Community discussions

MikroTik App
  4. RouterOS
  5. General

Problem after ROS 6.40.9 Update

Post Reply
 
MirhosseiniAmir
just joined
Topic Author
Posts: 10
Joined: Tue Oct 16, 2018 11:38 am
Location: yazd

Problem after ROS 6.40.9 Update

Wed Nov 28, 2018 1:25 pm

Hi every one
I have a problem with 6.42.10 long term and I had with 6.43 too.

I have ip address for each Ethernet and one bridge that added 3 Ethernet on that.

I have mangles for some source IP Address of Ethernet to route traffic to internet , have 3 internet lines. I dont want to have Load Balance or something like that. I just want to have for EXAMPLE Lan1 have mangle name LAN1 , connect to the internet from WAN1.

Also using MK for dns too.

Did not have any problem till 6.42.4.

The problem is that when I update the ROS to 6.42.10 or 6.43 there will be a TX traffic to all DNS IP addresses from every interface with no mangle like sstp or l2dp or Ethernet , although I have a rule in route that says the gateway for dns is what interface.

Just tried to disable request for dns and nothing changed.

Another problem is that I have wireless link that connects me to another MK router 951, It means that it will pass 2 antenna to get there. The 951 has dhcp enabled.
Problem is that although I do not have DHCP Client enabled in my side, there is an IP Address registered in 951 with no ping BUT have the name of my MK in host name. Its strange that it does not show any other antennas in leased IP addresses. Also Unchecked the ARP in DHCP too.

when I downgrade to 6.40.9 Long Term the problem is solved.

Maybe the route is not working. What is wrong with my config ?
Top
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 897
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Problem after ROS 6.40.9 Update

Wed Nov 28, 2018 1:55 pm

The problem is that when I update the ROS to 6.42.10 or 6.43 there will be a TX traffic to all DNS IP addresses from every interface with no mangle like sstp or l2dp or Ethernet , although I have a rule in route that says the gateway for dns is what interface.

Still not clear what the actual problem is. Clients will use dns servers (randomly) assigned to them. Routing will not change this behavior, it will only affect to which uplink the request is sent to.

Can you check the client configuration (assigned dns servers), preferably between 6.40.9 and 6.42.10?

Please describe the expected situation: Clients should connect the RBs DNS server instead?

Could you also post a configuration export?
Top
 
MirhosseiniAmir
just joined
Topic Author
Posts: 10
Joined: Tue Oct 16, 2018 11:38 am
Location: yazd

Re: Problem after ROS 6.40.9 Update

Thu Nov 29, 2018 8:40 am

The problem is that when I update the ROS to 6.42.10 or 6.43 there will be a TX traffic to all DNS IP addresses from every interface with no mangle like sstp or l2dp or Ethernet , although I have a rule in route that says the gateway for dns is what interface.

Still not clear what the actual problem is. Clients will use dns servers (randomly) assigned to them. Routing will not change this behavior, it will only affect to which uplink the request is sent to.

Can you check the client configuration (assigned dns servers), preferably between 6.40.9 and 6.42.10?

Please describe the expected situation: Clients should connect the RBs DNS server instead?

Could you also post a configuration export?
The Clients are using the gateway address for DNS too. For example if the Ethernet address is 192.168.10.100 then the DHCP will send the gateway:192.168.10.100 , dns:192.168.10.100
And for all thte Ethernets are the same. I have IP address for every Ethernet and not in the same range.
Top
 
MirhosseiniAmir
just joined
Topic Author
Posts: 10
Joined: Tue Oct 16, 2018 11:38 am
Location: yazd

Re: Problem after ROS 6.40.9 Update

Thu Nov 29, 2018 9:08 am

The problem is that when I update the ROS to 6.42.10 or 6.43 there will be a TX traffic to all DNS IP addresses from every interface with no mangle like sstp or l2dp or Ethernet , although I have a rule in route that says the gateway for dns is what interface.

