Hi,
I have an RB760iGS router. I'm just starting out and getting to know the device.
I have a problem with my iphone 12. The Internet works on it via WiFi without any problem, but the problem is with updating the software.
Unfortunately it doesn't want to update. I don't see the drop in the logs, or I don't know how to look for it yet.
Other Android phones or Windows computers do not have such problems. I haven't noticed them yet.
Can you help me how to search for such problems?
Thank you Piter
Re: iPhone lock update.
I very much doubt that the reason is in the router, but anyway, please show me your config
Re: iPhone lock update.
Does the update work if you are connected to a different router?
Re: iPhone lock update.
It works when I turn on Wi-Fi and use LTE.
I don't have much in the configuration because I'm just starting out. Are firewall rules enough for you?
I don't have much in the configuration because I'm just starting out. Are firewall rules enough for you?
Re: iPhone lock update.
It's best to see the full configuration
Re: iPhone lock update.
/export file=config
Re: iPhone lock update.
# may/07/2024 16:23:33 by RouterOS 6.49.15
# software id = NXXXX
#
# model = RB760iGS
# serial number = XXXXX
/interface bridge
add arp=reply-only name=BR-LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1_LAN
set [ find default-name=ether2 ] name=ether2_LAN
set [ find default-name=ether3 ] name=ether3_LAN
set [ find default-name=ether4 ] name=ether4_LAN
set [ find default-name=ether5 ] name=ether5_LAN
set [ find default-name=sfp1 ] name=sfp1_WAN
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=block_site regexp=facebook.com
/ip kid-control
add fri=7h-23h59m mon=7h-20h30m name=MATI sat=7h-23h59m sun=7h-20h30m thu=\
7h-20h30m tue=7h-20h30m wed=7h-20h30m
add mon=7h-16h30m,19h-20h30m name=ALA sat=7h-22h sun=7h-21h thu=\
7h-16h30m,19h-20h30m tue=7h-16h30m,19h-20h30m wed=7h-17h30m,19h-20h30m
add disabled=yes fri=9h-10h,18h50m-23h59m mon=9h-10h,18h50m-23h59m name=\
chromecast-tv sat=6h-23h59m sun=6h-23h59m thu=9h-10h,18h50m-23h59m tue=\
9h-10h,18h50m-23h59m wed=9h-10h,18h50m-23h59m
add disabled=yes fri=0s-15h30m mon=0s-15h30m name=NIEZNANI sat=0s-15h30m sun=\
0s-15h30m thu=0s-15h30m tue=0s-15h30m wed=0s-15h30m
/ip pool
add name=dhcp_pool1 ranges=10.10.0.10-10.10.0.200
add name=dhcp_trap ranges=10.10.0.200-10.10.0.220
add name=dhcp_static ranges=10.10.0.5-10.10.0.49
add name=dhcp_pool2 next-pool=dhcp_static ranges=10.10.0.50-10.10.0.200
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool2 disabled=no interface=BR-LAN \
lease-time=1d name=dhcp1
/queue simple
add max-limit=50M/165M name="All LAN" target=10.10.0.0/24
add max-limit=50M/50M name=VENOM parent="All LAN" target=10.10.0.198/32
add max-limit=10M/120M name="Piotrek Firmowy" parent="All LAN" target=\
10.10.0.199/32
/interface bridge port
add bridge=BR-LAN interface=ether1_LAN
add bridge=BR-LAN interface=ether2_LAN
add bridge=BR-LAN interface=ether3_LAN
add bridge=BR-LAN interface=ether4_LAN
add bridge=BR-LAN interface=ether5_LAN
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=sfp1_WAN list=WAN
add interface=BR-LAN list=LAN
/ip address
add address=10.10.0.1/24 interface=BR-LAN network=10.10.0.0
/ip dhcp-client
add disabled=no interface=sfp1_WAN
/ip dhcp-server alert
add disabled=no interface=BR-LAN on-alert="pojawi\B3 si\EA nieznany host"
/ip dhcp-server lease
add address=10.10.0.199 client-id=1:74:78:27:77:40:37 comment=\
Piotrek-laptop-firmowy mac-address=74:78:27:77:40:37 server=dhcp1
add address=10.10.0.198 client-id=1:d8:50:e6:3f:ba:5f comment=\
