:put [/system/resource/get uptime11w2d15:59:17]
Statistics: Posted by loloski — Tue Mar 19, 2024 8:19 am
Statistics: Posted by holvoetn — Tue Mar 19, 2024 8:03 am
Statistics: Posted by tangent — Tue Mar 19, 2024 7:22 am
put "Uptime: $[:if ([:len [:find [/system resource get uptime] "w"]] != 0) do={([:pick [/system resource get uptime] 0 ([:find [/system resource get uptime] "w"])] *7 + [:pick [/system resource get uptime] ([:find [/system resource get uptime] "d"] -1) ([:find [/system resource get uptime] "d"])])} else={[:pick [/system resource get uptime] ([:find [/system resource get uptime] "d"]-1) ([:find [/system resource get uptime] "d"])]}] days"
Uptime: days;Uptime: 18 days
Statistics: Posted by ko00000000001 — Tue Mar 19, 2024 7:15 am
[admin@MikroTik] /ip/upnp> print enabled: yes allow-disable-external-interface: no show-dummy-rule: yes[admin@MikroTik] /ip/upnp/interfaces> printColumns: INTERFACE, TYPE# INTERFACE TYPE 0 ether1 external1 bridge internal[admin@MikroTik] /ip/firewall> filter printFlags: X - disabled, I - invalid; D - dynamic 0 D ;;; special dummy rule to show fasttrack counters chain=forward action=passthrough 1 ;;; defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked 2 ;;; defconf: drop invalid chain=input action=drop connection-state=invalid log=no log-prefix="" 3 ;;; defconf: accept ICMP chain=input action=accept protocol=icmp log=no log-prefix="" 4 ;;; defconf: accept to local loopback (for CAPsMAN) chain=input action=accept dst-address=127.0.0.1 5 ;;; defconf: drop all not coming from LAN chain=input action=drop in-interface-list=!LAN log=no log-prefix="" 6 ;;; UPnP Devices (1900) chain=input action=drop protocol=udp src-address-list=!UPnPdevices dst-port=1900 log=no log-prefix="" 7 ;;; UPnP Devices (2828) chain=input action=drop protocol=tcp src-address-list=!UPnPdevices dst-port=2828 log=no log-prefix="" 8 ;;; defconf: accept in ipsec policy chain=forward action=accept ipsec-policy=in,ipsec 9 ;;; defconf: accept out ipsec policy chain=forward action=accept ipsec-policy=out,ipsec 10 ;;; defconf: fasttrack chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related log=no log-prefix="" 11 ;;; defconf: accept established,related, untracked chain=forward action=accept connection-state=established,related,untracked 12 ;;; defconf: drop invalid chain=forward action=drop connection-state=invalid log=no log-prefix="" 13 ;;; defconf: drop all from WAN not DSTNATed chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix="" [admin@MikroTik] /ip/firewall> nat printFlags: X - disabled, I - invalid; D - dynamic 0 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none 1 ;;; Hairpin NAT chain=srcnat action=masquerade src-address=192.168.1.0/24 dst-address=192.168.1.0/24 out-interface-list=LAN log=no log-prefix="" 2 ;;; Caddy chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=50443 protocol=tcp dst-address-list=MyWANIP dst-port=443 log=no log-prefix="" 3 ;;; Plex chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=32400 protocol=tcp in-interface-list=WAN dst-port=42300 log=no log-prefix="" 4 ;;; Wireguard UDP chain=dstnat action=dst-nat to-addresses=192.168.1.50 to-ports=51820 protocol=udp dst-address-list=MyWANIP dst-port=443 log=no log-prefix="" 5 ;;; Mumble TCP chain=dstnat action=dst-nat to-addresses=192.168.1.50 protocol=tcp dst-address-list=MyWANIP dst-port=64738 log=no log-prefix="" 6 ;;; Mumble UDP chain=dstnat action=dst-nat to-addresses=192.168.1.50 protocol=udp dst-address-list=MyWANIP dst-port=64738 log=no log-prefix="" 7 ;;; Syncthing TCP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=tcp dst-address-list=MyWANIP dst-port=22000 log=no log-prefix="" 8 ;;; Syncthing UDP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=udp dst-address-list=MyWANIP dst-port=22000 log=no log-prefix="" 9 ;;; SFTP chain=dstnat action=dst-nat to-addresses=192.168.1.51 protocol=tcp dst-address-list=MyWANIP dst-port=60222 log=no log-prefix=""
