Statistics: Posted by kevinds — Thu Mar 28, 2024 9:49 am
Statistics: Posted by kevinds — Thu Mar 28, 2024 9:48 am
Statistics: Posted by petardo — Thu Mar 28, 2024 9:44 am
Statistics: Posted by wispmikrotik — Thu Mar 28, 2024 9:38 am
Statistics: Posted by gabrielpc1190 — Thu Mar 28, 2024 9:31 am
Statistics: Posted by ccz117 — Thu Mar 28, 2024 9:19 am
Statistics: Posted by petardo — Thu Mar 28, 2024 9:19 am
Statistics: Posted by jhbarrantes — Thu Mar 28, 2024 9:16 am
Statistics: Posted by eddieb — Thu Mar 28, 2024 9:11 am
Statistics: Posted by petardo — Thu Mar 28, 2024 9:05 am
/routing/table/add name=route_to_R3 fib/ip address add address=192.168.1.11/24 interface=ether1 network=192.168.1.0/ip firewall nat add action=src-nat chain=srcnat place-before=0 to-addresses=192.168.1.11 routing-mark=route_to_R3/ip firewall mangle add action=mark-routing chain=prerouting comment="Mark comp to R3" dst-address-list=!my_int_ip in-interface-list=LAN new-routing-mark=route_to_R3 passthrough=no src-address-list=comp_to_R3
/ip firewall address-list add address=192.168.1.11 list=comp_to_R3
Statistics: Posted by guru431 — Thu Mar 28, 2024 8:50 am
Statistics: Posted by normis — Thu Mar 28, 2024 8:19 am
Statistics: Posted by danriis — Thu Mar 28, 2024 8:18 am
Statistics: Posted by Archous — Thu Mar 28, 2024 7:54 am
Statistics: Posted by normis — Thu Mar 28, 2024 7:40 am
Statistics: Posted by CaptainRisky — Thu Mar 28, 2024 7:39 am
Statistics: Posted by gigabyte091 — Thu Mar 28, 2024 5:30 am
/interface bridgeadd admin-mac= auto-mac=no comment=defconf name=bridge/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ disabled=no distance=indoors frequency=auto installation=indoor mode=\ ap-bridge ssid="Hap lite" wireless-protocol=802.11/interface ovpn-clientadd certificate=cert_ovpn-import1711582176 cipher=aes128-cbc connect-to=\ us1.freeopenvpn.online disabled=yes mac-address=FE:1F:0B:94:95:61 name=\ freevpn port=443 user=freeopenvpn verify-server-certificate=yes/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\ dynamic-keys supplicant-identity=MikroTik/ip pooladd name=dhcp ranges=192.168.1.10-192.168.1.254/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=10m name=defconf/routing tableadd disabled=no fib name=vpnroute/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=pwr-line1add bridge=bridge comment=defconf interface=wlan1/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/ip addressadd address=192.168.1.1/24 comment=defconf interface=bridge network=\ 192.168.1.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server networkadd address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 gateway=\ 192.168.1.1 netmask=24/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.1.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall mangleadd action=mark-routing chain=prerouting new-routing-mark=vpnroute \ passthrough=yes src-address=192.168.1.251/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN# freevpn not readyadd action=masquerade chain=srcnat out-interface=freevpn/ip routeadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.231.1 \ routing-table=vpnroute suppress-hw-offload=no/ip upnpset enabled=yes show-dummy-rule=no/ip upnp interfacesadd interface=bridge type=internaladd interface=ether1 type=external/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" \ dst-port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system clockset time-zone-name=Africa/Nairobi/system ledsadd interface=wlan1 leds=user-led type=interface-activity/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=time.google.com/system scheduleradd comment="Restarting router every day." interval=1h name=Reboot on-event=\ "/system reboot" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2024-03-28 start-time=09:57:32/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN#error exporting "/tool/sms"
Statistics: Posted by kenkit — Thu Mar 28, 2024 5:05 am
bullshit: if the IP changes, the previous connection to an IP that no longer exists doesn't make the slightest sense.3. **No Interruption of Active Connections**: The script updates only new connections with the new external IP, leaving existing connections unaffected to avoid disruptions.
bullshit: there is already the part for scripts in the pppoe profile, just use the appropriate function without creating useless scripts or schedulers.4. **Automatic Scheduling**: The script is configured to run periodically (e.g., every minute) through the MikroTik's scheduler, ensuring that the NAT 1:1 rules are always up-to-date.
