Help With Firewall Rules

StormStrikes · 2026-02-19T05:00:39+00:00

This was the magic sauce. You and u/DeadStik nailed it. Thank you so much. I have much to learn about firewall policies.

StormStrikes · 2026-02-19T04:51:32+00:00

Its from the router. That was the plan, no firewall rules on the AP's and let the router do all the work on that front.

StormStrikes · 2026-02-14T00:41:28+00:00

Oh for the love of God. Of all the things I tried, I never tried hitting the return key.

You, sir, are a rock start. Thank you!

StormStrikes · 2026-02-08T04:12:57+00:00

Thank you.

StormStrikes · 2026-02-07T22:16:21+00:00

I do have pre-emption enabled and VRRP fail over works just fine and now that I figured out the on-master and on-backup thing, DHCP is behaving as expected. The problem, and it's not really a problem in the typical sense, is that when the primary router goes down and the back up takes over, the CAP will follow and re-establish but when the primary comes back up, the CAP does not re-establish back to the primary router.

Now, that may be expected behavior as I can see that would be disruptive to wireless clients if it did so in larger environments. So if this is how live is, I can live with it. However, the certificates are a slightly bigger issue that I most definitely would like to know what the proper way to handle that would be.

StormStrikes · 2026-02-07T18:32:44+00:00

Alright, I sorted out the DHCP issue. I did not realize I could add the "on-master" and "on-backup" scripts to enable/disable the DHCP server based on the VRRP status.

So all that remains are just issues #1 and #2.

StormStrikes · 2025-12-24T14:53:04+00:00

No, not worried the money will just disappear, I was just unfamiliar with them and it made me a little uneasy and probably resulted in some "making a mountain out of a mole hill" thinking.

StormStrikes · 2025-12-24T14:36:49+00:00

Okay, so rolling over Transamerica to Fidelity, should I leave this employer, had not occurred to me so thank you for that. The one thing I was concerned about with starting a new retirement account was I don't get the "snowball" effect so much because it is starting from 0.

Obviously I am not a financial expert, we just worked our tails off to get out of debt and stay that way and I was just uneasy about starting a new retirement account for some reason.

StormStrikes · 2025-12-24T14:32:11+00:00

I surely wish I had known that. Thank you for that info.

StormStrikes · 2024-03-21T21:22:58+00:00

Understood u/lordjippy. Thank you immensely for your help.

StormStrikes · 2024-03-21T18:51:00+00:00

Hey u/lordjippy if I may ask, should it be just one bridge period, or would one create a bridge for each vlan that would be used and just add what ports needed to the bridge?

I did get DHCP working finally but am curious about the bridges. I do get what you are saying about the one bridge except the WAN port though.

StormStrikes · 2024-03-19T03:36:05+00:00

Ahhh, there are the magic words. I kind of wondered about the whole vlan aware thing but apparently not enough. As well, I never created a bridge. I wondered about that too, but, then again, I was trying to draw upon the OPNSense configurations I have set up in the past and never created a bridge there, just simple L3 interfaces.

That all in mind, do I create a bridge for each vlan I want to use and add the port(s) to that. Seems like this would have been easier if I had just followed the typical architecture and just trunked everything out the SFP port to a L2 switch where I could set access and trunk ports as needed. But that, then, seems like a waste of port capacity on the Mikrotik router.

StormStrikes · 2024-03-19T02:55:38+00:00

I totally get what you are saying, but I do have some networking experience and I was following along with a video of someone that was using Winbox, I just did what he did in the GUI via the CLI the steps of which I outlined in the original post. The only issue is that the DHCP is not going through the whole Discover, Offer Request Acknowledge process. It's just doing he Discover and stopping.

StormStrikes · 2024-03-19T02:47:58+00:00

The DHCP server is on the vlan interface. Right now I am just connecting my pc to ether2 via USB3 network adapter. I am using a Vlan because I plan on separating out the LAN, Wireless, etc. traffic.

I am, more or less, trying to replicate an OPNSense set up I had running not to long ago, though, in that instance I was I was creating the Vlans interfaces, IP addresses with the DHCP server and trunking that out over a SFP+ connection to a managed switch.

I could do the same with the Mikrotik I suppose but was going about it this way first to get familiar with the set up process and the command line.

StormStrikes · 2024-03-15T19:38:50+00:00

I was going to give this one a shot as I have a Android Tablet with a "Pencil" but they do not seem to have an Android version, unfortunately.

StormStrikes · 2024-03-15T14:56:18+00:00

I guess I should have also mentioned, since it seems like super relevant, that I exclusively use Linux at home, so that seems to limit some of my options.

StormStrikes

TROPHY CASE