Community discussions

MikroTik App
 
shawgrim
just joined
Topic Author
Posts: 2
Joined: Thu Feb 18, 2021 2:43 pm
Location: Manchester, UK

New to MikroTik, only one issue...

Thu Sep 16, 2021 4:26 pm

Hi all,

I'm a PBX engineer for my sins. I know enough about networking to be dangerous, and get me by in my day-to-day :) but I am looking to further my knowledge and quals in this area. With this in mind, I decided to get a MikroTik for my home router so I can work in my 'lab' so to speak, and we also use this kit in our infrastructure at work.

So I picked up a RB951Ui-2HnD and slapped a basic config on from some guides. I have it running a PPPoE session on ethernet1 and ethernet2 acting as a trunking port for the rest of my LAN. I setup some VLANs (I'm aware they can all talk at the moment and I'm not too fussed about that for the moment) but I am seeing some issues in the logs.

I keep getting 'invalid forward: in vlan10 out:plusnet' with various mac addresses. I wonder if someone can point me in the right direction.

Thanks in advance
# sep/16/2021 13:51:16 by RouterOS 6.48.4
# software id = 2319-L8KS
#
# model = 951Ui-2HnD
# serial number = 7BCC06CDC5D1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
set [ find default-name=ether2 ] name=ether2-lan
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-wan name=plusnet user=\
    shawgrim@plusdsl.net
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface vlan
add interface=ether2-lan name=vlan10 vlan-id=10
add interface=ether2-lan name=vlan20 vlan-id=20
add interface=ether2-lan name=vlan30 vlan-id=30
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool1 ranges=192.168.10.15-192.168.10.254
add name=dhcp_pool2 ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool3 ranges=192.168.30.2-192.168.30.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether2-lan lease-time=1d \
    name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=vlan10 lease-time=1d name=\
    dhcp2
add address-pool=dhcp_pool2 disabled=no interface=vlan20 lease-time=1d name=\
    dhcp3
add address-pool=dhcp_pool3 disabled=no interface=vlan30 lease-time=1d name=\
    dhcp4
/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU \
    up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US \
    up-port=1700
add address=eu1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (eu1)" up-port=1700
add address=nam1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (nam1)" up-port=1700
add address=au1.cloud.thethings.industries down-port=1700 name=\
    "TTS Cloud (au1)" up-port=1700
add address=eu1.cloud.thethings.network down-port=1700 name="TTN V3 (eu1)" \
    up-port=1700
add address=nam1.cloud.thethings.network down-port=1700 name="TTN V3 (nam1)" \
    up-port=1700
add address=au1.cloud.thethings.network down-port=1700 name="TTN V3 (au1)" \
    up-port=1700
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=192.168.1.1/24 interface=ether2-lan network=192.168.1.0
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30 network=192.168.30.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=1.1.1.1,1.1.2.2 gateway=192.168.1.1
add address=192.168.10.0/24 dns-server=192.168.10.10,1.1.1.1 gateway=\
    192.168.10.1
add address=192.168.20.0/24 dns-server=1.1.1.1,1.1.2.2 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=1.1.1.1,1.1.2.2 gateway=192.168.30.1
/ip firewall address-list
add address=192.168.1.2-192.168.1.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
/ip firewall filter
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=fasttrack-connection chain=forward comment=FastTrack \
    connection-state=established,related
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log=yes log-prefix=invalid
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
    protocol=icmp
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP" in-interface=\
    ether1-wan log=yes log-prefix=!public src-address-list=not_in_internet
add action=fasttrack-connection chain=forward comment=FastTrack \
    connection-state=established,related
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log=yes log-prefix=invalid
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log=yes log-prefix=invalid
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
    protocol=icmp
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP" in-interface=\
    ether1-wan log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
    "Drop packets from LAN that do not have LAN IP" in-interface=ether2-lan \
    log=yes log-prefix=LAN_!LAN src-address=!192.168.1.0/24
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
    protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
    protocol=icmp
add action=accept chain=icmp comment=\
    "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
    protocol=icmp
add action=drop chain=icmp comment="deny all other types"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=plusnet
/system clock
set time-zone-name=Etc/GMT+0
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set vlan30 disabled=yes display-time=5s
set vlan20 disabled=yes display-time=5s
set vlan10 disabled=yes display-time=5s
set plusnet disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1-wan disabled=yes display-time=5s
set ether2-lan disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
/system ntp client
set enabled=yes server-dns-names=europe.pool.ntp.org
/system routerboard settings
set auto-upgrade=yes
/tool user-manager database
set db-path=user-manager

Who is online

Users browsing this forum: diasdm, Google [Bot], GoogleOther [Bot], NimbuS and 33 guests