Hello,
I try to connect from a server (in my backbone) on my CPE Hex via its loopback IP with SSH and Winbox, but I have a timeout error.
Is it possible to configure a Mikrotik CPE with its loopback IP ?
I have no problem reaching it via ICMP and SNMP.
CPE configuration :
/interface bridge
add name=Loopback protocol-mode=none
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 name=xxxxxxx
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=Loopback list=WAN
/ip address
add address=192.168.31.1/30 comment=defconf interface=bridge network=192.168.31.0
add address=185.x.x.x/30 interface=ether1 network=x.x.x.x
add address=10.252.0.215 interface=Loopback network=10.252.0.215
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=185.x.x.y
/ip service
set telnet disabled=yes
set ssh address=0.0.0.0/0
set winbox address=0.0.0.0/0
/snmp
set enabled=yes location="xxx" trap-generators=interfaces trap-target=0.0.0.0 trap-version=2
/system identity
set name=CPE-xxxx--xxx-AI-01
Looking forward ti reading you.
Regards,
N2E