i get an interesting bug, if it's a bug, and need help to sort this out.
so i have a WAP AC LTE Kit (ref RBWAPGR-5HACD2HND&R11E-LTE).
Up to date with 7.14.1
on this router, i have :
- a pppoe-client access used as primary wan with IP xxx.xxx.xxx.33
- a LTE access i want to use as backup with IP xxx.xxx.xxx.46
the pppoe access work like a charm.
the LTE is registered correctly
the strange part is: i cannot ping the LTE ip xxx.xxx.xxx.46 from internet.
but, if i do first a ping from the mikrotik to internet using LTE connection, i can then ping back the LTE IP during some time. after a while, it's not working anymore...
the interesting part:
when i try to ping the LTE access xxx.xxx.xxx.46, i see in the LTE graph the packets every 1 second.
but if i add a mangle rule with prerouting to log it, thee is nothing logged, and the packet count is still 0.
Do you have any idea of this mistery ?
see below extract of config
ether1 is the LAN
ether2 is the optical fiber with pppoe-client attached on it
wifi is disabled.
no DHCP server.
Code: Select all
# 2024-03-19 14:20:56 by RouterOS 7.14.1
# software id = F6R4-7BGT
#
# model = RBwAPGR-5HacD2HnD
# serial number = HEA08TMX4ZN
/interface bridge
add admin-mac=48:A9:8A:99:6C:2C auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1_LAN
set [ find default-name=ether2 ] name=ether2_FIBRE
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band="" mtu=1400 network-mode=lte sms-read=no
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether2_FIBRE name=pppoe-alpha user=office@office.pouet
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=myapn authentication=pap default-route-distance=10 ip-type=ipv4 use-network-apn=no use-peer-dns=no user=mysuperlogin
/queue type
add fq-codel-ecn=no kind=fq-codel name=fq-codel-ethernet-default
/queue interface
set ether1_LAN queue=fq-codel-ethernet-default
set ether2_FIBRE queue=fq-codel-ethernet-default
/interface bridge port
add bridge=bridge comment=defconf interface=ether1_LAN
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
add interface=pppoe-alpha list=WAN
add interface=ether2_FIBRE list=WAN
/ip address
add address=192.168.11.2/24 interface=bridge network=192.168.11.0
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,9.9.9.9,8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=log chain=prerouting in-interface=lte1 log-prefix=FROMLTE
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set sip disabled=yes
/ip route
add disabled=no dst-address=8.8.8.8/32 gateway=lte1 routing-table=main suppress-hw-offload=no
/system clock
set time-zone-name=Europe/Paris
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=0.europe.pool.ntp.org
add address=0.fr.pool.ntp.org
add address=fr.pool.ntp.org
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN