So i finally got to doing this and found issues that came up with applying some of the provided settings.
If i remove this bit(8.), then i cant internally see my websites.
For this one(7.) i cant use the add action=drop chain=forward comment="drop all else" bit as it seems to block internet for everything. So at the moment it is disabled.
This worked yesterday for one device that i needed to find, but after finding and "connecting" to it, it was immediately forgotten, it even showed up as a working device for a while until i tried to interact with it. Currently MDNS only works for devices that i have already setup an ip for, i can see the mdns data being sent on wireshark, just nothing on the devices i have no static ip for. I dont have a printer to test this on, just the many of smart home devices that rely on mdns as their primary method of discovery, quite a hassle to setup the ip for both ends. Also ive tried to use many different repeater interfaces that get listed, like would Bridge work alone when used as a repeater interface?
Currently:
8. Unless you can articulate a reason for this sourcenat rule.... also remove!
add action=masquerade chain=srcnat dst-address=57.48.39.0/24 dst-address-type=!local log=yes src-address=57.48.39.0/24 src-address-type=!local ?????????
If i remove this bit(8.), then i cant internally see my websites.
7. Change this forward default rule to something a bit more secure, clearere and will allow both external and internal access for servers
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface="ether8[ISP]" log=yes
TO
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat log=yes
add action=drop chain=forward comment="drop all else"
For this one(7.) i cant use the add action=drop chain=forward comment="drop all else" bit as it seems to block internet for everything. So at the moment it is disabled.
Hi,
There is an mdns repeater setup on recent routeros versions.
It is in ip dns.
You add the interfaces you want mdns to be repeated between.
or by cli (example)
/ip dns
set mdns-repeat-ifaces=ether1,ether2
This worked yesterday for one device that i needed to find, but after finding and "connecting" to it, it was immediately forgotten, it even showed up as a working device for a while until i tried to interact with it. Currently MDNS only works for devices that i have already setup an ip for, i can see the mdns data being sent on wireshark, just nothing on the devices i have no static ip for. I dont have a printer to test this on, just the many of smart home devices that rely on mdns as their primary method of discovery, quite a hassle to setup the ip for both ends. Also ive tried to use many different repeater interfaces that get listed, like would Bridge work alone when used as a repeater interface?
Currently:
Code:
/interface bridgeadd name=Bridge-1 port-cost-mode=short/interface ethernetset [ find default-name=ether8 ] name="ether8[ISP]"/interface vlanadd interface=Bridge-1 name=IOT vlan-id=4add interface=Bridge-1 name=MainLAN vlan-id=8add disabled=yes interface=Bridge-1 name=TestLAN vlan-id=5add interface=Bridge-1 name=Guest vlan-id=3/interface listadd name=LANadd name=WAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=dhcp_pool0 ranges=57.48.39.9-57.48.39.99add name=IoT_pool ranges=57.48.0.50-57.48.0.150/ip dhcp-serveradd address-pool=dhcp_pool0 interface=Bridge-1 lease-time=6h name=dhcp1add address-pool=IoT_pool interface=IOT lease-time=6h name=server1/ip smb usersset [ find default=yes ] disabled=yes/interface bridge portadd bridge=Bridge-1 frame-types=admit-only-vlan-tagged interface=ether4add bridge=Bridge-1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=2add bridge=Bridge-1 frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=2add bridge=Bridge-1 frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=2/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=!dynamic/interface bridge vlanadd bridge=Bridge-1 tagged=Bridge-1,ether4 vlan-ids=3,4,7,9add bridge=Bridge-1 tagged=Bridge-1 untagged=ether5,ether6,ether7 vlan-ids=2/interface detect-internetset detect-interface-list=all/interface list memberadd interface="ether8[ISP]" list=WANadd interface=IOT list=LANadd interface=TestLAN list=LANadd interface=Guest list=LANadd interface=MainLAN list=LAN/interface ovpn-server serveradd mac-address=FE:90:8C:2C:D0:36 name=ovpn-server1/ip addressadd address=57.48.39.1/24 interface=Bridge-1 network=57.48.39.0add address=57.48.0.1/24 interface=IOT network=57.48.0.0add address=57.48.1.1/24 interface=*E network=57.48.1.0add address=57.48.2.1/24 interface=Guest network=57.48.2.0add address=57.48.3.1/24 interface=TestLAN network=57.48.3.0/ip arpadd address=57.48.39.12 interface=Bridge-1 mac-address=BC:24:11:xx+add address=57.48.39.11 interface=Bridge-1 mac-address=18:60:24:xx+add address=57.48.39.10 interface=Bridge-1 mac-address=48:22:54:xx+/ip dhcp-clientadd interface="ether8[ISP]"/ip dhcp-server networkadd address=57.48.0.0/24 dns-server=8.8.8.8 gateway=57.48.0.1add address=57.48.39.0/24 dns-server=8.8.8.8 gateway=57.48.39.1/ip dnsset mdns-repeat-ifaces=IOT,MainLAN/ip firewall filteradd action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yesadd action=accept chain=forward connection-state=established,related add action=drop chain=forward connection-state=invalid log=yesadd action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WANadd action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat log=yesadd action=drop chain=forward comment="drop all else" disabled=yes/ip firewall natadd action=masquerade chain=srcnat out-interface="ether8[ISP]"add action=dst-nat chain=dstnat dst-address=!57.48.39.0/24 dst-address-type=local dst-port=80,443 log=yes \ protocol=tcp to-addresses=57.48.39.12add action=masquerade chain=srcnat dst-address=57.48.39.0/24 dst-address-type=!local log=yes src-address=\ 57.48.39.0/24 src-address-type=!localStatistics: Posted by Valkoh — Thu Jan 30, 2025 6:16 pm