Community discussions

Search found 69 matches

by bennyh
Fri Oct 05, 2018 9:06 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26175

Re: v6.42.9 [long-term] is released!

For Wireless Wires, v6.42.9 is a vast improvement over v6.42.5 through v6.42.7 and v6.43.x which seems to exhibit the same problems of repeated disconnections. Good work, Mikrotik! Older MIPSBE models are stable too in 802.11 mode with 6.42.9, I swiched back from buggy laggy NV2, and less ping loss...
by bennyh
Thu Oct 04, 2018 9:41 am
Forum: General
Topic: NAT failed.
Replies: 2
Views: 225

Re: NAT failed.

Please post NAT rules. Hi forum. I have some questions about my setup. I'm using CCR1016-12S router. Below are some information: Address list Address Network Interface x.x.x.20/29 x.x.x.8 SFP1 x.x.x.22/29 x.x.x.8 VRRP-OUT x.x.x.183/27 x.x.x.192 BOND-IN x.x.x.185/27 x.x.x.192 VRRP-IN For my filter ru...
by bennyh
Tue Oct 02, 2018 12:10 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84319

Re: v6.44beta [testing] is released!

New beta out:
rb3011 - implemented multiple engine IPsec hardware acceleration support;
Cool :)
by bennyh
Fri Sep 28, 2018 12:52 pm
Forum: General
Topic: SSTP & IPv6
Replies: 18
Views: 4873

Re: SSTP & IPv6

SSTP through IPv6 seems till doesnt work (IPv6 through SSTP ok) The error message is in translation (I got hungarian message from Windows 10): "the connection has failed becouse, the target computer has refused the connection.". IPv6 firewall is open at dedicated SSTP port, the counter is rising, wh...
by bennyh
Thu Sep 27, 2018 9:59 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39292

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

Well, when you think the default values are not good enough for you it always could mean you need to study the matter to know the result of changing encryption lengths or hash methods. I happily run everything at the default SHA1/AES128 and I am not too worried that the theoretical weaknesses will ...
by bennyh
Thu Sep 27, 2018 8:59 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39292

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

You can always set it lower than strictly required, e.g. 1400 or 1300
Ok, it seems work with 1400 (I tried with Actual MTU 1410 too but TCP failure trough tunnel), if I set this value at booth ends, but with SHA1 such thing didnt need, it looked like actual MTU worked right without MTU settings.
by bennyh
Wed Sep 26, 2018 2:29 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39292

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

If I change the keying method from SHA1 to SHA256, the IPIPv6 reconnect and after thet the new TCP connections are broken, but ping works. What next now? Check if the MTU settings on your tunnel interfaces are correct. In case you rely on RouterOS to calculate it automatically try setting it to the...
by bennyh
Wed Sep 26, 2018 11:46 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39292

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

Rather then doing MSS clamping you'd better fix your firewall to allow PMTUD to function properly across your tunnel... Today I checked all my firewall rules (IPv6 and IPv4 too), I disabled some rules, that may have negative aftermaths, but these rules only touched that interfaces between them the ...
by bennyh
Tue Sep 25, 2018 1:04 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208752

Re: Feature requests

Please fix webproxy with IPv6 sites. It doesnt work, more people said in the forum, that there is some problem with IPv6 sites trough webproxy. Someone said, only direct ip address works in url (if remote webserver accepts direct IP address behalf domain name). I tried with IPv6 address of the IPv6-...
by bennyh
Tue Sep 25, 2018 10:40 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39292

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

Rather then doing MSS clamping you'd better fix your firewall to allow PMTUD to function properly across your tunnel... And how? There is nothing blocked between two router and two sites, ICMP goes trough freely from one site to other. What sould I do? It looks like, the PMTU discovers wrong MTU va...
by bennyh
Tue Sep 25, 2018 8:54 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39292

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

I have MTU problem with IPIPv6 in these and older ROS releases too. There is IPsec encrypted IPIPv6 tunnel between 3011 and 750gr3, if I change the proposal auth method from SHA1 to SHA256, the MTU is changing, but the clamp MSS option doesnt work and all TCP connection is broken (HTTP, Winbox) till...
by bennyh
Mon Sep 24, 2018 3:44 pm
Forum: General
Topic: IPIPv6 TCP error with sha256
Replies: 2
Views: 304

Re: IPIPv6 TCP error with sha256

I upgraded to 6.43.1 (.2 on 750gr3) , there is still problem with IPIPv6 with SHA256. The built in "clamp tcp to mss" mechanizm and maybee the MTU detection doesnt work. I have to manually lower the MSS (tried with 1340) with postrouting mangle rules at booth side, for the working TCP connection. Pl...
by bennyh
Mon Sep 24, 2018 2:12 pm
Forum: General
Topic: RB3011 IPSEC Hardware Encryption?
Replies: 17
Views: 5786

Re: RB3011 IPSEC Hardware Encryption?

