Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

Firewall disabling my wireless interface in CAPsMAN

Post Reply
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Firewall disabling my wireless interface in CAPsMAN

Wed Feb 26, 2020 12:27 pm

I'm struggling a bit with firewall and the builtin wireless in my RB4011iGS+5HacQ2HnD-IN.
If I reboot the router, the wlan1 and wlan2 does not pop up in my CAPsMAN. If I briefly disable this rule:
add action=drop chain=input comment="Drop All Else"
...both 2.4 and 5 GHz shows up and establishes the wifi. And stays on until next reboot, even if I enable the rule again. Any idea what I need to change to make it permanently work?
I need strong and good firewall, but this messes up my wireless.

Here are my complete rules:


/ip firewall address-list
add address=192.168.1.0/24 list=AdminAccess
add address=0.0.0.0/8 list=bogons
add address=172.16.0.0/12 list=bogons
add address=10.0.0.0/8 list=bogons
add address=169.254.0.0/16 list=bogons
add address=127.0.0.0/8 list=bogons
add address=224.0.0.0/4 list=bogons
add address=198.18.0.0/15 list=bogons
add address=192.0.0.0/24 list=bogons
add address=192.0.2.0/24 list=bogons
add address=198.51.100.0/24 list=bogons
add address=203.0.113.0/24 list=bogons
add address=100.64.0.0/10 list=bogons
add address=240.0.0.0/4 list=bogons
add address=192.88.99.0/24 list=bogons
/ip firewall filter
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=forward dst-address=77.66.21.133 in-interface=AP_bridge #don't allow this address
add action=accept chain=input comment="Admin Access to Router" src-address-list=AdminAccess
add action=accept chain=input comment="allow LAN to DNS-TCP" dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=input comment="allow LAN to DNS-UDP" dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=drop chain=input comment="Drop All Else"
add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related
add action=accept chain=forward comment="accept established,related" connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow all LAN (Office, Guest and POS) Traffic to Internet" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="DROP ALL Else"
add action=accept chain=forward comment="Allow Port Fowarding if required" connection-nat-state=dstnat
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="DROP All Else"
/ip firewall nat
add action=src-nat chain=srcnat comment="Source_NAT for All Users" ipsec-policy=out,none out-interface=eth1_WAN to-addresses=193.90.223.118
add action=redirect chain=dstnat comment="Force Users to Router DNS -TCP" dst-port=53 protocol=tcp
add action=redirect chain=dstnat comment="Force Users to Router DNS -UDP" dst-port=53 protocol=udp
add action=accept chain=srcnat disabled=yes ipsec-policy=out,none out-interface=eth1_WAN
/ip firewall raw
add action=drop chain=prerouting comment="Drop all non-internet networks" src-address-list=bogons



Also, if I want to set static ip for the built in wireless, can I set the same address like this?
/ip address
add address=192.168.88.253/24 interface=wlan1 network=192.168.88.0
add address=192.168.88.253/24 interface=wlan2 network=192.168.88.0
I don't want two different.
Top
 
erlinden
Forum Guru
Forum Guru
Posts: 1962
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Firewall disabling my wireless interface in CAPsMAN

Wed Feb 26, 2020 12:49 pm

Could you please share you CAPsMAN settings as well? And perhaps your entire cofiguration would be beneficial too.

What is the purpose of giving your wireless interfaces an IP address? And why would you like to have two seperate interfaces the same IP? Are the wireless interfaces part of a bridge?
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Wed Feb 26, 2020 2:34 pm

This is my complete setup (hide-sensitive)
Code: Select all
# feb/26/2020 13:30:28 by RouterOS 6.46.3
# software id = D6TK-ALEK
#
# model = RB4011iGS+5HacQ2HnD
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=Ch01_20M_24G tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2437 name=Ch06_20M_24G tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=Ch11_20M_24G tx-power=10
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180 name=Ch36_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5200 name=Ch40_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5220 name=Ch44_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5240 name=Ch48_20M_5G tx-power=20
/interface bridge
add fast-forward=no name=AP_bridge
add admin-mac=E4:8D:8C:2D:27:5A auto-mac=no comment=TrustedBridge name=WorkBridge
/interface wireless
# managed by CAPsMAN
# channel: 5640/20-eCee/ac/DP(24dBm)+5210/80/P(20dBm), SSID: Stock Spiseri, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 2447/20-Ce/gn(17dBm), SSID: Stock Spiseri, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] name=eth1_WAN
set [ find default-name=ether2 ] name=eth2_kontor
set [ find default-name=ether3 ] name=eth3_MikrotikAPs
set [ find default-name=ether4 ] name=eth4_gastrofix
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/caps-man datapath
add bridge=AP_bridge local-forwarding=no name="Stock Public"
/caps-man configuration
add country=norway datapath="Stock Public" distance=indoors frame-lifetime=10ms installation=indoor mode=ap name="Stock Public 5GHz" ssid="Stock Spiseri"
/caps-man interface
add channel=Ch48_20M_5G configuration="Stock Public 5GHz" disabled=no mac-address=74:4D:28:F9:AA:6D master-interface=none name=5GHz-AP_Chambre radio-mac=74:4D:28:F9:AA:6D radio-name=744D28F9AA6D
add channel=Ch40_20M_5G configuration="Stock Public 5GHz" disabled=no l2mtu=1600 mac-address=74:4D:28:F9:AF:1A master-interface=none name=5GHz-AP_Restaurant radio-mac=74:4D:28:F9:AF:1A radio-name=744D28F9AF1A
/caps-man rates
add basic=9Mbps name="GN Only - No B rates" supported=9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs=""
/caps-man configuration
add country=norway datapath="Stock Public" distance=indoors frame-lifetime=10ms installation=indoor mode=ap name="Stock Public 2.4GHz" rates="GN Only - No B rates" ssid="Stock Spiseri"
/caps-man interface
add channel=Ch11_20M_24G configuration="Stock Public 2.4GHz" disabled=no mac-address=74:4D:28:F9:AA:6C master-interface=none name=2.4GHz-AP_Chambre radio-mac=74:4D:28:F9:AA:6C radio-name=744D28F9AA6C
add channel=Ch01_20M_24G configuration="Stock Public 2.4GHz" disabled=no l2mtu=1600 mac-address=74:4D:28:F9:AF:19 master-interface=none name=2.4GHz-AP_Restaurant radio-mac=74:4D:28:F9:AF:19 radio-name=744D28F9AF19
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 10 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
add name=WinboxAccess