Statistics: Posted by dbuzatto — Thu Mar 28, 2024 4:35 am
Statistics: Posted by dalami — Thu Mar 28, 2024 4:05 am
Statistics: Posted by mikrochad — Thu Mar 28, 2024 4:01 am
Statistics: Posted by djferdinad — Thu Mar 28, 2024 3:40 am
/system logging add disabled=no topics=fetch
Statistics: Posted by UkRainUa — Thu Mar 28, 2024 3:13 am
Statistics: Posted by loloski — Thu Mar 28, 2024 3:06 am
Statistics: Posted by G00dm4n — Thu Mar 28, 2024 2:59 am
Statistics: Posted by anav — Thu Mar 28, 2024 2:14 am
Statistics: Posted by DuctView — Thu Mar 28, 2024 1:27 am
Statistics: Posted by oscar120584 — Thu Mar 28, 2024 12:57 am
Statistics: Posted by kenkit — Thu Mar 28, 2024 12:56 am
Statistics: Posted by djferdinad — Thu Mar 28, 2024 12:47 am
Statistics: Posted by kevinds — Thu Mar 28, 2024 12:41 am
/interface wifi datapath add bridge=bridge1 disabled=no name=vlan10_employees vlan-id=10/interface wifi datapath add bridge=bridge1 disabled=no name=vlan80_guests vlan-id=80/interface wifi set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=vlan10_employees disabled=no/interface wifi set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=vlan10_employees disabled=no/interface wifi cap set caps-man-addresses=10.0.99.1 enabled=yes slaves-datapath=vlan80_guests slaves-static=no
Statistics: Posted by carcuevas — Thu Mar 28, 2024 12:33 am
Statistics: Posted by t0mm13b — Thu Mar 28, 2024 12:26 am
Statistics: Posted by tangent — Thu Mar 28, 2024 12:25 am
Statistics: Posted by Amm0 — Thu Mar 28, 2024 12:21 am
Statistics: Posted by kevinds — Thu Mar 28, 2024 12:19 am
/ip/dhcp-server/lease/remove [find where dynamic]
Statistics: Posted by tangent — Thu Mar 28, 2024 12:15 am
Statistics: Posted by anav — Thu Mar 28, 2024 12:14 am
It is very common on other consumer e.g. wifi access points to print the passphrase of the default pre-configured SSID on a label on the backside of the device. MT did it the other way: print admin password on the sticker -> but create a SSID without passphrase in default configuration script. ROFLMAOBut it won't happen. MikroTik are just stubborn in their ways.
Statistics: Posted by infabo — Thu Mar 28, 2024 12:13 am
Statistics: Posted by anav — Thu Mar 28, 2024 12:04 am
Statistics: Posted by tjr — Thu Mar 28, 2024 12:01 am
Statistics: Posted by Cha0s — Wed Mar 27, 2024 11:58 pm
/interface bridgeadd ingress-filtering=no name=bridge /interface listadd name=management/interface wirelessset [ find default-name=wlan2 ] band=5ghz-onlyac channel-width=20/40mhz-Ce country=canada disabled=no frequency=5500 \ mode=ap-bridge name=home5GIG security-profile=home_Security skip-dfs-channels=all ssid=NoPain-NoGain wireless-protocol=\ 802.11 wmm-support=enabled wps-mode=disabledset [ find default-name=wlan1 ] band=2ghz-g/n basic-rates-b="" country=canada disabled=no frequency=2437 mode=ap-bridge \ name=home2.4GIG rate-set=configured security-profile=media_Security skip-dfs-channels=all ssid=Media \ supported-rates-b=11Mbps wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled/interface bridge portadd bridge=bridge interface=ether1 (from upstream router)add bridge=bridge interface=ether2 ( assuming wired connection to PC etc. )add bridge=bridge interface=ether3 ( assuming wired connection to another device )add bridge=bridge interface=ether4 ( assuming wired connection to another device )add bridge=bridge interface=ether5 ( assuming wired connection to another device )add bridge=bridge interface=home5GIGadd bridge=bridge interface=home2.4GIG/ip neighbor discovery-settingsset discover-interface-list=management/ip addressadd address=192.168.0.63/24 interface=bridge network=192.168.0.0 comment="IP of AX3 on home subnet"/ip dnsset allow-remote-requests=yes servers=192.168.0.1 /ip routeadd dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh address=x.x.x.xset api disabled=yesset api-ssl disabled=yes/tool mac-serverset allowed-interface-list=none/tool mac-server mac-winboxset allowed-interface-list=management