Still not clear what the actual problem is. Clients will use dns servers (randomly) assigned to them. Routing will not change this behavior, it will only affect to which uplink the request is sent to.

Can you check the client configuration (assigned dns servers), preferably between 6.40.9 and 6.42.10?

Please describe the expected situation: Clients should connect the RBs DNS server instead?

Could you also post a configuration export?
Interface list
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] disabled=yes name=E1-
set [ find default-name=ether2 ] name="E2- Satge2 20"
set [ find default-name=ether3 ] name="E3- Stage2 30"
set [ find default-name=ether4 ] disabled=yes name="E4- FileServer"
set [ find default-name=ether5 ] name="E5- NosaServer"
set [ find default-name=ether6 ] name="E6- PBX Voip"
set [ find default-name=ether7 ] name="E7- Fax Server"
set [ find default-name=ether8 ] disabled=yes name=E8-
set [ find default-name=ether9 ] name="E9- Stage1 90"
set [ find default-name=ether10 ] name=E10-BashgahAli
set [ find default-name=ether11 ] disabled=yes name="E11- SadrWireless"
set [ find default-name=ether12 ] name="E12- GolsaFC"
set [ find default-name=ether13 ] name="E13- Stage2 130"
set [ find default-name=ether14 ] name="E14- Wireless AP1"
set [ find default-name=ether15 ] name="E15- Wireless AP2"
set [ find default-name=ether16 ] disabled=yes name="E16- Wireless AP3"
set [ find default-name=ether17 ] name="E17- Wireless AP4"
set [ find default-name=ether18 ] name="E18- PC"
set [ find default-name=ether19 ] name="E19- DebianPC"
set [ find default-name=ether20 ] name="E20- Haj Ahmad"
set [ find default-name=ether21 ] name="E21- WirelessPishgaman"
set [ find default-name=ether22 ] name="E22- ADSL"
set [ find default-name=ether23 ] name="E23- Irancell"
set [ find default-name=ether24 ] disabled=yes name=E24-
set [ find default-name=sfp1 ] name="SFP- SadrWireless"
DHCP
Code: Select all
ip dhcp-server
add address-pool="E2- Satge2 20" authoritative=after-2sec-delay disabled=no interface="E2- Satge2 20" lease-time=8h name="DHCP- 20"
add address-pool="E3- Satge2 30" authoritative=after-2sec-delay disabled=no interface="E3- Stage2 30" lease-time=8h name="DHCP- 30"
add address-pool="E7- FaxServer" authoritative=after-2sec-delay disabled=no interface="E7- Fax Server" lease-time=8h name="DHCP- 70"
add address-pool="E12- GolsaFC" authoritative=after-2sec-delay interface="E12- GolsaFC" lease-time=8h name="DHCP- 80"
add address-pool="E9- FileServer" authoritative=after-2sec-delay disabled=no interface="E9- Stage1 90" lease-time=8h name="DHCP- 90"
add address-pool="E10- HorseRacing" authoritative=after-2sec-delay interface=E10-BashgahAli lease-time=8h name="DHCP- 100"
add address-pool="E18- PC" authoritative=after-2sec-delay disabled=no interface="E18- PC" lease-time=8h name="DHCP- 180"
add address-pool="E19- Debian" authoritative=after-2sec-delay disabled=no interface="E19- DebianPC" lease-time=8h name="DHCP- 190"