Statistics: Posted by BinaryTB — Tue Mar 19, 2024 7:05 am
/ip firewall natadd action=masquerade chain=srcnat comment="wireguard: masquerade" \ out-interface=bridge src-address=192.168.100.0/24
Statistics: Posted by rplant — Tue Mar 19, 2024 6:24 am
:put ([:deserialize from=json value=$jsonData]->"result"->"content")
# https://github.com/Winand/mikrotik-json-parser:global JSONLoads:put ([$JSONLoads $jsonData]->"result"->"content")
Statistics: Posted by trkk — Tue Mar 19, 2024 6:14 am
Statistics: Posted by teleport — Tue Mar 19, 2024 5:07 am
Statistics: Posted by KingRichard — Tue Mar 19, 2024 4:56 am
[@MikroTik] > ping [:resolve checkipv6.dedyn.io] SEQ HOST SIZE TTL TIME STATUS 0 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 1 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 2 2a01:4f8:10a:1044:deec:642:ac10:80 timeout 3 2804::pub:ipv6 104 64 89ms653us address unreachable
[@MikroTik] > ipv6/firewall/filter/print 2 ;;; defconf: accept ICMPv6 chain=input action=accept protocol=icmpv6 log=no log-prefix=""
PS > ping checkipv6.dedyn.ioAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=238msAnswer from 2a01:4f8:10a:1044:deec:642:ac10:80: time=239ms
Statistics: Posted by diasdm — Tue Mar 19, 2024 4:34 am
Statistics: Posted by hjf — Tue Mar 19, 2024 4:32 am
Statistics: Posted by diasdm — Tue Mar 19, 2024 4:27 am
Statistics: Posted by sirca — Tue Mar 19, 2024 4:26 am
cake-diffserv=diffserv4 cake-flowmode=dual-[src/dst]host cake-nat=yes
cake-diffserv=besteffort cake-flowmode=triple-isolate cake-nat=no
Statistics: Posted by mke — Tue Mar 19, 2024 4:14 am
Statistics: Posted by inteq — Tue Mar 19, 2024 4:08 am
Statistics: Posted by jlpedrosa — Tue Mar 19, 2024 4:06 am
[admin@MikroTik_CRS317] /system/health> printColumns: NAME, VALUE, TYPE# NAME VALUE TYPE0 cpu-temperature 35 C 1 fan1-speed 3765 RPM 2 fan2-speed 3720 RPM 3 psu1-state ok 4 psu2-state ok [admin@MikroTik_CRS317] /system/health>
Statistics: Posted by sirca — Tue Mar 19, 2024 4:03 am
Statistics: Posted by kevinds — Tue Mar 19, 2024 3:42 am
Statistics: Posted by tovi — Tue Mar 19, 2024 3:02 am
Statistics: Posted by anav — Tue Mar 19, 2024 2:43 am
Statistics: Posted by robkampen — Tue Mar 19, 2024 2:40 am
# 2024-03-18 19:38:06 by RouterOS 7.12.2# model = C52iG-5HaxD2HaxD/interface bridgeadd admin-mac=XXXXXXXX auto-mac=no comment=defconf name=bridge/interface wifiwave2set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\ 10min-cac .width=20/40/80mhz configuration.mode=ap .ssid="Mikro5g" \ disabled=no security.authentication-types=wpa2-psk,wpa3-pskset [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\ 10min-cac .width=20/40mhz configuration.mode=ap .ssid=MikroTik-E74BB0 \ disabled=no security.authentication-types=wpa2-psk,wpa3-psk/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/ip pooladd name=default-dhcp ranges=10.0.1.10-10.0.1.254/ip dhcp-serveradd address-pool=default-dhcp disabled=yes interface=bridge lease-time=8h \ name=defconf/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=wifi1add bridge=bridge comment=defconf interface=wifi2add bridge=bridge comment=defconf interface=ether1/ip neighbor discovery-settingsset discover-interface-list=LAN/interface detect-internetset detect-interface-list=LAN internet-interface-list=LAN lan-interface-list=\ LAN wan-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=LANadd interface=wireguard1 list=LAN/interface wireguard peersadd allowed-address=192.168.100.2/32 interface=wireguard1 public-key=\ "XXXXXXXXXXXXXXXXXXXXX"/ip addressadd address=10.0.1.0/24 comment=defconf interface=bridge network=10.0.1.0add address=192.168.100.1/24 interface=wireguard1 network=192.168.100.0/ip dhcp-client# DHCP client can not run on slave or passthrough interface!add comment=defconf interface=ether1/ip dhcp-server networkadd address=10.0.1.0/24 comment=defconf dns-server=10.0.1.1 gateway=10.0.1.