]Hello everybody! I am new to VXLAN, i am experimenting with it. We have several 4G Mikrotik sites, and we have central Windows DHCP servers.
I use dhcp relay towards our 10.2.10.1 Microsoft AD server where reside our DHCP servers. I got and IP address, but i have got a general firewall drop rule:
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=accept chain=input dst-port=2250,8291 protocol=tcp src-address-list=MANAGEMENT
add action=accept chain=input dst-port=14557 protocol=udp src-address=91.XXX.XXX.XXX
add action=accept chain=input protocol=icmp
add action=drop chain=input connection-state=invalid
add action=drop chain=input
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward connection-state=established,related,new
/ip firewall mangle
add action=change-mss chain=forward new-mss=1300 out-interface=lte1 protocol=tcp tcp-flags=syn
If i disable general drop rule that is drop everything else then i got IP from the other side.
Ok i found the solution:
/ip firewall filter
add action=accept chain=input dst-port=67 in-interface=VXLAN_BRIDGE protocol=udp src-port=68
add action=accept chain=input dst-address=10.2.187.254 dst-port=67 in-interface=VXLAN_TEST_WG protocol=udp src-address=10.2.10.1 src-port=67
I need this 2 rules before the general drop rule to accept the DHCP packets.