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=gastrofix_dhcp ranges=192.168.7.120-192.168.7.254
add name=guest_dhcp ranges=192.168.88.10-192.168.88.250
/ip dhcp-server
add address-pool=gastrofix_dhcp disabled=no interface=eth4_gastrofix lease-time=23h59m59s name=gastrofix_dhcp
add address-pool=guest_dhcp disabled=no interface=AP_bridge lease-time=2h30m name=guest_dhcp
/system logging action
set 0 memory-lines=3000
set 1 disk-file-count=10 disk-lines-per-file=3000
/caps-man access-list
add action=accept allow-signal-out-of-range=10s comment="-85..120 accept" disabled=no signal-range=-85..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="-120..86 reject" disabled=no signal-range=-120..86 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=AP_bridge
/caps-man provisioning
add action=create-dynamic-enabled comment="2.4GHz 802.11g capable radios" hw-supported-modes=g master-configuration="Stock Public 2.4GHz" name-format=prefix-identity name-prefix=2.4GHz-
add action=create-dynamic-enabled comment="5GHz 802.11ac capable radios" hw-supported-modes=ac master-configuration="Stock Public 5GHz" name-format=prefix-identity name-prefix=5GHz-
/interface bridge port
add bridge=AP_bridge interface=eth3_MikrotikAPs
add bridge=AP_bridge interface=wlan1
add bridge=AP_bridge interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=WinboxAccess
/interface list member
add interface=eth1_WAN list=WAN
add interface=eth2_kontor list=LAN
add interface=eth4_gastrofix list=LAN
add interface=AP_bridge list=LAN
add interface=eth2_kontor list=WinboxAccess
add interface=eth4_gastrofix list=WinboxAccess
/interface wireless cap
# 
set bridge=AP_bridge discovery-interfaces=AP_bridge enabled=yes interfaces=wlan1,wlan2
/ip address
add address=193.90.223.118/24 interface=eth1_WAN network=193.90.223.0
add address=192.168.1.1/24 interface=eth2_kontor network=192.168.1.0
add address=192.168.7.1/24 interface=eth4_gastrofix network=192.168.7.0
add address=192.168.88.1/24 interface=AP_bridge network=192.168.88.0
add address=192.168.88.253/24 interface=wlan1 network=192.168.88.0
add address=192.168.88.253/24 interface=wlan2 network=192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.7.0/24 comment="DHCP for Gastrofix" dns-server=193.75.75.75,192.168.7.1 gateway=192.168.7.1 netmask=24
add address=192.168.88.0/24 comment="DHCP for Guests" dns-server=193.75.75.75,193.75.75.193 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=193.75.75.75,193.75.75.193
/ip firewall address-list
add address=192.168.1.0/24 list=AdminAccess
add address=0.0.0.0/8 list=bogons
add address=172.16.0.0/12 list=bogons
add address=10.0.0.0/8 list=bogons
add address=169.254.0.0/16 list=bogons
add address=127.0.0.0/8 list=bogons
add address=224.0.0.0/4 list=bogons
add address=198.18.0.0/15 list=bogons
add address=192.0.0.0/24 list=bogons
add address=192.0.2.0/24 list=bogons
add address=198.51.100.0/24 list=bogons
add address=203.0.113.0/24 list=bogons
add address=100.64.0.0/10 list=bogons
add address=240.0.0.0/4 list=bogons
add address=192.88.99.0/24 list=bogons
/ip firewall filter
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=forward dst-address=77.66.21.133 in-interface=AP_bridge
add action=accept chain=input comment="Admin Access to Router" src-address-list=AdminAccess
add action=accept chain=input comment="allow LAN to DNS-TCP" dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=input comment="allow LAN to DNS-UDP" dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=drop chain=input comment="Drop All Else"
add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related
add action=accept chain=forward comment="accept established,related" connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow all LAN (Office, Guest and POS) Traffic to Internet" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="DROP ALL Else"
add action=accept chain=forward comment="Allow Port Fowarding if required" connection-nat-state=dstnat
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="DROP All Else"
/ip firewall nat
add action=src-nat chain=srcnat comment="Source_NAT for All Users" ipsec-policy=out,none out-interface=eth1_WAN to-addresses=193.90.223.118
add action=redirect chain=dstnat comment="Force Users to Router DNS -TCP" dst-port=53 protocol=tcp
add action=redirect chain=dstnat comment="Force Users to Router DNS -UDP" dst-port=53 protocol=udp
add action=accept chain=srcnat disabled=yes ipsec-policy=out,none out-interface=eth1_WAN
/ip firewall raw
add action=drop chain=prerouting comment="Drop all non-internet networks" src-address-list=bogons
/ip route
add distance=1 gateway=193.90.223.117
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes port=2200
set api disabled=yes
set winbox address=192.168.1.20/32,192.168.1.21/32,192.168.88.5/32
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Oslo
/system identity
set name=Router-Kontor
/system leds
add interface=wlan2 leds=wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-led,wlan2_signal4-led,wlan2_signal5-led type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/system logging
add action=disk topics=info,critical,error,info
/system ntp client
set enabled=yes primary-ntp=79.160.13.250 secondary-ntp=162.159.200.1
/system scheduler
add interval=1d name=GuestWifiOn on-event=TurnWifiRadiosOn policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/20/2019 start-time=07:00:00
add interval=1d name=GuestWifiOff on-event=TurnWifiRadiosOff policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/21/2019 start-time=01:00:00
add interval=1d name=CheckForUpdatesInstall on-event=UpdateOS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/22/2020 start-time=03:50:00
/system script
add dont-require-permissions=no name=TurnWifiRadiosOn owner=stock policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "#/caps-man provisioning enable numbers=[find]\r\
    \n#:delay 1\r\
    \n#/caps-man radio provision numbers=[find]\r\
    \n/caps-man interface set [ find ] disabled=no"
add dont-require-permissions=no name=TurnWifiRadiosOff owner=stock policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "#/caps-man provisioning disable numbers=[find]\r\
    \n#:delay 1\r\
    \n#/caps-man radio provision numbers=[find]\r\
    \n/caps-man interface set [ find ] disabled=yes"
add dont-require-permissions=no name=UpdateOS owner=stock policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/system package update\r\
    \ncheck-for-updates once\r\
    \n:delay 3s;\r\
    \n:if ( [get status] = \"New version is available\") do={ install }"
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=WinboxAccess
/tool mac-server ping
set enabled=no
/tool romon
set enabled=yes
Top
 