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=10.0.1.1 comment=defconf disabled=yes name=router.lan/ip firewall filteradd action=accept chain=input comment="Allow wireguard" dst-port=13231 \ protocol=udpadd action=accept chain=input comment="Allow wiregurad traffic" src-address=\ 192.168.100.0/24add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ all-ethernet protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ all-wireless protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\ bridge protocol=tcp to-addresses=10.0.0.0/24 to-ports=3389/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system clockset time-zone-name=America/New_York/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN
[Interface]PrivateKey = xxxxxxxxxxxxxxxxxxAddress = 192.168.100.2/32DNS = 192.168.100.1[Peer]PublicKey = xxxxxxxxxxxxxxxxxxxxAllowedIPs = 0.0.0.0/0Endpoint = xxxxxxxxxxxxxxxxxx
Statistics: Posted by badger — Tue Mar 19, 2024 1:59 am
ip firewall address-list:local update do={:do {:local data ([:tool fetch url=$url output=user as-value]->"data"):local array [find dynamic list=blacklist]:foreach value in=$array do={:set array (array,[get $value address])}:while ([:len $data]!=0) do={:if ([:pick $data 0 [:find $data "\n"]]~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}") do={:local ip ([:pick $data 0 [:find $data $delimiter]].$cidr):do {add list=blacklist address=$ip comment=$description timeout=1d} on-error={:do {set ($array->([:find $array $ip]-[:len $array]/2)) timeout=1d} on-error={}}}:set data [:pick $data ([:find $data "\n"]+1) [:len $data]]}} on-error={:log warning "Address list <$description> update failed"}}$update url=https://www.spamhaus.org/drop/drop.txt description="Spamhaus DROP" delimiter=("\_")$update url=https://www.spamhaus.org/drop/edrop.txt description="Spamhaus EDROP" delimiter=("\_")
Statistics: Posted by UkRainUa — Tue Mar 19, 2024 1:56 am
Statistics: Posted by Cha0s — Tue Mar 19, 2024 1:49 am
Statistics: Posted by neki — Tue Mar 19, 2024 1:33 am
Statistics: Posted by jacobbailey — Tue Mar 19, 2024 1:28 am
Statistics: Posted by Scoox — Tue Mar 19, 2024 1:25 am
Statistics: Posted by Kaldek — Tue Mar 19, 2024 12:41 am
Statistics: Posted by jaclaz — Tue Mar 19, 2024 12:38 am
Statistics: Posted by LeoNaXe — Tue Mar 19, 2024 12:25 am
# NTPdo { /system clock set time-zone-name=Greenwich ntp client set enabled=yes ntp client set primary-ntp=0.0.0.0 ntp client set secondary-ntp=0.0.0.0} on-error= { :put "Ignoring - RouterOS v7" }do { /system clock set time-zone-name=Greenwich ntp client set enabled=yes ntp client servers add address=0.0.0.0 ntp client servers add address=0.0.0.0} on-error={ :put "Ignoring - RouterOSv6" }
Statistics: Posted by greggio — Tue Mar 19, 2024 12:21 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:15 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:13 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:10 am
Statistics: Posted by inna — Tue Mar 19, 2024 12:05 am
Statistics: Posted by LeoNaXe — Tue Mar 19, 2024 12:03 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:03 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:02 am
Statistics: Posted by anav — Tue Mar 19, 2024 12:00 am
Statistics: Posted by inna — Mon Mar 18, 2024 11:54 pm
prefix-hint=::/60
Statistics: Posted by mkx — Mon Mar 18, 2024 11:48 pm
do you mean via RADIUS?Please make dynamic vlan assignment possible for wifi-qcom-ac wireless driver
Statistics: Posted by hoboristi — Mon Mar 18, 2024 11:47 pm
Statistics: Posted by Hominidae — Mon Mar 18, 2024 11:40 pm
