Community discussions

 
khaverblad
newbie
Topic Author
Posts: 32
Joined: Sat Mar 08, 2014 12:32 am
Location: Sweden
Contact:

v6.43.4 + v6.43.7 corrupts the use of Address Lists

Sat Dec 08, 2018 12:11 am

I've been using the Address Lists for various whitelisting rules in my NAT rules but noticed when I upgraded to v6.43.4 a week or so ago that the rules stopped work and same issue with v6.43.7. Don't remember exactly which version I had previously when the NAT rules worked, but it was v6.42.x something.

I will try to kick it back to previous version, but wanted to check if someone can verify above including maybe last working version for the Address Lists function.
--
Member of Mikrotik Sweden Telegram Group
 
nescafe2002
Member
Member
Posts: 489
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.43.4 + v6.43.7 corrupts the use of Address Lists

Sat Dec 08, 2018 12:31 am

Same issue: viewtopic.php?t=142217

Create supout and send to support to get it fixed in upcoming releases.
 
khaverblad
newbie
Topic Author
Posts: 32
Joined: Sat Mar 08, 2014 12:32 am
Location: Sweden
Contact:

Re: v6.43.4 + v6.43.7 corrupts the use of Address Lists

Sat Dec 08, 2018 1:23 am

Will do. Suggestion which version that still works with Address Lists feature?
--
Member of Mikrotik Sweden Telegram Group
 
strods
MikroTik Support
MikroTik Support
Posts: 1367
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.43.4 + v6.43.7 corrupts the use of Address Lists

Sat Dec 08, 2018 8:54 pm

Do you mean that you have addresses in the list but rules that use address list are not working? Can you provide an example? Address lists and firewall have not been touched for a long time. Also we have not seen such reports in support. Are you sure that simply other firewall rules are not matching this traffic before it reaches this particular rule that uses address list?
 
khaverblad
newbie
Topic Author
Posts: 32
Joined: Sat Mar 08, 2014 12:32 am
Location: Sweden
Contact:

Re: v6.43.4 + v6.43.7 corrupts the use of Address Lists

Fri Dec 14, 2018 8:37 pm

Correct, here is the rule which suddenly stopped working which make use of src-address-list:

add action=dst-nat chain=dstnat dst-port=32400 in-interface=sfp1-gateway protocol=tcp src-address-list=WhiteList to-addresses=192.168.10.10 to-ports=32400

and the whitelist looks something like this:

add address=78.67.###.### list=WhiteList
add address=84.216.##.# list=WhiteList
add address=85.30.###.### list=WhiteList


Got similar problem on a RB2011 which shows the same issue with src-address-list.
--
Member of Mikrotik Sweden Telegram Group
 
anav
Forum Guru
Forum Guru
Posts: 1140
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: v6.43.4 + v6.43.7 corrupts the use of Address Lists

Fri Dec 14, 2018 9:13 pm

Seems like a perfectly reasonable rule ( I like it because its port forwarded limited to white list members).
However have you made any other changes lately to your setup?
Without seeing the whole config, sometimes its harder to pinpoint the issue.

Who is online

Users browsing this forum: No registered users and 78 guests