Hi guys as mentioned in this thread I have the same problem
I can not SSH from within my network out to outside SSH servers
It works via mobile network but not via my mikrotik
Any advice or changes would be greatly appreciated
-Brennan
Here is the export
# jan/12/2024 11:03:52 by RouterOS 6.45.9
# software id = FNT7-EZ2A
#
# model = RBD52G-5HacD2HnD
# serial number = 8FDE09E04596
/interface bridge
add comment="\"Lan Bridge\"" name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment="\"WAN Interface\""
set [ find default-name=ether2 ] comment="\"LAN Interface\""
set [ find default-name=ether3 ] comment="\"LAN Interface\""
set [ find default-name=ether4 ] comment="\"LAN Interface\""
set [ find default-name=ether5 ] comment="\"LAN Interface\""
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=ether1 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-VOX use-peer-dns=yes user=
vox889280@vox.co.za
/interface wireless
set [ find default-name=wlan1 ] country="south africa" disabled=no installation=indoor mode=ap-bridge ssid="Boombastic [2Ghz]"
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n channel-width=20/40mhz-eC country="south africa" disabled=no frequency=auto frequency-mode=manual-txpower mode=ap-bridge ssid=\
"Boombastic [5Ghz]" wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:2A:65:0E master-interface=wlan1 mode=station multicast-buffering=disabled name="wlan test" ssid="Wlan test" wds-cost-range=0-4294967295 \
wds-default-bridge=bridge wds-default-cost=0 wps-mode=disabled
/interface list
add name=WAN
add name=LAN
add name=only-LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" group-key-update=1h management-protection=allowed mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.200
add comment="mining pool" name=tftppool ranges=192.168.1.100-192.168.1.120
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp always-broadcast=yes bootp-support=dynamic disabled=no interface=bridge lease-time=22h name=dhcp1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/snmp community
set [ find default=yes ] addresses=41.193.0.0/16 name=v0xt3l3c0m
/system logging action
add bsd-syslog=yes name=Syslog remote=41.193.20.41 syslog-facility=local6 target=remote
/user group
add name=Web policy=local,telnet,ftp,read,write,test,web,sensitive,!ssh,!reboot,!policy,!winbox,!password,!sniff,!api,!romon,!dude,!tikapp skin=Vox_Support
add name=Customer_superuser policy=local,telnet,reboot,read,write,test,web,!ssh,!ftp,!policy,!winbox,!password,!sniff,!sensitive,!api,!romon,!dude,!tikapp skin=Customer_superuser
#error exporting /interface bridge calea
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=pppoe-VOX list=WAN
add interface=bridge list=LAN
add interface=bridge list=only-LAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
/ip arp
add address=192.168.1.83 interface=bridge mac-address=00:72:63:23:A6:C4
add address=192.168.1.84 interface=bridge mac-address=00:72:63:23:A6:C4
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.1.18 client-id=1:c8:69
3c:b6:2 comment="Apple TV 4 MAin Bedroom" mac-address=C8:69:CD:3C:B6:02 server=dhcp1
add address=192.168.1.17 client-id=1:d4:a3:3d:5d:cf:7f comment="Homepod Landing" mac-address=D4:A3:3D:5D:CF:7F server=dhcp1
add address=192.168.1.15 client-id=1:0:1c:2a:2:55:f0 comment="Alarm system link" mac-address=00:1C:2A:02:55:F0 server=dhcp1
add address=192.168.1.52 client-id=1:74:81:14:84:a3:21 comment="Brennan Ipad Air" mac-address=74:81:14:84:A3:21 server=dhcp1
add address=192.168.1.11 client-id=1:2:e0:20:9:53:f4 comment="Wireless N repeater 1\
\n" mac-address=02:E0:20:09:53:F4 server=dhcp1
add address=192.168.1.26 client-id=1:c8:69
36:5:3b comment="appletv Lounge\
\n" mac-address=C8:69:CD:36:05:3B
add address=192.168.1.43 client-id=1:58:55:ca:60:3c:1 comment="Apple TV 2 Living room\
\n" mac-address=58:55:CA:60:3C:01 server=dhcp1
add address=192.168.1.41 client-id=1:e0:b9:4d:49:84:4f comment="360 eye security" mac-address=E0:B9:4D:49:84:4F server=dhcp1
add address=192.168.1.132 client-id=1:b8:27:eb:b9:47:55 comment="Raspberry PI3 -homebridge" mac-address=B8:27:EB:B9:47:55 server=dhcp1
