Community discussions

MikroTik App
 
alex19damian
just joined
Topic Author
Posts: 1
Joined: Sat Jul 17, 2021 8:48 pm

rb bridge and linux proxmox bridge causing tcp retransmissions?

Sat Jul 17, 2021 9:31 pm

Hi, i recently have see network degradation on my house.
My infra is:
- One RB 750
- tp link EAP115
- 1 Rpi with pi-hole for dns.
- 1 pc with proxmox 7 and some vms running up dentro.
The RB lan ports are bridged, in one of this port is pluged the proxmox server, the server use linux bridge for expose vms on the main lan.
I suspect that this bridge is causing som loop, broadcast erros but cannot find evidence and therefore no resolution.
I have attached screenshots of wireshark view of a RB packet sniffer capture on all interfaces and my recent configuration, that has basically a default configuration after a recent reset to default due to this problem.
1
Image
2
Image
3
Image
4
Image

Config:
# jul/17/2021 14:43:45 by RouterOS 6.47.10
# software id = ****-****
#
# model = 750
# serial number = ************************
/interface bridge
add admin-mac=********** auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    password=********* service-name=internet use-peer-dns=yes user=*******
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.69.100-192.168.69.200
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=wifi-dhcp
/snmp community
set [ find default=yes ] name=Sala
/system logging action
add email-start-tls=yes email-to=*********@gmail.com name=mail target=\
    email
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=pppoe-out1 list=WAN
/ip address
add address=192.168.69.1/24 comment=defconf interface=bridge network=\
    192.168.69.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.69.0/24 comment=defconf dns-server=\
    192.168.69.2,192.168.69.1 gateway=192.168.69.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Allow snmp" dst-port=161 in-interface=\
    bridge protocol=udp
add action=accept chain=input comment="Allow InWinbox" dst-port=6665 log=yes \
    log-prefix=InWinbox protocol=tcp
add action=accept chain=input comment="Allow InSSH" dst-port=35353 log=yes \
    log-prefix=InSSH protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none log-prefix=masquerade out-interface-list=WAN
/ip route
add distance=1 gateway=pppoe-out1
/snmp
set contact="***** <*************@gmail.com>" enabled=yes location=Casa \
    trap-version=2
/system clock
set time-zone-name=America/Montevideo
/system logging
add action=mail topics=error
add action=mail topics=warning
add action=mail topics=critical
add action=mail prefix="Login on MK" topics=account
/system package update
set channel=long-term
/system scheduler
add interval=5m name=freedns-sched on-event=\
    "/system script run freedns-script" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=5m name=namechapDynDns-shced on-event=\
    "/system script run namechapDynDns" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add dont-require-permissions=yes name=freedns-script owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    :global AfraidUser \"**********\"\r\
    \n#:global AfraidPass \"**********\"\r\
    \n:global WANInter \"pppoe-out1\"\r\
    \n:global AfraidDomain \"mamaestaloca.mooo.com\"\r\
    \n\r\
    \n:global IpCurrent [/ip address get [find interface=\$WANInter] address];\
    \r\
    \n:for i from=( [:len \$IpCurrent] - 1) to=0 do={ \r\
    \n  :if ( [:pick \$IpCurrent \$i] = \"/\") do={ \r\
    \n    :global NewIP [:pick \$IpCurrent 0 \$i];\r\