add address-pool="E22- ADSL" authoritative=after-2sec-delay disabled=no interface="E22- ADSL" lease-time=8h name="DHCP- 220"
add address-pool="E14- Wireless AP" authoritative=after-2sec-delay disabled=no interface=Bridge-WirelessAP lease-time=8h name="DHCP- 10"
add address-pool="E13- Satge2 130" authoritative=after-2sec-delay disabled=no interface="E13- Stage2 130" lease-time=8h name="DHCP- 130"
Interface Address
Code: Select all
/ip address
add address=192.168.20.100/24 interface="E2- Satge2 20" network=192.168.20.0
add address=192.168.30.100/24 interface="E3- Stage2 30" network=192.168.30.0
add address=192.168.50.100/24 interface="E5- NosaServer" network=192.168.50.0
add address=192.168.60.100/24 interface="E6- PBX Voip" network=192.168.60.0
add address=192.168.70.100/24 interface="E7- Fax Server" network=192.168.70.0
add address=192.168.2.100/24 interface="SFP- SadrWireless" network=192.168.2.0
add address=192.168.100.100/24 interface=E10-BashgahAli network=192.168.100.0
add address=192.168.80.100/24 interface="E12- GolsaFC" network=192.168.80.0
add address=192.168.180.100/24 interface="E18- PC" network=192.168.180.0
add address=192.168.190.100/24 interface="E19- DebianPC" network=192.168.190.0
add address=192.168.200.100/24 interface="E20- Haj Ahmad" network=192.168.200.0
add address=192.168.90.100/24 interface="E9- Stage1 90" network=192.168.90.0
add address=192.168.130.100/24 interface="E13- Stage2 130" network=192.168.130.0
add address=192.168.10.100/24 interface=Bridge-WirelessAP network=192.168.10.0
add address=192.168.220.100/24 interface="E22- ADSL" network=192.168.220.0
add address=192.168.230.100/24 interface="E23- Irancell" network=192.168.230.0
DHCP Server
Code: Select all
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.100 gateway=192.168.10.100 netmask=24 ntp-server=192.168.10.100
add address=192.168.20.0/24 dns-server=192.168.20.100 gateway=192.168.20.100 netmask=24 ntp-server=192.168.20.100 wins-server=192.168.50.6
add address=192.168.30.0/24 dns-server=192.168.30.100 gateway=192.168.30.100 netmask=24 ntp-server=192.168.30.100 wins-server=192.168.50.6
add address=192.168.70.0/24 dns-server=192.168.70.100 gateway=192.168.70.100 netmask=24 ntp-server=192.168.70.100 wins-server=192.168.50.6
add address=192.168.80.0/24 dns-server=192.168.80.100 gateway=192.168.80.100 netmask=24 ntp-server=192.168.80.100
add address=192.168.90.0/24 dns-server=192.168.90.100 gateway=192.168.90.100 netmask=24 ntp-server=192.168.90.100 wins-server=192.168.50.6
add address=192.168.100.0/24 dns-server=192.168.100.100 gateway=192.168.100.100 netmask=24 ntp-server=192.168.100.100
add address=192.168.130.0/24 dns-server=192.168.130.100 gateway=192.168.130.100 netmask=24 ntp-server=192.168.130.100 wins-server=192.168.50.6
add address=192.168.180.0/24 dns-server=192.168.180.100 gateway=192.168.180.100 netmask=24 ntp-server=192.168.180.100