Statistics: Posted by Trilis — Mon Mar 18, 2024 11:38 pm
Statistics: Posted by mkx — Mon Mar 18, 2024 11:38 pm
Statistics: Posted by brad0x52 — Mon Mar 18, 2024 11:38 pm
Statistics: Posted by jaclaz — Mon Mar 18, 2024 11:29 pm
# 2024-03-18 23:02:05 by RouterOS 7.14.1# software id = SHWC-BANU## model = CRS109-8G-1S-2HnD# serial number = D54E0D114A32/interface bridgeadd admin-mac=08:55:31:62:27:46 auto-mac=no comment=defconf igmp-snooping=yes \ igmp-version=3 mld-version=2 multicast-querier=yes name=bridge \ port-cost-mode=short/interface ethernetset [ find default-name=ether1 ] mac-address=30:EB:25:24:6E:CC/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ country=estonia disabled=no distance=indoors frequency=2432 installation=\ indoor mode=ap-bridge ssid=OhanaKii wireless-protocol=802.11/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\ dynamic-keys supplicant-identity=MikroTik/ip pooladd name=dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=1d10m name=defconf/portset 0 name=serial0/interface bridge filteradd action=drop chain=output out-interface=wlan1 packet-type=multicast/interface bridge portadd bridge=bridge comment=defconf ingress-filtering=no interface=ether2 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether6 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether7 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether8 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 \ internal-path-cost=10 path-cost=10/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=LAN/ip settingsset max-neighbor-entries=8192/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface detect-internetset detect-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/interface ovpn-server serverset auth=sha1,md5/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server leaseadd address=192.168.88.251 client-id=1:be:86:fb:f1:c9:a0 mac-address=\ BE:86:FB:F1:C9:A0 server=defconfadd address=192.168.88.249 client-id=1:72:5b:69:25:b2:7e mac-address=\ 72:5B:69:25:B2:7E server=defconf/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf gateway=192.168.88.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=accept chain=input in-interface=ether1 protocol=udpadd action=accept chain=forward in-interface=ether1 protocol=udpadd action=accept chain=input in-interface=ether1 protocol=igmpadd action=accept chain=forward in-interface=ether1 protocol=igmpadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid disabled=yesadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ disabled=yes in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid disabled=yesadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new disabled=yes in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/lcdset time-interval=hour/routing bfd configurationadd disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5/routing igmp-proxy interfaceadd alternative-subnets=0.0.0.0/0 interface=ether1 upstream=yesadd interface=bridge/system clockset time-zone-name=Europe/Tallinn/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN
Statistics: Posted by kvitek79 — Mon Mar 18, 2024 11:18 pm
Statistics: Posted by h1ghrise — Mon Mar 18, 2024 11:17 pm
Statistics: Posted by mabels — Mon Mar 18, 2024 11:11 pm
Statistics: Posted by kevinds — Mon Mar 18, 2024 11:10 pm
Statistics: Posted by LeoNaXe — Mon Mar 18, 2024 11:05 pm
