Community discussions

MikroTik App
 
lnks
just joined
Topic Author
Posts: 6
Joined: Thu Apr 20, 2023 4:33 am

Allow VPLS through Firewall

Sat May 27, 2023 2:07 am

I have an issue where LDP adjacency connects fine (port 646), but VPLS won’t come up unless I disable my drop rule in the firewall. Does VPLS use different ports? Any help would be appreciated.
 
mada3k
Long time Member
Long time Member
Posts: 687
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Allow VPLS through Firewall

Sun May 28, 2023 4:42 pm

You might need to allow input of ether-frames 0x8847 (mpls-unicast) somehow.
 
lnks
just joined
Topic Author
Posts: 6
Joined: Thu Apr 20, 2023 4:33 am

Re: Allow VPLS through Firewall

Sun May 28, 2023 6:23 pm

I see you can do a bridge filter for mac-protocol for mpls-unicast. Tried that, no change. I find it strange that LDP works, but VPLS doesn't. It seems that I could add a /ip firewall rule to allow this somehow, since disabling the drop rule allows the VPLS to come up.
 
lnks
just joined
Topic Author
Posts: 6
Joined: Thu Apr 20, 2023 4:33 am

Re: Allow VPLS through Firewall

Sun May 28, 2023 8:38 pm

The output below allows VPLS to come up.

/ip firewall filter
add action=accept chain=input src-address=10.0.0.0/24 protocol=udp
add action=accept chain=input src-address=10.0.0.0/24 protocol=tcp

So there must be some port being blocked or a protocol that I'm unaware of.

LDP works with the below output. But VPLS does not come up unless I basically open up the whole subnet to anything tcp/udp as above.

/ip firewall filter
add action=accept chain=input protocol=udp dst-port=646
add action=accept chain=input protocol=tcp dst-port=646
add action=accept chain=output protocol=udp dst-port=646
add action=accept chain=output protocol=tcp dst-port=646
 
lnks
just joined
Topic Author
Posts: 6
Joined: Thu Apr 20, 2023 4:33 am

Re: Allow VPLS through Firewall  [SOLVED]

Tue May 30, 2023 3:47 am

Interesting enough. I added the same input chain rule but added the source port 646 and destination port 646 and VPLS came up. So solved I guess…

Who is online

Users browsing this forum: No registered users and 13 guests