add address=192.168.190.0/24 dns-server=192.168.190.100 gateway=192.168.190.100 netmask=24 ntp-server=192.168.190.100
add address=192.168.220.0/24 dns-server=192.168.220.100 gateway=192.168.220.100 netmask=24 ntp-server=192.168.220.100
DNS "I dont know why the other dns ip is not there "
Code: Select all
/ip dns
set allow-remote-requests=yes cache-size=4096KiB max-udp-packet-size=512 servers=8.8.8.8
Firewall Mangle
Code: Select all
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=HorseRacing passthrough=no src-address=192.168.100.0/24
add action=mark-routing chain=prerouting new-routing-mark=Stage2-20 passthrough=no src-address=192.168.20.0/24
add action=mark-routing chain=prerouting new-routing-mark=Wireless passthrough=no src-address=192.168.10.0/24
add action=mark-routing chain=prerouting new-routing-mark=SadrShimi passthrough=no src-address=192.168.2.0/24
add action=mark-routing chain=prerouting new-routing-mark=Golsapoosh passthrough=no src-address=192.168.70.0/24
add action=mark-routing chain=prerouting new-routing-mark=GolsaFC passthrough=no src-address=192.168.80.0/24
add action=mark-routing chain=prerouting new-routing-mark=Stage1-90 passthrough=no src-address=192.168.90.0/24
add action=mark-routing chain=prerouting new-routing-mark=Amir passthrough=no src-address=192.168.180.0/24
add action=mark-routing chain=prerouting new-routing-mark=HajAhmad passthrough=no src-address=192.168.200.0/24
add action=mark-routing chain=prerouting new-routing-mark=SadrShimi passthrough=no src-address=192.168.190.0/24
add action=mark-routing chain=prerouting new-routing-mark=Stage2-130 passthrough=no src-address=192.168.130.0/24
add action=mark-routing chain=prerouting new-routing-mark=Stage2-30 passthrough=no src-address=192.168.30.0/24
Route
Code: Select all
/ip route
add distance=1 gateway=192.168.230.253 routing-mark=HorseRacing
add distance=1 gateway="PPPOE- Pishgaman" routing-mark=Stage2-20
add distance=1 gateway="PPPOE- ADSL Mokhaberat" routing-mark=Wireless
add distance=1 gateway="PPPOE- ADSL Mokhaberat" routing-mark=SadrShimi
add distance=1 gateway=192.168.230.253 routing-mark=Golsapoosh
add distance=1 gateway=192.168.230.253 routing-mark=GolsaFC
add distance=1 gateway="PPPOE- ADSL Mokhaberat" routing-mark=Stage1-90
add distance=1 gateway=192.168.230.253 routing-mark=Amir
add distance=1 gateway="PPPOE- ADSL Mokhaberat" routing-mark=HajAhmad
add distance=1 gateway="PPPOE- ADSL Mokhaberat" routing-mark=Stage2-130
add distance=1 gateway="PPPOE- Pishgaman" routing-mark=Stage2-30
[color=#FF0000]add distance=1 dst-address=5.200.200.200/32 gateway="PPPOE- ADSL Mokhaberat"
add distance=3 dst-address=8.8.8.8/32 gateway=l2tp-vpn
add distance=1 dst-address=80.191.178.242/32 gateway="PPPOE- ADSL Mokhaberat"[/color]
Top
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 897
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Problem after ROS 6.40.9 Update

