#notfixed - it's getting ridiculous..
Statistics: Posted by Archous — Tue Mar 19, 2024 10:15 am
Statistics: Posted by jookraw — Tue Mar 19, 2024 10:07 am
Statistics: Posted by rplant — Tue Mar 19, 2024 10:00 am
Statistics: Posted by tangent — Tue Mar 19, 2024 9:46 am
Statistics: Posted by sokalsondha — Tue Mar 19, 2024 9:42 am
Statistics: Posted by infabo — Tue Mar 19, 2024 9:29 am
:put [/system/resource/get uptime]11w2d15:59:17
Statistics: Posted by ko00000000001 — Tue Mar 19, 2024 9:26 am
Statistics: Posted by Thasaidon — Tue Mar 19, 2024 9:21 am
Statistics: Posted by tangent — Tue Mar 19, 2024 9:16 am
/ip firewall address-listadd address=cloud.mikrotik.com list=mikrotik-cloudadd address=cloud2.mikrotik.com list=mikrotik-cloud/ip firewall mangleadd action=mark-routing chain=prerouting comment="mark routing gia ddns" \ dst-port=15252 new-routing-mark=dsl passthrough=no protocol=udpadd action=mark-routing chain=output comment="mark routing gia ddns" \ dst-address-list=mikrotik-cloud log=yes new-routing-mark=dsl passthrough=\ no /routing tableadd disabled=no fib name=lteadd disabled=no fib name=dsl/routing ruleadd action=lookup disabled=no routing-mark=dsl table=dsl/ip routeadd disabled=no distance=20 dst-address=0.0.0.0/0 gateway=pppoe-out1 \ pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \ target-scope=10add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=192.168.188.1 \ pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \ target-scope=10add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.188.1 \ pref-src=0.0.0.0 routing-table=lte scope=30 suppress-hw-offload=no \ target-scope=10add disabled=no dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-table=dsl \ suppress-hw-offload=no
Statistics: Posted by sted — Tue Mar 19, 2024 9:14 am
Statistics: Posted by johnson73 — Tue Mar 19, 2024 9:13 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 9:09 am
Statistics: Posted by AndiiiHD — Tue Mar 19, 2024 9:01 am
Statistics: Posted by tangent — Tue Mar 19, 2024 8:53 am
#notfixed - it's getting ridiculous..*) vrf - fixed VRF interfaces being moved to main table after reboot (introduced in v7.14);
Statistics: Posted by konstantinas — Tue Mar 19, 2024 8:44 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 8:42 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 8:39 am
Statistics: Posted by teleport — Tue Mar 19, 2024 8:31 am
Statistics: Posted by Hassan512 — Tue Mar 19, 2024 8:30 am
7.15beta6
In Proxmox VE VNC shows Starting services...
Unable to access the system.
Statistics: Posted by stmx38 — Tue Mar 19, 2024 8:30 am
:put [/system/resource/get uptime11w2d15:59:17]
Statistics: Posted by loloski — Tue Mar 19, 2024 8:19 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 8:03 am
Statistics: Posted by tangent — Tue Mar 19, 2024 7:22 am
put "Uptime: $[:if ([:len [:find [/system resource get uptime] "w"]] != 0) do={([:pick [/system resource get uptime] 0 ([:find [/system resource get uptime] "w"])] *7 + [:pick [/system resource get uptime] ([:find [/system resource get uptime] "d"] -1) ([:find [/system resource get uptime] "d"])])} else={[:pick [/system resource get uptime] ([:find [/system resource get uptime] "d"]-1) ([:find [/system resource get uptime] "d"])]}] days"
Uptime: days;Uptime: 18 days
Statistics: Posted by ko00000000001 — Tue Mar 19, 2024 7:15 am
