Hi there,
I have two mikrotiks:
1. RB2011UAS-2HnD version 6.43.4
2. RB2011UiAS-2HnD version 6.47.8
both have masquarading in to their ISP.
both had the same config having eth9 connected to ISP CPE. both had "External" bridge and eth9 connected to that bridge. Both had a masquarading whith the condition when OUT interface is "External Bridge".
first one working perfectly, the second one stopped working after an upgrade to the existing version 6.47.8. the workaround was to assign "eth9" instead of "External" bridge on the secod MT for masquarading to start working correctly. Otherwise it would masquarade everything regardless of what is the "out" interface is.
The biggest issue was that these devices has a site-to-site SSTP (MT1 is SSTP server) as described here: https://wiki.mikrotik.com/wiki/Manual:I ... figuration and the packets were only reaching one way from MT2 to MT1 but not from MT1 to MT2. eventually after a couple of days of troubleshooting and after looking at tcpdump on the MT1'st network i noticed an external IP on VoIP SIP packets coming from MT2's network as a source. Switched to eth9 on MT2 masquarading rule, and everything worked perfectly since.
I'm not sure if this is a bug or as per design....
Hopefully the above will save someone days of troubleshooting as i endured.
--Andy
Re: Bug in routerOS while matching interfaces?
What are quoted "external bridge"?
Your topic only confuse me, also after all description, "Bug in routerOS while matching interfaces?", without any export of config, it's hard to understand.
Only confusion left, for me.
Your topic only confuse me, also after all description, "Bug in routerOS while matching interfaces?", without any export of config, it's hard to understand.
Only confusion left, for me.
Re: Bug in routerOS while matching interfaces?
Hi there,What are quoted "external bridge"?
Your topic only confuse me, also after all description, "Bug in routerOS while matching interfaces?", without any export of config, it's hard to understand.
Only confusion left, for me.
thank you very much for your reply...
"external brige" is just that - a bridge with ports assignment:
<br>
Code: Select all
[admin@MikroTik] > /interface bridge print detail
Flags: X - disabled, R - running
0 R name="External" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto
mac-address=E4:8D:8C:24:33:09 protocol-mode=rstp fast-forward=yes igmp-snooping=no
auto-mac=yes ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s
transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no
1 R name="Internal" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto
mac-address=E4:8D:8C:24:33:05 protocol-mode=rstp fast-forward=yes igmp-snooping=no
auto-mac=yes ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s
transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no
[admin@MikroTik] >
Code: Select all
[admin@MikroTik] > /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
0 I ether1 Internal yes 1 0x80 10 10 none
1 I ether2 Internal yes 1 0x80 10 10 none
2 ether10 Internal yes 1 0x80 10 10 none
3 wlan1 Internal 1 0x80 10 10 none
4 ether3 Internal yes 1 0x80 10 10 none
5 I ether4 Internal yes 1 0x80 10 10 none
6 I H ether5 External yes 1 0x80 10 10 none
7 H ether9 External yes 1 0x80 10 10 none
[admin@MikroTik] >
Code: Select all
[admin@MikroTik] > /ip firewall nat print detail
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=ether9 log=no log-prefix=""
[admin@MikroTik] >
Otherwise, I probably could open Visio, create a detailed network diagram with all the hosts, export 1000s lines of configs, and we spend another couple of weeks in getting a 200% understanding on this very simple 2 MTs network, however, i'm not absolutely certain that will in the end bear any fruit, and most certainly would frustrate and confuse participants of this anyways.