Community discussions

MikroTik App
 
tomswenson
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Apr 13, 2005 11:17 pm

No DNS when using default filter

Thu May 19, 2022 5:23 pm

Didn't have much luck searching for this issue since every posted config contains this, so I hope you don't mind me posting this.

Odd problem with one of my clients. I couldn't Winbox to the HEX router via DNS.

Turns out the IP/Cloud was not working and system/packages wouldn't check for updates.

After trouble shooting, I found that this default entry in the filter was the issue. Or, at least when I disabled it, everything works.

10 ;;; defconf: drop all not coming from LAN chain=input action=drop in-interface-list=!LAN log=no log-prefix=""

Not seeing this issue on other routers. I have LAN list entries of the bridge and a capsman bridge I use for public access.

Tom
Last edited by tomswenson on Thu May 19, 2022 6:51 pm, edited 1 time in total.
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: No DNS when using default filter

Thu May 19, 2022 5:46 pm

Input is for connecting with the MikroTik. Is the MikroTik working as DNS server for the connected clients?

If you want more info, please share your complete config (make sure to remove any personal information):

/export file=anynameyoulike
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No DNS when using default filter

Thu May 19, 2022 5:57 pm

What do you mean connecting to your clients via DNS and winbox?
The only method you should use to connect to client routers is via VPN etc...........

Yes default rules block all traffic not coming from the LAN, this is appropriate for the default setup.
If you wish to permit incoming VPN traffic then you make an input rule prior to this as appropriate (such as wireguard port).
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: No DNS when using default filter  [SOLVED]

Thu May 19, 2022 6:24 pm

Did you somehow lose default rule that accepts established, related and untracked connections? It's also in input chain, somewhere before this drop rule and takes care of allowing responses to connections initiated by router.
 
tomswenson
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Apr 13, 2005 11:17 pm

Re: No DNS when using default filter

Thu May 19, 2022 6:50 pm

SOB, you nailed it. That rule was somehow missing.

Great catch, thanks all for responding.

Who is online

Users browsing this forum: Amazon [Bot], daliusm, roemer and 94 guests