Community discussions

MikroTik App
 
pawner
just joined
Topic Author
Posts: 2
Joined: Thu Aug 11, 2022 11:27 pm

Cannot access network remotely even with disabled firewall

Thu Aug 11, 2022 11:32 pm

I have disabled all firewall rules except fasttrack counter, but I still cannot ping nor SSH to the router remotely/externally outside of LAN. Here are my rules:
Flags: X - disabled, I - invalid; D - dynamic
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough

 1 X  ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked log=no log-prefix=""

 2 X  ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp in-interface-list=WAN log=no log-prefix=""

 3 X  ;;; wireguard
      chain=input action=accept protocol=udp dst-port=13231 log=no log-prefix=""

 4 X  ;;; allow wireguard traffic
      chain=input action=accept src-address=10.1.222.0/24 log=no log-prefix=""

 5 X  ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid log=no log-prefix=""

 6 X  ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1

 7 X  ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN log=no log-prefix=""

 8 X  ;;; defconf: accept in ipsec policy
      chain=forward action=accept ipsec-policy=in,ipsec

 9 X  ;;; defconf: accept out ipsec policy
      chain=forward action=accept ipsec-policy=out,ipsec

10 X  ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related

11 X  ;;; defconf: accept established,related, untracked
      chain=forward action=accept connection-state=established,related,untracked

12 X  ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid log=no log-prefix=""

13 X  ;;; defconf: drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""
What am I missing? I haven't been able to NAT anything successfully either.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Cannot access network remotely even with disabled firewall  [SOLVED]

Fri Aug 12, 2022 12:14 am

What am I missing?
Maybe public IP address?

In short, there are public addresses (you can connect to them from anywhere) and private addresses (not reachable from internet), and because there isn't enough of public ones, ISPs often give only private ones to customers.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Cannot access network remotely even with disabled firewall

Fri Aug 12, 2022 12:58 am

As a followon to Sob's comment, what is your WAN address (feel free to hide the last octet)?
 
pawner
just joined
Topic Author
Posts: 2
Joined: Thu Aug 11, 2022 11:27 pm

Re: Cannot access network remotely even with disabled firewall

Fri Aug 12, 2022 4:13 am

Bingo. My ISP started NATing me a week ago, and I did not realize.

Thanks for the help

Who is online

Users browsing this forum: mszru and 48 guests