    \n    :if ([:resolve \$AfraidDomain] != \$NewIP) do={\r\
    \n      /tool fetch mode=http url=\"https://freedns.afraid.org/dynamic/upd\
    ate.php\********************\" keep-result=no\r\
    \n      :log info \"FreeDNS DDNS Update: \$AfraidDomain - \$NewIP\"\r\
    \n     } else={\r\
    \n\r\
    \n#  :log info \"FreeDNS DynDNS  : don't need updates | resuelve: \$[:reso\
    lve \$AfraidDomain] asignada: \$IpCurrent  \";\r\
    \n    }\r\
    \n   } \r\
    \n}"
add dont-require-permissions=yes name=namechapDynDns owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Source https://forum.mikrotik.com/viewtopic.php\?f=9&t=107264&p=533043\r\
    \n# 2021-04-11-2117\r\
    \n\r\
    \n:global ddnsserv \"dynamicdns.park-your-domain.com\"\r\
    \n:global ddnshostname \"*\"\r\
    \n:global ddnsdomain \"mamaestaloca.com\"\r\
    \n:global ddnspass \"**********************\"\r\
    \n\r\
    \n:global ddnsip\r\
    \n:global ddnslastip\r\
    \n:global strdate [/system clock get date]\r\
    \n:global strtime [/system clock get time]\r\
    \n:global strsystemname [/system identity get name]\r\
    \n:global strsystemuptime [/system resource get uptime]\r\
    \n:global strsystemfreemem [/system resource get free-memory]\r\
    \n:global strsystemcpuload [/system resource get cpu-load]\r\
    \n:global ddnssystem (\"Version-\" . [/system package get system version] \
    )\r\
    \n\r\
    \n:global ddnsip [ /ip address get [/ip address find interface=pppoe-out1 \
    ] address ]\r\
    \n\r\
    \n# Strip the net mask off the IP address\r\
    \n:for i from=( [:len \$ddnsip] - 1) to=0 do={\r\
    \n    :if ( [:pick \$ddnsip \$i] = \"/\") do={ \r\
    \n        :set ddnsip [:pick \$ddnsip 0 \$i]\r\
    \n       } \r\
    \n   }\r\
    \n\r\
    \n:if ([ :typeof \$ddnslastip ] = nil ) do={ :global ddnslastip \"0\" }\r\
    \n:if ([ :typeof \$ddnsip ] = nil ) do={\r\
    \n   :log info (\"DDNS: No ip address present on pppoe interface, dammit T\
    M.\")\r\
    \n} else={\r\
    \n  :if (\$ddnsip != \$ddnslastip) do={\r\
    \n    :log info (\"Namechap DDNS: Updating \$ddnsip \$ddnslastip\")\r\
    \n    :local str \"/update\?host=\$ddnshostname&domain=\$ddnsdomain&passwo\
    rd=\$ddnspass&ip=\$ddnsip\"\r\
    \n    /tool fetch address=\$ddnsserv src-path=\$str mode=http dst-path=(\"\
    /disk1/DynDNS.\".\$ddnshostname)\r\
    \n    :log info \"Namechap DDNS: Sending Email\"\r\
    \n    /tool e-mail send to=****************@gmail.com subject=\"\"\$[/system i\
    dentity get name] - IP Address \$strdate \$strtime \$strsystemname\" body=\
    \"\$strsystemname \$strdate \$strtime \\r\$ddnshostname.\$ddnsdomain \\r\$\
    ddnssystem\\rNew IP: \$ddnsip \\rPrevious IP: \$ddnslastip \\rUptime: \$st\
    rsystemuptime \\rFree memory: \$strsystemfreemem kb \\rCPU Load: \$strsyst\
    emcpuload % \" start-tls=yes server=[:resolve smtp.gmail.com]\r\
    \n    :global ddnslastip \"\$ddnsip\"\r\
    \n  } else={ \r\
    \n#  :log info \"Namechap DDNS: No update required | resuelve:  \$ddnslast\
    ip - asignada \$ddnsip\"\r\
    \n    }\r\
    \n}"
/system watchdog
set watchdog-timer=no
/tool e-mail
set address=173.194.77.108 from=***********@gmail.com password=\
    ************* port=587 start-tls=yes user=*************@gmail.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set file-name=Allinterfaces.pcap

Who is online

Users browsing this forum: Ahrefs [Bot], alotofbacardi, baragoon, GoogleOther [Bot], Pincha3 and 92 guests