Piotrek-stacjonarny mac-address=D8:50:E6:3F:BA:5F server=dhcp1
add address=10.10.0.191 client-id=1:0:31:92:c5:f2:a0 comment=AC-deco-dol \
mac-address=00:31:92:C5:F2:A0 server=dhcp1
add address=10.10.0.115 client-id=1:f8:25:51:366d comment=Drukarka \
mac-address=F8:25:51:36:CD:6D server=dhcp1
add address=10.10.0.190 client-id=1:64:6e:e0:4a:d0:a3 mac-address=\
64:6E:E0:4A:D0:A3 server=dhcp1
add address=10.10.0.183 client-id=1:84:e3:42:7d:eb:e5 comment=TUYA-GATEWAY \
mac-address=84:E3:42:7D:EB:E5 server=dhcp1
add address=10.10.0.181 client-id=1:8:1c:6e:b2:b3:a0 comment=Piotrek-Telefon \
mac-address=08:1C:6E:B2:B3:A0 server=dhcp1
add address=10.10.0.180 client-id=1:16:54:db:3:1d:8e comment=\
MATI-Telefon-POCO mac-address=16:54:DB:03:1D:8E server=dhcp1
add address=10.10.0.179 client-id=1:d8:fc:93:8a:d6:8f comment=MATI-Laptop \
mac-address=D8:FC:93:8A:D6:8F server=dhcp1
add address=10.10.0.178 client-id=1:62:fe:6b:b3:2d:af comment=\
MATI-Telefon-Redmi mac-address=62:FE:6B:B3:2D:AF server=dhcp1
add address=10.10.0.176 client-id=1:0:31:92:c6:36:10 comment=AC-deco-gora \
mac-address=00:31:92:C6:36:10 server=dhcp1
add address=10.10.0.175 client-id=1:40:fa:fe:89:10:f5 comment=\
ANIA-Moto-firmowy mac-address=40:FA:FE:89:10:F5 server=dhcp1
add address=10.10.0.174 client-id=1:1c:53:f926:6c comment=Chromecast-salon \
mac-address=1C:53:F9:0B:26:6C server=dhcp1
add address=10.10.0.173 client-id=1:f4:c8:8a:7d:f1:bd comment=ALA-Laptop-WiFi \
mac-address=F4:C8:8A:7D:F1:BD server=dhcp1
add address=10.10.0.172 client-id=1:68:a8:6d:9:69:70 comment=ANIA-MacBook \
mac-address=68:A8:6D:09:69:70 server=dhcp1
add address=10.10.0.171 client-id=1:a8:4a:28:77:f6:80 comment=ANIA-iPhone \
mac-address=A8:4A:28:77:F6:80 server=dhcp1
add address=10.10.0.170 client-id=1:48:4b:aa:91:57:da comment=ALA-Telefon \
mac-address=48:4B:AA:91:57:DA server=dhcp1
add address=10.10.0.182 client-id=1:50:e5:49:5c:9b:b1 comment=\
MATI-Desktop-str mac-address=50:E5:49:5C:9B:B1 server=dhcp1
add address=10.10.0.113 client-id=1:1c:99:57:7c:f5:b comment=\
ANIA-laptop-firmowy mac-address=1C:99:57:7C:F5:0B server=dhcp1
add address=10.10.0.112 comment=MATI-CHROMECAST mac-address=B0:2A:43:36:43:B3 \
server=dhcp1
add address=10.10.0.104 always-broadcast=yes comment="Server Lenovo SRV01" \
lease-time=52w1d mac-address=6C:4B:90:79:B6:68 server=dhcp1
add address=10.10.0.88 client-id=\
ff:0:4c:cf:36:0:1:0:1:2d:7c:9d:ad:52:54:0:4c:cf:36 comment=\
KVM-bacula-server mac-address=52:54:00:4C:CF:36 server=dhcp1
add address=10.10.0.87 client-id=1:30:83:d2:fc:31:a4 comment=Piotrek-Motorola \
mac-address=30:83:D2:FC:31:A4 server=dhcp1
add address=10.10.0.85 client-id=1:0:f7:6f:a9:6a:33 comment=\
ALA-Telefon-Zastepczy mac-address=00:F7:6F:A9:6A:33 server=dhcp1
add address=10.10.0.98 client-id=1:6c:4b:90:79:b6:68 lease-time=52w1d \
mac-address=6C:4B:90:79:B6:68 server=dhcp1
add address=10.10.0.201 mac-address=C0:A5:E8:11:72:77
add address=10.10.0.84 client-id=1:3e:81:1e:f5:3d:10 comment=\
ALA-Samsung-GalaxyA25 mac-address=3E:81:1E:F5:3D:10 server=dhcp1
add address=10.10.0.80 client-id=1:52:54:0:cc:b0:26 comment=\
Piotrek-KVM-Windows10 mac-address=52:54:00:CC:B0:26 server=dhcp1
add address=10.10.0.195 client-id=1:52:54:0:89:9b:49 comment=\
Piotrek-KVM-Debian mac-address=52:54:00:89:9B:49 server=dhcp1
/ip dhcp-server network
add address=10.10.0.0/24 comment="DHCP LAN" dns-server=8.8.8.8,8.8.4.4 \
domain=maj.ovh gateway=10.10.0.1 netmask=24 ntp-server=\
194.146.251.100,194.146.251.101
