Hello...
I'm having a problem I'm hoping you can help me sort out. Things were working fine, up until I replaced a server on a client network, then things went wonky.
This is for a CCR1016-12G, Factory Firmware 3.09. Current Firmware 7.18.
Port 1 is the interface to WAN
Port 3 is my office network (172.16.0.x)
Port 4 is a client network (192.168.1.x)
Previously, I had configured and been able to communicate from my network to the client network to pull nightly backups and manage computers/resources on their network remotely. After changing out one of the servers, that changed - although the server was put at the same IP as the replaced unit. Machines on the inside of the client office are able to connect to the internet, and to the new fileserver.
When I returned to the office I was no longer able to ping the fileserver - or other machines on their network. Hmmm... I looked at updates/upgrades and performed them on the router - no change in behavior. However, I noted an interested quirk: The fileserver and other machines (although not all) had 00:00:00:00:00:00:00:00 MAC addresses now, even after a second reboot of the Mikrotik.
Any thoughts on (a) what may have changed; (b) the oddity of the missing MAC addresses (is this related to being unable to talk to the devices on their network?)
I've provided the output from /ip firewall filter for your consideration... Entry 19 is the affected network on the client end,
Thank you in advance for your help. Sadly, I suffered a couple of strokes in the last couple of years and while I still (partially) work in the industry, frankly my brain's a little scrambled.
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 chain=input action=accept protocol=icmp log-prefix=""
2 chain=input action=accept connection-state=established log-prefix=""
3 chain=input action=accept connection-state=related log-prefix=""
4 chain=input action=drop in-interface=ether1-gateway log-prefix=""
5 chain=forward action=accept connection-state=established log-prefix=""
6 chain=forward action=accept connection-state=related log-prefix=""
7 chain=forward action=drop connection-state=invalid log-prefix=""
8 chain=forward action=accept connection-state=established in-interface=ether1-gateway log-prefix=""
9 ;;; Accept Established / Related Input
chain=input connection-state=established,related
10 ;;; Allow Management Input
chain=input action=accept src-address=172.16.0.0/16 log=no log-prefix=""
11 ;;; Drop Input
chain=input action=drop log=yes log-prefix="Input Drop"
12 ;;; Fast Track Established / Related Forward
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related
13 ;;; Accept Established / Related Forward
chain=forward connection-state=established,related
14 ;;; Allow client LAN traffic out WAN
chain=forward action=accept src-address=192.168.1.0/24 out-interface=ether1-gateway log=no log-prefix=""
15 ;;; Allow client LAN traffic out WAN
chain=forward src-address=192.168.10.0/24 out-interface=ether1-gateway
16 ;;; Allow client LAN traffic out WAN
chain=forward src-address=192.168.0.0/24 out-interface=ether1-gateway
17 ;;; Allow client LAN traffic out WAN
chain=forward src-address=172.16.0.0/16 out-interface=ether1-gateway
18 ;;; Drop Bogon Forward -> Ether1
chain=forward action=drop src-address-list=Bogon in-interface=ether1-gateway log=yes log-prefix="Bogon Forward Drop"
19 ;;; Berglund <-> TechLab
chain=forward action=accept src-address=172.16.0.0/16 dst-address=192.168.1.0/24 log=no log-prefix=""
20 ;;; Allow client LAN traffic out WAN
chain=forward action=accept src-address=192.168.2.0/24 out-interface=ether1-gateway log=no log-prefix=""
I'm having a problem I'm hoping you can help me sort out. Things were working fine, up until I replaced a server on a client network, then things went wonky.
This is for a CCR1016-12G, Factory Firmware 3.09. Current Firmware 7.18.
Port 1 is the interface to WAN
Port 3 is my office network (172.16.0.x)
Port 4 is a client network (192.168.1.x)
Previously, I had configured and been able to communicate from my network to the client network to pull nightly backups and manage computers/resources on their network remotely. After changing out one of the servers, that changed - although the server was put at the same IP as the replaced unit. Machines on the inside of the client office are able to connect to the internet, and to the new fileserver.
When I returned to the office I was no longer able to ping the fileserver - or other machines on their network. Hmmm... I looked at updates/upgrades and performed them on the router - no change in behavior. However, I noted an interested quirk: The fileserver and other machines (although not all) had 00:00:00:00:00:00:00:00 MAC addresses now, even after a second reboot of the Mikrotik.
Any thoughts on (a) what may have changed; (b) the oddity of the missing MAC addresses (is this related to being unable to talk to the devices on their network?)
I've provided the output from /ip firewall filter for your consideration... Entry 19 is the affected network on the client end,
Thank you in advance for your help. Sadly, I suffered a couple of strokes in the last couple of years and while I still (partially) work in the industry, frankly my brain's a little scrambled.
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 chain=input action=accept protocol=icmp log-prefix=""
2 chain=input action=accept connection-state=established log-prefix=""
3 chain=input action=accept connection-state=related log-prefix=""
4 chain=input action=drop in-interface=ether1-gateway log-prefix=""
5 chain=forward action=accept connection-state=established log-prefix=""
6 chain=forward action=accept connection-state=related log-prefix=""
7 chain=forward action=drop connection-state=invalid log-prefix=""
8 chain=forward action=accept connection-state=established in-interface=ether1-gateway log-prefix=""
9 ;;; Accept Established / Related Input
chain=input connection-state=established,related
10 ;;; Allow Management Input
chain=input action=accept src-address=172.16.0.0/16 log=no log-prefix=""
11 ;;; Drop Input
chain=input action=drop log=yes log-prefix="Input Drop"
12 ;;; Fast Track Established / Related Forward
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related
13 ;;; Accept Established / Related Forward
chain=forward connection-state=established,related
14 ;;; Allow client LAN traffic out WAN
chain=forward action=accept src-address=192.168.1.0/24 out-interface=ether1-gateway log=no log-prefix=""
15 ;;; Allow client LAN traffic out WAN
chain=forward src-address=192.168.10.0/24 out-interface=ether1-gateway
16 ;;; Allow client LAN traffic out WAN
chain=forward src-address=192.168.0.0/24 out-interface=ether1-gateway
17 ;;; Allow client LAN traffic out WAN
chain=forward src-address=172.16.0.0/16 out-interface=ether1-gateway
18 ;;; Drop Bogon Forward -> Ether1
chain=forward action=drop src-address-list=Bogon in-interface=ether1-gateway log=yes log-prefix="Bogon Forward Drop"
19 ;;; Berglund <-> TechLab
chain=forward action=accept src-address=172.16.0.0/16 dst-address=192.168.1.0/24 log=no log-prefix=""
20 ;;; Allow client LAN traffic out WAN
chain=forward action=accept src-address=192.168.2.0/24 out-interface=ether1-gateway log=no log-prefix=""
Statistics: Posted by guidosarducci — Mon Mar 03, 2025 11:53 am