GregW
just joined
Posts: 10
Joined: Sat Dec 29, 2018 9:15 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Thu Feb 27, 2020 3:03 pm

First thing I noticed in the export was the wireless ACL rules.
/caps-man access-list
add action=accept allow-signal-out-of-range=10s comment="-85..120 accept" disabled=no signal-range=-85..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="-120..86 reject" disabled=no signal-range=-120..86 ssid-regexp=""

Should the reject rule not be "-86" ?
add action=reject allow-signal-out-of-range=10s comment="-120..-86 reject" disabled=no signal-range=-120..-86 ssid-regexp=""

You can enable logging on the "Drop All Else" rule to see that interfaces/ip's are being used for capsman. It might be related to the "localhost" issue. I know in later ROS versions the default firewall had the following rule in it
/ip firewall filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"

If this is your problem then put that rule before your cachall deny rule.
Top
 
angriukas
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Nov 22, 2013 9:20 am
Contact:
Contact angriukas

Re: Firewall disabling my wireless interface in CAPsMAN

Thu Feb 27, 2020 4:27 pm

If CAP is on the same L2 segment with CAPsMAN - FW should have no influence.
Provisioning should be without IP on the same L2 segment.
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Thu Feb 27, 2020 5:21 pm

I rebooted the router and waited 5 minutes. cAP is not discovered in CAPsMAN. At 15:18:57 I disable the firewall rule a few seconds and immediately the cAP is discovered and added.
See log.
# feb/27/2020 15:19:32 by RouterOS 6.46.3
# software id = D6TK-ALEK
#
15:13:48 system,info router rebooted
15:13:57 interface,info eth2_kontor link up (speed 100M, full duplex)
15:13:57 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 64.233.165.189:443->193.90.223.118:63271, len 94
15:13:58 interface,info eth1_WAN link up (speed 1G, full duplex)
15:13:58 interface,info eth3_MikrotikAPs link up (speed 1G, full duplex)
15:13:58 interface,info eth4_gastrofix link up (speed 1G, full duplex)
15:13:58 bridge,info "AP_bridge" mac address changed to C4:AD:34:60:88:14
15:13:58 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:13:59 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:13:59 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 34: de:1a:76:7e:38, proto UDP, 192.168.7.235:137->192.168.7.255:137, len 78
15:14:00 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:14:00 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 64.233.165.189:443->193.90.223.118:56921, len 93
15:14:00 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:49680, len 92
15:14:00 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 34: de:1a:76:7e:38, proto UDP, 192.168.7.235:137->192.168.7.255:137, len 78
15:14:00 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:56933, len 80
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 989
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 989
15:14:01 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 34: de:1a:76:7e:38, proto UDP, 192.168.7.235:137->192.168.7.255:137, len 78
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 842
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 842
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 216.239.36.126:443->193.90.223.118:44772, len 108
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 372
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 370
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 989
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 217.146.13.137:5938->193.90.223.118:60834, len 842
15:14:01 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 143.204.41.101:443->193.90.223.118:34740, len 83
15:14:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 51.105.249.223:443->193.90.223.118:56943, len 215
15:14:02 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac c4:ad:34:14:34:28, proto UDP, 192.168.88.22:43101->255.255.255.255:5246, len 48
15:14:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 989
15:14:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 989
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 51.105.249.223:443->193.90.223.118:56943, len 215
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 842
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 842
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 370
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 372
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 989
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 842
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 51.105.249.223:443->193.90.223.118:56943, len 215
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 213.227.168.186:5938->193.90.223.118:56929, len 333
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 35.174.127.31:443->193.90.223.118:52476, len 72
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 51.105.249.223:443->193.90.223.118:56943, len 215
15:14:04 caps,info [74:4D:28:F9:AA:6A/4/6955,Join,[74:4D:28:F9:AA:6A]] joined, provides radio(s): 74:4D:28:F9:AA:6C,74:4D:28:F9:AA:6D
15:14:04 caps,info 2.4GHz-AP_Chambre: selected channel 2462/20/gn(10dBm) (fixed)
15:14:04 caps,info 5GHz-AP_Chambre: selected channel 5240/20/ac/P(20dBm) (fixed)
15:14:05 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:05 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 51.105.249.223:443->193.90.223.118:56943, len 215
15:14:05 caps,info [C4:AD:34:14:34:28/4/a779,Join,[C4:AD:34:14:34:28]] joined, provides radio(s): C4:AD:34:14:34:2A,C4:AD:34:14:34:2B
15:14:05 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:05 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 52.212.51.67:443->193.90.223.118:49324, len 83
15:14:06 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 52.212.51.67:443->193.90.223.118:49324, len 83
15:14:06 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:50848->255.255.255.255:3333, len 43
15:14:06 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 52.212.51.67:443->193.90.223.118:49324, len 83
15:14:06 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 74:4d:28:f9:af:17, proto UDP, 192.168.88.16:52096->255.255.255.255:5246, len 48
15:14:06 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 51.178.78.152:52851->193.90.223.118:8140, len 40
15:14:07 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 52.212.51.67:443->193.90.223.118:49324, len 83
15:14:07 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:14:07 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:38948->255.255.255.255:10001, len 185
15:14:07 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:07 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 51.105.249.223:443->193.90.223.118:56943, len 215
15:14:07 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:14:07 system,info,account user stock logged in from B0:6E:BF:0A:7C:99 via winbox
15:14:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 216.58.211.14:443->193.90.223.118:52487, len 96
15:14:08 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:14:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 52.212.51.67:443->193.90.223.118:49324, len 83
15:14:08 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:14:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 35.224.34.64:443->193.90.223.118:40256, len 103
15:14:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto UDP, 104.244.76.133:47319->193.90.223.118:123, len 220
15:14:09 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:14:09 caps,info [74:4D:28:F9:AF:17/4/a1b3,Join,[74:4D:28:F9:AF:17]] joined, provides radio(s): 74:4D:28:F9:AF:19,74:4D:28:F9:AF:1A
15:14:09 caps,info 2.4GHz-AP_Restaurant: selected channel 2412/20/gn(10dBm) (fixed)
15:14:09 caps,info 5GHz-AP_Restaurant: selected channel 5200/20/ac/P(20dBm) (fixed)
15:14:09 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.20.37:443->193.90.223.118:52551, len 96
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 989
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 989
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 842
15:14:09 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 842
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 372
15:14:09 caps,info 94:B0:1F:13:FA:EA@5GHz-AP_Chambre connected, signal strength -84
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 370
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 989
15:14:09 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:40635->255.255.255.255:5246, len 48
15:14:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 842
15:14:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 159.8.88.138:443->193.90.223.118:51447, len 333
15:14:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 217.146.13.137:5938->193.90.223.118:60834, len 1500
15:14:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:11 caps,info 2.4GHz--AP_Messanin-1: selected channel 2442/20-eC/gn(20dBm)
15:14:12 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:12 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 213.227.168.186:5938->193.90.223.118:56929, len 1500
15:14:12 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 51.105.249.223:443->193.90.223.118:56943, len 215
15:14:13 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 216.58.211.138:443->193.90.223.118:52553, len 96
15:14:13 caps,info 94:B0:1F:13:FA:EA@5GHz-AP_Restaurant connected, signal strength -73
15:14:13 caps,info 94:B0:1F:13:FA:EA@5GHz-AP_Chambre disconnected, registered to other interface
15:14:13 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 216.58.211.138:443->193.90.223.118:52554, len 96
15:14:14 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:15 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56224, len 40
15:14:16 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:49680, len 92
15:14:17 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 34.237.73.95:443->193.90.223.118:56934, len 72
15:14:17 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:14:17 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:45298->255.255.255.255:10001, len 185
15:14:17 caps,info 5GHz--AP_Messanin-1: selected channel 5260/20-Ceee/ac/DP(20dBm)
15:14:18 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:36314->255.255.255.255:5246, len 48
15:14:18 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:68->255.255.255.255:67, len 328
15:14:19 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 159.8.88.138:443->193.90.223.118:51447, len 1500
15:14:19 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58042, len 83
15:14:20 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.230.45.73:443->193.90.223.118:42986, len 255
15:14:48 system,info sntp change time Feb/27/2020 15:14:20 => Feb/27/2020 15:14:48
15:14:48 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:54149->255.255.255.255:3333, len 43
15:14:50 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 17.248.150.13:443->193.90.223.118:62602, len 116
15:14:52 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:47624->255.255.255.255:5246, len 48
15:14:53 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:14:53 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:14:53 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:14:54 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:14:54 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56220, len 40
15:14:54 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:14:54 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:58790->255.255.255.255:10001, len 185
15:14:55 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56260, len 40
15:14:55 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:14:55 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 216.239.34.21:443->193.90.223.118:37294, len 108
15:14:57 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:14:57 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 52.209.26.101:443->193.90.223.118:49702, len 83
15:14:58 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 64.233.165.189:443->193.90.223.118:56921, len 93
15:14:58 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:56933, len 80
15:14:59 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 6c:3b:6b:e8:d8:b4, proto UDP, 192.168.88.2:5678->255.255.255.255:5678, len 113
15:14:59 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:38769->255.255.255.255:5246, len 48
15:15:00 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:15:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 92.119.160.52:40417->193.90.223.118:30304, len 40
15:15:03 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:64599->255.255.255.255:3333, len 43
15:15:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 89.221.244.53:443->193.90.223.118:65007, len 83
15:15:04 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:15:04 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:39615->255.255.255.255:10001, len 185
15:15:05 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.213.105.149:443->193.90.223.118:48874, len 91
15:15:06 caps,info F0:E4:A2:14:AF:A4@2.4GHz--AP_Messanin-1 connected, signal strength -44
15:15:06 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.213.105.149:443->193.90.223.118:48874, len 91
15:15:06 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.213.105.149:443->193.90.223.118:48874, len 91
15:15:07 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.213.105.149:443->193.90.223.118:48874, len 91
15:15:07 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:57945->255.255.255.255:5246, len 48
15:15:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:15:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.213.105.149:443->193.90.223.118:48874, len 91