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 disabled=yes list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 disabled=yes list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 disabled=yes list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 disabled=yes list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 disabled=yes list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 disabled=yes list=not_in_internet
add address=224.0.0.0/4 comment=Multicast disabled=yes list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 disabled=yes list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 disabled=yes list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 disabled=yes list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 disabled=yes list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 disabled=yes list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 disabled=yes list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 disabled=yes list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" disabled=\
yes list=not_in_internet
add address=10.10.0.198 list=tiktok-ALLOW
/ip firewall filter
add action=fasttrack-connection chain=forward disabled=yes
add action=accept chain=input dst-port=8291 protocol=tcp src-address=\
10.10.0.0/24
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
10.10.0.0/24
add action=accept chain=input dst-port=8080 protocol=tcp src-address=\
10.10.0.0/24
add action=accept chain=input protocol=icmp src-address=10.10.0.0/24
add action=accept chain=input dst-port=53 protocol=udp src-port=53
add action=accept chain=input in-interface-list=LAN
add action=accept chain=input comment=defconf connection-state=\
established,related,new
add action=accept chain=input comment="Allow from LAN" in-interface-list=LAN
add action=drop chain=forward comment="Block Sites" disabled=yes dst-port=\
80,443 layer7-protocol=block_site log=yes log-prefix=block_sites \
protocol=tcp
add action=add-dst-to-address-list address-list=wp address-list-timeout=\
none-dynamic chain=forward comment="container wp" content=wp.pl \
src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=snapchat \
address-list-timeout=none-dynamic chain=forward comment=\
"counter snapchat" content=snapchat.com src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=instagram \
address-list-timeout=none-dynamic chain=forward comment=\
"counter instagram" content=instagram.com src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=tiktok address-list-timeout=\
none-dynamic chain=forward comment="container tiktok" content=tiktok.com \
src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=onet address-list-timeout=\
none-dynamic chain=forward comment=container.onet.pl content=onet.pl \
src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=facebook \
address-list-timeout=none-dynamic chain=forward comment=\
"container facebook" content=facebook.com src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=yotube address-list-timeout=\
none-dynamic chain=forward comment="container youtube" content=\
youtube.com src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=yotube address-list-timeout=\
none-dynamic chain=forward comment="container youtube PL" content=\
youtube.pl src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=netflix address-list-timeout=\
none-dynamic chain=forward comment="container netflix" content=\
netflix.com src-address=10.10.0.0/24
add action=add-dst-to-address-list address-list=player address-list-timeout=\
none-dynamic chain=forward comment="container TVN Player" content=\
