Hi Matt, Fail-over functionality when NAT is involved requires that the failover device has three (or more) routed networks connected: one for the LAN, and one for each WAN link. If any of those two networks are 'bridged', then failover is not achievable (and arguably not sensible in that context) Maybe what you have in mind is either not possible, or needs a different conceptual approach to achieve? When you say that you want the friontier to do as 'little as possible', what do you want/need from it that prevents you from just throwing it away? ;) If you only want it to do the failover part, and thinking of connecting the LAN port direct to your MT wan port, then any of the firewall modes will be OK so long as you don’t expect traffic with connections initiated from the remote (i.e. mail server, web server/s, etc) In the end, you may be able to do away with the frontier completely and use MikroTik to deal with the failover - depending on what are your requirements and constraints :-J Cheers! Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Matt Hall Sent: Tuesday, 27 March 2018 4:45 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Telstra Frontier Modem/Router with Failover into MK Router
Hi Everyone,
The new Frontier router/modem (Technicolour DJN2130) from Telstra has 4G failover built in but if you bridge it failover doesn’t work. I’ve tested this by unplugging the WAN port from the accompanying cable modem (Netgear CM450-TLAUS) and also by unscrewing the fibre cable. 4G won’t kick in.
If you do the same with the factory settings config, 4G kicks in.
I’d like to route and run Wireless from my MK router but am unsure about a few things. Basically I’d like the Frontier to do as little as possible.
So far I would do this on the Frontier:
Under WAN Services 1. Turn off NAT-PNP 2. Turn of UpnP? 3. Turn off secure mode? (not sure what that is).
4. Turn off Wi-Fi
5. Turn of DHCP Server
6. How should I setup the Firewall? I can’t turn it off completely it seems.
Firewall settings are: Low mode, the firewall will allow all outbound connections. It will reject unknown incoming connections but acknowledge the presence of the gateway. Normal mode, the firewall will allow all outbount connections. It will silently drop unknown incoming connections. High mode, the firewall will allow outgoing connections to the following services: HTTP, HTTPS, SMTP, POP3, IMAP, SSH. It will silently drop unknown incoming connections. User mode, you can configure each individual rule of the firewall as well as the default behaviour.
User defined options are:
Answer Internet ping On/off
Outgoing default policy: ACCEPT/DROP/REJECT The outgoing policy defines what is done with packets coming from the LAN devices toward the internet. Setting it to REJECT or DROP will forbid any internet traffic from the LAN unless explicitely allowed by a firewall rule.
Incoming default policy: DROP/REJECT The incoming policy defines what is done with packets destined to the gateway. They can be either REJECTED (the gateway will notify the sender they were rejected) or DROPPED (the gateway will silently discard those packets).
Then to manually add a new rule options are:
1. Action: ACCEPT/DROP/REJECT 2. Protocol: TCP, UPD, TCP/UDP, UDP Lite, ICMP, ESP, AH, SCTP, all 3. Src IP 4. Src port 5. Dst IP 6. Dst port
Then firewall rules for IPv6 follows the same protocol.
Thankyou,
Matt Hall Sydney
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au