add address=192.168.1.37 comment="sonoff mini kitchen" mac-address=C8:2B:96:60:B9:59 server=dhcp1
add address=192.168.1.38 client-id=1:ce:e8:3c:f2:42:e8 comment="ipad air" mac-address=CE:E8:3C:F2:42:E8 server=dhcp1
add address=192.168.1.69 client-id=1:18:28:61:f0:65:dc comment="Airties lounge" mac-address=18:28:61:F0:65:DC server=dhcp1
add address=192.168.1.63 client-id=1:90:b9:31:3:cb:ea comment="Trentons phone" mac-address=90:B9:31:03:CB:EA server=dhcp1
add address=192.168.1.68 client-id=1:3a:ca:6e:80:b0:72 mac-address=3A:CA:6E:80:B0:72 server=dhcp1
add address=192.168.1.36 client-id=1:0:5
35:95:f5 comment="denon amp" mac-address=00:05:CD:35:95:F5 server=dhcp1
add address=192.168.1.32 comment="sonoff mini 2" mac-address=C4:4F:33:C3:F2:97 server=dhcp1
add address=192.168.1.66 client-id=1:9e:8d:49:e:39:e4 comment="security camera system" mac-address=9E:8D:49:0E:39:E4 server=dhcp1
add address=192.168.1.90 client-id=1:e8:51:77:93:c7:fe comment="Hisense TV" mac-address=E8:51:77:93:C7:FE server=dhcp1
add address=192.168.1.29 comment="Geyser DB switch" mac-address=3C:61:05:82:9D:E2 server=dhcp1
add address=192.168.1.57 comment="Zane Router" mac-address=D8:1F:12:27:68:7C server=dhcp1
add address=192.168.1.54 client-id=1:ec:35:86:2f:41:7c comment="Zane Imac" mac-address=EC:35:86:2F:41:7C server=dhcp1
add address=192.168.1.22 comment="Pool DB Switch" mac-address=70:03:9F:76:D1:B4 server=dhcp1
add address=192.168.1.23 client-id=1:9c:20:7b:7c:11:74 comment="Apple TV guest room" mac-address=9C:20:7B:7C:11:74 server=dhcp1
add address=192.168.1.61 client-id=1:c4:4:15:6f:4c:9d comment="raspberry pi gate" mac-address=C4:04:15:6F:4C:9D server=dhcp1
add address=192.168.1.58 always-broadcast=yes client-id=1:a4:cf:99:65:1d:44 comment="Brennan macbook pro m2" mac-address=A4:CF:99:65:1D:44 server=dhcp1
add address=192.168.1.59 client-id=1:0:45:e2:a6:22:fd comment="robert laptop" mac-address=00:45:E2:A6:22:FD server=dhcp1
add address=192.168.1.79 client-id=1:0:db:df:a1:9b:b8 comment="Zane phil laptop" mac-address=00:DB:DF:A1:9B:B8 server=dhcp1
add address=192.168.1.133 comment=m5stack mac-address=30:C6:F7:24:B4:A8 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip firewall address-list
add address=41.193.20.40/29 comment="Platform Environment" list=SAFE_ZONE
add address=10.0.0.0/8 comment=LAN_10 list=LAN_RANGE
add address=172.16.0.0/12 comment=LAN_172 list=LAN_RANGE
add address=192.168.0.0/16 comment=LAN_192 list=LAN_RANGE
add address=196.41.221.26 comment=GiLA_Environment list=SAFE_ZONE
add address=196.41.221.30 comment=GiLA_Environment list=SAFE_ZONE
add address=smtp.voxtelecom.co.za list=Vox_SMTP
add address=41.193.2.152/29 comment=IRIS list=SAFE_ZONE
add address=41.193.9.240/29 comment="Vox Corporate FW" list=SAFE_ZONE
add address=196.22.238.120/29 comment=90Snakes list=SAFE_ZONE
add address=196.41.30.96/28 comment=90Snakes list=SAFE_ZONE
add address=196.41.0.22 comment=90Snakes list=SAFE_ZONE
add address=209.203.50.219 comment="Platform Environment" list=SAFE_ZONE
add address=209.203.50.218 comment="Platform Environment" list=SAFE_ZONE
add address=196.22.204.80/29 comment=IRIS list=SAFE_ZONE
add address=41.193.52.24/29 comment=IRIS list=SAFE_ZONE
add address=41.193.185.88/29 comment=IRIS list=SAFE_ZONE
add address=41.193.9.136/29 comment=IRIS list=SAFE_ZONE
add address=41.193.14.104/29 comment=IRIS list=SAFE_ZONE
add address=41.193.2.144/29 comment=IRIS list=SAFE_ZONE
add address=196.41.212.2 comment="Vox Corporate FW" list=SAFE_ZONE
add address=196.41.17.10 comment="Vox Corporate FW" list=SAFE_ZONE
add address=209.203.49.80/29 comment=90Snakes list=SAFE_ZONE
add address=10.17.230.242 comment=90Snakes list=SAFE_ZONE
#error exporting /ip firewall calea
/ip firewall filter
add action=drop chain=forward dst-address-list=!Vox_SMTP dst-port=25 protocol=tcp
add action=drop chain=forward dst-address-list=!Vox_SMTP dst-port=25 protocol=udp
add action=fasttrack-connection chain=forward src-address-list=LAN_RANGE
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward src-address-list=LAN_RANGE
add action=accept chain=forward dst-port=2020 protocol=tcp