15:15:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 143.204.41.99:443->193.90.223.118:46768, len 83
15:15:11 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.213.105.149:443->193.90.223.118:48874, len 91
15:15:13 caps,info 7C:9A:1D:DA:26:23@5GHz-AP_Chambre connected, signal strength -74
15:15:13 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:49680, len 92
15:15:14 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:15:14 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:42765->255.255.255.255:10001, len 185
15:15:15 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:44060->255.255.255.255:5246, len 48
15:15:15 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 63.33.33.42:443->193.90.223.118:33078, len 91
15:15:16 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 63.33.33.42:443->193.90.223.118:33078, len 91
15:15:16 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 63.33.33.42:443->193.90.223.118:33078, len 91
15:15:17 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.213.105.149:443->193.90.223.118:48874, len 91
15:15:17 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 63.33.33.42:443->193.90.223.118:33078, len 91
15:15:18 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:53852->255.255.255.255:3333, len 43
15:15:18 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 63.33.33.42:443->193.90.223.118:33078, len 91
15:15:20 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 164.115.81.68:50438->193.90.223.118:1433, len 40
15:15:21 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 63.33.33.42:443->193.90.223.118:33078, len 91
15:15:23 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:50841->255.255.255.255:5246, len 48
15:15:23 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.57.146.137:5223->193.90.223.118:49989, len 105
15:15:24 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 185.175.93.78:56275->193.90.223.118:8166, len 40
15:15:24 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:15:24 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:33078->255.255.255.255:10001, len 185
15:15:27 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 63.33.33.42:443->193.90.223.118:33078, len 91
15:15:28 system,info,account user stock logged in via local
15:15:28 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 64.233.165.189:443->193.90.223.118:56921, len 93
15:15:28 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 3.213.105.149:443->193.90.223.118:48874, len 91
15:15:28 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:56933, len 80
15:15:30 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:34828->255.255.255.255:5246, len 48
15:15:32 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 185.175.93.78:56275->193.90.223.118:8866, len 40
15:15:33 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:59778->255.255.255.255:3333, len 43
15:15:34 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:15:34 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:59666->255.255.255.255:10001, len 185
15:15:38 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:46911->255.255.255.255:5246, len 48
15:15:39 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 63.33.33.42:443->193.90.223.118:33078, len 91
15:15:44 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:49680, len 92
15:15:44 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:15:44 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:57470->255.255.255.255:10001, len 185
15:15:45 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:50535->255.255.255.255:5246, len 48
15:15:48 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:68->255.255.255.255:67, len 328
15:15:48 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:49938->255.255.255.255:3333, len 43
15:15:52 caps,info 7C:9A:1D:DA:26:23@5GHz-AP_Chambre disconnected, too weak signal, signal strength -86
15:15:52 caps,info 7C:9A:1D:DA:26:23@5GHz-AP_Chambre connected, signal strength -82
15:15:52 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:56209->255.255.255.255:5246, len 48
15:15:52 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 8.8.8.8:443->193.90.223.118:44950, len 108
15:15:54 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 31.13.72.48:443->193.90.223.118:58914, len 116
15:15:54 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:15:55 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:56095->255.255.255.255:10001, len 185
15:15:55 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.22.165:443->193.90.223.118:49397, len 108
15:15:56 caps,info 8C:B8:4A:C4:19:65@5GHz--AP_Messanin-1 connected, signal strength -80
15:15:57 dhcp,info guest_dhcp deassigned 192.168.88.53 from 8C:B8:4A:C4:19:65
15:15:57 dhcp,info guest_dhcp assigned 192.168.88.53 to 8C:B8:4A:C4:19:65
15:15:58 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56224, len 40
15:15:58 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 64.233.165.189:443->193.90.223.118:56921, len 93
15:15:58 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:56933, len 80
15:15:59 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 6c:3b:6b:e8:d8:b4, proto UDP, 192.168.88.2:5678->255.255.255.255:5678, len 113
15:16:00 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:49670->255.255.255.255:5246, len 48
15:16:01 caps,info AC:CF:85:FA:2C:06@2.4GHz--AP_Messanin-1 connected, signal strength -55
15:16:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 216.239.36.126:443->193.90.223.118:48868, len 108
15:16:03 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:57435->255.255.255.255:3333, len 43
15:16:04 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:16:05 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:42021->255.255.255.255:10001, len 185
15:16:06 caps,info 8C:B8:4A:C4:19:65@2.4GHz--AP_Messanin-1 connected, signal strength -72
15:16:06 caps,info 8C:B8:4A:C4:19:65@5GHz--AP_Messanin-1 disconnected, registered to other interface
15:16:07 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:37970->255.255.255.255:5246, len 48
15:16:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56220, len 40
15:16:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 212.45.190.63:5061->193.90.223.118:46859, len 83
15:16:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56260, len 40
15:16:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 185.175.93.18:56010->193.90.223.118:47555, len 40
15:16:11 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:13 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:14 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 192.3.204.74:55830->193.90.223.118:4408, len 40
15:16:14 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:49680, len 92
15:16:14 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:16:15 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:35916->255.255.255.255:10001, len 185
15:16:15 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:53702->255.255.255.255:5246, len 48
15:16:16 caps,info 8C:B8:4A:C4:19:65@5GHz-AP_Restaurant connected, signal strength -72
15:16:16 caps,info 8C:B8:4A:C4:19:65@2.4GHz--AP_Messanin-1 disconnected, registered to other interface
15:16:17 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:18 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:49844->255.255.255.255:3333, len 43
15:16:20 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 216.58.207.229:443->193.90.223.118:56872, len 96
15:16:22 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:22 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:34936->255.255.255.255:5246, len 48
15:16:23 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:23 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:24 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 139.138.132.244:57163->193.90.223.118:1433, len 40
15:16:24 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:24 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:16:25 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:47103->255.255.255.255:10001, len 185
15:16:28 caps,info 08:C5:E1:D0:F0:7B@5GHz-AP_Restaurant connected, signal strength -68
15:16:28 caps,info 7C:9A:1D:DA:26:23@5GHz-AP_Chambre disconnected, too weak signal, signal strength -92
15:16:30 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 292
15:16:30 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:30 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:43499->255.255.255.255:5246, len 48
15:16:31 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 292
15:16:31 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:31 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:32 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:32 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 292
15:16:32 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:32 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 172.217.21.138:443->193.90.223.118:54600, len 108
15:16:32 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:33 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 292
15:16:33 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:33 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:55253->255.255.255.255:3333, len 43
15:16:34 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:34 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:16:35 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:54133->255.255.255.255:10001, len 185
15:16:35 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:36 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:37 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:37 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:60280->255.255.255.255:5246, len 48
15:16:38 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 319
15:16:39 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:40 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 108.177.14.188:5228->193.90.223.118:60630, len 76
15:16:40 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:41 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:41 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:42 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:42 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:43 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:43 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:43 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 182.61.109.105:52907->193.90.223.118:2020, len 40
15:16:44 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:44 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:44 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:16:45 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:47456->255.255.255.255:10001, len 185
15:16:45 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:56114->255.255.255.255:5246, len 48
15:16:45 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:45 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:45 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:16:46 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:47 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:48 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:48 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:68->255.255.255.255:67, len 328
15:16:48 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:62868->255.255.255.255:3333, len 43
15:16:49 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:50 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58042, len 83
15:16:50 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:51 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:52 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:52 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:49757->255.255.255.255:5246, len 48
15:16:53 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:54 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:54 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:16:55 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:42071->255.255.255.255:10001, len 185
15:16:55 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:56 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:57 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:59 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:16:59 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 6c:3b:6b:e8:d8:b4, proto UDP, 192.168.88.2:5678->255.255.255.255:5678, len 113
15:16:59 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:43096->255.255.255.255:5246, len 48
15:17:00 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:17:02 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:17:03 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:61443->255.255.255.255:3333, len 43
15:17:04 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:04 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:04 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:04 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:17:05 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:45441->255.255.255.255:10001, len 185
15:17:05 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:06 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:06 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:17:07 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:37068->255.255.255.255:5246, len 48
15:17:08 caps,info 34:02:86:00:6E:8C@5GHz--AP_Messanin-1 connected, signal strength -58
15:17:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:09 dhcp,info guest_dhcp assigned 192.168.88.11 to 34:02:86:00:6E:8C
15:17:13 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:17:13 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56224, len 40
