Community discussions

MikroTik App
 
Deyan
just joined
Topic Author
Posts: 2
Joined: Tue Jul 07, 2015 4:11 pm

Firewall/Mangle not working for bridge traffic?

Tue Jul 07, 2015 4:32 pm

I am trying to mark local VoIP packets on RB951G-2HnD v6.29.1, but it looks like bridge traffic does not go through the firewall.

We have a PBX in a local network, and I would like to mark and prioritize VoIP packets in local network. All VoIP phones and and VoIP traffic is only in the local network 192.168.88.0/24, and PBX is on IP 192.168.88.99.

I have "use-ip-firewall" option enabled in bridge settings, but it looks like it does not work.

I even tried to add just some firewall log rules to catch traffic from and to PBX, but there is nothing in local network.

I tried the same with mangle and with firewall filter, but problem is the same. For example...
add action=log chain=forward log=yes log-prefix=Test1 src-address=192.168.88.99
add action=log chain=forward dst-address=192.168.88.99 log=yes log-prefix=Test2
This logs only NTP packets that are leaving the local network (bridge), but nothing is logged inside the bridge.

Why?
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: Firewall/Mangle not working for bridge traffic?

Wed Jul 08, 2015 12:55 pm

Bridge + Firewall seems broken after 6.28-29 for me.
Mikrotik struggle it in 6.30rcXX with variable success.
Look:
http://forum.mikrotik.com/viewtopic.php ... 70#p486770
http://forum.mikrotik.com/viewtopic.php ... 63#p489563
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Firewall/Mangle not working for bridge traffic?

Wed Jul 08, 2015 1:07 pm

Try 6.27
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: Firewall/Mangle not working for bridge traffic?

Tue Jul 14, 2015 10:27 am

Try 6.27
I tried but without success http://forum.mikrotik.com/viewtopic.php ... 89#p490689
I will retry nearest nights, can't experiment with customers.
Now 6.31rc15 without Use IP Firewall, i.e. dumb Bridge.

Who is online

Users browsing this forum: ConnyMercier and 73 guests