Statistics: Posted by anav — Wed Mar 27, 2024 11:52 pm
Statistics: Posted by djferdinad — Wed Mar 27, 2024 11:42 pm
Statistics: Posted by iustin — Wed Mar 27, 2024 11:23 pm
Statistics: Posted by carcuevas — Wed Mar 27, 2024 11:18 pm
Statistics: Posted by iustin — Wed Mar 27, 2024 11:00 pm
Statistics: Posted by djhiron — Wed Mar 27, 2024 10:46 pm
/ip firewall filteradd action=accept chain=forward src-address=10.20.0.0/16 dst-address=10.30.0.0/16
/ip firewall filteradd action=accept chain=forward src-address-list="address_list" dst-address-list="same_address_list"
/ip firewall natadd action=netmap chain=dstnat dst-address=172.16.0.0/16 in-interface=ether2 to-addresses=10.20.0.0/16
Statistics: Posted by abdurraufrafli — Wed Mar 27, 2024 10:45 pm
Statistics: Posted by IgoRR — Wed Mar 27, 2024 10:28 pm
Statistics: Posted by TheCat12 — Wed Mar 27, 2024 10:18 pm
Statistics: Posted by wumper — Wed Mar 27, 2024 10:05 pm
/interface bridge portadd bridge=bridge-LAN interface=ether2add bridge=bridge-LAN interface=ether3add bridge=bridge-LAN interface=ether4add bridge=bridge-LAN interface=ether5 pvid=30add bridge=bridge-LAN interface=ether6 pvid=10add bridge=bridge-LAN interface=ether7 pvid=10add bridge=bridge-LAN interface=ether8 pvid=88/interface vlanadd interface=bridge-LAN name=vlan10 vlan-id=10add interface=bridge-LAN name=vlan20 vlan-id=20add interface=bridge-LAN name=vlan30 vlan-id=30add interface=bridge-LAN name=vlan88-mgmt vlan-id=88/ip addressadd address=192.168.10.1/24 interface=vlan10 network=192.168.10.0add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0add address=192.168.30.1/24 interface=vlan30 network=192.168.30.0add address=192.168.88.1/24 interface=vlan88-mgmt network=192.168.88.0/ip pooladd name=VLAN10 ranges=192.168.10.110-192.168.10.199add name=VLAN20 ranges=192.168.20.110-192.168.20.199 add name=VLAN30 ranges=192.168.30.110-192.168.30.199add name=VLAN88-MGMT ranges=192.168.88.110-192.168.88.199/ip dhcp-server networkadd network=192.168.10.0/24 gateway=192.168.10.1add network=192.168.20.0/24 gateway=192.168.20.1add network=192.168.30.0/24 gateway=192.168.30.1add network=192.168.88.0/24 gateway=192.168.88.1/ip dhcp-serveradd address-pool=VLAN10 interface=vlan10 lease-time=1w name=DHCP-10add address-pool=VLAN20 interface=vlan20 lease-time=1w name=DHCP-20add address-pool=VLAN30 interface=vlan30 lease-time=1w name=DHCP-30add address-pool=VLAN88-MGMT interface=vlan88-mgmt lease-time=1w name=DHCP-88/interface bridge vlanadd bridge=bridge-LAN tagged=bridge-LAN,ether3,ether4 vlan-ids=10add bridge=bridge-LAN tagged=bridge-LAN,ether2 vlan-ids=20add bridge=bridge-LAN tagged=bridge-LAN,ether2,ether3,ether4 vlan-ids=30add bridge=bridge-LAN tagged=bridge-LAN,ether3,ether4 vlan-ids=88/interface bridge set bridge-LAN vlan-filtering=yes#upper hap/interface bridge add name=bridge/interface bridge portadd bridge=bridge interface=ether1add bridge=bridge interface=ether2add bridge=bridge interface=ether3add bridge=bridge interface=ether4add bridge=bridge interface=ether5add bridge=bridge interface=ether8/interface vlan add interface=bridge name=vlan88-mgmt vlan-id=88/ip dhcp-client add interface=vlan88/interface ethernet switch vlanadd ports=ether1,ether2,ether3,ether4 switch=switch1 vlan-id=20add ports=ether1,ether5,ether8 switch=switch1 vlan-id=30add ports=switch1-cpu,ether1 switch=switch1 vlan-id=88/interface ethernet switch portset ether1 vlan-header=add-if-missing vlan-mode=secureset ether2 default-vlan-id=20 vlan-header=always-strip vlan-mode=secureset ether3 default-vlan-id=20 vlan-header=always-strip vlan-mode=secureset ether4 default-vlan-id=20 vlan-header=always-strip