15:17:14 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:14 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:44041->255.255.255.255:5246, len 48
15:17:14 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:17:15 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:53744->255.255.255.255:10001, len 185
15:17:18 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:57782->255.255.255.255:3333, len 43
15:17:19 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:17:21 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:17:22 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:45103->255.255.255.255:5246, len 48
15:17:23 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:24 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:17:25 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:60336->255.255.255.255:10001, len 185
15:17:25 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56220, len 40
15:17:25 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56260, len 40
15:17:29 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:54701->255.255.255.255:5246, len 48
15:17:33 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:61714->255.255.255.255:3333, len 43
15:17:34 caps,info 0C:B5:27:E9:BB:A7@5GHz--AP_Messanin-1 connected, signal strength -85
15:17:34 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:17:35 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:38941->255.255.255.255:10001, len 185
15:17:35 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:53211->255.255.255.255:5684, len 295
15:17:35 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:54314->255.255.255.255:5684, len 295
15:17:35 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:49736->255.255.255.255:5684, len 295
15:17:35 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:43057->255.255.255.255:5684, len 295
15:17:36 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:45343->255.255.255.255:5684, len 295
15:17:36 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 31.13.72.48:443->193.90.223.118:58914, len 100
15:17:36 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:57590->255.255.255.255:5246, len 48
15:17:36 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:58896->255.255.255.255:5684, len 295
15:17:37 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:49117->255.255.255.255:5684, len 295
15:17:37 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:39635->255.255.255.255:5684, len 295
15:17:38 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:50796->255.255.255.255:5684, len 295
15:17:38 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:17:38 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:49467->255.255.255.255:5684, len 295
15:17:39 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:47579->255.255.255.255:5684, len 295
15:17:39 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 0c:b5:27:e9:bb:a7, proto UDP, 192.168.88.123:36505->255.255.255.255:5684, len 295
15:17:42 caps,info 0C:B5:27:E9:BB:A7@5GHz-AP_Restaurant connected, signal strength -77
15:17:42 caps,info 0C:B5:27:E9:BB:A7@5GHz--AP_Messanin-1 disconnected, registered to other interface
15:17:43 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:17:44 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:37606->255.255.255.255:5246, len 48
15:17:44 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:17:45 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:35561->255.255.255.255:10001, len 185
15:17:48 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:53743->255.255.255.255:3333, len 43
15:17:49 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:68->255.255.255.255:67, len 328
15:17:51 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:47008->255.255.255.255:5246, len 48
15:17:53 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 83.97.20.37:56451->193.90.223.118:2083, len 40
15:17:54 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:17:55 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:40595->255.255.255.255:10001, len 185
15:17:56 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:17:57 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 192.210.198.178:56969->193.90.223.118:3068, len 40
15:17:59 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 89.248.168.202:53577->193.90.223.118:6202, len 40
15:17:59 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:47484->255.255.255.255:5246, len 48
15:17:59 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 6c:3b:6b:e8:d8:b4, proto UDP, 192.168.88.2:5678->255.255.255.255:5678, len 113
15:18:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:02 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:03 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:03 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:49497->255.255.255.255:3333, len 43
15:18:04 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:04 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 320
15:18:04 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:18:05 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:58877->255.255.255.255:10001, len 185
15:18:06 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 92.119.160.143:40420->193.90.223.118:7968, len 40
15:18:06 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:07 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:56173->255.255.255.255:5246, len 48
15:18:11 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:13 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:18:14 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:18:14 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:18:15 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:43740->255.255.255.255:10001, len 185
15:18:15 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:47455->255.255.255.255:5246, len 48
15:18:15 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:18:18 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:52784->255.255.255.255:3333, len 43
15:18:20 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:20 system,info,account user stock logged out via local
15:18:21 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:18:22 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:44599->255.255.255.255:5246, len 48
15:18:23 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 211.76.130.19:57982->193.90.223.118:445, len 40
15:18:24 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:18:25 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:42182->255.255.255.255:10001, len 185
15:18:25 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 5.45.62.116:80->193.90.223.118:52559, len 220
15:18:27 caps,info 0C:B5:27:E9:BB:A7@5GHz-AP_Chambre connected, signal strength -82
15:18:27 caps,info 0C:B5:27:E9:BB:A7@5GHz-AP_Restaurant disconnected, registered to other interface
15:18:28 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56224, len 40
15:18:29 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:18:30 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:46874->255.255.255.255:5246, len 48
15:18:33 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:59027->255.255.255.255:3333, len 43
15:18:34 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (SYN), 198.46.154.34:55911->193.90.223.118:7454, len 40
15:18:34 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:18:34 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:18:35 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:51991->255.255.255.255:10001, len 185
15:18:37 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:52105->255.255.255.255:5246, len 48
15:18:38 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:18:38 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:18:39 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:18:39 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:18:39 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:18:40 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56220, len 40
15:18:40 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:18:41 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK), 193.213.115.11:993->193.90.223.118:56260, len 40
15:18:42 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:18:44 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:18:44 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:51659->255.255.255.255:10001, len 185
15:18:45 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:39486->255.255.255.255:5246, len 48
15:18:46 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:18:48 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:62245->255.255.255.255:3333, len 43
15:18:52 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), proto UDP, 192.168.88.1:58566->255.255.255.255:5246, len 48
15:18:52 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58042, len 83
15:18:54 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:68->255.255.255.255:67, len 328
15:18:54 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:18:54 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:18:54 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:42504->255.255.255.255:10001, len 185
15:18:55 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:18:57 system,info filter rule changed by stock
15:19:02 caps,info CAP selected CAPsMAN Router-Kontor (::ffff:192.168.88.1:5246)
15:19:02 caps,info CAP connected to Router-Kontor (::ffff:192.168.88.1:5246)
15:19:02 caps,info [::ffff:192.168.88.1:59353,Join,[C4:AD:34:60:88:12]] joined, provides radio(s): C4:AD:34:60:88:1D,C4:AD:34:21:20:69
15:19:02 caps,info CAP joined Router-Kontor (::ffff:192.168.88.1:5246)
15:19:04 system,info filter rule changed by stock
15:19:04 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:19:04 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:36752->255.255.255.255:10001, len 185
15:19:07 caps,info 2.4GHz--Router-Kontor-1: selected channel 2452/20-Ce/gn(20dBm)
15:19:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.242.150.25:5223->193.90.223.118:49449, len 105
15:19:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.242.150.25:5223->193.90.223.118:49449, len 105
15:19:08 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.242.150.25:5223->193.90.223.118:49449, len 105
15:19:09 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.242.150.25:5223->193.90.223.118:49449, len 105
15:19:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.242.150.25:5223->193.90.223.118:49449, len 105
15:19:10 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 77.234.45.60:80->193.90.223.118:49700, len 232
15:19:11 caps,info 0C:B5:27:E9:BB:A7@2.4GHz--Router-Kontor-1 connected, signal strength -54
15:19:11 caps,info 0C:B5:27:E9:BB:A7@5GHz-AP_Chambre disconnected, registered to other interface
15:19:12 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.242.150.25:5223->193.90.223.118:49449, len 105
15:19:14 caps,info 94:53:30:27:E4:D4@2.4GHz--Router-Kontor-1 connected, signal strength -61
15:19:15 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:19:15 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:57608->255.255.255.255:10001, len 185
15:19:16 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.242.150.25:5223->193.90.223.118:49449, len 105
15:19:16 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:19:16 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 31.13.72.5:443->193.90.223.118:58092, len 83
15:19:16 caps,info 5GHz--Router-Kontor-1: selected channel 5640/20-eCee/ac/DP(27dBm)+5210/80/P(23dBm)
15:19:17 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:19:17 caps,info 94:53:30:27:E4:D4@2.4GHz--Router-Kontor-1 disconnected, received disassoc: sending station leaving (8)
15:19:18 caps,info 94:53:30:27:E4:D4@2.4GHz--Router-Kontor-1 connected, signal strength -63
15:19:18 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac cc:c7:60:81:2e:65, proto UDP, 192.168.7.41:57191->255.255.255.255:3333, len 43
15:19:22 system,info,account user stock logged in via local
15:19:23 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:19:23 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:19:23 firewall,info DROP-FIREWALL input: in:eth1_WAN out:(unknown 0), src-mac 88:cf:98:09:84:99, proto TCP (ACK,PSH), 17.242.150.25:5223->193.90.223.118:49449, len 105
15:19:24 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:19:24 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:19:25 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 44:d9:e7:30:0b:ae, proto UDP, 192.168.7.249:32819->255.255.255.255:10001, len 186
15:19:25 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 78:8a:20:4b:04:a6, proto UDP, 192.168.7.254:59892->255.255.255.255:10001, len 185
15:19:25 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:19:26 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:19:26 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:19:27 firewall,info DROP-FIREWALL input: in:eth4_gastrofix out:(unknown 0), src-mac 3c:a9:f4:31:17:4c, proto UDP, 192.168.7.239:137->192.168.7.255:137, len 78
15:19:27 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:19:28 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:19:29 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 08:c5:e1:d0:f0:7b, proto UDP, 192.168.88.51:59055->255.255.255.255:1900, len 321
15:19:29 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 94:53:30:27:e4:d4, proto UDP, 192.168.88.70:137->255.255.255.255:137, len 96
15:19:29 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 94:53:30:27:e4:d4, proto UDP, 192.168.88.70:137->255.255.255.255:137, len 96
15:19:30 firewall,info DROP-FIREWALL input: in:AP_bridge out:(unknown 0), src-mac 94:53:30:27:e4:d4, proto UDP, 192.168.88.70:137->255.255.255.255:137, len 96
#END
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Thu Feb 27, 2020 5:28 pm