[admin@MikroTik] /ip/upnp> print enabled: yes allow-disable-external-interface: no show-dummy-rule: yes[admin@MikroTik] /ip/upnp/interfaces> printColumns: INTERFACE, TYPE# INTERFACE TYPE 0 ether1 external1 bridge internal[admin@MikroTik] /ip/firewall> filter printFlags: X - disabled, I - invalid; D - dynamic 0 D ;;; special dummy rule to show fasttrack counters chain=forward action=passthrough 1 ;;; defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked 2 ;;; defconf: drop invalid chain=input action=drop connection-state=invalid log=no log-prefix="" 3 ;;; defconf: accept ICMP chain=input action=accept protocol=icmp log=no log-prefix="" 4 ;;; defconf: accept to local loopback (for CAPsMAN) chain=input action=accept dst-address=127.0.0.1 5 ;;; defconf: drop all not coming from LAN chain=input action=drop in-interface-list=!LAN log=no log-prefix="" 6 ;;; UPnP Devices (1900) chain=input action=drop protocol=udp src-address-list=!UPnPdevices dst-port=1900 log=no log-prefix="" 7 ;;; UPnP Devices (2828) chain=input action=drop protocol=tcp src-address-list=!UPnPdevices dst-port=2828 log=no log-prefix="" 8 ;;; defconf: accept in ipsec policy chain=forward action=accept ipsec-policy=in,ipsec 9 ;;; defconf: accept out ipsec policy chain=forward action=accept ipsec-policy=out,ipsec 10 ;;; defconf: fasttrack chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related log=no log-prefix="" 11 ;;; defconf: accept established,related, untracked chain=forward action=accept connection-state=established,related,untracked 12 ;;; defconf: drop invalid chain=forward action=drop connection-state=invalid log=no log-prefix="" 13 ;;; defconf: drop all from WAN not DSTNATed chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix="" [admin@MikroTik] /ip/firewall> nat printFlags: X - disabled, I - invalid; D - dynamic 0 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none 1 ;;; Hairpin NAT chain=srcnat action=masquerade src-address=192.168.1.0/24 dst-address=192.168.1.0/24 out-interface-list=LAN log=no log-prefix="" 2 ;;; Caddy chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=50443 protocol=tcp dst-address-list=MyWANIP dst-port=443 log=no log-prefix="" 3 ;;; Plex chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=32400 protocol=tcp in-interface-list=WAN dst-port=42300 log=no log-prefix="" 4 ;;; Wireguard UDP chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=51820 protocol=udp dst-address-list=MyWANIP dst-port=443 log=no log-prefix="" 5 ;;; Mumble TCP chain=dstnat action=dst-nat to-addresses=192.168.1.50 protocol=tcp dst-address-list=MyWANIP dst-port=64738 log=no log-prefix="" 6 ;;; Mumble UDP chain=dstnat action=dst-nat to-addresses=192.168.1.50 protocol=udp dst-address-list=MyWANIP dst-port=64738 log=no log-prefix="" 7 ;;; Syncthing TCP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=tcp dst-address-list=MyWANIP dst-port=22000 log=no log-prefix="" 8 ;;; Syncthing UDP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=udp dst-address-list=MyWANIP dst-port=22000 log=no log-prefix="" 9 ;;; SFTP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=tcp dst-address-list=MyWANIP dst-port=60222 log=no log-prefix=""
Statistics: Posted by BinaryTB — Tue Mar 19, 2024 7:05 am
/ip firewall natadd action=masquerade chain=srcnat comment="wireguard: masquerade" \ out-interface=bridge src-address=192.168.100.0/24
Statistics: Posted by rplant — Tue Mar 19, 2024 6:24 am
:put ([:deserialize from=json value=$jsonData]->"result"->"content")
# https://github.com/Winand/mikrotik-json-parser:global JSONLoads:put ([$JSONLoads $jsonData]->"result"->"content")
Statistics: Posted by trkk — Tue Mar 19, 2024 6:14 am
Statistics: Posted by teleport — Tue Mar 19, 2024 5:07 am
Statistics: Posted by KingRichard — Tue Mar 19, 2024 4:56 am
[@MikroTik] > ping [:resolve checkipv6.dedyn.io] SEQ HOST SIZE TTL TIME STATUS 0 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 1 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 2 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 3 2804::pub:ipv6 104 64 89ms653us address unreachable
[@MikroTik] > ipv6/firewall/filter/print 2 ;;; defconf: accept ICMPv6 chain=input action=accept protocol=icmpv6 log=no log-prefix=""
