresses-and-ports:2/0
4 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes src-address=192.168.0.0/24 dst-address-type=!local
per-connection-classifier=both-addresses-and-ports:2/1
5 chain=prerouting action=mark-routing new-routing-mark=to_wan1
passthrough=yes src-address=192.168.0.0/24 connection-mark=wan1_conn
6 chain=prerouting action=mark-routing new-routing-mark=to_wan2
passthrough=yes src-address=192.168.0.0/24 connection-mark=wan2_conn
7 ;;; Mark HTTPS
chain=prerouting action=mark-routing new-routing-mark=HTTPS
passthrough=no protocol=tcp dst-port=443 log=no log-prefix=""
How I will bypass the local traffic to the server's IP & port from the balancer ?
Re: Weird Lan behaviour with RB750Gr3
It is impossible to say anything about your router when you do not post the configuration.
However, when I understand your network topology correctly, the router is not involved in this communication.
However, when I understand your network topology correctly, the router is not involved in this communication.
Re: Weird Lan behaviour with RB750Gr3
Yes but why when reverting to ISP's router, everything works normal.
Here is my whole conf
Here is my whole conf
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1
set [ find default-name=ether2 ] name=ether2-WAN2
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
/interface pppoe-client
add disabled=no interface=ether1-WAN1 name=pppoe-CYTA1 password=***** user=\
*******
add disabled=no interface=ether2-WAN2 name=pppoe-CYTA2 password=***** user=\
*******
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\
\19\1A\1B\1C !234568@ABCFGHIJKLMNOPQRSTUVWX[`\81\82\90\91\93\96\97\98\99\
\9A\9B\9C\9E\A0\A1\A2\A3\A4]|Y................\?[ -~]|\96....\$)"
add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_\
register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
add name=soribada regexp="^GETMP3\r\
\nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\
\$"
add name=rdp regexp=rdpdr.*cliprdr.*rdpsnd
add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0\
-9]\r\
\n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshar\
e|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: applicat\
ion/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[\
0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[\
1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|.\
..................\?lime)"
add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\
\n"
add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01"
add name=shoutcast regexp=\
"icy [1-5][0-9][0-9] [\t-\r -~]*(content-type:audio|icy-)"
add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\
\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\
\01\03\04\FF]"
add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add name=poco regexp="^\80\94\
\n\01....\1F\9E"
add name=ciscovpn regexp="^\01\F4\01\F4"
add name=x11 regexp="^[lb].\?\0B"
add name=xboxlive regexp="^X\80........\F3|^\06XN"
add name=applejuice regexp="^ajprot\r\
\n"
add name=zmaap regexp="^\1B\D7;H[\01\02]\01\?\01"
add name=live365 regexp=membername.*session.*player
add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00"
add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
.[019]"
add name=sip regexp=\
"^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
add name=pop3 regexp="^(\\+ok |-err )"
add name=smb regexp="\FFsmb[r%]"
add name=quake1 regexp="^\80\0C\01quake\03"
add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\
\n.[\01\02\03][\01-\
\n -~]*|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]*|\05[!-~]+[\t-\r]+([a-z][!-~\
]*[\t-\r]+[1-9][0-9]\?[0-9]\?|root[\t-\r]+[!-~]+).*)\
\n\$"
add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\
\nEnd(Public|AES)Key\
\n\$"
add name=ssh regexp="^ssh-[12]\\.[0-9]"
add name=jabber regexp=\
"<stream:stream[\t-\r ][ -~]*[\t-\r ]xmlns=['\"]jabber"
add name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get /scrape\\\
\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]"
add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)"
add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-\
P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A\
-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][\
A-P][A-P]"
add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)"
add name=subspace regexp="^\01....\11\10........\01\$"
add name=hotline regexp="^....................TRTPHOTL\01\02"
add name=doom3 regexp="^\FF\FFchallenge"
add name=ftp regexp="^220[\t-\r -~]*ftp"
add name=kugoo regexp="^1..\8E"
add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10@\06"
add name=ssdp regexp="^notify[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:(ali\
ve|byebye)|^m-search[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:discover"
add name=imap regexp="^(\\* ok|a[0-9]+ noop)"
add name=ares regexp="^\03[]Z].\?.\?\05\$"
add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ \
-~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: \
kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g\
ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add name=qq regexp="^.\?\02.+\03\$"
add name=100bao regexp="^\01\01\05\
\n"
add name=aim regexp=\
"^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x"
add name=unknown regexp=.