vlan-mode=secureset ether5 default-vlan-id=30 vlan-header=always-strip vlan-mode=secureset ether8 default-vlan-id=30 vlan-header=always-strip vlan-mode=secureset switch1-cpu vlan-mode=secure#middle hap/interface bridge add name=bridge/interface bridge portadd bridge=bridge interface=ether1add bridge=bridge interface=ether2add bridge=bridge interface=ether3add bridge=bridge interface=ether5/interface vlan add interface=bridge name=vlan88-mgmt vlan-id=88/ip dhcp-client add interface=vlan88/interface ethernet switch vlanadd ports=ether1,ether2,ether3 switch=switch1 vlan-id=10add ports=ether1,ether5 switch=switch1 vlan-id=30add ports=switch1-cpu,ether1 switch=switch1 vlan-id=88/interface ethernet switch portset ether1 vlan-header=add-if-missing vlan-mode=secureset ether2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secureset ether3 default-vlan-id=10 vlan-header=always-strip vlan-mode=secureset ether5 default-vlan-id=30 vlan-header=always-strip vlan-mode=secureset switch1-cpu vlan-mode=secure#lower hap/interface bridge add name=bridge/interface bridge portadd bridge=bridge interface=ether1add bridge=bridge interface=ether2add bridge=bridge interface=ether5/interface vlan add interface=bridge name=vlan88-mgmt vlan-id=88/ip dhcp-client add interface=vlan88/interface ethernet switch vlanadd ports=ether1,ether2 switch=switch1 vlan-id=10add ports=ether1,ether5 switch=switch1 vlan-id=30add ports=switch1-cpu,ether1 switch=switch1 vlan-id=88/interface ethernet switch portset ether1 vlan-header=add-if-missing vlan-mode=secureset ether2 default-vlan-id=10,88 vlan-header=always-strip vlan-mode=secureset ether5 default-vlan-id=30 vlan-header=always-strip vlan-mode=secureset switch1-cpu vlan-mode=secure
Statistics: Posted by TheCat12 — Wed Mar 27, 2024 9:53 pm
Statistics: Posted by sterling — Wed Mar 27, 2024 9:53 pm
In the heart of an incredibly RF and people dense city, in a huge apartment building, I don't have a choice but to use DFS channels.
Statistics: Posted by Josephny — Wed Mar 27, 2024 9:50 pm
Statistics: Posted by infabo — Wed Mar 27, 2024 9:39 pm
{ :local pkgs ("routeros"); :local archs {"arm64"; "arm"}; # Example: https://cdn.mikrotik.com/routeros/7.14.2/routeros-7.14.2-arm.npk :local mode "https" :local downloaddomain "cdn.mikrotik.com" :log info "Refreshing CAP packages files..." # do NOT include the leading slash, or file check will always fail :local upgradedir "firmware" /system/package/update check-for-updates once :delay 3s; :local curVer [/system/package/update/get installed-version] :local newVer [/system/package/update/get latest-version] :foreach pkg in=$pkgs do={ :foreach arch in=$archs do={ :local oldPkgName "$pkg-$curVer-$arch.npk" :local newPkgName "$pkg-$newVer-$arch.npk" :log debug "Current package name: $oldPkgName" :log debug "New package name: $newPkgName" :local exists [:len [/file/find name="$upgradedir/$newPkgName"]] :if ($exists = 0) do={ :local path [ :put "/routeros/$newVer/$newPkgName" ] :log info " => Downloading package v$newVer for $arch from $mode://$downloaddomain$path" /tool fetch http-method=get address="$downloaddomain" mode=$mode src-path="$path" dst-path="$upgradedir/$newPkgName" :if ($oldPkgName != $newPkgName) do { /file/remove "$upgradedir/$pkg-$curVer-$arch.npk" } } } }}
wget https://cdn.mikrotik.com/routeros/7.14.2/routeros-7.14.2-arm64.npk--2024-03-27 15:36:37-- https://cdn.mikrotik.com/routeros/7.14.2/routeros-7.14.2-arm64.npkResolving cdn.mikrotik.com (cdn.mikrotik.com)... 159.148.147.244Connecting to cdn.mikrotik.com (cdn.mikrotik.com)|159.148.147.244|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 12212134 (12M) [application/octet-stream]Saving to: ‘routeros-7.14.2-arm64.npk’routeros-7.14.2-arm64.npk 100%[==============================================>] 11.65M 8.36MB/s in 1.4s 2024-03-27 15:36:40 (8.36 MB/s) - ‘routeros-7.14.2-arm64.npk’ saved [12212134/12212134]