Could you please share you CAPsMAN settings as well? And perhaps your entire cofiguration would be beneficial too.

What is the purpose of giving your wireless interfaces an IP address? And why would you like to have two seperate interfaces the same IP? Are the wireless interfaces part of a bridge?

Static IPs for the wireless interfaces: We have the builtin router wireless interface plus 3 cAPs and sometimes employees disconnect the APs (or they fail, or is not added to the CAPsMAN like in the router case). I'm using netwatch to detect if they're up or not (if the go down, I get an email). Maybe there are more elegant ways?
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Thu Feb 27, 2020 5:55 pm

I added the rule:
/ip firewall filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
before the drop all. Did not change anything. I need to manually disable the "drop all" rule a few seconds.

# feb/27/2020 16:47: 3 by RouterOS 6.46.3
# software id = D6TK-ALEK
#
16:43:16 system,info router rebooted
16:43:25 interface,info eth2_kontor link up (speed 100M, full duplex)
16:43:26 interface,info eth1_WAN link up (speed 1G, full duplex)
16:43:26 interface,info eth3_MikrotikAPs link up (speed 1G, full duplex)
16:43:26 bridge,info "AP_bridge" mac address changed to C4:AD:34:60:88:14
16:43:27 interface,info eth4_gastrofix link up (speed 1G, full duplex)
16:43:32 caps,info [74:4D:28:F9:AA:6A/4/dc4b,Join,[74:4D:28:F9:AA:6A]] joined, provides radio(s): 74:4D:28:F9:AA:6C,74:4D:28:F9:AA:6D
16:43:32 caps,info 2.4GHz-AP_Chambre: selected channel 2462/20/gn(10dBm) (fixed)
16:43:32 caps,info 5GHz-AP_Chambre: selected channel 5240/20/ac/P(20dBm) (fixed)
16:43:32 caps,info [74:4D:28:F9:AF:17/4/7e85,Join,[74:4D:28:F9:AF:17]] joined, provides radio(s): 74:4D:28:F9:AF:19,74:4D:28:F9:AF:1A
16:43:32 caps,info 2.4GHz-AP_Restaurant: selected channel 2412/20/gn(10dBm) (fixed)
16:43:32 caps,info 5GHz-AP_Restaurant: selected channel 5200/20/ac/P(20dBm) (fixed)
16:43:36 caps,info [C4:AD:34:14:34:28/4/8a8a,Join,[C4:AD:34:14:34:28]] joined, provides radio(s): C4:AD:34:14:34:2A,C4:AD:34:14:34:2B
16:43:39 caps,info F0:E4:A2:14:AF:A4@2.4GHz-AP_Restaurant connected, signal strength -83
16:43:39 dhcp,info guest_dhcp deassigned 192.168.88.29 from F0:E4:A2:14:AF:A4
16:43:39 dhcp,info guest_dhcp assigned 192.168.88.29 to F0:E4:A2:14:AF:A4
16:43:41 caps,info 2.4GHz--AP_Messanin-1: selected channel 2412/20-Ce/gn(20dBm)
16:43:48 caps,info 5GHz--AP_Messanin-1: selected channel 5260/20-Ceee/ac/DP(20dBm)
16:44:16 system,info sntp change time Feb/27/2020 16:43:48 => Feb/27/2020 16:44:16
16:44:24 caps,info 08:C5:E1:D0:F0:7B@5GHz-AP_Restaurant connected, signal strength -69
16:44:28 system,info,account user stock logged in from B0:6E:BF:0A:7C:99 via winbox
16:44:31 caps,info FC:18:3C:5D:7A:BF@2.4GHz--AP_Messanin-1 connected, signal strength -67
16:44:32 caps,info 9C:64:8B:14:C0:21@5GHz-AP_Restaurant connected, signal strength -59
16:44:48 caps,info 98:3B:8F:6E:CB:66@5GHz-AP_Restaurant connected, signal strength -57
16:44:49 caps,info FC:18:3C:5D:7A:BF@5GHz-AP_Restaurant connected, signal strength -62
16:44:49 caps,info FC:18:3C:5D:7A:BF@2.4GHz--AP_Messanin-1 disconnected, registered to other interface
16:44:49 caps,info 34:02:86:00:6E:8C@5GHz-AP_Restaurant connected, signal strength -61
16:45:36 system,info filter rule changed by stock
16:45:42 caps,info CAP selected CAPsMAN Router-Kontor (::ffff:192.168.88.1:5246)
16:45:43 caps,info CAP connected to Router-Kontor (::ffff:192.168.88.1:5246)
16:45:43 caps,info [::ffff:192.168.88.1:55981,Join,[C4:AD:34:60:88:12]] joined, provides radio(s): C4:AD:34:60:88:1D,C4:AD:34:21:20:69
16:45:43 caps,info CAP joined Router-Kontor (::ffff:192.168.88.1:5246)
16:45:46 system,info filter rule changed by stock
16:45:47 caps,info 2.4GHz--Router-Kontor-1: selected channel 2452/20-Ce/gn(20dBm)
16:45:56 caps,info 94:53:30:27:E4:D4@2.4GHz--Router-Kontor-1 connected, signal strength -66
16:45:57 caps,info 5GHz--Router-Kontor-1: selected channel 5640/20-eCee/ac/DP(27dBm)+5210/80/P(23dBm)
16:45:57 caps,info 94:B0:1F:13:FA:EA@2.4GHz--Router-Kontor-1 connected, signal strength -66
16:46:01 caps,info 94:53:30:27:E4:D4@2.4GHz--Router-Kontor-1 disconnected, received disassoc: sending station leaving (8)
16:46:08 caps,info 94:53:30:27:E4:D4@2.4GHz--Router-Kontor-1 connected, signal strength -64
16:46:11 dhcp,info guest_dhcp deassigned 192.168.88.70 from 94:53:30:27:E4:D4
16:46:12 dhcp,info guest_dhcp assigned 192.168.88.70 to 94:53:30:27:E4:D4
16:46:22 caps,info 48:3B:38:01:D3:CD@2.4GHz--Router-Kontor-1 connected, signal strength -59
16:46:25 caps,info FC:18:3C:5D:7A:BF@2.4GHz--AP_Messanin-1 connected, signal strength -71
16:46:25 caps,info FC:18:3C:5D:7A:BF@5GHz-AP_Restaurant disconnected, registered to other interface
16:46:44 system,info,account user stock logged in via local
#END
Top
 
angriukas
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Nov 22, 2013 9:20 am
Contact:
Contact angriukas

Re: Firewall disabling my wireless interface in CAPsMAN

Fri Feb 28, 2020 10:12 am

This line points that your AP's communicating with CAPsMAN via L3, that's why FW rules comes in action.
16:45:43 caps,info [::ffff:192.168.88.1:55981,Join,[C4:AD:34:60:88:12]] joined, provides radio(s): C4:AD:34:60:88:1D,C4:AD:34:21:20:69

The log line should look like:
16:45:43 caps,info [MAC ADDRESS HERE WITHOUT IP,Join,[C4:AD:34:60:88:12]] joined, provides radio(s): C4:AD:34:60:88:1D,C4:AD:34:21:20:69

To communicate via L2 - you have to revise your CAPsMAN config.
BTW: you can remove IP from AP's, it's not needed if communication goes via L2.
From remote location AP's can be accessed via RoMON.
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Fri Feb 28, 2020 1:19 pm

This line points that your AP's communicating with CAPsMAN via L3, that's why FW rules comes in action.
16:45:43 caps,info [::ffff:192.168.88.1:55981,Join,[C4:AD:34:60:88:12]] joined, provides radio(s): C4:AD:34:60:88:1D,C4:AD:34:21:20:69

The log line should look like:
16:45:43 caps,info [MAC ADDRESS HERE WITHOUT IP,Join,[C4:AD:34:60:88:12]] joined, provides radio(s): C4:AD:34:60:88:1D,C4:AD:34:21:20:69

To communicate via L2 - you have to revise your CAPsMAN config.
BTW: you can remove IP from AP's, it's not needed if communication goes via L2.
From remote location AP's can be accessed via RoMON.

You can see my current config (export)? How do I revise the CAPsMAN config to communicate via L2?
Top
 
angriukas
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Nov 22, 2013 9:20 am
Contact:
Contact angriukas

Re: Firewall disabling my wireless interface in CAPsMAN

Fri Feb 28, 2020 2:23 pm

Loaded your cfg to CHR. I see nothing wrong there. I usually use single provisioning for multiple SSID's and 2.4/5GHz bands. But it's up to you.
I guess you have entered CAPsMAN IP address during AP configuration.
Attached my CAP config screen. In my case AP is locked to CAPsMAN via certificates, and I use no CAPsMAN IP's and I use no IP for AP itself.
In this video you can find how to achieve that:
https://www.youtube.com/watch?v=Q9h00PYEzQM
You do not have the required permissions to view the files attached to this post.
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Fri Feb 28, 2020 7:24 pm

I'm a little lost when it comes to L2 / L3 config. I followed the "simple capsman setup" on the Mikrotik wiki.
My cAPs are connected to a RB260GSP, then to the RB4011iGS+5HacQ2HnD-IN.
Do I need special configuration on the RB260GSP for L2 config?
Top
 
angriukas
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Nov 22, 2013 9:20 am
Contact:
Contact angriukas

Re: Firewall disabling my wireless interface in CAPsMAN

Fri Feb 28, 2020 8:33 pm

Nobody will say what exactly you should do :)
If I understood correctly from last post - you have two CAPsMAN's.