player.pl src-address=10.10.0.0/24
add action=drop chain=forward comment="block site youtube" disabled=yes \
dst-address-list=yotube src-address=10.10.0.191
add action=drop chain=input comment="Drop all INPUT"
add action=drop chain=forward comment=NIEZNANI disabled=yes log=yes \
log-prefix=NIEZNANI src-mac-address=40:A3:CC:93:06:E3
add action=drop chain=forward comment="defconf drop forward invalid" \
connection-state=invalid
add action=drop chain=forward comment="Block Tiktock" dst-address-list=tiktok \
src-address=10.10.0.0/24
add action=drop chain=forward comment="Block snapchat" dst-address-list=\
snapchat src-address=10.10.0.0/24
add action=drop chain=forward comment="Block instagram" disabled=yes \
dst-address-list=instagram fragment=no hotspot="" src-address=\
10.10.0.0/24
/ip firewall nat
add action=masquerade chain=srcnat log=yes log-prefix=mask-port \
out-interface=sfp1_WAN src-address=10.10.0.0/24
add action=redirect chain=dstnat disabled=yes dst-port=80 protocol=tcp \
to-ports=8080
add action=redirect chain=dstnat disabled=yes dst-port=443 protocol=tcp \
to-ports=8080
/ip kid-control device
add mac-address=52:54:00:56:D3:A8 name=Debian-desktop user=MATI
add mac-address=F4:C8:8A:7D:F1:BD name=ZBYCHU user=ALA
add mac-address=D8:FC:93:8A:D6:8F name=MATI-Laptop user=MATI
add mac-address=16:54:DB:03:1D:8E name=MATI-POCO user=MATI
add mac-address=30:83:D2:FC:31:A4 name=motorola user=NIEZNANI
add mac-address=50:E5:49:5C:9B:B1 name=MATI-Desktop user=MATI
add mac-address=B0:2A:43:36:43:B3 name=Chromecast-tv user=chromecast-tv
add mac-address=1C:53:F9:0B:26:6C name=Chromecast-TV-Mati user=chromecast-tv
add mac-address=3E:81:1E:F5:3D:10 name=ALA-Samsung-GalaxyA25 user=ALA
/ip proxy
set anonymous=yes cache-administrator=piotr@XXX cache-path=\
disk1/lost+found
/ip proxy access
add action=deny
add action=deny dst-host=*wp.pl*
/ip service
set telnet address=10.10.0.0/24
set ftp disabled=yes
set www address=10.10.0.0/24
set ssh address=10.10.0.0/24
set winbox address=10.10.0.0/24
set api-ssl address=10.10.0.0/24
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=router
/system logging
set 0 action=disk
set 1 action=disk
set 2 action=disk
set 3 action=disk
/system note
set note="Hello welcome router Mikrotik"
/system ntp client
set enabled=yes primary-ntp=194.146.251.100 secondary-ntp=194.146.251.101
/tool e-mail
set address=mailXX.XXXX.net from=router.XXXX@XXXX.pl password=\
"LXXXXXX" port=587 start-tls=tls-only user=\
router.XXXX@XXXX.pl
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool traffic-monitor
add interface=sfp1_WAN name=tmon1
6d comment=Drukarka \
26:6c comment=Chromecast-salon \
Re: iPhone lock update.
That's kinda far away from the defaults...
You do have some blocking rules... So if some update on iPhone uses same CDN/cloud/etc as something that's blocked... That be one reason it wouldn't work.
If you add a firewall rule BEFORE the drops that just accept all traffic from the IP of the iPhone with update troubles, does that allow an update?
I don't have much in the configuration because I'm just starting out. Are firewall rules enough for you?
You do have some blocking rules... So if some update on iPhone uses same CDN/cloud/etc as something that's blocked... That be one reason it wouldn't work.
If you add a firewall rule BEFORE the drops that just accept all traffic from the IP of the iPhone with update troubles, does that allow an update?
Re: iPhone lock update.
I try to put what I want to play before the drop. I know it's crap right now, but I don't have time to sit down