Hello,
I am having difficulty connecting to the internet from my CRS328. I am a radio engineer, not an IP engineer, so I am only in boot camp learning this stuff. (apologies in advance). I have 3 VLANs that I want to connect to the internet, VL600 (Management) VL630 (LAN) VL710 (IOT). So far VL630 works some of the time. the other two appear to be connected (as shown by the system tray icon on the end user device) but go nowhere. Ping doesn't work. I can get to the gateway but not beyond.
Here are my firewall rules:
I am having difficulty connecting to the internet from my CRS328. I am a radio engineer, not an IP engineer, so I am only in boot camp learning this stuff. (apologies in advance). I have 3 VLANs that I want to connect to the internet, VL600 (Management) VL630 (LAN) VL710 (IOT). So far VL630 works some of the time. the other two appear to be connected (as shown by the system tray icon on the end user device) but go nowhere. Ping doesn't work. I can get to the gateway but not beyond.
Here are my firewall rules:
Code:
/ip dnsset allow-remote-requests=yes cache-size=4096KiB max-concurrent-queries=200 max-udp-packet-size=8192 servers=127.0.0.1,31.22.13.211/ip firewall filteradd action=fasttrack-connection chain=forward comment="Fasttrack DNS (tcp)" connection-state=established,related,new dst-port=53 hw-offload=yes protocol=tcpadd action=fasttrack-connection chain=forward comment="Fasttrack DNS (udp)" connection-state=established,related,new dst-port=53 hw-offload=yes protocol=udpadd action=fasttrack-connection chain=forward comment="Fasttrack Connected" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="Allow LAN (80.144.10.0/24)" connection-state=established,related,new log=yes src-address=80.144.10.0/24add action=accept chain=forward comment="Allow MAN (80.144.1.0/24)" connection-state=established,related,new src-address=80.144.1.0/24add action=accept chain=forward comment="Allow IOT (80.145.80.0/24)" connection-state=established,related src-address=80.145.80.0/24add action=drop chain=input comment="Drop invalid (input)" connection-state=invalidadd action=drop chain=forward comment="Drop invalid (Forward)" connection-state=invalidadd action=accept chain=input comment="Accept ICMP input" connection-state=established,related,new protocol=icmpadd action=accept chain=forward comment="Accept ICMP forward" connection-state=established,related,new protocol=icmpadd action=accept chain=input comment="Accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=forward comment="*TEST* forward DNS (tcp)" connection-state=new dst-port=53 protocol=tcp src-address=80.144.10.0/24add action=accept chain=forward comment="*TEST* forward DNS (udp)" connection-state=new dst-port=53 protocol=udp src-address=80.144.10.0/24/ip firewall natadd action=masquerade chain=srcnat comment="NAT: Masquerade for VL600 to WAN" out-interface-list=WAN src-address=80.144.1.0/24add action=masquerade chain=srcnat comment="NAT: Masquerade for VL630 to WAN" out-interface-list=WAN src-address=80.144.10.0/24add action=masquerade chain=srcnat comment="NAT: Masquerade for VL710 to WAN" out-interface-list=WAN src-address=80.145.80.0/24add action=masquerade chain=srcnat comment="NAT: Masquerade For VL638 to WAN" out-interface-list=WAN src-address=80.144.20.0/24Statistics: Posted by youcangetholdofjules — Mon Dec 30, 2024 1:38 pm