PS > ping checkipv6.dedyn.ioAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=239ms
Statistics: Posted by diasdm — Tue Mar 19, 2024 4:34 am
Statistics: Posted by hjf — Tue Mar 19, 2024 4:32 am
Statistics: Posted by diasdm — Tue Mar 19, 2024 4:27 am
Statistics: Posted by sirca — Tue Mar 19, 2024 4:26 am
cake-diffserv=diffserv4 cake-flowmode=dual-[src/dst]host cake-nat=yes
cake-diffserv=besteffort cake-flowmode=triple-isolate cake-nat=no
Statistics: Posted by mke — Tue Mar 19, 2024 4:14 am
Statistics: Posted by inteq — Tue Mar 19, 2024 4:08 am
Statistics: Posted by jlpedrosa — Tue Mar 19, 2024 4:06 am
[admin@MikroTik_CRS317] /system/health> printColumns: NAME, VALUE, TYPE# NAME VALUE TYPE0 cpu-temperature 35 C 1 fan1-speed 3765 RPM 2 fan2-speed 3720 RPM 3 psu1-state ok 4 psu2-state ok [admin@MikroTik_CRS317] /system/health>
Statistics: Posted by sirca — Tue Mar 19, 2024 4:03 am
Statistics: Posted by kevinds — Tue Mar 19, 2024 3:42 am
Statistics: Posted by tovi — Tue Mar 19, 2024 3:02 am
Statistics: Posted by anav — Tue Mar 19, 2024 2:43 am
Statistics: Posted by robkampen — Tue Mar 19, 2024 2:40 am
# 2024-03-18 19:38:06 by RouterOS 7.12.2# model = C52iG-5HaxD2HaxD/interface bridgeadd admin-mac=XXXXXXXX auto-mac=no comment=defconf name=bridge/interface wifiwave2set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\ 10min-cac .width=20/40/80mhz configuration.mode=ap .ssid="Mikro5g" \ disabled=no security.authentication-types=wpa2-psk,wpa3-pskset [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\ 10min-cac .width=20/40mhz configuration.mode=ap .ssid=MikroTik-E74BB0 \ disabled=no security.authentication-types=wpa2-psk,wpa3-psk/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/ip pooladd name=default-dhcp ranges=10.0.1.10-10.0.1.254/ip dhcp-serveradd address-pool=default-dhcp disabled=yes interface=bridge lease-time=8h \ name=defconf/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=wifi1add bridge=bridge comment=defconf interface=wifi2add bridge=bridge comment=defconf interface=ether1/ip neighbor discovery-settingsset discover-interface-list=LAN/interface detect-internetset detect-interface-list=LAN internet-interface-list=LAN lan-interface-list=\ LAN wan-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=LANadd interface=wireguard1 list=LAN/interface wireguard peersadd allowed-address=192.168.100.2/32 interface=wireguard1 public-key=\ "XXXXXXXXXXXXXXXXXXXXX"/ip addressadd address=10.0.1.0/24 comment=defconf interface=bridge network=10.0.1.0add address=192.168.100.1/24 interface=wireguard1 network=192.168.100.0/ip dhcp-client# DHCP client can not run on slave or passthrough interface!add comment=defconf interface=ether1/ip dhcp-server networkadd address=10.0.1.0/24 comment=defconf dns-server=10.0.1.1 gateway=10.0.1.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=10.0.1.1 comment=defconf disabled=yes name=router.lan/ip firewall filteradd action=accept chain=input comment="Allow wireguard" dst-port=13231 \ protocol=udpadd action=accept chain=input comment="Allow wiregurad traffic" src-address=\ 192.168.100.0/24add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ all-ethernet protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ all-wireless protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ bridge protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system clockset time-zone-name=America/New_York/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN
[Interface]PrivateKey = xxxxxxxxxxxxxxxxxxAddress = 192.168.100.2/32DNS = 192.168.100.1[Peer]PublicKey = xxxxxxxxxxxxxxxxxxxxAllowedIPs = 0.0.0.0/0Endpoint = xxxxxxxxxxxxxxxxxx
Statistics: Posted by badger — Tue Mar 19, 2024 1:59 am