[xenhat@router] > /tool fetch http-method=get address=cdn.mikrotik.com mode=https src-path=/routeros/7.14.2/routeros-7.14.2-arm64.npk status: failedfailure: Fetch failed with status 403
Statistics: Posted by Xenhat — Wed Mar 27, 2024 9:34 pm
Statistics: Posted by cmmike — Wed Mar 27, 2024 9:23 pm
Statistics: Posted by thejassman — Wed Mar 27, 2024 9:19 pm
Statistics: Posted by cmmike — Wed Mar 27, 2024 9:19 pm
Statistics: Posted by pe1chl — Wed Mar 27, 2024 9:17 pm
Statistics: Posted by pe1chl — Wed Mar 27, 2024 9:13 pm
Statistics: Posted by Ca6ko — Wed Mar 27, 2024 9:09 pm
/ip firewall natadd action=masquerade chain=srcnat out-interface="Bell PPPoE" src-address=192.168.1.0/24add action=masquerade chain=srcnat out-interface="Bell PPPoE" src-address=192.168.2.0/24add action=masquerade chain=srcnat out-interface="Bell PPPoE" src-address=192.168.3.0/24add action=masquerade chain=srcnat out-interface="Bell PPPoE" src-address=10.0.10.0/24
/ip firewall natadd action=masquerade chain=srcnat out-interface="Bell PPPoE"
Statistics: Posted by Chouby — Wed Mar 27, 2024 9:06 pm
Statistics: Posted by holvoetn — Wed Mar 27, 2024 9:03 pm
/ip firewall filteradd action=accept chain=forward src-address=10.20.0.0/16 dst-address=10.30.0.0/16
/ip firewall filteradd action=accept chain=forward src-address-list="address_list" dst-address-list="same_address_list"
/ip firewall natadd action=netmap chain=dstnat dst-address=172.16.0.0/16 in-interface=ether2 to-addresses=10.20.0.0/16
Statistics: Posted by TheCat12 — Wed Mar 27, 2024 8:49 pm
Statistics: Posted by changeip — Wed Mar 27, 2024 8:39 pm
Statistics: Posted by t0mm13b — Wed Mar 27, 2024 8:38 pm
Statistics: Posted by holvoetn — Wed Mar 27, 2024 8:38 pm
# 2024-03-26 10:37:28 by RouterOS 7.14.1# software id = E10X-RDVX## model = RB5009UPr+S+/interface bridgeadd name=bridge1 pvid=99 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment="Bonding to au1-usw-01 Switch Port1" \ poe-out=offset [ find default-name=ether2 ] comment="Bonding to au1-usw-01 Switch Port2" \ poe-out=offset [ find default-name=ether5 ] comment="ADMIN ETH" name=ether5-accessset [ find default-name=ether8 ] comment="Temporarily for swtich in VLAN10"set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\ "ISP WAN" name=sfp speed=1G-baseT-full/interface wifi# SSID not setadd configuration.mode=ap disabled=no name=cap-wifi1 radio-mac=\ AA:BB:CC:DD:EE:FF/interface vlanadd comment="Guests VLAN80 for WIFI" interface=bridge1 name=guests_v80 \ vlan-id=80add comment="employees vlan" interface=bridge1 name=vlan10 vlan-id=10add comment="sysadmins vlan" interface=bridge1 name=vlan90 vlan-id=90add comment="Admin Vlan" interface=bridge1 name=vlan99 vlan-id=99/interface bondingadd comment="Bonding Trunk for Switch" mode=802.3ad name=bonding_to_switch \ slaves=ether1,ether2/interface listadd comment="all Vlans" name=VLANadd comment="The WAN" name=WANadd comment="Where the admin VLAN is trunk" name=BASEadd comment="The Interface list needed for ADMINS" name=ADMIN/interface wifi channeladd band=5ghz-ax disabled=no frequency=\ 5230-5250,5210-5230,5190-5210,5170-5190 name=5GHz_US_bands width=20/40mhzadd band=2ghz-ax disabled=no frequency=2412,2432,2422,2442 name=\ 2GHZ_AX_US_BANDS secondary-frequency=2417,2427,2437 skip-dfs-channels=all \ width=20mhz/interface wifi datapathadd bridge=bridge1 comment="Employees VLAN WIFI" disabled=no name=\ employees_wifi_datapath vlan-id=10add bridge=bridge1 comment="GUESTS VLAN80 WIFI" disabled=no name=\ guests_wifi_datapath vlan-id=80/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk comment=\ "Security Profile for Employees wifi" disabled=no name=\ employees_wifi_security_profile wps=disableadd