Thu Nov 29, 2018 2:09 pm

So there are two problems:
  1. Unknown/unwanted dynamic DNS servers appear in IP > DNS configuration
  2. PPP clients get assigned these unknown/unwanted dynamic servers

If you can solve problem 1, problem 2 will be solved as well:
Check all ppp and dhcp clients for use-peer-dns setting.
Note that in ovpn-client you cannot disable this setting.

To solve problem 2 (if problem 1 cannot be solved), simply supply static dns server(s) in the relevant ppp profile(s):
Code: Select all
/ppp profile set [numbers] dns-server=8.8.8.8,8.8.4.4
Top
 
MirhosseiniAmir
just joined
Topic Author
Posts: 10
Joined: Tue Oct 16, 2018 11:38 am
Location: yazd

Re: Problem after ROS 6.40.9 Update

Sat Dec 01, 2018 1:00 pm

So there are two problems:
  1. Unknown/unwanted dynamic DNS servers appear in IP > DNS configuration
  2. PPP clients get assigned these unknown/unwanted dynamic servers

If you can solve problem 1, problem 2 will be solved as well:
Check all ppp and dhcp clients for use-peer-dns setting.
Note that in ovpn-client you cannot disable this setting.

To solve problem 2 (if problem 1 cannot be solved), simply supply static dns server(s) in the relevant ppp profile(s):
Code: Select all
/ppp profile set [numbers] dns-server=8.8.8.8,8.8.4.4
If I run /dns print it will export :
Code: Select all
 print
                      servers: 8.8.8.8
              dynamic-servers: 5.200.200.200,80.191.178.242,5.202.100.101,
                               5.202.100.100
        allow-remote-requests: yes
          max-udp-packet-size: 512
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 4096KiB
                cache-max-ttl: 1w
                   cache-used: 288KiB
If I run /dns export the answer is :
Code: Select all
set allow-remote-requests=yes cache-size=4096KiB max-udp-packet-size=512 \
    servers=8.8.8.8
So if it will not appear in export command is OK.
For the other on is I want to get dns ip from PPPOE connection AND 8.8.8.8 from l2tp connection. I can not set static DNS for DHCP because I have domain server and also I want to get some ip from google and some from PPPOE dns server.
Other Thing is that the connection to ppto or sstp is TX and not RX. Means that the MK wants to connect to dns ip on them. Also I have static IP for ppp connections not getting ip from dhcp not using ppp connection to get internet, just to connect to other office.
So if the problem is dns if I disable request from MK it should be gone but when I disable that I can not connect to any site but the traffic will exists.
So can You tell me what to do ?
Top
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 897
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Problem after ROS 6.40.9 Update

Sat Dec 01, 2018 1:46 pm

Based on: download/file.php?id=34558

There are 5 connections from DNS servers to 192.168.190.10 via sstp-Amir.
These could be DNS replies to requests received from sstp-Amir. Torch with Protocol and Port enabled to be sure.
As the router processes packages from and to interfaces, this is RX traffic from WAN and TX traffic to sstp-Amir.
Based on the source addresses it is highly unlikely that this traffic is generated on the router itself.

If you suspect that this traffic is unwanted/unrelated to a request, maybe some dstnat rules are forwarding traffic to your sstp endpoint.
You could check the IP > Firewall > Connections tab to determine the source/destination before and after NAT.
Post complete IP firewall to be sure.
Top
 
MirhosseiniAmir
just joined
Topic Author
Posts: 10
Joined: Tue Oct 16, 2018 11:38 am
Location: yazd

Re: Problem after ROS 6.40.9 Update

Sun Dec 02, 2018 9:30 am

Based on: download/file.php?id=34558

There are 5 connections from DNS servers to 192.168.190.10 via sstp-Amir.
These could be DNS replies to requests received from sstp-Amir. Torch with Protocol and Port enabled to be sure.
As the router processes packages from and to interfaces, this is RX traffic from WAN and TX traffic to sstp-Amir.
Based on the source addresses it is highly unlikely that this traffic is generated on the router itself.

If you suspect that this traffic is unwanted/unrelated to a request, maybe some dstnat rules are forwarding traffic to your sstp endpoint.
You could check the IP > Firewall > Connections tab to determine the source/destination before and after NAT.
Post complete IP firewall to be sure.
I can not see connection tab because I downgraded ROS to 6.40.9 and now the problem is gone.
I remember that the connection was to dst-ip of ppp connection port 53 .