# mar/18/2024 21:48:07 by RouterOS 7.8## model = RB760iGS/interface bridgeadd ingress-filtering=no name=bridge1 vlan-filtering=yes/interface ethernetset [ find default-name=ether5 ] poe-out=offset [ find default-name=sfp1 ] disabled=yes/interface vlan# ISP VLANsadd interface=bridge1 name=vlan_isp_fn_12 vlan-id=12add interface=bridge1 name=vlan_isp_ks_13 vlan-id=13add interface=bridge1 name=vlan_isp_vg_11 vlan-id=11# local VLANsadd interface=bridge1 name=vlan_mngt_100 vlan-id=100add interface=bridge1 name=vlan_pako_101 vlan-id=101/interface listadd name=LANadd name=ISP/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/portset 0 name=serial0/interface bridge port# WANsadd bridge=bridge1 interface=ether1 pvid=11add bridge=bridge1 interface=ether2 pvid=12add bridge=bridge1 interface=ether3 pvid=13# trunk for WAN and LANadd bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether4/ip neighbor discovery-settingsset discover-interface-list=LAN/interface bridge vlan# WAN (for test env use only 2)add bridge=bridge1 tagged=ether4 untagged=ether1 vlan-ids=11add bridge=bridge1 tagged=ether4 untagged=ether2 vlan-ids=12add bridge=bridge1 tagged=bridge1,ether4 vlan-ids=100add bridge=bridge1 tagged=bridge1,ether4 vlan-ids=101/interface list memberadd interface=ether4 list=LANadd interface=ether5 list=LANadd interface=vlan_mngt_100 list=LANadd interface=bridge1 list=LANadd interface=vlan_pako_101 list=LAN/ip dhcp-clientadd interface=vlan_mngt_100/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=noset api disabled=yesset api-ssl disabled=yes/system clockset time-zone-name=Europe/Kiev/system identityset name=pk-r00
# 2024-03-18 21:49:32 by RouterOS 7.12.1## model = RBD53iG-5HacD2HnD/interface bridgeadd admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no comment=defconf \ ingress-filtering=no name=bridge vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] mac-address=yy:yy:yy:yy:yy:yyset [ find default-name=ether5 ] poe-out=off/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\ MikroTik-EF0AC4 wireless-protocol=802.11set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \ mode=ap-bridge ssid=pk-wt_0x24v wireless-protocol=802.11/interface vlan# WANadd interface=ether1 name=vlan_isp_fn_12 vlan-id=12add interface=ether1 name=vlan_isp_ks_13 vlan-id=13add interface=ether1 name=vlan_isp_vg_11 vlan-id=11# LANadd interface=bridge name=vlan_mngt_100 vlan-id=100add interface=bridge name=vlan_pako_101 vlan-id=101/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=pool_mngt ranges=192.168.100.2-192.168.100.10add name=pool_pako ranges=192.168.101.100-192.168.101.150/ip dhcp-serveradd address-pool=pool_pako interface=vlan_pako_101 lease-time=521w3d23h59m59s name=dhcp_pakoadd address-pool=pool_mngt interface=vlan_mngt_100 lease-time=521w3d10m name=dhcp_mngt/routing tableadd fib name=isp_vgadd fib name=isp_fnadd fib name=isp_ks/interface bridge portadd bridge=bridge interface=ether2 pvid=101add bridge=bridge interface=ether5add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1/ip firewall connection trackingset loose-tcp-tracking=no/ip neighbor discovery-settingsset discover-interface-list=LAN/ip settingsset rp-filter=loose/interface bridge vlan# only local VLANs, no WAN VALNsadd bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=101add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=100/interface list memberadd comment=defconf interface=bridge list=LANadd interface=vlan_isp_vg_11 list=WANadd interface=vlan_isp_fn_12 list=WANadd interface=vlan_isp_ks_13 list=WANadd interface=ether2 list=LANadd interface=vlan_pako_101 list=LANadd interface=vlan_mngt_100 list=LAN/ip addressadd address=192.168.100.1/24 interface=vlan_mngt_100 network=192.168.100.0add address=192.168.101.1/24 interface=vlan_pako_101 network=192.168.101.0/ip dhcp-client# ISP with static adress, but obtain from DHCP (by ISP rules)add add-default-route=no interface=vlan_isp_fn_12 use-peer-dns=no use-peer-ntp=no# ISP DHCP. script for change routingadd add-default-route=no interface=vlan_isp_vg_11 script=":if (\$bound=1) do={\ \r\ \n /ip/route/set [find gateway!