For first sight might the problem is: * supported only 128 bit and 256 bit key sizes On your captured picture is see 192 bit size encription keys. I've install 6.43.1 on a 3011 but the IPSEC HW accelartion does not seem to work, it works fine on 750r3 an 1100ahx2. Installed SAs of the 3011 cap3011.P...
by bennyh
Wed Sep 19, 2018 3:17 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208752

Re: Feature requests

I didnt find, but sorry if exists.
There sould be a new section, a table in webfig and in winbox for global variables with initial values.
by bennyh
Tue Sep 18, 2018 2:15 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39292

Re: v6.43.1 [stable] is released!

RouterOS version 6.43.1 has been released in public "stable" channel!
*) rb3011 - added IPsec hardware acceleration support;
Big thanx bro :)
by bennyh
Tue Sep 18, 2018 8:54 am
Forum: General
Topic: IPIPv6 TCP error with sha256
Replies: 2
Views: 304

Re: IPIPv6 TCP error with sha256

Up :)
by bennyh
Mon Sep 17, 2018 4:43 pm
Forum: General
Topic: IPIPv6 TCP error with sha256
Replies: 2
Views: 304

IPIPv6 TCP error with sha256

There is an IPIPv6 connection between an 750gr3 (6.42.7) and a 3011 (6.42.3). I tried tho change the authentication protocol to sha256. I selected sha256 checkbox at the remote end ipsec proposal, (sha1 stayed checked too), and the local side at proposal I selected sha256 checkbox only (sha1 was des...
by bennyh
Fri Sep 14, 2018 10:49 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84319

Re: v6.44beta [testing] is released!

IPSec results appeared on the RB3011 product page as the Mikrotik guys promised, but theese values are lower than IPSec results on the 750Gr3 page. The HW crypt core is weaker in the RB3011 or there will be optimalizations in further ROS releases? Currently the RB3011 IPsec performance is comparabl...
by bennyh
Thu Sep 13, 2018 5:35 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84319

Re: v6.44beta [testing] is released!

Mikrotik, please explain why you needed to rename the release channels. Also please explain what real change does this mean. Without that the renaming of current to stable is very confusing for those who came recently or do not know that the only well tested bugfix could be considered as stable in ...
by bennyh
Thu Sep 13, 2018 4:08 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84319

Re: v6.44beta [testing] is released!

IPSec results appeared on the RB3011 product page as the Mikrotik guys promised, but theese values are lower than IPSec results on the 750Gr3 page. The HW crypt core is weaker in the RB3011 or there will be optimalizations in further ROS releases?
by bennyh
Wed Sep 12, 2018 9:35 am
Forum: General
Topic: Queue tree no max and limit-at speeds
Replies: 5
Views: 746

Re: Queue tree no max and limit-at speeds

Only if you base it on some packet header fields like DSCP or TTL Could you show me an example? This forum is like a ghost city :( The soliution: On main router I marked the wan targeted packets with dscp value, on the load balancer I made queue trees to each uplink, and made postrouting mangle rul...
by bennyh
Tue Sep 11, 2018 2:14 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84319

Re: v6.44beta [testing] is released!

Now Beta. And Alpha? Alpha V7? :)
Guys! If there will be ROS 7 stable release, we should celebrate it with a big worldwide party :D

ontopic:Did someone test the v6.44 on rb3011?
by bennyh
Tue Sep 11, 2018 12:07 pm
Forum: General
Topic: NTFS support
Replies: 34
Views: 5783

Re: NTFS support

Look at the bright side, the sooner it fills up, the sooner they will start using bigger flash for newer devices. :) I think they ordered millions of 16MB flash chips to get a nice discount on them and now we have to wait until they are all used up... We can only hope that most of them got destroye...
by bennyh
Mon Sep 10, 2018 12:48 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 29003

Re: v6.43 [current] is released!

Hardware accelerated IPsec for 3011 is not included in this release. Unfortunately, we could not get it working stable enough in time. It will be available in 6.44.
Cserkészbecsszó?
In english: Is it scout's honor to will be hw accel in 6.44? :)

Nowadays I am too sceptic :)
by bennyh
Mon Sep 10, 2018 12:46 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 29003

Re: v6.43 [current] is released!