add name=msn-filetransfer regexp=\
"^(ver [ -~]*msnftp\r\
\nver msnftp\r\
\nusr|method msnmsgr:)"
add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*\
(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust\
\_root|entrust\\.net limited)"
add name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\
\?.\?.\?[\C6-\FF])"
add name=gnucleuslan regexp=\
"gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\
\n\$"
add name=bgp regexp=\
"^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]"
add name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add name=h323 regexp=\
"^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
add name=finger regexp=\
"^[a-z][a-z0-9\\-_]+|login: [\t-\r -~]* name: [\t-\r -~]* Directory:"
add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\t-\r]*,[\t-\r]*[1-9\
][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\r\
\n|[\r\
\n])\?\$"
add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\
\n\$"
add name=hddtemp regexp=\
"^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|"
add name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\
\01-\08]\?[\01\03]"
add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$"
add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
add name=smtp regexp="^220[\t-\r -~]* (e\?smtp|simple mail)"
add name=ipp regexp=ipp://
add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\t-\r -~]*cvr0\r\
\n\$|usr 1 [!-~]+ [0-9. ]+\r\
\n\$|ans 1 [!-~]+ [0-9. ]+\r\
\n\$"
add name=irc regexp="^(nick[\t-\r -~]*user[\t-\r -~]*:|user[\t-\r -~]*:[\02-\r\
\_-~]*nick[\t-\r -~]*\r\
\n)"
add name=gopher regexp="^[\t-\r]*[1-9,+tgi][\t-\r -~]*\t[\t-\r -~]*\t[a-z0-9.]\
*\\.[a-z][a-z].\?.\?\t[1-9]"
add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\
\02\01.\?0|\A4\06.+@\04.\?.\?.\?.\?\02\01.\?\02\01.\?C)"
add name=nntp regexp=\
"^(20[01][\t-\r -~]*AUTHINFO USER|20[01][\t-\r -~]*news)"
add name=aimwebcontent regexp=user-agent:aim/
add name=rtsp regexp="rtsp/1.0 200 ok"
add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\
\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\
\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\
.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\
\?\t|\
\n.\?.\?.\?.\?.\?.\?.\?.\?\
\n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
\?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
\?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\
\?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
.\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?\
.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
\?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
\?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
.\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
\?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
\?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
.\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
\?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
\?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
.\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
\?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
.\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
\?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
.\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
\?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
.\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
\?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
.\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
\?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
.\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
\?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
.\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
\?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
\?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
\?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
add name=skypetoskype regexp="^..\02............."
add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike"
add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch"
add name=freenet regexp="^\01[\08\t][\03\04]"
add name=battlefield2 regexp="^(\11 \01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\
\01\06|\FF\FF\FF))|[]\01].\?battlefield2"
add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0\
-9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]+\")"
add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=citrix regexp="2&\85\92X"
add name=whois regexp="^[ !-~]+\r\
\n\$"
add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat"
add name=teamspeak regexp="^\F4\BE\03.*teamspeak"
add name=worldofwarcraft regexp="^\06\EC\01"
add name=ventrilo regexp="^..\?v\\\$\CF"
add name=http-rtsp regexp="^(get[\t-\r -~]* Accept: application/x-rtsp-tunnell\
ed|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*a=control:rtsp://)"
add name=thecircle regexp=\
"^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
\n\0B](glob|who are you\$|query data)"
add name=uucp regexp="^\10here="
add name=pcanywhere regexp="^(nq|st)\$"
add name=subversion regexp="^\\( success \\( 1 2 \\("
add name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>........................\
........</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\r -~]*Host:\
\_imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\
\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\
\02)\83)"
add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$"
add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\
\n"
add name=stun regexp="^[\01\02]................\?\$"
add name=tor regexp=TOR1.*<identity>
add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$"
add name=unset regexp=.
add name=chikka regexp="^CTPv1.[123] Kamusta.*\r\
\n\$"
add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\\
.1) [1-5][0-9][0-9] [\t-\r -~]*#####REPLAY_CHUNK_START#####)"
add name=armagetron regexp=YCLC_E|CYEL
add name=streaming regexp=videoplayback|video
add name=DENIED regexp="^.+(facebook.com|youporn.com).*\$"
add name=streaming-audio regexp=audioplayback|audio
add name=download regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|flv|mkv|avi|mp4|3gp\
|rmvb|mp3|img|dat|mov|wmv|wma|ogg|ipa|apk).*\$"
add name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|ente\
rtane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bit\
unity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova\
|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether5 lease-time=8h name=\
dhcp1
/queue simple
add disabled=yes max-limit=0/4M name="Limit Youtube" packet-marks=streaming \
target=192.168.0.0/24