ip firewall address-list:local update do={:do {:local data ([:tool fetch url=$url output=user as-value]->"data"):local array [find dynamic list=blacklist]:foreach value in=$array do={:set array (array,[get $value address])}:while ([:len $data]!=0) do={:if ([:pick $data 0 [:find $data "\n"]]~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}") do={:local ip ([:pick $data 0 [:find $data $delimiter]].$cidr):do {add list=blacklist address=$ip comment=$description timeout=1d} on-error={:do {set ($array->([:find $array $ip]-[:len $array]/2)) timeout=1d} on-error={}}}:set data [:pick $data ([:find $data "\n"]+1) [:len $data]]}} on-error={:log warning "Address list <$description> update failed"}}$update url=https://www.spamhaus.org/drop/drop.txt description="Spamhaus DROP" delimiter=("\_")$update url=https://www.spamhaus.org/drop/edrop.txt description="Spamhaus EDROP" delimiter=("\_")
Statistics: Posted by UkRainUa — Tue Mar 19, 2024 1:56 am
Statistics: Posted by Cha0s — Tue Mar 19, 2024 1:49 am
Statistics: Posted by neki — Tue Mar 19, 2024 1:33 am
Statistics: Posted by jacobbailey — Tue Mar 19, 2024 1:28 am
Statistics: Posted by Scoox — Tue Mar 19, 2024 1:25 am
Statistics: Posted by Kaldek — Tue Mar 19, 2024 12:41 am
Statistics: Posted by jaclaz — Tue Mar 19, 2024 12:38 am
Statistics: Posted by LeoNaXe — Tue Mar 19, 2024 12:25 am
# NTPdo { /system clock set time-zone-name=Greenwich ntp client set enabled=yes ntp client set primary-ntp=0.0.0.0 ntp client set secondary-ntp=0.0.0.0} on-error= { :put "Ignoring - RouterOS v7" }do { /system clock set time-zone-name=Greenwich ntp client set enabled=yes ntp client servers add address=0.0.0.0 ntp client servers add address=0.0.0.0} on-error={ :put "Ignoring - RouterOSv6" }
Statistics: Posted by greggio — Tue Mar 19, 2024 12:21 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:15 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:13 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:10 am
Statistics: Posted by inna — Tue Mar 19, 2024 12:05 am
Statistics: Posted by LeoNaXe — Tue Mar 19, 2024 12:03 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:03 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:02 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:00 am
Statistics: Posted by inna — Mon Mar 18, 2024 11:54 pm
prefix-hint=::/60
Statistics: Posted by mkx — Mon Mar 18, 2024 11:48 pm
do you mean via RADIUS?Please make dynamic vlan assignment possible for wifi-qcom-ac wireless driver
Statistics: Posted by hoboristi — Mon Mar 18, 2024 11:47 pm
Statistics: Posted by Hominidae — Mon Mar 18, 2024 11:40 pm
Statistics: Posted by Trilis — Mon Mar 18, 2024 11:38 pm
Statistics: Posted by mkx — Mon Mar 18, 2024 11:38 pm
Statistics: Posted by brad0x52 — Mon Mar 18, 2024 11:38 pm
Statistics: Posted by jaclaz — Mon Mar 18, 2024 11:29 pm
# 2024-03-18 23:02:05 by RouterOS 7.14.1# software id = SHWC-BANU## model = CRS109-8G-1S-2HnD# serial number = D54E0D114A32/interface bridgeadd admin-mac=08:55:31:62:27:46 auto-mac=no comment=defconf igmp-snooping=yes \ igmp-version=3 mld-version=2 multicast-querier=yes name=bridge \ port-cost-mode=short/interface ethernetset [ find default-name=ether1 ] mac-address=30:EB:25:24:6E:CC/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ country=estonia disabled=no distance=indoors frequency=2432 installation=\ indoor mode=ap-bridge ssid=OhanaKii wireless-protocol=802.11/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\ dynamic-keys supplicant-identity=MikroTik/ip pooladd name=dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=1d10m name=defconf/portset 0 name=serial0/interface bridge filteradd action=drop chain=output out-interface=wlan1 packet-type=multicast/interface bridge portadd bridge=bridge comment=defconf ingress-filtering=no interface=ether2 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether6 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether7 