Hardware accelerated IPsec for 3011 is not included in this release. Unfortunately, we could not get it working stable enough in time. It will be available in 6.44.
Cserkészbecsszó?
In english: Is it scout's honor to will be hw accel in 6.44? :)
by bennyh
Mon Sep 10, 2018 10:48 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 29003

Re: v6.43 [current] is released!

What about 3011 hardware IPSec acceleration, what introduced in RC?
by bennyh
Mon Sep 10, 2018 8:44 am
Forum: General
Topic: Queue tree no max and limit-at speeds
Replies: 5
Views: 746

Re: Queue tree no max and limit-at speeds

Only if you base it on some packet header fields like DSCP or TTL
Could you show me an example?
by bennyh
Fri Sep 07, 2018 12:57 pm
Forum: General
Topic: Queue tree no max and limit-at speeds
Replies: 5
Views: 746

Re: Queue tree no max and limit-at speeds

No, it will not work. Priority is ONLY used to decide what to drop when limits are reached ( NO!, it does NOT change packet order, it does NOT put higher priority packets first) - if limits are not reached, nothing will be dropped Only theese limits are for dropping packets, no other method to the ...
by bennyh
Fri Sep 07, 2018 12:47 pm
Forum: General
Topic: Queue tree no max and limit-at speeds
Replies: 5
Views: 746

Queue tree no max and limit-at speeds

Is a queue tree work without "limit at" and "max limit" speeds? Is there any measurement script, to dinamicly set theese values, or an other mikrotik router in uplink path can signal to the main router with queue tree, to start queuing packages because the uplink router reached its uplink line capac...
by bennyh
Thu Sep 06, 2018 4:30 pm
Forum: Beginner Basics
Topic: Block emails from IP to a domain
Replies: 4
Views: 411

Re: Block emails from IP to a domain

I have problems with a customer. He is doing SPAM and I want to block the traffic from his IP to receiver's IP or domain name. Block all traffic from customer IP to all destiniation IP address, with destination protocol TCP, port numbers: 25, 465, 587, 2525 Warn the customer, to stop his/her activi...
by bennyh
Mon Sep 03, 2018 4:14 pm
Forum: General
Topic: [Feature request] IPv6 Mangle action route-dst
Replies: 1
Views: 520

Re: [Feature request] IPv6 Mangle action route-dst

+1 for extend mangle rules for IPv6
by bennyh
Mon Sep 03, 2018 4:12 pm
Forum: General
Topic: Feature Request: ICMP Tunnel
Replies: 1
Views: 833

Re: Feature Request: ICMP Tunnel

-1
There are more important features what are missing from RouterOS. The supported VPN protocol implementations should be improve.
Instead of support, there would be better to block these protocols, like ICMP and DNS tunneling, what are security risks.
by bennyh
Thu Aug 30, 2018 11:34 am
Forum: General
Topic: OpenVPN compression LZO and UDP worked ???
Replies: 4
Views: 1286

Re: OpenVPN compression LZO and UDP worked ???

We are waiting about one year. The ROS7 should be a legend. We cannot see any movement. You alone wait only one year, others since openVPN supported in RouterOS :D I dont think ROS7 is legend, just there are problems with its development, and many of they products isnt supported in ROS7, and they s...
by bennyh
Thu Aug 30, 2018 10:15 am
Forum: General
Topic: OpenVPN compression LZO and UDP worked ???
Replies: 4
Views: 1286

Re: OpenVPN compression LZO and UDP worked ???

OpenVPN compression LZO and UDP worked ??? If not, why they locked the post. :shock: :shock: https://forum.mikrotik.com/viewtopic.php?f=1&t=124461 We waited about one year. mrz linked the post at the end of the thread, that theese features will be in ROS7, what is maybe still in internal alpha stat...
by bennyh
Wed Aug 29, 2018 1:09 pm
Forum: General
Topic: Feature Request: SOCKS5 proxy
Replies: 28
Views: 34376

Re: Feature Request: SOCKS5 proxy

Yes, at least SOCKS5 for ROS, but I would prefer IPv6 prefix translation support.
PS: please fix Web Proxy IPv6 support too, it doesnt work with IPv6 sites.
by bennyh
Tue Aug 28, 2018 7:57 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113768

Re: v6.43rc [release candidate] is released!

*) rb3011 - added IPsec hardware acceleration support;
VERY VERY welcome! Thanks Mktik!
Has anybody tried it? Any positive changes? Are CPU loads lower? Is it stable?
by bennyh
Fri Aug 24, 2018 12:23 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113768

Re: v6.43rc [release candidate] is released!