/ip firewall filter
Code: Select all
add action=drop chain=input dst-port=5060 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=5060 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
add action=drop chain=input dst-port=53 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=53 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=input dst-port=53 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=139 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=135 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=445 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=5060 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=138 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=137 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=5060 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=5060 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=input dst-port=53 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=139 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=135 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=137 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=138 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=139 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=135 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=138 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=137 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=445 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=445 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=53 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
add action=drop chain=input dst-port=53 in-interface="E23- Irancell" protocol=tcp
add action=drop chain=input dst-port=445 in-interface="E23- Irancell" protocol=tcp
add action=drop chain=input dst-port=5060 in-interface="E23- Irancell" protocol=tcp
add action=drop chain=input dst-port=139 in-interface="E23- Irancell" protocol=tcp
add action=drop chain=input dst-port=135 in-interface="E23- Irancell" protocol=tcp
add action=drop chain=input dst-port=138 in-interface="E23- Irancell" protocol=tcp
add action=drop chain=input dst-port=137 in-interface="E23- Irancell" protocol=tcp
add action=drop chain=input dst-port=139 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
add action=drop chain=input dst-port=135 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
add action=drop chain=input dst-port=138 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
add action=drop chain=input dst-port=137 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
add action=drop chain=input dst-port=139 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=input dst-port=135 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=input dst-port=138 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=input dst-port=137 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=input dst-port=445 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
add action=drop chain=input dst-port=445 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=forward comment=AVI content=.avi disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.10.0/24
add action=drop chain=forward comment=MP4 content=.mp4 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.30.0/24
add action=drop chain=forward comment=MP4 content=.mp4 out-interface="PPPOE- Pishgaman" src-address=192.168.80.0/24
add action=drop chain=forward comment=MP4 content=.mp4 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.90.0/24
add action=drop chain=forward comment=MP4 content=.mp4 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.100.0/24
add action=drop chain=forward comment=MP4 content=.mp4 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.130.0/24
add action=drop chain=forward comment=MP4 content=.mp4 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.20.0/24
add action=drop chain=forward comment=MP4 content=.mp4 disabled=yes out-interface="PPPOE- ADSL Mokhaberat" src-address=192.168.2.0/24
add action=drop chain=forward comment=AVI content=.avi disabled=yes out-interface="PPPOE- ADSL Mokhaberat" src-address=192.168.2.0/24
add action=drop chain=forward comment=MKV content=.avi disabled=yes out-interface="PPPOE- ADSL Mokhaberat" src-address=192.168.2.0/24
add action=drop chain=forward comment=MP3 content=.mp3 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.10.0/24
add action=drop chain=forward comment=MKV content=.mkv disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.10.0/24
add action=drop chain=forward comment=MP3 content=.mp3 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.20.0/24
add action=drop chain=forward comment=MKV content=.mkv disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.20.0/24
add action=drop chain=forward comment=MOV content=.mov disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.20.0/24
add action=drop chain=forward comment=AVI content=.avi disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.20.0/24
add action=drop chain=forward comment=MP3 content=.mp3 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.130.0/24
add action=drop chain=forward comment=MOV content=.mov disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.130.0/24
add action=drop chain=forward comment=MKV content=.mkv disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.130.0/24
add action=drop chain=forward comment=AVI content=.avi disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.130.0/24
add action=drop chain=forward comment=MP3 content=.mp3 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.100.0/24