For L2 - you cannot lock to CAPsMAN by IP. Lock should be like that:
  • in CAPsMAN manager set option "Require Peer Certificate"
  • in AP lock to the needed CAPsMAN with cert.
Before that you have to generated certs (video shows that).

By locking with IP you are forcing to L3 and then FW rules comes to action.
In this case (if locking by IP) you have to create just one rule in FW filter, chain INPUT: allow new connections from IP's of all of AP's.
Drag this rule on top.

Sample:
/ip firewall filter
add chain=input action=accept connection-state=established,related,new src-address-list=CAPs in-interface=bridge1-lan

Create records in "Address List" named with 'CAPs' with IP's of your AP's.
/ip firewall address-list
add address=A.B.C.1 list=CAPs
add address=A.B.C.2 list=CAPs
add address=A.B.C.3 list=CAPs

This is fastest solution with your config because of L3.
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Fri Feb 28, 2020 11:43 pm

The RB260GSP is just a managed switch (not running CAPsMAN). CAPsMAN is only running on RB4011iGS.
Will this lock with IP or are the two mikrotiks (switch+router) able to communicate on L2?
Top
 
angriukas
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Nov 22, 2013 9:20 am
Contact:
Contact angriukas

Re: Firewall disabling my wireless interface in CAPsMAN

Mon Mar 02, 2020 2:33 pm

Switch in between should have no influence for CAPsMAN via L2.
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Mon Mar 02, 2020 3:50 pm

I managed to request certificates, lock the caps and set CAPsMAN to require certificates. It seems it works good, but I'm still not sure if it's completely L2 config? And if the setup is optimal?

Also, two 2.4GHz interfaces is not linked automatically. They show up as cap3 and cap4 in CAPsMAN, without the naming policy. They also show in my export:
Code: Select all
/caps-man interface
add disabled=no l2mtu=1600 mac-address=X master-interface=none name=cap3 radio-mac=X radio-name=X
add disabled=no l2mtu=1600 mac-address=X master-interface=none name=cap4 radio-mac=X radio-name=X
I removed the mac addresses for the forum post.
All four 5GHz kicks in normally.

Also, Is it necessay to provide the list of channels like:
Code: Select all
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=Ch01_20M_24G tx-power=10
...etc... Or will "create-dynamic-enabled" do their own thing?

ROUTER:
Code: Select all
# mar/02/2020 09:29:54 by RouterOS 6.46.4
# software id = D6TK-ALEK
#
# model = RB4011iGS+5HacQ2HnD
# serial number = X
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=Ch01_20M_24G tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2437 name=Ch06_20M_24G tx-power=10
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2462 name=Ch11_20M_24G tx-power=10
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180 name=Ch36_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5200 name=Ch40_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5220 name=Ch44_20M_5G tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5240 name=Ch48_20M_5G tx-power=20
/interface bridge
add fast-forward=no name=AP_bridge
add admin-mac=X auto-mac=no comment=TrustedBridge name=WorkBridge
/interface wireless
# managed by CAPsMAN
# channel: 5640/20-eCee/ac/DP(24dBm)+5210/80/P(20dBm), SSID: Stock Spiseri, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 2442/20-eC/gn(17dBm), SSID: Stock Spiseri, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] name=eth1_WAN
set [ find default-name=ether2 ] name=eth2_kontor
set [ find default-name=ether3 ] name=eth3_MikrotikAPs
set [ find default-name=ether4 ] name=eth4_gastrofix
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/caps-man interface
add disabled=no l2mtu=1600 mac-address=X master-interface=none name=cap3 radio-mac=X radio-name=X
add disabled=no l2mtu=1600 mac-address=X master-interface=none name=cap4 radio-mac=X radio-name=X
/caps-man datapath
add bridge=AP_bridge local-forwarding=no name="Stock Public"
/caps-man configuration
add country=norway datapath="Stock Public" distance=indoors frame-lifetime=10ms installation=indoor mode=ap name="Stock Public 5GHz" ssid="Stock Spiseri"
/caps-man rates
add basic=9Mbps name="GN Only - No B rates" supported=9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs=""
/caps-man configuration
add country=norway datapath="Stock Public" distance=indoors frame-lifetime=10ms installation=indoor mode=ap name="Stock Public 2.4GHz" rates="GN Only - No B rates" ssid="Stock Spiseri"
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 10 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
add name=WinboxAccess
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=gastrofix_dhcp ranges=192.168.7.120-192.168.7.254
add name=guest_dhcp ranges=192.168.88.10-192.168.88.250
/ip dhcp-server
add address-pool=gastrofix_dhcp disabled=no interface=eth4_gastrofix lease-time=23h59m59s name=gastrofix_dhcp
add address-pool=guest_dhcp disabled=no interface=AP_bridge lease-time=2h30m name=guest_dhcp
/system logging action
set 0 memory-lines=3000
set 1 disk-file-count=10 disk-lines-per-file=3000
/caps-man access-list
add action=accept allow-signal-out-of-range=10s comment="-85..120 accept" disabled=no signal-range=-85..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="-120..-86 reject" disabled=no signal-range=-120..-86 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes require-peer-certificate=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=AP_bridge
/caps-man provisioning
add action=create-dynamic-enabled comment="2.4GHz 802.11g capable radios" hw-supported-modes=g,g-turbo,gn master-configuration="Stock Public 2.4GHz" name-format=prefix-identity name-prefix=2.4GHz-
add action=create-dynamic-enabled comment="5GHz 802.11ac capable radios" hw-supported-modes=ac master-configuration="Stock Public 5GHz" name-format=prefix-identity name-prefix=5GHz-
/interface bridge port
add bridge=AP_bridge interface=eth3_MikrotikAPs
add bridge=AP_bridge interface=wlan1
add bridge=AP_bridge interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=WinboxAccess
/interface list member
add interface=eth1_WAN list=WAN
add interface=eth2_kontor list=LAN
add interface=eth4_gastrofix list=LAN
add interface=AP_bridge list=LAN
add interface=eth2_kontor list=WinboxAccess
add interface=eth4_gastrofix list=WinboxAccess
/interface wireless cap
# 
set bridge=AP_bridge caps-man-addresses=127.0.0.1 caps-man-certificate-common-names=X certificate=X discovery-interfaces=AP_bridge enabled=yes interfaces=wlan1,wlan2 \
    lock-to-caps-man=yes
/ip address
add address=193.90.223.118/24 interface=eth1_WAN network=193.90.223.0
add address=192.168.1.1/24 interface=eth2_kontor network=192.168.1.0
add address=192.168.7.1/24 interface=eth4_gastrofix network=192.168.7.0
add address=192.168.88.1/24 interface=AP_bridge network=192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.7.0/24 comment="DHCP for Gastrofix" dns-server=193.75.75.75,192.168.7.1 gateway=192.168.7.1 netmask=24
add address=192.168.88.0/24 comment="DHCP for Guests" dns-server=193.75.75.75,193.75.75.193 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=193.75.75.75,193.75.75.193
/ip firewall address-list
add address=192.168.1.0/24 list=AdminAccess
add address=0.0.0.0/8 list=bogons
add address=172.16.0.0/12 list=bogons
add address=10.0.0.0/8 list=bogons
add address=169.254.0.0/16 list=bogons
add address=127.0.0.0/8 list=bogons
add address=224.0.0.0/4 list=bogons
add address=198.18.0.0/15 list=bogons
add address=192.0.0.0/24 list=bogons
add address=192.0.2.0/24 list=bogons
add address=198.51.100.0/24 list=bogons
add address=203.0.113.0/24 list=bogons
add address=100.64.0.0/10 list=bogons
add address=240.0.0.0/4 list=bogons
add address=192.88.99.0/24 list=bogons
/ip firewall filter
add action=accept chain=input comment="accept established,related" connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="Admin Access to Router" src-address-list=AdminAccess
add action=accept chain=input comment="allow LAN to DNS-TCP" dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=input comment="allow LAN to DNS-UDP" dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=accept chain=input comment="CAPsMAN accept all local traffic" dst-port=5246,5247 protocol=udp src-address=127.0.0.1
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 log=yes log-prefix="acceot local loopback CAPsMAN"
add action=drop chain=input comment="Drop All Else" log-prefix=FIREWALL-INPUT-DROP-ALL-ELSE
add action=drop chain=forward dst-address=77.66.21.133 in-interface=AP_bridge
add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related
add action=accept chain=forward comment="accept established,related" connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow all LAN (Office, Guest and POS) Traffic to Internet" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="DROP ALL Else"
add action=accept chain=forward comment="Allow Port Fowarding if required" connection-nat-state=dstnat
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="DROP All Else"
/ip firewall nat
add action=src-nat chain=srcnat comment="Source_NAT for All Users" ipsec-policy=out,none out-interface=eth1_WAN to-addresses=193.90.223.118
add action=redirect chain=dstnat comment="Force Users to Router DNS -TCP" dst-port=53 protocol=tcp
add action=redirect chain=dstnat comment="Force Users to Router DNS -UDP" dst-port=53 protocol=udp
add action=accept chain=srcnat disabled=yes ipsec-policy=out,none out-interface=eth1_WAN
/ip firewall raw
add action=drop chain=prerouting comment="Drop all non-internet networks" src-address-list=bogons
/ip route
add distance=1 gateway=193.90.223.117
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes port=2200
set api disabled=yes
set winbox address=192.168.1.20/32,192.168.1.21/32,192.168.88.5/32
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Oslo
/system identity
set name=Router-Kontor
/system leds
add interface=wlan2 leds=wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-led,wlan2_signal4-led,wlan2_signal5-led type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/system logging
add action=disk topics=info,critical,error,info
/system ntp client
set enabled=yes primary-ntp=79.160.13.250 secondary-ntp=162.159.200.1
/system scheduler
add interval=1d name=GuestWifiOn on-event=TurnWifiRadiosOn policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/20/2019 start-time=07:00:00
add interval=1d name=GuestWifiOff on-event=TurnWifiRadiosOff policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/21/2019 start-time=01:00:00
add interval=1d name=CheckForUpdatesInstall on-event=UpdateOS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/22/2020 start-time=04:30:00
/system script
add dont-require-permissions=no name=TurnWifiRadiosOn owner=stock policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "#/caps-man provisioning enable numbers=[find]\r\
    \n#:delay 1\r\
    \n#/caps-man radio provision numbers=[find]\r\
    \n/caps-man interface set [ find ] disabled=no"
add dont-require-permissions=no name=TurnWifiRadiosOff owner=stock policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "#/caps-man provisioning disable numbers=[find]\r\
    \n#:delay 1\r\
    \n#/caps-man radio provision numbers=[find]\r\
    \n/caps-man interface set [ find ] disabled=yes"
add dont-require-permissions=no name=UpdateOS owner=stock policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/system package update\r\
    \ncheck-for-updates once\r\
    \n:delay 3s;\r\
    \n:if ( [get status] = \"New version is available\") do={ install }"
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=WinboxAccess
/tool mac-server ping
set enabled=no

