MikroTik RB951 loes its NAT rules?!?
A very strange thing happened today. My SOHO router, a MikroTik RB951G-2HnD, suddenly stopped routing. It was very odd - I could reach the router, the router could reach the world, but nothing inside our networks could reach the outside world. Well, actually I *could* reach the outside world for some things - in particular, Google. That was the clue. A look at the NAT table revealed that it was gone - no IPv4 NAT rules at all. It seems that at some time this morning, probably around 11:30am, the router lost its entire IPv4 NAT configuration. Other stuff under /"ip firewall" was fine - it was *only* the NAT rules that were gone. The reason I could still see Google was that Google is reachable on IPv6, which is not NATted, and I run a dual stack network. So I restored from backup and thirty seconds later we were back on line. But: How did this happen? Have others seen this? It's a bit of a worry - we have quite a few MikroTiks deployed... cursory googling doesn't show it up as a well-known issue. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 231A B066 CF91 1216 4F0F F2AC CE25 B8AA 46DC CC4F Old fingerprint: 1DB8 0599 13F0 E774 3811 6CA6 D6D0 AFA9 D91A 004C
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Karl Auer Sent: Monday, 31 March 2014 1:44 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] MikroTik RB951 loes its NAT rules?!?
A very strange thing happened today. My SOHO router, a MikroTik RB951G- 2HnD, suddenly stopped routing. It was very odd - I could reach the router, the router could reach the world, but nothing inside our networks could reach
outside world.
Well, actually I *could* reach the outside world for some things - in
Hi Karl, I have to admit that I have heard of this kind of thing happening before, but it is very VERY rare, and there has never been any firm evidence of the cause. Although 'safe mode' is sometimes a potential culprit (i.e. enable safe mode - accidentally or intentionally - to make changes, then forget to disable safe mode again before log off) but I don't think that is a potential in your case - it will only cause you to lose /some/ of your configs, and not ALL of them ;) Other possible causes are hardware problem - watch the 'bad blocks' count under system->resources, and if it consistently clibs over a week or two, send to RMA for replacement. Only other possibilities are bug (try upgrade - or DOWNgrade - to different routerOS version if it happens again) or sticky fingers from others (change password to all admin level users) If it is done interactively (or by script) the standard log should record the configuration change action - perhaps consider storing log files in storage, or send to syslog server for diagnostic review in case it happens again. Hope it doesn't though! ;) Cheers! Mike. the particular,
Google.
That was the clue. A look at the NAT table revealed that it was gone - no IPv4 NAT rules at all. It seems that at some time this morning, probably around 11:30am, the router lost its entire IPv4 NAT configuration. Other stuff under /"ip firewall" was fine - it was *only* the NAT rules that were gone. The reason I could still see Google was that Google is reachable on IPv6, which is not NATted, and I run a dual stack network.
So I restored from backup and thirty seconds later we were back on line.
But: How did this happen? Have others seen this? It's a bit of a worry - we have quite a few MikroTiks deployed... cursory googling doesn't show it up as a well- known issue.
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
GPG fingerprint: 231A B066 CF91 1216 4F0F F2AC CE25 B8AA 46DC CC4F Old fingerprint: 1DB8 0599 13F0 E774 3811 6CA6 D6D0 AFA9 D91A 004C
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (2)
-
Karl Auer
-
Mike Everest