authentication-types=wpa2-psk,wpa3-psk comment=\ "Security Profile for Employees wifi" disabled=no name=\ guests_wifi_security_profile wps=disable/interface wifi configurationadd channel=5GHz_US_bands comment="Employees WIFI 5GHz" country=\ "United States" datapath=employees_wifi_datapath disabled=no name=\ 5g_employees security=employees_wifi_security_profile ssid=ihconau2add channel=5GHz_US_bands comment="GUESTS WIFI 5GHz" country="United States" \ datapath=guests_wifi_datapath disabled=no name=5g_guests security=\ guests_wifi_security_profile ssid=ih-guestsadd channel=2GHZ_AX_US_BANDS comment="Employees WIFI 2.4GHz" country=\ "United States" datapath=employees_wifi_datapath disabled=no name=\ 2g_employees security=employees_wifi_security_profile ssid=ihconau2add channel=2GHZ_AX_US_BANDS comment="GUESTS WIFI 5GHz" country=\ "United States" datapath=guests_wifi_datapath disabled=no name=2g_guests \ security=guests_wifi_security_profile ssid=ih-guests/ip pooladd comment="employees vlan10" name=vlan10 ranges=\ 192.168.10.10-192.168.10.254add comment="sysadmin vlan90" name=vlan90 ranges=192.168.90.10-192.168.90.254add comment="ip pool for ether5" name=ether5 ranges=10.0.0.10-10.0.0.20add comment="ip pool for admin vlan99" name=vlan99 ranges=\ 10.0.99.2-10.0.99.254add comment="Guests vlan80" name=vlan80 ranges=10.0.80.10-10.0.80.254/ip dhcp-serveradd address-pool=vlan10 comment="For employees vlan10" interface=vlan10 \ lease-time=10m name=vlan10add address-pool=vlan90 comment="For sysadmins vlan90" interface=vlan90 \ lease-time=10m name=vlan90add address-pool=ether5 comment="DHCP for eth5 access" interface=\ ether5-access lease-time=5d name=ether5add address-pool=vlan99 comment="For admin vlan99" interface=vlan99 \ lease-time=10m name=vlan99add address-pool=vlan80 comment="For GUESTS vlan80" interface=guests_v80 \ lease-time=10m name=guests_vlan80/ip smb usersset [ find default=yes ] disabled=yes/interface bridge portadd bridge=bridge1 interface=ether6add bridge=bridge1 ingress-filtering=no interface=ether7 pvid=99add bridge=bridge1 interface=ether8add bridge=bridge1 interface=bonding_to_switch pvid=99/ip firewall connection trackingset udp-timeout=10s/ipv6 settingsset disable-ipv6=yes/interface bridge vlanadd bridge=bridge1 comment="Base VLAN99" tagged=bonding_to_switch,bridge1 \ untagged=ether6,ether8,ether7 vlan-ids=99add bridge=bridge1 comment="Employees VLAN10" tagged=\ ether6,ether7,ether8,bonding_to_switch,bridge1 vlan-ids=10add bridge=bridge1 comment="Sysadmins VLAN90" tagged=\ ether6,ether7,ether8,bonding_to_switch,bridge1 vlan-ids=90add bridge=bridge1 comment="Guests VLAN80" tagged=\ bridge1,bonding_to_switch,ether7 vlan-ids=80/interface list memberadd comment=VLAN10 interface=vlan10 list=VLANadd comment=VLAN90 interface=vlan90 list=VLANadd comment=VLAN99 interface=vlan99 list=VLANadd comment="BASE just vlan99" interface=vlan99 list=BASEadd comment="admin vlan99" interface=vlan99 list=ADMINadd comment="Sysadmin from vlan90" interface=vlan90 list=ADMINadd interface=sfp list=WAN/interface wifi access-listadd action=reject comment="Reject anonymous MACs for WIFIs" disabled=yes \ mac-address=02:00:00:00:00:00 mac-address-mask=02:00:00:00:00:00/interface wifi capset enabled=yes slaves-static=yes/interface wifi capsmanset enabled=yes interfaces=BASE package-path="" require-peer-certificate=no \ upgrade-policy=suggest-same-version/interface wifi provisioningadd action=create-dynamic-enabled comment="Employees 5Ghz provisioning" \ disabled=no master-configuration=5g_employees slave-configurations=\ 5g_guests supported-bands=5ghz-axadd action=create-dynamic-enabled comment="Employees 2.4Ghz provisioning" \ disabled=no master-configuration=2g_employees slave-configurations=\ 2g_guests supported-bands=2ghz-ax/ip addressadd address=10.0.99.1/24 