add action=drop chain=forward comment=MKV content=.mkv disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.100.0/24
add action=drop chain=forward comment=AVI content=.avi disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.100.0/24
add action=drop chain=forward comment=MOV content=.mov disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.100.0/24
add action=drop chain=forward comment=MP3 content=.mp3 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.90.0/24
add action=drop chain=forward comment=MOV content=.mov disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.90.0/24
add action=drop chain=forward comment=MKV content=.mkv disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.90.0/24
add action=drop chain=forward comment=AVI content=.avi disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.90.0/24
add action=drop chain=forward comment=MP3 content=.mp3 out-interface="PPPOE- Pishgaman" src-address=192.168.80.0/24
add action=drop chain=forward comment=MOV content=.mov out-interface="PPPOE- Pishgaman" src-address=192.168.80.0/24
add action=drop chain=forward comment=MKV content=.mkv out-interface="PPPOE- Pishgaman" src-address=192.168.80.0/24
add action=drop chain=forward comment=AVI content=.avi out-interface="PPPOE- Pishgaman" src-address=192.168.80.0/24
add action=drop chain=forward comment=MP3 content=.mp3 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.30.0/24
add action=drop chain=forward comment=MKV content=.mkv disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.30.0/24
add action=drop chain=forward comment=MOV content=.mov disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.30.0/24
add action=drop chain=forward comment=AVI content=.avi disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.30.0/24
add action=drop chain=forward comment=MP3 content=.mp3 disabled=yes out-interface="PPPOE- ADSL Mokhaberat" src-address=192.168.2.0/24
add action=drop chain=forward comment=MOV content=.mov disabled=yes out-interface="PPPOE- ADSL Mokhaberat" src-address=192.168.2.0/24
add action=drop chain=forward comment=MP3 content=.mp3 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.180.0/24
add action=drop chain=forward comment=MP4 content=.mp4 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.180.0/24
add action=drop chain=forward comment=MP4 content=.mp4 disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.10.0/24
add action=drop chain=forward comment=MOV content=.mov disabled=yes out-interface="PPPOE- Pishgaman" src-address=192.168.10.0/24
add action=drop chain=input dst-port=5060 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=5060 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
add action=drop chain=input dst-port=53 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=53 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=input dst-port=53 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=139 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=135 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=445 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=5060 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=138 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=137 in-interface="E23- Irancell" protocol=udp
add action=drop chain=input dst-port=5060 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=5060 in-interface="PPPOE- ADSL Mokhaberat" protocol=udp
add action=drop chain=input dst-port=53 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=139 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=135 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=137 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=138 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=139 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=135 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=138 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=137 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=445 in-interface="PPPOE- Pishgaman" protocol=tcp
add action=drop chain=input dst-port=445 in-interface="PPPOE- Pishgaman" protocol=udp
add action=drop chain=input dst-port=53 in-interface="PPPOE- ADSL Mokhaberat" protocol=tcp
/ip firewall mangle
Code: Select all
add action=mark-routing chain=prerouting new-routing-mark=HorseRacing passthrough=no src-address=192.168.100.0/24
add action=mark-routing chain=prerouting new-routing-mark=Stage2-20 passthrough=no src-address=192.168.20.0/24
add action=mark-routing chain=prerouting new-routing-mark=Wireless passthrough=no src-address=192.168.10.0/24
add action=mark-routing chain=prerouting new-routing-mark=SadrShimi passthrough=no src-address=192.168.2.0/24
add action=mark-routing chain=prerouting new-routing-mark=Golsapoosh passthrough=no src-address=192.168.70.0/24
add action=mark-routing chain=prerouting new-routing-mark=GolsaFC passthrough=no src-address=192.168.80.0/24
add action=mark-routing chain=prerouting new-routing-mark=Stage1-90 passthrough=no src-address=192.168.90.0/24
add action=mark-routing chain=prerouting new-routing-mark=Amir passthrough=no src-address=192.168.180.0/24
add action=mark-routing chain=prerouting new-routing-mark=HajAhmad passthrough=no src-address=192.168.200.0/24
add action=mark-routing chain=prerouting new-routing-mark=SadrShimi passthrough=no src-address=192.168.190.0/24
add action=mark-routing chain=prerouting new-routing-mark=Stage2-130 passthrough=no src-address=192.168.130.0/24
add action=mark-routing chain=prerouting new-routing-mark=Stage2-30 passthrough=no src-address=192.168.30.0/24

