Hi guys.
I'm a noob to Mikrotik and RouterOS and am learning as I go. I have managed to get my home network set up with 1 Fibre ISP over PPPOE and failover to my WISP via static IP.
Fibre is on ETH1 and WISP is on ETH2. My PC runs on ETH3 and the Wireless AP and internal network run on ETH4.
The issue I am having is with my VoIP. I'm trying to get it running on ETH5 after trying for 2 weeks to get it to run on the bridged netwrk that was ETH3 to ETH5. I have since removed ETH5 on the bridge in order to dedicate the port to VoIP but, for the life of me, I simply cannot get it to work.
As a noob, I fully expect you guys to roast my config but, once you're done roasting me, would someone please help me get this VoIP to work before it takes a long flight out of my window?
Thanks in advance!
My config:
/interface bridge
add name=Network
/interface ethernet
set [ find default-name=ether1 ] name=C_Access-pppoe
set [ find default-name=ether2 ] name=C_Net-wan
set [ find default-name=ether3 ] name=Dad
set [ find default-name=ether4 ] name=Kids
set [ find default-name=ether5 ] name=VoIP
/interface pppoe-client
add add-default-route=yes disabled=no interface=C_Access-pppoe name=CA user=\
bruc22745@clearaccess
/disk
set sd1 type=hardware
add parent=sd1 partition-number=1 partition-offset=512 partition-size=\
"63 864 569 344" type=partition
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.3.2-192.168.3.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=Network lease-time=1d name=Metered
/port
set 0 name=serial0
/queue simple
add max-limit=80M/100M name=All priority=1/1 target=192.168.3.0/24
add max-limit=80M/100M name="Access Point" parent=All priority=3/3 target=\
192.168.3.252/32
add max-limit=80M/100M name=Dad parent=All priority=2/2 target=\
192.168.3.10/32
add max-limit=80M/100M name="Dad Phone" parent=All priority=3/3 target=\
192.168.3.244/32
add max-limit=80M/100M name="Dad Work" parent=All priority=3/3 target=\
192.168.3.243/32
add name="Dad Work Laptop" parent=All target=192.168.3.238/32
add max-limit=80M/100M name="Mom PC" parent=All priority=2/2 target=\
192.168.3.14/32
add max-limit=80M/100M name="Mom Phone" parent=All priority=3/3 target=\
192.168.3.248/32
add max-limit=80M/100M name=Kiki-PC parent=All priority=3/3 target=\
192.168.3.11/32
add max-limit=80M/100M name="Kiki Phone" parent=All priority=4/4 target=\
192.168.3.245/32
add max-limit=80M/100M name="Scally PC" parent=All priority=3/3 target=\
192.168.3.12/32
add max-limit=80M/100M name="Scally Phone" parent=All priority=4/4 target=\
192.168.3.246/32
add max-limit=80M/100M name="Scally Tab" parent=All priority=4/4 target=\
192.168.3.250/32
add max-limit=1M/1M name="Loretta A" parent=All target=192.168.3.249/32
add max-limit=1M/1M name="Loretta B" parent=All target=192.168.3.247/32
add disabled=yes max-limit=1M/1M name=DSTV parent=All target=192.168.3.253/32
add max-limit=1M/1M name="Cedric Tab" parent=All target=192.168.3.240/32
/dude
set enabled=yes
/interface bridge port
add bridge=Network interface=Dad
add bridge=Network interface=Kids
/ip neighbor discovery-settings
set mode=rx-only
/ip address
add address=192.168.3.1/24 interface=Dad network=192.168.3.0
add address=192.168.2.2/24 interface=C_Net-wan network=192.168.2.0
add address=192.168.4.1/24 interface=VoIP network=192.168.4.0
/ip dhcp-client
add default-route-distance=5 interface=C_Net-wan
/ip dhcp-server lease
add address=192.168.3.252 client-id=1:4:95:e6:b0:11:38 mac-address=\
04:95:E6:B0:11:38 server=Metered use-src-mac=yes
add address=192.168.3.250 client-id=1:e4:40:e2:e5:87:5c mac-address=\
E4:40:E2:E5:87:5C server=Metered use-src-mac=yes
add address=192.168.3.251 client-id=1:0:15:65:f8:c9:a3 mac-address=\
00:15:65:F8:C9:A3 server=Metered use-src-mac=yes
add address=192.168.3.248 client-id=1:4a:5e:35:c:72:4a mac-address=\
4A:5E:35:0C:72:4A server=Metered use-src-mac=yes
add address=192.168.3.245 client-id=1:48:9d:d1:13:df:6d mac-address=\
48:9D:D1:13:DF:6D server=Metered use-src-mac=yes
add address=192.168.3.249 client-id=1:3c:bb:fd:9:c7:6a mac-address=\
3C:BB:FD:09:C7:6A server=Metered use-src-mac=yes
add address=192.168.3.243 client-id=1:c4:1c:7:5a:54:bb mac-address=\
C4:1C:07:5A:54:BB server=Metered use-src-mac=yes
add address=192.168.3.247 client-id=1:d6:5b:3c:43:2d:10 mac-address=\