comment="admin vlan99 Ip addresses" interface=vlan99 \ network=10.0.99.0add address=192.168.10.1/24 comment="employees vlan_10 Ip addresses" \ interface=vlan10 network=192.168.10.0add address=192.168.90.0/24 comment="sysadmins vlan90 Ip addresses" \ interface=vlan90 network=192.168.90.0add address=10.0.0.1/24 comment="Admin IP for eth5" interface=ether5-access \ network=10.0.0.0add address=xxx.yyy.zzz.tt4/29 comment="Main IP for router for ISP" \ interface=sfp network=xxx.yyy.zzz.tt2add address=10.0.80.1/24 comment="sysadmins vlan80 Ip addresses" \ interface=guests_v80 network=10.0.80.0/ip dhcp-server leaseadd address=192.168.10.100 client-id=1:b4:22:0:66:43:a7 comment=Printer \ mac-address=B4:22:00:66:43:A7 server=vlan10/ip dhcp-server networkadd address=10.0.0.0/24 dns-server=1.1.1.1,8.8.4.4 gateway=10.0.0.1add address=10.0.80.0/24 comment="Guests vlan80 network" dns-server=\ 1.1.1.1,8.8.4.4 gateway=10.0.80.1add address=10.0.99.0/24 comment="Admin vlan90 network" dns-server=\ 1.1.1.1,8.8.4.4 gateway=10.0.99.1add address=192.168.10.0/24 comment="employees vlan10 network" dns-server=\ 192.168.10.1 gateway=192.168.10.1add address=192.168.90.0/24 comment="Syadmins vlan99 network" dns-server=\ 192.168.90.1 gateway=192.168.90.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,8.8.4.4/ip firewall filteradd action=drop chain=input comment="DROP DNS tcp port 53 from WAN" dst-port=\ 53 in-interface-list=WAN protocol=tcpadd action=drop chain=input comment="DROP DNS udp port 53 from WAN" dst-port=\ 53 in-interface-list=WAN protocol=udpadd action=accept chain=input comment="Allow Estab & Related" \ connection-state=established,related,untrackedadd action=drop chain=input comment="Drop invalid connections" \ connection-state=invalidadd action=drop chain=input comment="drop ICMP to WAN" in-interface-list=WAN \ protocol=icmpadd action=accept chain=input comment="Accept Loopback for CAPSMAN" \ dst-address=127.0.0.1add action=accept chain=input comment="Allow everything from VLANs" \ in-interface-list=VLANadd action=accept chain=input comment="Allow Admin VLAN full access" \ in-interface-list=BASEadd action=drop chain=input comment="DROP REST OF INPUT" in-interface-list=\ WANadd action=accept chain=forward comment="VLAN Internet Access only" \ connection-state=new in-interface-list=VLAN out-interface-list=WANadd action=accept chain=forward comment="accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=accept chain=forward comment=\ "accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WANadd action=drop chain=forward comment=\ "Drop everything Forward from VLANs- TO ACTIVE WHEN TESTED" \ in-interface-list=VLAN/ip firewall natadd action=masquerade chain=srcnat comment="Masquerade ISP WAN" \ out-interface-list=WAN/ip firewall service-portset ftp disabled=yesset tftp disabled=yesset h323 disabled=yesset sip disabled=yes/ip routeadd comment="Main isp Gateway" disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=xxx.yyy.zzz.tt3 pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh address=10.0.0.0/24,10.0.69.0/24,10.0.99.0/24,192.168.90.0/24set api disabled=yesset winbox address=\ 10.0.0.0/24,10.0.69.0/24,10.0.99.0/24,192.168.90.0/24,192.168.10.0/24set api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/pub/system clockset time-zone-name=America/Chicago/system identityset name=au1-core-rt01/system loggingadd disabled=yes topics=debug/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=pool.ntp.orgadd address=europe.pool.ntp.orgadd address=asia.pool.ntp.org/tool romonset enabled=yes
/interface bridgeadd ingress-filtering=no name=bridge1 port-cost-mode=short priority=0x2000 pvid=99 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment=Trunk l2mtu=1560/interface vlanadd comment="Managment VLAN99" interface=bridge1 name=MGMT vlan-id=99/interface