MikroTik

Community discussions
https://forum.mikrotik.com/

CCR1072 doesn't ping

https://forum.mikrotik.com/viewtopic.php?t=137266

Page 1 of 1

CCR1072 doesn't ping

Posted: Wed Jul 25, 2018 4:23 pm
by victorsoares
Hi everyone.

Something strage happened this morning with my CCR1072-1G-8S+ running RoS 6.37.4. No changes were made in anyway, and everything seems to work fine as usual, but I can't ping any IP unless I use ARP ping. I tried disabling my firewall rules and changing my DNS but had no success.

Has anyone had that problem? What do you guys suggest me to try?

Thanks again for the help!

Here are my firewall rules, but as I said before, I already tried disabling them.
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=forward action=accept protocol=tcp log=no log-prefix="" 

 1    chain=forward action=accept protocol=udp log=no log-prefix="" 

 2    chain=forward action=accept protocol=udp dst-port=53 log=no log-prefix="" 

 3    chain=forward action=accept tcp-flags="" protocol=tcp src-port=53 log=no 
      log-prefix="" 

 4    chain=output action=accept protocol=tcp dst-address-list=gmail dst-port=58>
      log=no log-prefix="" 

 5    chain=forward action=accept src-address=1.2.3.4 log=no log-prefix="" 

 6    chain=forward action=accept protocol=tcp src-address=2.3.4.5 log=no 
      log-prefix="" 

 7    chain=forward action=accept protocol=tcp dst-address=2.3.4.5 log=no 
      log-prefix="" 

 8    chain=forward action=accept connection-mark=toninhas1 log=no log-prefix="" 

 9    chain=forward action=accept connection-mark=toninhas2 log=no log-prefix="" 

10 XI  ;;; DROP-DNS_Hijacking
      chain=forward action=drop connection-mark=dns-hijaking log=no 
      log-prefix=""

Re: CCR1072 doesn't ping

Posted: Wed Jul 25, 2018 7:01 pm
by Sob
Unless there are some other options not visible here (it's better to use export command, it shows everything), it must be the most useless firewall I've ever seen. There's no need to disable any rules for testing, because your current firewall already doesn't block anything. It basically does nothing, in a creative way, e.g. rules #0 and #1 accept all tcp and udp traffic, so all following rules with tcp and udp won't get any hits. And even if they did, they would still not be useful, because action=accept is default, so anything not matched be previous rules is accepted anyway at the end. And you have rules only for forward, so any connection to router itself is allowed. For your sake, I hope this device doesn't have public address, or you don't have any remote management enabled (except ssh), because RouterOS 6.37.4 has this nice ability (bug) to tell logins and passwords to anyone who asks.

Edit: Forget the condition in first sentence, if would be useless even with other options. But it's good idea to use export instead of print.

Re: CCR1072 doesn't ping  [SOLVED]

Posted: Thu Jul 26, 2018 2:51 pm
by victorsoares
Well, anyway. Problem solved by scheduling a reboot during the night. Everything working fine now. Thanks again.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/