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether8 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 \ internal-path-cost=10 path-cost=10/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=LAN/ip settingsset max-neighbor-entries=8192/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface detect-internetset detect-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/interface ovpn-server serverset auth=sha1,md5/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server leaseadd address=192.168.88.251 client-id=1:be:86:fb:f1:c9:a0 mac-address=\ BE:86:FB:F1:C9:A0 server=defconfadd address=192.168.88.249 client-id=1:72:5b:69:25:b2:7e mac-address=\ 72:5B:69:25:B2:7E server=defconf/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf gateway=192.168.88.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=accept chain=input in-interface=ether1 protocol=udpadd action=accept chain=forward in-interface=ether1 protocol=udpadd action=accept chain=input in-interface=ether1 protocol=igmpadd action=accept chain=forward in-interface=ether1 protocol=igmpadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid disabled=yesadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ disabled=yes in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid disabled=yesadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new disabled=yes in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/lcdset time-interval=hour/routing bfd configurationadd disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5/routing igmp-proxy interfaceadd alternative-subnets=0.0.0.0/0 interface=ether1 upstream=yesadd interface=bridge/system clockset time-zone-name=Europe/Tallinn/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN
Statistics: Posted by kvitek79 — Mon Mar 18, 2024 11:18 pm
Statistics: Posted by h1ghrise — Mon Mar 18, 2024 11:17 pm
Statistics: Posted by mabels — Mon Mar 18, 2024 11:11 pm
Statistics: Posted by kevinds — Mon Mar 18, 2024 11:10 pm
Statistics: Posted by LeoNaXe — Mon Mar 18, 2024 11:05 pm
# mar/18/2024 21:48:07 by RouterOS 7.8## model = RB760iGS/interface bridgeadd ingress-filtering=no name=bridge1 vlan-filtering=yes/interface ethernetset [ find default-name=ether5 ] poe-out=offset [ find default-name=sfp1 ] disabled=yes/interface vlan# ISP VLANsadd interface=bridge1 name=vlan_isp_fn_12 vlan-id=12add interface=bridge1 name=vlan_isp_ks_13 vlan-id=13add interface=bridge1 name=vlan_isp_vg_11 vlan-id=11# local VLANsadd interface=bridge1 name=vlan_mngt_100 vlan-id=100add interface=bridge1 name=vlan_pako_101 vlan-id=101/interface listadd name=LANadd name=ISP/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/portset 0 name=serial0/interface bridge port# WANsadd bridge=bridge1 interface=ether1 pvid=11add bridge=bridge1 interface=ether2 pvid=12add bridge=bridge1 interface=ether3 pvid=13# trunk for WAN and LANadd bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether4/ip neighbor discovery-settingsset discover-interface-list=LAN/interface bridge vlan# WAN (for test env use only 2)add bridge=bridge1 tagged=ether4 untagged=ether1 vlan-ids=11add bridge=bridge1 tagged=ether4 untagged=ether2 vlan-ids=12add bridge=bridge1 tagged=bridge1,ether4 vlan-ids=100add bridge=bridge1 tagged=bridge1,ether4 vlan-ids=101/interface list memberadd interface=ether4 list=LANadd interface=ether5 list=LANadd interface=vlan_mngt_100 list=LANadd interface=bridge1 list=LANadd interface=vlan_pako_101 list=LAN/ip dhcp-clientadd interface=vlan_mngt_100/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=noset api disabled=yesset api-ssl disabled=yes/system clockset time-zone-name=Europe/Kiev/system identityset name=pk-r00
# 2024-03-18 21:49:32 by RouterOS 7.12.1## model = RBD53iG-5HacD2HnD/interface bridgeadd admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no