Hi all,
I am quite new on Mikrotik but have done some basic setups already with no issues. Doing a new one I am getting a problem on router itself to resolve DNS (only required for updates honestly); disabling the rule to block traffic from WAN ("defconf: drop all not coming from LAN") it works but, of course I don't want to remove it (have also tried to do !LAN instead of WAN but same result), Can you please help me? Here you can find my config:
Thanks in advance
I am quite new on Mikrotik but have done some basic setups already with no issues. Doing a new one I am getting a problem on router itself to resolve DNS (only required for updates honestly); disabling the rule to block traffic from WAN ("defconf: drop all not coming from LAN") it works but, of course I don't want to remove it (have also tried to do !LAN instead of WAN but same result), Can you please help me? Here you can find my config:
Code:
# mar/19/2024 10:47:41 by RouterOS 6.49.13# software id = **ELIDED**## model = RB3011UiAS/interface bridgeadd name=bridge_LAN/interface ethernetset [ find default-name=ether1 ] name=ether1-WAN1set [ find default-name=ether2 ] name=ether2-WAN2set [ find default-name=ether3 ] disabled=yesset [ find default-name=ether4 ] disabled=yesset [ find default-name=ether5 ] disabled=yesset [ find default-name=sfp1 ] disabled=yes/interface vrrpadd interface=bridge_LAN name=VRRP/interface listadd name=LANadd name=WAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=dhcp_pool_LAN ranges=20.1.0.50-20.1.1.254/ip dhcp-serveradd address-pool=dhcp_pool_LAN disabled=no interface=VRRP name=dhcp_LAN/queue simpleadd disabled=yes dst=ether1-WAN1 max-limit=10M/10M name=LimitWAN1 target=""/interface bridge portadd bridge=bridge_LAN interface=ether6add bridge=bridge_LAN interface=ether7add bridge=bridge_LAN interface=ether8add bridge=bridge_LAN interface=ether9add bridge=bridge_LAN interface=ether10/ip neighbor discovery-settingsset discover-interface-list=!dynamic/interface list memberadd interface=bridge_LAN list=LANadd interface=ether1-WAN1 list=WANadd interface=ether2-WAN2 list=WAN/ip addressadd address=20.1.0.2/23 interface=bridge_LAN network=20.1.0.0add address=20.1.0.1/23 interface=VRRP network=20.1.0.0add address=10.10.2.250/24 interface=ether1-WAN1 network=10.10.2.0add address=10.10.1.250/24 interface=ether2-WAN2 network=10.10.1.0/ip cloudset ddns-enabled=yes/ip dhcp-clientadd add-default-route=no interface=ether1-WAN1 use-peer-dns=noadd add-default-route=no disabled=no interface=ether2-WAN2/ip dhcp-server networkadd address=20.1.0.0/23 dns-server=8.8.8.8,1.1.1.1 gateway=20.1.0.1/ip dnsset servers=8.8.8.8,1.1.1.1/ip firewall filteradd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=WANadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat out-interface=ether1-WAN1add action=masquerade chain=srcnat out-interface=ether2-WAN2/ip routeadd check-gateway=ping distance=1 gateway=1.1.1.1 target-scope=32add check-gateway=ping distance=2 gateway=8.8.8.8 target-scope=32add check-gateway=ping distance=4 gateway=10.10.1.1add distance=1 dst-address=1.1.1.1/32 gateway=10.10.2.1 target-scope=31add distance=1 dst-address=8.8.8.8/32 gateway=10.10.2.1 target-scope=31/system clockset time-zone-name=Europe/LondonThanks in advance
Statistics: Posted by dmconde — Tue Mar 19, 2024 12:50 pm