D6:5B:3C:43:2D:10 server=Metered use-src-mac=yes
add address=192.168.3.253 client-id=1:b0:5d:d4:f5:89:45 mac-address=\
B0:5D:D4:F5:89:45 server=Metered use-src-mac=yes
add address=192.168.3.244 client-id=1:d0:87:e2:96:e0:67 mac-address=\
D0:87:E2:96:E0:67 server=Metered use-src-mac=yes
add address=192.168.3.246 client-id=1:92:f2:99:46:36:95 mac-address=\
92:F2:99:46:36:95 server=Metered use-src-mac=yes
add address=192.168.3.240 client-id=1:fc:50:a0:65:a4:d0 mac-address=\
FC:50:A0:65:A4:D0 server=Metered use-src-mac=yes
/ip dhcp-server network
add address=192.168.3.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.3.1
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=Bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
d this subnet before enable it" list=Bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=Bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=Bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
need this subnet before enable it" list=Bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=Bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
Bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=Bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=Bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=Bogons
add address=224.0.0.0/4 comment=\
"MC, Class D, IANA # Check if you need this subnet before enable it" \
list=Bogons
/ip firewall filter
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=input port=69 protocol=udp
add action=accept chain=forward port=69 protocol=udp
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=CA
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=C_Access-pppoe
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=C_Net-wan
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
Bogons
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=CA
add action=drop chain=input in-interface=C_Access-pppoe
add action=drop chain=input in-interface=C_Net-wan
/ip firewall mangle
add action=mark-connection chain=forward comment=SIP dst-address=\
196.216.192.0/24 dst-port=5060 new-connection-mark=SIP_Connection \
passthrough=yes protocol=udp src-address=192.168.4.2
add action=mark-packet chain=forward connection-mark=SIP_Connection \
dst-address=0.0.0.0 new-packet-mark=SIP_Packet passthrough=yes \
src-address=192.168.4.2
add action=mark-connection chain=forward comment=RTP dst-address=\
196.216.192.0/24 new-connection-mark=RTP_Connection passthrough=yes port=\
10000-12000 protocol=udp src-address=192.168.4.2
add action=mark-packet chain=forward connection-mark=RTP_Connection \
new-packet-mark=RTP_Packet passthrough=yes protocol=udp
add action=mark-connection chain=forward comment=SIP dst-address=\
196.216.192.0/24 dst-port=5060 new-connection-mark=SIP_Connection \
passthrough=yes protocol=udp src-address=192.168.4.2
add action=mark-packet chain=forward connection-mark=SIP_Connection \
new-packet-mark=SIP_Packet passthrough=yes
add action=mark-packet chain=forward connection-mark=RTP_Connection \
new-packet-mark=RTP_Packet passthrough=yes protocol=udp
add action=change-dscp chain=postrouting comment="DSCP Priority" dst-address=\
196.216.192.0/24 new-dscp=46 packet-mark=RTP_Packet passthrough=yes \
src-address=192.168.4.2
/ip firewall nat
add action=masquerade chain=srcnat
/ip firewall service-port
set sip disabled=yes
/ip route
add disabled=no distance=1 dst-address=10.222.255.26/32 gateway="" \
routing-table=main suppress-hw-offload=no
add check-gateway=ping comment="Host lookup CA" disabled=no distance=1 \
dst-address=1.1.1.1/32 gateway=10.222.255.26 pref-src="" routing-table=\
main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Host lookup C_Net" disabled=no distance=2 \
dst-address=8.8.8.8/32 gateway=192.168.2.1 pref-src="" routing-table=main \
scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="CA Default Route" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=main \
scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="C_Net Backup Route" disabled=no distance=2 \
dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src="" routing-table=main \
scope=30 suppress-hw-offload=no target-scope=11
/system clock
set time-zone-name=Africa/Johannesburg
/system note
set show-at-login=no
/user-manager
set certificate=*0
/user-manager router
add address=192.168.4.10 name=Home