Hi Folks,
Ive been trying to get PPTP connection to work... but the problem is that it only works if i disable the "drop everything else" rule.
Here are the rules. Thanks in advance for your help.
/ip firewall filter
add action=accept chain=input protocol=tcp src-port=1723
add action=accept chain=input protocol=gre
add action=accept chain=input dst-port=161 protocol=udp
add action=accept chain=input protocol=udp src-port=161-162
add action=accept chain=input dst-port=1701,500,4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input comment="Accept established and related packets" \
connection-state=established,related
add action=accept chain=input comment="Allowed to Router" src-address-list=\
Allowed_To_Router
add action=accept chain=input comment="Allow ICMP to Router" protocol=icmp
add action=accept chain=input comment="Allow Secure_LAN to access Internet" \
src-address-list=Secure_LAN
add action=reject chain=forward comment="Layer7 Block Websites" \
layer7-protocol=Block log=yes log-prefix=Porn reject-with=\
icmp-network-unreachable
add action=drop chain=forward comment="Block Internet from Disallow_Internet" \
src-address-list=Disallow_Internet
add action=drop chain=input comment="Drop all other connections" \
connection-state="" src-address-type=""
add action=drop chain=input comment="Drop invalid packets" connection-state=\
invalid
add action=drop chain=input comment=\
"Drop all packets which are not destined to router IP address" \
dst-address-type=!local
add action=drop chain=input comment=\
"Drop all packets which does not have unicast source IP address" \
src-address-type=!unicast
add action=drop chain=input comment="Drop all packets from public internet which\
\_should not exist in public network" in-interface=ether1 src-address-list=\
bogons
add action=accept chain=forward comment="Established, Related" \
connection-state=established,related
add action=fasttrack-connection chain=forward comment=FastTrack \
connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
log=yes log-prefix=invalid
add action=drop chain=forward comment=\
"Drop new connections from internet which are not dst-natted" \
connection-nat-state=!dstnat connection-state=new in-interface=ether1
add action=drop chain=forward comment="Drop all packets from public internet whi\
ch should not exist in public network" in-interface=ether1 \
src-address-list=bogons
add action=drop chain=forward comment="Drop all packets from local network to in\
ternet which should not exist in public network" dst-address-list=bogons \
in-interface=ether2
add action=drop chain=forward comment=\
"Drop all packets in local network which does not have LAN address" \
in-interface=ether2 src-address=!10.0.0.0/16