I'm because after the 7.2.2 update I can't ping the IP address of the LAN bridge interface and can't connect through IP address with Winbox. Only connect through MAC is working.
The main thing is that even DNS requests using router like a DNS server aren't working, I managed to make it work putting external DNS server in the DHCP Server. Before the update I weren't need to do that just using router with "Allow Remote requests" enabled were working.
Downgrading to 7.1 everything is working again... Maybe something affected to the new Hw offload of my chip?
I'm not a pro so feel free to control my config and provide me suggestions
Code: Select all
# jun/08/2022 15:49:56 by RouterOS 7.3
# software id = 87NE-WHDL
#
# model = RB760iGS
# serial number = <CENSORED>
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add interface=ether2 name=vlan100 vlan-id=100
add interface=ether2 name=vlan101 vlan-id=101
/interface pppoe-client
add disabled=no interface=vlan100 max-mru=1500 max-mtu=1500 name=pppoe-eolo \
user=WB4221427573
/interface list
add include=all name=list1
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.1.100-192.168.1.200
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool0 interface=bridge1 lease-time=3d name=\
dhcp1
/port
set 0 name=serial0
/routing table
add disabled=no fib name=Wind
add disabled=no fib name=Eolo
add fib name=to_vlan101
add fib name=to_pppoe-eolo
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
add bridge=bridge1 ingress-filtering=no interface=ether1
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=pppoe-eolo list=WAN
add interface=vlan101 list=WAN
add interface=bridge1 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-client
add interface=vlan101
/ip dhcp-server lease
add address=192.168.1.200 client-id=1:0:22:6c:d:df:19 mac-address=\
00:22:6C:0D:DF:19 server=dhcp1
add address=192.168.1.105 client-id=1:c0:e7:bf:27:8c:35 mac-address=\
C0:E7:BF:27:8C:35 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=1.1.1.1,192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip firewall address-list
add address=192.168.1.2-192.168.1.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
not_in_internet
/ip firewall filter
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input log-prefix="not allowed"
add action=accept chain=forward comment="Established, Related" \
connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
log=yes log-prefix=invalid
add action=drop chain=forward comment=\
"Drop tries to reach not public addresses from LAN" disabled=yes \
dst-address-list=not_in_internet in-interface=bridge1 log=yes log-prefix=\
!public_from_LAN out-interface=!bridge1
add action=drop chain=forward comment=\
"Drop incoming packets that are not NATted" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN log=yes log-prefix=!NAT
add action=drop chain=forward comment=\
"Drop incoming from internet which is not public IP" in-interface-list=\
WAN log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
"Drop packets from LAN that do not have LAN IP" in-interface-list=LAN \
log=yes log-prefix=LAN_!LAN src-address=!192.168.1.0/24
/ip firewall mangle
add action=mark-connection chain=prerouting comment=VOIP dst-port=\
5060,7078-7109 new-connection-mark=VOIP_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=CSGO#1 dst-port=\
4380,27000-27031,27036 new-connection-mark=VOIP_conn passthrough=yes \
protocol=udp
add action=mark-connection chain=prerouting comment=CSGO#2 dst-port=\
27015-27030,27036-27037 new-connection-mark=VOIP_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting comment=PALADINS#1 dst-port=\
9002-9999 new-connection-mark=VOIP_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=PALADINS#2 dst-port=\
9000-9001 new-connection-mark=VOIP_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=DESTINY2#1 dst-port=\
1119-1120,3074,3097-3196,3724,4000,6112-6114 new-connection-mark=\
VOIP_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=DESTINY2#2 dst-port=\
1119-1120,3074,3724,4000,6112-6114 new-connection-mark=VOIP_conn \
passthrough=yes protocol=tcp
add action=mark-routing chain=prerouting connection-mark=VOIP_conn \
in-interface=bridge1 new-routing-mark=Eolo passthrough=no
add action=mark-connection chain=prerouting dst-address=192.168.200.1 \
new-connection-mark=vlan101_conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=vlan101_conn \
in-interface=bridge1 new-routing-mark=Wind passthrough=no
add action=mark-connection chain=prerouting connection-state=new \
in-interface=bridge1 new-connection-mark=NTH_Eolo nth=2,1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new \
in-interface=bridge1 new-connection-mark=NTH_WIND nth=2,2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=NTH_Eolo \
in-interface=bridge1 new-routing-mark=Eolo passthrough=no
add action=mark-routing chain=prerouting connection-mark=NTH_WIND \
in-interface=bridge1 new-routing-mark=Wind passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-eolo
add action=masquerade chain=srcnat out-interface=vlan101
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=pppoe-eolo routing-table=Eolo \
suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.200.1 routing-table=\
Wind suppress-hw-offload=no
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-eolo pref-src=\
0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=\
10
/ip service
set telnet address=192.168.1.0/24 disabled=yes port=2300
set ftp address=192.168.1.0/24 disabled=yes port=2121
set www address=192.168.1.0/24 disabled=yes port=8080
set ssh address=192.168.1.0/24 port=2200
set api address=192.168.1.0/24 disabled=yes port=28512
set winbox address=192.168.1.0/24
set api-ssl address=192.168.1.0/24 disabled=yes
/system clock
set time-zone-name=Europe/Rome
Thank you in advance