=\$\"gateway-address\" and comment=\"isp\ _vg_monitor\"] gateway=\$\"gateway-address\"\r\ \n :local msg (\"isp_vg_monitor:: ip has been changed. ip: \" . \$\"lea\ se-address\" . \"; gw:\" . \$\"gateway-address\");\r\ \n :log info \$msg;\r\ \n}\r\ \n" use-peer-dns=no use-peer-ntp= no/ip dhcp-server networkadd address=192.168.100.0/24 gateway=192.168.100.1 netmask=24add address=192.168.101.0/24 dns-server=192.168.101.1 gateway=192.168.101.1 netmask=24/ip dnsset allow-remote-requests=yes servers=8.8.8.8,9.9.9.9/ip dns staticadd address=192.168.100.1 comment=defconf name=r01.pako.lan# default config/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN# "copypaste" from @pcunit forum topic https://forum.mikrotik.com/viewtopic.php?t=192736/ip firewall mangleadd action=mark-connection chain=prerouting connection-state=new \ in-interface=vlan_isp_vg_11 new-connection-mark=isp_vg_wan passthrough=\ yesadd action=mark-routing chain=prerouting connection-mark=isp_vg_wan \ in-interface-list=LAN new-routing-mark=isp_vg passthrough=yesadd action=mark-connection chain=prerouting connection-state=new \ in-interface=vlan_isp_fn_12 new-connection-mark=isp_fn_wan passthrough=\ yesadd action=mark-routing chain=prerouting connection-mark=isp_fn_wan \ in-interface-list=LAN new-routing-mark=isp_fn passthrough=yesadd action=mark-connection chain=input connection-state=new in-interface=\ vlan_isp_vg_11 new-connection-mark=isp_vg_wan passthrough=yesadd action=mark-routing chain=output connection-mark=isp_vg_wan \ new-routing-mark=isp_vg passthrough=yesadd action=mark-connection chain=input connection-state=new in-interface=\ vlan_isp_fn_12 new-connection-mark=isp_fn_wan passthrough=yesadd action=mark-routing chain=output connection-mark=isp_fn_wan \ new-routing-mark=isp_fn passthrough=yes/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN# "copypaste" from @pcunit forum topic https://forum.mikrotik.com/viewtopic.php?t=192736/ip route# real ISP with static IPadd comment=isp_fn_monitor disabled=no distance=2 dst-address=1.1.1.1/32 \ gateway=xxx.xxx.xxx.xxx pref-src="" routing-table=main scope=10 \ suppress-hw-offload=no target-scope=11add check-gateway=ping comment=isp_fn_gw distance=2 dst-address=0.0.0.0/0 \ gateway=1.1.1.1 scope=10 target-scope=12add comment=isp_fn_wan distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 \ routing-table=isp_fn scope=10 target-scope=12# for a test for second ISP i use my other network, and OpenDNS IP for check internetadd comment=isp_vg_monitor disabled=no distance=1 dst-address=\ 208.67.222.222/32 gateway=192.168.76.1 pref-src="" routing-table=main \ scope=10 suppress-hw-offload=no target-scope=11add check-gateway=ping comment=isp_vg_gw distance=1 dst-address=0.0.0.0/0 \ gateway=208.67.222.222 scope=10 target-scope=12add comment=isp_vg_wan disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ 208.67.222.222 pref-src="" routing-table=isp_vg scope=10 \ suppress-hw-offload=no target-scope=12# default config/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6# default config/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN# "copypaste" from @pcunit forum topic https://forum.mikrotik.com/viewtopic.php?t=192736/routing ruleadd action=lookup-only-in-table disabled=no dst-address=192.168.101.0/24 table=mainadd action=lookup-only-in-table disabled=no dst-address=192.168.100.0/24 table=main# I should disable this rule by netwatch, because if ISP2 is down 192.168.101.0 not switch to other ISPsadd action=lookup comment=pako_route_rule_fn disabled=no dst-address="" src-address=192.168.101.0/24 table=isp_fn/system clockset time-zone-name=Europe/Kiev/system identityset name=pk-wt01/system noteset show-at-login=no/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN/tool netwatchadd disabled=no down-script="/routing/rule/set [find comment=\"pako_route_rule\ _fn\"] disabled=yes\r\ \n:log info \"fn_down\"" host=1.1.1.1 http-codes="" interval=10s \ test-script="" type=simple up-script="/routing/rule/set [find comment=\"pa\ ko_route_rule_fn\"] disabled=no\r\ \n:log info \"fn_up\"\r\ \n"
Statistics: Posted by coreshock — Mon Mar 18, 2024 11:05 pm