comment=defconf \ ingress-filtering=no name=bridge vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] mac-address=yy:yy:yy:yy:yy:yyset [ find default-name=ether5 ] poe-out=off/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\ MikroTik-EF0AC4 wireless-protocol=802.11set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \ mode=ap-bridge ssid=pk-wt_0x24v wireless-protocol=802.11/interface vlan# WANadd interface=ether1 name=vlan_isp_fn_12 vlan-id=12add interface=ether1 name=vlan_isp_ks_13 vlan-id=13add interface=ether1 name=vlan_isp_vg_11 vlan-id=11# LANadd interface=bridge name=vlan_mngt_100 vlan-id=100add interface=bridge name=vlan_pako_101 vlan-id=101/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=pool_mngt ranges=192.168.100.2-192.168.100.10add name=pool_pako ranges=192.168.101.100-192.168.101.150/ip dhcp-serveradd address-pool=pool_pako interface=vlan_pako_101 lease-time=521w3d23h59m59s name=dhcp_pakoadd address-pool=pool_mngt interface=vlan_mngt_100 lease-time=521w3d10m name=dhcp_mngt/routing tableadd fib name=isp_vgadd fib name=isp_fnadd fib name=isp_ks/interface bridge portadd bridge=bridge interface=ether2 pvid=101add bridge=bridge interface=ether5add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1/ip firewall connection trackingset loose-tcp-tracking=no/ip neighbor discovery-settingsset discover-interface-list=LAN/ip settingsset rp-filter=loose/interface bridge vlan# only local VLANs, no WAN VALNsadd bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=101add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=100/interface list memberadd comment=defconf interface=bridge list=LANadd interface=vlan_isp_vg_11 list=WANadd interface=vlan_isp_fn_12 list=WANadd interface=vlan_isp_ks_13 list=WANadd interface=ether2 list=LANadd interface=vlan_pako_101 list=LANadd interface=vlan_mngt_100 list=LAN/ip addressadd address=192.168.100.1/24 interface=vlan_mngt_100 network=192.168.100.0add address=192.168.101.1/24 interface=vlan_pako_101 network=192.168.101.0/ip dhcp-client# ISP with static adress, but obtain from DHCP (by ISP rules)add add-default-route=no interface=vlan_isp_fn_12 use-peer-dns=no use-peer-ntp=no# ISP DHCP. script for change routingadd add-default-route=no interface=vlan_isp_vg_11 script=":if (\$bound=1) do={\ \r\ \n /ip/route/set [find gateway!=\$\"gateway-address\" and comment=\"isp\ _vg_monitor\"] gateway=\$\"gateway-address\"\r\ \n :local msg (\"isp_vg_monitor:: ip has been changed. ip: \" . \$\"lea\ se-address\" . \"; gw:\" . \$\"gateway-address\");\r\ \n :log info \$msg;\r\ \n}\r\ \n" use-peer-dns=no use-peer-ntp= no/ip dhcp-server networkadd address=192.168.100.0/24 gateway=192.168.100.1 netmask=24add address=192.168.101.0/24 dns-server=192.168.101.1 gateway=192.168.101.1 netmask=24/ip dnsset allow-remote-requests=yes servers=8.8.8.8,9.9.9.9/ip dns staticadd address=192.168.100.1 comment=defconf name=r01.pako.lan# default config/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN# "copypaste" from @pcunit forum topic https://forum.mikrotik.com/viewtopic.php?t=192736/ip firewall mangleadd action=mark-connection chain=prerouting connection-state=new \ in-interface=vlan_isp_vg_11 new-connection-mark=isp_vg_wan passthrough=\ yesadd action=mark-routing chain=prerouting connection-mark=isp_vg_wan \ in-interface-list=LAN new-routing-mark=isp_vg passthrough=yesadd action=mark-connection chain=prerouting connection-state=new \ in-interface=vlan_isp_fn_12 new-connection-mark=isp_fn_wan passthrough=\ yesadd action=mark-routing chain=prerouting connection-mark=isp_fn_wan \ in-interface-list=LAN new-routing-mark=isp_fn passthrough=yesadd action=mark-connection chain=input connection-state=new in-interface=\ vlan_isp_vg_11 new-connection-mark=isp_vg_wan passthrough=yesadd