CAP:
Code: Select all
# mar/02/2020 09:30:00 by RouterOS 6.46.4
# software id = ZMLW-2GDR
#
# model = RBcAPGi-5acD2nD
# serial number = X
/interface bridge
add admin-mac=X auto-mac=no comment=defconf disabled=yes name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(30dBm), SSID: , CAPsMAN forwarding
set [ find default-name=wlan1 ] antenna-gain=0 country=no_country_set frequency-mode=manual-txpower ssid=MikroTik
# managed by CAPsMAN
# channel: 5540/20-Ceee/ac/DP(27dBm), SSID: Stock Spiseri, CAPsMAN forwarding
set [ find default-name=wlan2 ] antenna-gain=0 country=no_country_set frequency-mode=manual-txpower ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf disabled=yes interface=ether1
add bridge=bridgeLocal comment=defconf disabled=yes interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=none
/interface wireless cap
# 
set caps-man-certificate-common-names=X certificate=X discovery-interfaces=ether1 enabled=yes interfaces=wlan1,wlan2 lock-to-caps-man=yes
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip service
set winbox address=192.168.88.5/32
/system clock
set time-zone-name=Europe/Oslo
/system identity
set name=AP_Chambre
/system scheduler
add interval=1d name=CheckForUpdatesInstall on-event=UpdateOS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/22/2020 start-time=04:20:00
/system script
add dont-require-permissions=no name=UpdateOS owner=stock policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/system package update\r\
    \ncheck-for-updates once\r\
    \n:delay 3s;\r\
    \n:if ( [get status] = \"New version is available\") do={ install }"
Top
 
angriukas
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Nov 22, 2013 9:20 am
Contact:
Contact angriukas

Re: Firewall disabling my wireless interface in CAPsMAN

Mon Mar 02, 2020 4:18 pm

You can use any prefixes you want.
If CAP's contains no CAPsMAN IP address in config - assume it is L2 ;)
If you are not sure about L2, as proof you can try to remove IP address from CAP - that device still should provide WiFi.
Regarding 2.4 interfaces - hard to comment.
Top
 
atriva
just joined
Posts: 1
Joined: Mon Mar 02, 2020 10:16 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Mon Mar 02, 2020 10:20 pm

You can use any prefixes you want.
If CAP's contains no CAPsMAN IP address in config - assume it is L2 ;)
If you are not sure about L2, as proof you can try to remove IP address from CAP - that device still should provide WiFi.
Regarding 2.4 interfaces - hard to comment.
i cant access it....
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Wed Mar 04, 2020 3:57 pm

You can use any prefixes you want.
If CAP's contains no CAPsMAN IP address in config - assume it is L2 ;)
If you are not sure about L2, as proof you can try to remove IP address from CAP - that device still should provide WiFi.
Regarding 2.4 interfaces - hard to comment.
Regarding 2.4 interfaces. I had specified "g", "g turbo" and "gn" in HW supported modes under CAPs provisioning. So the 2.4 GHz radio didn't kick in, since they probably don't support "g turbo". The local rb4011igs+5hacq2hnd-in wireless worked, so they probably support this hw mode. Now, with only "gn", they all work again.

But under "Remote CAPs" in "CAPsMAN" the local rb4011igs+5hacq2hnd-in wireless has IP address, the other ones (cAP ac) have mac-adr. The IP is the same as Eth1 (where we get our WAN).
How do I configure the local wireless for L2?
Top
 
angriukas
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Nov 22, 2013 9:20 am
Contact:
Contact angriukas

Re: Firewall disabling my wireless interface in CAPsMAN

Thu Mar 05, 2020 10:20 am

The link to youtube I have posted contains info how to attach local wireless to CAPsMAN. Learn from that video.
Top
 
okw
newbie
Topic Author
Posts: 38
Joined: Thu May 24, 2018 7:05 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Sat Mar 07, 2020 7:37 pm

The link to youtube I have posted contains info how to attach local wireless to CAPsMAN. Learn from that video.
I've followed it, but local wireless still shows up with IP instead of MAC, and still being blocked by "drop all" input fw rule (unless i disable the rule a few seconds, then local wireless is registered in CAPsMAN).
I have no clue how to fix it...
Top
 
angriukas
Member Candidate
Member Candidate
Posts: 103
Joined: Fri Nov 22, 2013 9:20 am
Contact:
Contact angriukas

Re: Firewall disabling my wireless interface in CAPsMAN

Mon Mar 09, 2020 3:06 pm

Simple solution would allow L3 communications.
Create firewall rule in the INPUT chain to allow new connections from needed IP. Place this rule before drop rule.
ip firewall filter add chain=input src-address=A.B.C.D action=accept
Top
 
whatever
Member
Member
Posts: 353
Joined: Thu Jun 21, 2018 9:29 pm

Re: Firewall disabling my wireless interface in CAPsMAN

Tue Mar 10, 2020 6:24 pm

See https://wiki.mikrotik.com/wiki/Manual:S ... in_CAPsMAN
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 89 guests
  4. RouterOS
  5. Wireless Networking