One of my Mikrotik routers has as usual a PPTP Server interface on and couple of PPP users ready to connect in...
In this router I have many rules to do port forwarding and filtering...

But the firewall seems to block port PPTP (reported as closed by nmap on linux and "connection refused" if i try a telnet router1 1723) and I added at top of the input chain a accept from anywhere dst-port=1723 protocol tcp and accept protocol gre. Those two rules seems not sufficient to open the port and leave connection coming in...

Looking at the router the only differences from others rotuer I have in place are: UPnP activated (I don't use it but router is in production and I don't know if disabling it can do something bad...). Eth1 is external others are internals
Two public ip on eth1 interface... IPs are written as address: 11.11.11.11/24 network:11.11.11.0 and 11.11.11.255 broadcast...
I'm connection from 12.12.12.12 Office 2 mikrotik.

If needed I can post full firewall rules detail...

0 ;;; Allow from Office 1
chain=input action=accept src-address=13.13.13.13

1 ;;; Allow from Office 2
chain=input action=accept src-address=12.12.12.12

2 ;;; Allow SSH on 22
chain=forward action=accept protocol=tcp dst-port=22

3 ;;; Allow 21 for port forward
chain=forward action=accept protocol=tcp dst-port=21

4 ;;; Allow 80 for port forward
chain=forward action=accept protocol=tcp dst-port=80

5 ;;; Allow Forward 4949
chain=forward action=accept protocol=tcp dst-port=4949

6 ;;; Allow Forward 9999
chain=forward action=accept protocol=tcp dst-port=9999

7 ;;; Added by webbox
chain=input action=accept protocol=icmp

8 ;;; Added by webbox
chain=input action=accept connection-state=established

9 ;;; Added by webbox
chain=input action=accept connection-state=related

10 ;;; Allow PPTP
chain=input action=accept protocol=tcp dst-port=1723

11 ;;; Added by webbox
chain=forward action=jump jump-target=customer

12 ;;; Added by webbox
chain=input action=drop in-interface=ether1

13 ;;; Added by webbox
chain=customer action=accept connection-state=established

14 ;;; Added by webbox
chain=customer action=accept connection-state=related

15 ;;; Added by webbox
chain=customer action=drop

Any ideas...

Which OS version are you using?

What makes you think it is a firewall problem?

RouterOS 3.24 RouterBoard RB450

eth1 is public interface. 88.88.88.88
eth2 is private interface 11.11.11.11

11.11.11.0 network is maskerated

from a linux system on eth2 (same network and IP 11.11.11.12 ) if I do a "telnet 11.11.11.11 1723" i received back "connection refused".
Form another linux system on eth1 with another public IP on the same network I receive "connection refused".

eth1 and eth2 are connected on the same phisical switch... Never configured VLAN on the switch yet.
And UPnP is active on interfaces...

Can I disabling it without fear fro production router?

Thank you.

Sorry to all people in the forum!!

Using Winbox I forgot to go to PPP->Interface and simply activate PPTP Server!!!

I simply created PPTP Server interface but not activate the PPTP Server!!!

Same for L2TP Service... All VPNS are working fine!!!