/system logging action
set 3 remote=127.0.0.1
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.0.1/24 interface=ether5 network=192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=208.67.222.123,208.67.220.123 gateway=\
192.168.0.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.123,208.67.220.123
/ip firewall address-list
add address=192.168.0.2-192.168.0.254 list=CLIENT
add address=178.59.0.0/17 list=CYTA
/ip firewall filter
add action=accept chain=input comment="Accept established connections" \
connection-state=established
add action=accept chain=input comment="Accept related connections" \
connection-state=related
add chain=input comment="Accept all connections from local network" \
in-interface=ether5
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid
add action=drop chain=forward comment="Drop invalid connections" \
connection-state=invalid
add action=drop chain=input comment=\
"Drop all packets which are not destined to routes IP address" \
dst-address-type=!local
add action=drop chain=input comment=\
"Drop all packets which does not have unicast source IP address" \
src-address-type=!unicast
add action=drop chain=input comment="Block Incoming DNS" dst-port=53 \
in-interface=pppoe-CYTA1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=pppoe-CYTA1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=pppoe-CYTA2 protocol=udp
add action=drop chain=input dst-port=53 in-interface=pppoe-CYTA2 protocol=tcp
add action=accept chain=forward comment="Allow internal DNS" dst-address=\
192.168.0.1 dst-port=53 protocol=tcp src-address-list=CLIENT
add action=accept chain=forward dst-address=192.168.0.1 dst-port=53 protocol=\
udp src-address-list=CLIENT
add action=drop chain=input comment="Drop IP Services ports" disabled=yes \
dst-port=81,80,22,21,23,8728,8729,8080 in-interface=pppoe-CYTA1 protocol=\
tcp
add action=drop chain=input comment="Drop IP Services ports" disabled=yes \
dst-port=81,80,22,21,23,8728,8729,8080 in-interface=pppoe-CYTA2 protocol=\
tcp
add action=accept chain=input comment="Allow Winbox From WAN" dst-port=8291 \
protocol=tcp
add action=accept chain=input comment="Allow ICMP" protocol=icmp
add action=accept chain=forward comment="Accept Forward on Server" \
dst-address=192.168.0.201 dst-port=80 protocol=tcp
add action=accept chain=forward dst-address=192.168.0.201 dst-port=80 \
protocol=udp
add action=accept chain=input comment="Allow PPTP" connection-state=new \
disabled=yes dst-port=1723 protocol=tcp
add action=accept chain=input comment="Allow GRE" connection-state=new \
disabled=yes protocol=gre
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
src-address-list=Port_Scanner
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=forward dst-port=445 protocol=tcp src-address-list=\
Worm-Infected-p445
add action=drop chain=forward dst-port=445 protocol=tcp src-address-list=\
Worm-Infected-p445
add action=log chain=input comment="Log everything else" log-prefix=\
"DROP INPUT"
add action=drop chain=input comment="Drop everything else"
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.0.0/24
add action=accept chain=prerouting in-interface=pppoe-CYTA1
add action=accept chain=prerouting in-interface=pppoe-CYTA2
add action=mark-connection chain=prerouting dst-address-type=!local \
new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/0 src-address=192.168.0.0/24
add action=mark-connection chain=prerouting dst-address-type=!local \
new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:2/1 src-address=192.168.0.0/24
add action=mark-routing chain=prerouting connection-mark=wan1_conn \
new-routing-mark=to_wan1 passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting connection-mark=wan2_conn \
new-routing-mark=to_wan2 passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="Mark HTTPS" dst-port=443 \
new-routing-mark=HTTPS passthrough=no protocol=tcp
add action=mark-packet chain=prerouting comment="Mark Packet Streaming" \
disabled=yes layer7-protocol=streaming new-packet-mark=streaming \
passthrough=no src-address-list=CLIENT
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-CYTA1
add action=masquerade chain=srcnat out-interface=pppoe-CYTA2
add action=masquerade chain=srcnat comment="masquerade local network" \
out-interface=ether5 src-address=192.168.0.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add check-gateway=ping distance=1 gateway=pppoe-CYTA1 routing-mark=to_wan1
add check-gateway=ping distance=1 gateway=pppoe-CYTA2 routing-mark=to_wan2
add check-gateway=arp distance=7 gateway=pppoe-CYTA1 routing-mark=HTTPS
add check-gateway=arp distance=8 gateway=pppoe-CYTA2 routing-mark=HTTPS
add check-gateway=ping distance=1 gateway=pppoe-CYTA1
add check-gateway=ping distance=2 gateway=pppoe-CYTA2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes port=81
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp profile
add address-list=ADMIN bridge= change-tcp-mss=yes dns-server=8.8.8.8 \
local-address=192.168.0.1 name=pptp-in remote-address=dhcp_pool0 \
use-encryption=yes
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Athens
/system identity
set name="RB ******"
/system ntp client
set enabled=yes primary-ntp=128.138.141.172 secondary-ntp=194.177.210.54
/system routerboard settings
set silent-boot=no
Re: Weird Lan behaviour with RB750Gr3
For a start, disable all rules that refer to your L7 filters!
Such filters are completely impossible to debug remotely.
When your device has problems, check locally what its network settings are.
You should see the config from your DHCP server (gw 192.168.0.1 and those 2 DNS servers).
If not, you have a rogue DHCP server.
To help find that, you can add an alert on the Alerts page of the IP->DHCP-server page for your LAN.
Such filters are completely impossible to debug remotely.
When your device has problems, check locally what its network settings are.
You should see the config from your DHCP server (gw 192.168.0.1 and those 2 DNS servers).
If not, you have a rogue DHCP server.
To help find that, you can add an alert on the Alerts page of the IP->DHCP-server page for your LAN.
Re: Weird Lan behaviour with RB750Gr3
Finally it was a rogue DHCP, thank you for the tipsFor a start, disable all rules that refer to your L7 filters!
Such filters are completely impossible to debug remotely.
When your device has problems, check locally what its network settings are.
You should see the config from your DHCP server (gw 192.168.0.1 and those 2 DNS servers).
If not, you have a rogue DHCP server.
To help find that, you can add an alert on the Alerts page of the IP->DHCP-server page for your LAN.