I am able to ping every device on the subnet, but I am not able to access the router through a local IP (e.g. Winbox). So I figure I am blocking something in the firewall, or I need a proxy ARP or something to get two-way communications actually working. Do I need to change or add firewall rules? Here are the firewall rules so far
Code: Select all
[admin@XXXX Router] /ip firewall filter> print chain=input
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop invalid connections
chain=input action=drop connection-state=invalid
1 ;;; Allow established connections
chain=input action=accept connection-state=established
2 ;;; Allow related connections
chain=input action=accept connection-state=related
3 ;;; Allow UDP
chain=input action=accept protocol=udp
4 ;;; Allow ICMP
chain=input action=accept protocol=icmp
5 ;;; Allow incoming on the BACnet port
chain=input action=accept protocol=udp in-interface=ether1 dst-port=47808
6 ;;; Web server access for Fred's web server
chain=input action=accept protocol=tcp in-interface=ether1 dst-port=47080
7 ;;; Allow incoming for PPTP tunnel
chain=input action=accept protocol=tcp dst-port=1723
8 ;;; Allow GRE (protocol 47) for PPTP tunnel
chain=input action=accept protocol=gre
9 ;;; Allow input from the NOC private address space
chain=input action=accept src-address-list=NOCprivate
10 X ;;; Log everything about to be dropped
chain=input action=log log-prefix="Drop"
11 ;;; Drop everything else
chain=input action=drop