add action=accept chain=forward comment=homebridge dst-port=8080 protocol=tcp
add action=accept chain=forward dst-port=22 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat src-address-list=LAN_RANGE
add action=dst-nat chain=dstnat dst-address-type="" dst-port=5900 protocol=tcp to-addresses=192.168.1.111 to-ports=5900
add action=dst-nat chain=dstnat dst-port=22 protocol=tcp to-addresses=192.168.1.132 to-ports=22
add action=dst-nat chain=dstnat dst-port=2020 in-interface=pppoe-VOX protocol=tcp to-addresses=192.168.1.132 to-ports=2020
add action=dst-nat chain=dstnat comment="homebridge admin" dst-port=8080 protocol=tcp to-addresses=192.168.1.132 to-ports=8080
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment=homeassitant dst-port=8123 protocol=tcp to-addresses=192.168.1.81 to-ports=8123
/ip service
set telnet port=2323
set ftp port=2101
set www port=8081
set ssh port=2202
/ip smb
set domain=Babb enabled=yes
/ip smb shares
add directory=/disk1 name=share
/ip upnp
set enabled=yes
/ppp secret
add name=vpn
/radius
add address=41.193.20.41 realm=vox-mikrotik service=ppp,login
/snmp
set contact=VoxCore enabled=yes trap-version=2
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=8FDE09E04596
/system logging
add action=Syslog topics=event,!route
add action=Syslog topics=info,!dhcp,!wireless
add action=Syslog topics=system
add action=Syslog topics=warning
add action=Syslog topics=error
add action=Syslog topics=critical
/system note
set note=4.0
/system ntp client
set enabled=yes primary-ntp=196.4.160.4 secondary-ntp=146.64.58.41 server-dns-names=ntp.voxtelecom.co.za,ntp2.voxtelecom.co.za
/system package update
set channel=long-term
/system scheduler
add interval=10m name=configCheck on-event=configureMe policy=read,write,test start-time=startup
add interval=1m name=periodicIPcheck on-event=pppoeMonitor policy=read,write,policy,test,sensitive start-time=startup
/system script
add dont-require-permissions=no name=configureMe owner=admin policy=read,test source=":local configVersion [/system note get note];\
\n:local serialNo [system routerboard get serial-number];\
\n\
\n:if (\$configVersion = \"0.0\") do={\
\n /tool fetch mode=http address=mikrotik.voxtelecom.co.za port=80 src-path=\"/configureMe/\$serialNo\"\
\n}"
add comment="\"Phone Home\"" dont-require-permissions=no name=pingHome owner=admin policy=read,test source="\
\n :local serialNo [system routerboard get serial-number];\r\
\n :local verROS [/system package update get installed-version];\r\
\n :local upTime [/system resource get uptime];\r\
\n :do {\r\
\n # Run the API call for the Token Ping request\r\
\n /tool fetch mode=https address=mikrotik.voxtelecom.co.za port=443 keep-result=no src-path=\"/ping/token/\$serialNo/\$verROS/\$upTime\" http-header-field=\"vsl_token: gAAAAABlBFT-0w4x65X5pxBn\
-7sCFtgE2EyBLE-MxH4n_5doRli6S5GRyGiSmu0F4PwxBmxveOGrQwsY8Ralt5QIypA6iALBhQ==\"\r\
\n /system scheduler set interval=\"1m\" [find name=\"periodicIPcheck\"]\r\
\n /system script environment remove [find name=\"backOffNumber\"]\r\
\n } on-error={\r\
\n # An error occurred with the call to the API\r\
\n # This will now create a backoff for the Scheduler\r\
\n :global backOffNumber;\r\
\n if (\$backOffNumber > 0) do={\r\
\n :put \"Trigger\";\r\
\n if (\$backOffNumber <
do={\r\
\n :set \$backOffNumber (\$backOffNumber + 1);\r\
\n }\r\
\n } else {\r\
\n :set \$backOffNumber 1;\r\
\n }\r\
\n :local scheduleInterval \"\";\r\
\n :set \$scheduleInterval (\$backOffNumber * \$backOffNumber + 1);\r\
\n :set \$scheduleInterval [:tostr \"\$scheduleInterval m\"];\r\
\n /system scheduler set interval=\$scheduleInterval [find name=\"periodicIPcheck\"]\r\
\n };\r\
\n "
add comment="\"Monitor pppoe ip change\"" dont-require-permissions=no name=pppoeMonitor owner=admin policy=read,write,policy,test,sensitive source=":global ipadd\
\n:local thisip [/ip address get [find where interface=pppoe-VOX] address]\
\n:global backOffNumber;\r\
\n if ((\$ipadd != \$thisip) or (\$backOffNumber > 0)) do={\r\
\n \t/system script run pingHome\r\
\n \tset ipadd \$thisip\r\
\n }\r\
\n "
/tool bandwidth-server
set max-sessions=1
/user aaa
set default-group=full use-radius=yes