wifi datapathadd bridge=bridge1 disabled=no name=vlan10_employees vlan-id=10add bridge=bridge1 disabled=no name=vlan80_guests vlan-id=80/interface wifi# managed by CAPsMAN# mode: AP, SSID: ihconau2, channel: 5220/ax/Ceset [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap datapath=vlan10_employees disabled=no# managed by CAPsMANset [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap datapath=vlan10_employees disabled=no/interface bridge portadd bridge=bridge1 ingress-filtering=no interface=ether1 internal-path-cost=10 path-cost=10 pvid=99/interface bridge vlanadd bridge=bridge1 comment="For mgmt vlan99" tagged=bridge1 vlan-ids=99add bridge=bridge1 comment="For employees vlan10" tagged=bridge1,ether1 vlan-ids=10add bridge=bridge1 comment="For Guests vlan80" tagged=bridge1,ether1 vlan-ids=80/interface wifi capset caps-man-addresses=10.0.99.1 enabled=yes slaves-datapath=vlan80_guests slaves-static=no/ip addressadd address=10.0.99.101/24 comment="admin vlan ip" interface=MGMT network=10.0.99.0/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=10.0.99.1/system clockset time-zone-name=America/Chicago/system identityset name=au1-core-ap02/system noteset show-at-login=no/tool romonset enabled=yes
Statistics: Posted by carcuevas — Wed Mar 27, 2024 8:34 pm
Statistics: Posted by mkx — Wed Mar 27, 2024 8:33 pm
Statistics: Posted by infabo — Wed Mar 27, 2024 8:32 pm
Statistics: Posted by Allison10 — Wed Mar 27, 2024 8:31 pm
[admin@MikroTik] > /routing/route/print where bgpFlags: F - FILTERED, A - ACTIVE; b - BGPColumns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TARGET-SCOPE, IMMEDIATE-GW DST-ADDRESS GATEWAY AFI DIS SC TA IMMEDIATE-GW >Ab 0.0.0.0/0 X.X.X.X ip4 20 40 10 PEER1 b 0.0.0.0/0 Y.Y.Y.Y ip4 20 40 10 PEER2Fb 1.1.1.0/24 X.X.X.X ip4 20 40 10 PEER1Fb 2.2.2.0/24 X.X.X.X ip4 20 40 10 PEER1Fb 2.2.2.0/24 Y.Y.Y.Y ip4 20 40 10 PEER2Fb 3.3.3.0/24 X.X.X.X ip4 20 40 10 PEER1Fb 4.4.4.0/24 X.X.X.X ip4 20 40 10 PEER1Fb 5.5.5.0/24 Y.Y.Y.Y ip4 20 40 10 PEER2Fb 6.6.6.0/24 Y.Y.Y.Y ip4 20 40 10 PEER2Fb 7.7.7.0/24 Y.Y.Y.Y ip4 20 40 10 PEER2
[admin@MikroTik] > /routing/bgp/connection/print detail where name=PEER1Flags: D - dynamic, X - disabled, I - inactive 0 name="PEER1" remote.address=X.X.X.X .as=1234 local.address=1.2.3.4 .role=ebgp-peer routing-table=main router-id=1.2.3.4 templates=default as=1111 output.redistribute=connected,static,vpn,dhcp .filter-chain=EBGP-PEER1-OUT input.filter=EBGP-PEER1-IN[b] .accept-nlri=!filtered[/b][admin@MikroTik] > /routing/bgp/connection/print detail where name=PEER2Flags: D - dynamic, X - disabled, I - inactive 1 name="PEER2" remote.address=Y.Y.Y.Y .as=567 local.address=1.2.3.4 .role=ebgp-peer routing-table=main router-id=1.2.3.4 templates=default as=1111 output.redistribute=connected,static,vpn,dhcp .filter-chain=EBGP-PEER2-OUT input.filter=EBGP-PEER2-IN [b].accept-nlri=!filtered[/b]
Statistics: Posted by lefigo — Wed Mar 27, 2024 8:26 pm
Statistics: Posted by abdurraufrafli — Wed Mar 27, 2024 8:25 pm
ppp profile <default-encryption> changed by (/ppp profile set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn use-encryption=yes)
Statistics: Posted by alexantao — Wed Mar 27, 2024 8:12 pm
Statistics: Posted by Amm0 — Wed Mar 27, 2024 8:11 pm
Statistics: Posted by xstrid3rx — Wed Mar 27, 2024 7:58 pm
Statistics: Posted by iustin — Wed Mar 27, 2024 7:57 pm
/ip firewall natadd action=masquerade chain=srcnat dst-address=192.168.0.0/24 protocol=tcp
Statistics: Posted by mkx — Wed Mar 27, 2024 7:32 pm
Statistics: Posted by jharig — Wed Mar 27, 2024 7:25 pm
In the heart of an incredibly RF and people dense city, in a huge apartment building, I don't have a choice but to use DFS channels.well, your issue is all about "skip-dfs-channels=all".
Statistics: Posted by mkx — Wed Mar 27, 2024 7:23 pm