Statistics: Posted by anav — Mon Mar 18, 2024 11:03 pm
Statistics: Posted by Hominidae — Mon Mar 18, 2024 11:03 pm
Statistics: Posted by kevinds — Mon Mar 18, 2024 11:01 pm
Statistics: Posted by jaclaz — Mon Mar 18, 2024 11:00 pm
Statistics: Posted by anav — Mon Mar 18, 2024 10:59 pm
Statistics: Posted by neki — Mon Mar 18, 2024 10:58 pm
Statistics: Posted by LeoNaXe — Mon Mar 18, 2024 10:58 pm
Statistics: Posted by LeoNaXe — Mon Mar 18, 2024 10:56 pm
Statistics: Posted by anav — Mon Mar 18, 2024 10:56 pm
Statistics: Posted by donmunyak — Mon Mar 18, 2024 10:54 pm
/interface wireguardadd listen-port=13231 private-key="private_key_from_provider" name=wireguard1/interface wireguard peersadd allowed-address=0.0.0.0/0 endpoint-address=5.172.196.95 endpoint-port="wireguard_port" interface=wireguard1 public-key="public_key_of_provider"/ip addressadd address=192.168.32.2xx/30 network=192.168.32.0 interface=wireguard1/ip routeadd dst-address=0.0.0.0 gateway=192.168.32.1add dst-address=5.172.196.95 gateway=192.168.1.1 distance=1add dst-address=5.172.196.95 gateway=192.168.2.1 distance=5
Statistics: Posted by LeoNaXe — Mon Mar 18, 2024 10:51 pm
Might be a silly question, but have you tried updating to the latest version?yup .. again same state... need to reboot crs312 to fix all...
Yes, have now done some debugging .. Hosts that has static ip works ok.Curious.. If you give the hosts static IPs, do they keep working? What is the lease time set to? What happens if you change it?to keep clients get ip addr with dhcp
Statistics: Posted by sakke42 — Mon Mar 18, 2024 10:46 pm
Statistics: Posted by Amm0 — Mon Mar 18, 2024 10:44 pm
Statistics: Posted by DeathRat — Mon Mar 18, 2024 10:39 pm
Statistics: Posted by Maggiore81 — Mon Mar 18, 2024 10:24 pm
Statistics: Posted by samsung172 — Mon Mar 18, 2024 10:19 pm
make a search in the forum before posting...
thank you
Statistics: Posted by pocci — Mon Mar 18, 2024 10:06 pm
Statistics: Posted by badsector — Mon Mar 18, 2024 10:05 pm
<snip/>@Larsa I have not addressed any question towards you.
Statistics: Posted by t0mm13b — Mon Mar 18, 2024 9:59 pm
/system/routerboard/wps-button
/system routerboard wps-button set enabled=yes on-event=":log \"WPS button pressed\""
Statistics: Posted by akkurad — Mon Mar 18, 2024 9:57 pm
/caps-man access-listadd action=accept signal-range=-90..120add action=reject signal-range=-120..-91
Statistics: Posted by keyfersk8 — Mon Mar 18, 2024 9:54 pm
Statistics: Posted by Valerio5000 — Mon Mar 18, 2024 9:52 pm
Statistics: Posted by kevinds — Mon Mar 18, 2024 9:47 pm
Statistics: Posted by Maggiore81 — Mon Mar 18, 2024 9:47 pm
No, use ip->firewall->connections to see how the Internet works
Doesn't this mean this sentence?
If src-mac-address is my laptop for example, then allow this mac address.
But what do you mean by the dst-mac? My laptop connects to Mikrotik and Mikrotik again sends the data to my laptop. Do you mean in this case, I should assign the dst to my laptop again?
I mean both src and dst should be the same?
Statistics: Posted by inna — Mon Mar 18, 2024 9:46 pm
Statistics: Posted by inna — Mon Mar 18, 2024 9:45 pm
Doesn't this mean this sentence?"src-mac-address=some_mac_address"
What about dst?
Statistics: Posted by UkRainUa — Mon Mar 18, 2024 9:43 pm
Statistics: Posted by UkRainUa — Mon Mar 18, 2024 9:38 pm
Statistics: Posted by inna — Mon Mar 18, 2024 9:37 pm
Statistics: Posted by inna — Mon Mar 18, 2024 9:35 pm
Statistics: Posted by UkRainUa — Mon Mar 18, 2024 9:33 pm
Statistics: Posted by UkRainUa — Mon Mar 18, 2024 9:32 pm