/ip firewall nat
Code: Select all
add action=masquerade chain=srcnat comment="Nabavian Mobile" src-address=192.168.10.162
add action=masquerade chain=srcnat comment="Soltani Mobile" src-address=192.168.10.161
add action=masquerade chain=srcnat comment=GolsaFC src-address=192.168.80.254
add action=masquerade chain=srcnat comment="Najmeh PC" src-address=192.168.30.110
add action=masquerade chain=srcnat comment="Saffar PC" src-address=192.168.30.113
add action=masquerade chain=srcnat comment="Haj Mohammad PC" src-address=192.168.30.115
add action=masquerade chain=srcnat comment="Haj Ahmad PC" src-address=192.168.30.114
add action=masquerade chain=srcnat comment="Ali Em PC" src-address=192.168.30.112
add action=masquerade chain=srcnat comment="Haj Reza PC" src-address=192.168.30.111
add action=masquerade chain=srcnat comment="Jafari PC" src-address=192.168.20.157
add action=masquerade chain=srcnat comment="HajAli PC" src-address=192.168.20.158
add action=masquerade chain=srcnat comment="Asiyeh PC" src-address=192.168.20.156
add action=masquerade chain=srcnat comment="Soltani 1 PC" src-address=192.168.20.155
add action=masquerade chain=srcnat comment="Amir PC" src-address=192.168.180.0/24
add action=masquerade chain=srcnat comment="Debian PC" src-address=192.168.190.0/24
add action=masquerade chain=srcnat comment="Haj Abbas PC" src-address=192.168.90.162
add action=masquerade chain=srcnat comment="KazemEM PC" src-address=192.168.90.163
add action=masquerade chain=srcnat comment="Khandan PC" src-address=192.168.90.161
add action=masquerade chain=srcnat comment="Mohammad EM PC" src-address=192.168.30.116
add action=masquerade chain=srcnat comment="Kazem Mirhosseini" src-address=192.168.10.179
add action=masquerade chain=srcnat comment="Mohsen Mobile" src-address=192.168.10.180
add action=masquerade chain=srcnat comment="Mohsen Apple" src-address=192.168.10.181
add action=masquerade chain=srcnat comment="Mohsen Laptop" src-address=192.168.10.182
add action=masquerade chain=srcnat comment="Saffar Mobile" src-address=192.168.10.183
add action=masquerade chain=srcnat comment="Mahdi Laptop" src-address=192.168.10.184
add action=masquerade chain=srcnat comment="RezaEM Mobile" src-address=192.168.10.186
add action=masquerade chain=srcnat comment="HosseinEM Laptop" src-address=192.168.10.187
add action=masquerade chain=srcnat comment="Asiyeh Mobile" src-address=192.168.10.188
add action=masquerade chain=srcnat comment="Khandan Mobile" src-address=192.168.10.189
add action=masquerade chain=srcnat comment="Soltani1 Mobile" src-address=192.168.10.190
add action=masquerade chain=srcnat comment="Mohammad EM Huawei" src-address=192.168.10.191
add action=masquerade chain=srcnat comment="KazemEM Mobile" src-address=192.168.10.185
add action=masquerade chain=srcnat comment="Sony Laptop" src-address=192.168.10.178
add action=masquerade chain=srcnat comment="POS Wireless" src-address=192.168.10.177
add action=masquerade chain=srcnat comment="Ali EM Mobile" src-address=192.168.10.176
add action=masquerade chain=srcnat comment="Haj Mohammad Mobile" src-address=192.168.10.175
add action=masquerade chain=srcnat comment="Haj Ahmad Iphone" src-address=192.168.10.174
add action=masquerade chain=srcnat comment="Mohammad EM Iphone" src-address=192.168.10.173
add action=masquerade chain=srcnat comment="Haj Ahmad Samsung" src-address=192.168.10.172
add action=masquerade chain=srcnat comment="Haj Reza Mobile" src-address=192.168.10.171
add action=masquerade chain=srcnat comment="Haj Ali Mobile" src-address=192.168.10.170
add action=masquerade chain=srcnat comment="Hojat Mobile" src-address=192.168.10.169
add action=masquerade chain=srcnat comment="Mobile Sherkat" src-address=192.168.10.168
add action=masquerade chain=srcnat comment="Mamad Mobile" src-address=192.168.10.167
add action=masquerade chain=srcnat comment="HP Laptop" src-address=192.168.10.166
add action=masquerade chain=srcnat comment="Haj Abbas Mobile" src-address=192.168.10.165
add action=masquerade chain=srcnat comment=SAN src-address=192.168.10.164
add action=masquerade chain=srcnat comment="Amir Mobile" src-address=192.168.10.163
add action=masquerade chain=srcnat comment="Soltani PC" src-address=192.168.30.117
add action=masquerade chain=srcnat comment="M Mirhosseini PC" src-address=192.168.30.118
add action=masquerade chain=srcnat comment="POS LAN" src-address=192.168.30.123
add action=masquerade chain=srcnat comment="Internet Sadr Shimi" src-address=192.168.2.241
add action=masquerade chain=srcnat comment="Internet Sadr Shimi" src-address=192.168.200.241
SO you see nothing special is here.
Also I disabled the auto getting dns ip in PPPOE , not working and then adding static IP in DNS. Not wirking
I Wonder Why in 6.40.9 everything is OK But in other versions is not OK.
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], keshav, Maggiore81, r0nzzibb, remilucia and 188 guests
  4. RouterOS
  5. General