Community discussions

MikroTik App
  4. RouterOS
  5. General

Traffic are bloced for one devices (WIznet)  [SOLVED]

Post Reply
 
eldzi
just joined
Topic Author
Posts: 6
Joined: Fri Dec 03, 2021 11:21 am

Traffic are bloced for one devices (WIznet)

Fri Dec 03, 2021 11:34 am

Hi,
I have a problem with my RB2011iL (6.49), its confuse me.
In my network I have a gateway for my boiler, it connects to the external server using ports 51000-52000 starting from 51652.
adres IP.PNG
but when this gateway is connected directly to the Mikrotik router not working, the device restarts because the connection to the server is not established.
When I put between RB and gateway the tp-link with gargoyle (default settings) its works very well.

Firewall settings below with my excesise :)
firewall.PNG
when i disable "drop" has no impact on this
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19323
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Traffic are bloced for one devices (WIznet)

Fri Dec 03, 2021 9:29 pm

Could be this scenario?
It may depend on DNS, if the boiler DNS is not in the proper format non-standard (wrong letter case) , the MT router will correct the format which then may be rejected with return traffic as unrecognized by the client (boiler).
Most brands simply copy the DNS name and regurgitate it back and no issues.
Top
 
eldzi
just joined
Topic Author
Posts: 6
Joined: Fri Dec 03, 2021 11:21 am

Re: Traffic are bloced for one devices (WIznet)

Tue Dec 07, 2021 8:10 am

Thx for your answer but what I should do now? and how of course where I be able to check translation DNS?
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Traffic are bloced for one devices (WIznet)

Tue Dec 07, 2021 3:46 pm

If it is this thing with dns, you can test (and fix it) by giving different dns servers to this device. Either manually, or add special config for it in dhcp server. Give it static lease and then own config:

If you have e.g. this for whole network:
Code: Select all
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
Then make a copy, change address to this device's address with /32 mask, add netmask=24 and custom dns:
Code: Select all
/ip dhcp-server network
add address=192.168.88.50/32 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 netmask=24
Top
 
eldzi
just joined
Topic Author
Posts: 6
Joined: Fri Dec 03, 2021 11:21 am

Re: Traffic are bloced for one devices (WIznet)

Mon Dec 20, 2021 12:48 pm

If it is this thing with dns, you can test (and fix it) by giving different dns servers to this device. Either manually, or add special config for it in dhcp server. Give it static lease and then own config:

If you have e.g. this for whole network:
Code: Select all
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
Then make a copy, change address to this device's address with /32 mask, add netmask=24 and custom dns:
Code: Select all
/ip dhcp-server network
add address=192.168.88.50/32 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 netmask=24
as i know i made as you shown above but not working :(
any ideas how solve this issue ?
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Traffic are bloced for one devices (WIznet)

Mon Dec 20, 2021 8:46 pm

It won't just start working, the device first needs to get new dns servers, so you'd have to either wait until it renews dhcp lease, or restarting the device should help too.

You can verify what the device uses using logging rules:
Code: Select all
/ip firewall mangle
add chain=prerouting src-address=<device's address> protocol=udp dst-port=53 action=log
add chain=prerouting src-address=<device's address> protocol=tcp dst-port=53 action=log
If it uses correct servers (i.e. not RB), and it still doesn't work, then it must be something else. But what exacly, it's hard to say. For start, check firewall, but chain=forward, not chain=input, and make sure that you don't block device's access to internet there. If it doesn't help either, you could play with packet sniffer and look for clues there, compare what happens with RB and what happends with TP-Link, and hopefully there will be something obvious. But it's something a bit more advanced.
Top
 
eldzi
just joined
Topic Author
Posts: 6
Joined: Fri Dec 03, 2021 11:21 am

Re: Traffic are bloced for one devices (WIznet)

Wed Dec 22, 2021 11:39 am

It won't just start working, the device first needs to get new dns servers, so you'd have to either wait until it renews dhcp lease, or restarting the device should help too.

You can verify what the device uses using logging rules:
Code: Select all
/ip firewall mangle
add chain=prerouting src-address=<device's address> protocol=udp dst-port=53 action=log
add chain=prerouting src-address=<device's address> protocol=tcp dst-port=53 action=log
If it uses correct servers (i.e. not RB), and it still doesn't work, then it must be something else. But what exacly, it's hard to say. For start, check firewall, but chain=forward, not chain=input, and make sure that you don't block device's access to internet there. If it doesn't help either, you could play with packet sniffer and look for clues there, compare what happens with RB and what happends with TP-Link, and hopefully there will be something obvious. But it's something a bit more advanced.

thank you for your answer
messeges in log's as below
log.PNG
I try to put the Google DNS
dns.PNG
try to add many different addresses but without result, when the device (wiznet) not established the internet connection then it restarts automatically
e.g i use addres IP my mobile phone and use this addres as a static for wiznet devices and does not working.
You do not have the required permissions to view the files attached to this post.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Traffic are bloced for one devices (WIznet)  [SOLVED]

Wed Dec 22, 2021 6:22 pm

The goal was to make the device itself use external dns resolvers, i.e. not router. So either give it some using dhcp:
Code: Select all
/ip dhcp-server network
add address=192.168.1.158/32 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1 netmask=24
And then the logging rule should show requests from 192.168.1.158 going directly to 8.8.8.8/8.8.4.4 (and not to 192.168.1.1 like now). Or you can redirect dns queries from device to external server using dstnat:
Code: Select all
/ip firewall nat
add chain=dstnat src-address=192.168.1.158 protocol=udp dst-port=53 action=dst-nat to-addresses=8.8.8.8
add chain=dstnat src-address=192.168.1.158 protocol=tcp dst-port=53 action=dst-nat to-addresses=8.8.8.8
Top
 
eldzi
just joined
Topic Author
Posts: 6
Joined: Fri Dec 03, 2021 11:21 am

Re: Traffic are bloced for one devices (WIznet)

Thu Dec 23, 2021 9:03 am

Thank you for solution i will try asap
Top
 
eldzi
just joined
Topic Author
Posts: 6
Joined: Fri Dec 03, 2021 11:21 am

Re: Traffic are bloced for one devices (WIznet)

Tue Jan 04, 2022 12:19 pm

Sob thank you so much, my problem was solved by your advices i so appreciate your knowledge.
Now i see connection with server
works.PNG
You do not have the required permissions to view the files attached to this post.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Traffic are bloced for one devices (WIznet)

Tue Jan 04, 2022 1:03 pm

Good. And when you upgrade to RouterOS v7 in future (you don't have to rush), this shouldn't be necessary anymore.
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], ortdx, rkau045 and 98 guests
  4. RouterOS
  5. General