action=mark-routing chain=output connection-mark=isp_vg_wan \ new-routing-mark=isp_vg passthrough=yesadd action=mark-connection chain=input connection-state=new in-interface=\ vlan_isp_fn_12 new-connection-mark=isp_fn_wan passthrough=yesadd action=mark-routing chain=output connection-mark=isp_fn_wan \ new-routing-mark=isp_fn passthrough=yes/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN# "copypaste" from @pcunit forum topic https://forum.mikrotik.com/viewtopic.php?t=192736/ip route# real ISP with static IPadd comment=isp_fn_monitor disabled=no distance=2 dst-address=1.1.1.1/32 \ gateway=xxx.xxx.xxx.xxx pref-src="" routing-table=main scope=10 \ suppress-hw-offload=no target-scope=11add check-gateway=ping comment=isp_fn_gw distance=2 dst-address=0.0.0.0/0 \ gateway=1.1.1.1 scope=10 target-scope=12add comment=isp_fn_wan distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ routing-table=isp_fn scope=10 target-scope=12# for a test for second ISP i use my other network, and OpenDNS IP for check internetadd comment=isp_vg_monitor disabled=no distance=1 dst-address=\ 208.67.222.222/32 gateway=192.168.76.1 pref-src="" routing-table=main \ scope=10 suppress-hw-offload=no target-scope=11add check-gateway=ping comment=isp_vg_gw distance=1 dst-address=0.0.0.0/0 \ gateway=208.67.222.222 scope=10 target-scope=12add comment=isp_vg_wan disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ 208.67.222.222 pref-src="" routing-table=isp_vg scope=10 \ suppress-hw-offload=no target-scope=12# default config/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6# default config/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN# "copypaste" from @pcunit forum topic https://forum.mikrotik.com/viewtopic.php?t=192736/routing ruleadd action=lookup-only-in-table disabled=no dst-address=192.168.101.0/24 table=mainadd action=lookup-only-in-table disabled=no dst-address=192.168.100.0/24 table=main# I should disable this rule by netwatch, because if ISP2 is down 192.168.101.0 not switch to other ISPsadd action=lookup comment=pako_route_rule_fn disabled=no dst-address="" src-address=192.168.101.0/24 table=isp_fn/system clockset time-zone-name=Europe/Kiev/system identityset name=pk-wt01/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN/tool netwatchadd disabled=no down-script="/routing/rule/set [find comment=\"pako_route_rule\ _fn\"] disabled=yes\r\ \n:log info \"fn_down\"" host=1.1.1.1 http-codes="" interval=10s \ test-script="" type=simple up-script="/routing/rule/set [find comment=\"pa\ ko_route_rule_fn\"] disabled=no\r\ \n:log info \"fn_up\"\r\ \n"
Statistics: Posted by coreshock — Mon Mar 18, 2024 11:05 pm
Statistics: Posted by anav — Mon Mar 18, 2024 11:03 pm
Statistics: Posted by Hominidae — Mon Mar 18, 2024 11:03 pm
Statistics: Posted by kevinds — Mon Mar 18, 2024 11:01 pm
Statistics: Posted by jaclaz — Mon Mar 18, 2024 11:00 pm
Statistics: Posted by anav — Mon Mar 18, 2024 10:59 pm
Statistics: Posted by neki — Mon Mar 18, 2024 10:58 pm
Statistics: Posted by LeoNaXe — Mon Mar 18, 2024 10:58 pm
Statistics: Posted by LeoNaXe — Mon Mar 18, 2024 10:56 pm
Statistics: Posted by anav — Mon Mar 18, 2024 10:56 pm
Statistics: Posted by donmunyak — Mon Mar 18, 2024 10:54 pm
/interface wireguardadd listen-port=13231 private-key="private_key_from_provider" name=wireguard1/interface wireguard peersadd allowed-address=0.0.0.0/0 endpoint-address=5.172.196.95 endpoint-port="wireguard_port" interface=wireguard1 public-key="public_key_of_provider"/ip addressadd address=192.168.32.2xx/30 network=192.168.32.0 interface=wireguard1/ip routeadd dst-address=0.0.0.0 gateway=192.168.32.1add dst-address=5.172.196.95 gateway=192.168.1.1 distance=1add dst-address=5.172.196.95 gateway=192.168.2.1 distance=5
Statistics: Posted by LeoNaXe — Mon Mar 18, 2024 10:51 pm