*) rb3011 - added IPsec hardware acceleration support;
That was.. unexpected! :D
very-very-very-very big thanks for the Miki stuff if it works :D
If they fix the web proxy ipv6 website support too that will makes me very happy :D
by bennyh
Tue Aug 14, 2018 11:39 am
Forum: RouterBOARD hardware
Topic: Powerbox Pro overload detection
Replies: 3
Views: 729

Re: Powerbox Pro overload detection

i replaced 2.5a original power switching with a 10a ... "overload detection" problem still happens, but not several times a day... but one or twice a week Maybe cable or connector problem. What if you try to put new RJ45 plugs on booth end of the cable, or try with other cable (with thicker full co...
by bennyh
Tue Aug 14, 2018 8:09 am
Forum: RouterBOARD hardware
Topic: RB3011 POE out max power
Replies: 9
Views: 1055

Re: RB3011 POE out max power

I would not want to daisy chain anything off the back of the RB3011. Personally I would be putting a passive injector between all the equipment mentioned. Why? The power output is not enough especially if you are looking at running kit out of the following kits PoE. It just won't be reliable. This ...
by bennyh
Mon Aug 13, 2018 3:04 pm
Forum: RouterBOARD hardware
Topic: RB3011 POE out max power
Replies: 9
Views: 1055

Re: RB3011 POE out max power

I would not want to daisy chain anything off the back of the RB3011. Personally I would be putting a passive injector between all the equipment mentioned.
Why?
by bennyh
Mon Aug 13, 2018 11:31 am
Forum: RouterBOARD hardware
Topic: RB3011 POE out max power
Replies: 9
Views: 1055

Re: RB3011 POE out max power

IIRC the max power output for an RB3011 is 0.5A (500ma) What does the IIRC mean? Sorry I dont understand. Is it factory specification? “If I Remember Correctly” So I have to put a passive injector between RB760iGS and RB912UAG-5HPND. I dont want to use another PSU than my 24V/5A industrial railed o...
by bennyh
Mon Aug 13, 2018 7:55 am
Forum: RouterBOARD hardware
Topic: RB3011 POE out max power
Replies: 9
Views: 1055

Re: RB3011 POE out max power

IIRC the max power output for an RB3011 is 0.5A (500ma)
What does the IIRC mean? Sorry I dont understand. Is it factory specification?
by bennyh
Sun Aug 12, 2018 8:02 am
Forum: RouterBOARD hardware
Topic: RB3011 POE out max power
Replies: 9
Views: 1055

Re: RB3011 POE out max power

I found, the max power out of the RB760iGS is 500mA, but for 3011 I didnt find any information.
The chain:
24V/5A ->24V-> RB3011 -> 24V PoE -> RB760iGS -> 24V PoE -> RB912UAG-5HPND
by bennyh
Fri Aug 10, 2018 6:57 pm
Forum: RouterBOARD hardware
Topic: RB3011 POE out max power
Replies: 9
Views: 1055

RB3011 POE out max power

How many power can be pass trough the PoE out of the RB3011. I want to put in chain to the PoE out an RB760iGS and its PoE out an RB912UAG-5HPND. I use an 5A 24V adapter, and it is stable for hours, but I dont know is it safe for 7/24.
by bennyh
Tue Jun 19, 2018 11:56 am
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 16561

Re: v6.42.4 [current]

Hey there, many thanks for the latest release though it looks like I am getting a 404 not found for ARM (rb3011) through your download page. I might just be a very keen bean!
You can download it from the archive:
https://mikrotik.com/download/archive
(slide down to the current releases)
by bennyh
Thu May 31, 2018 12:10 pm
Forum: Beginner Basics
Topic: MikroTIK: intricate NAT/Routing
Replies: 2
Views: 407

Re: MikroTIK: intricate NAT/Routing

Hello, I bought brand new hAP ac² with latest stable Winbox build v6.42.1. and with default config. I’ve configured regular destination NAT rule in Winbox to forward tcp port to LAN IP address and: When I telnet my router’s WAN IP from other internet provider, for example from work or mobile LTE ph...
by bennyh
Thu May 31, 2018 8:34 am
Forum: General
Topic: Does webproxy support IPv6?
Replies: 2
Views: 414

Re: Does webproxy support IPv6?

It does support IPv6, but it seems there may be few bugs. I did very quick test with 6.40.8 and: - Client can connect to proxy using IPv6, but access list seems to have problem with IPv6 addresses. I specifically allowed client's IPv6 address and I still get "Access Denied" (I have unconditional de...
by bennyh
Wed May 30, 2018 2:40 pm
Forum: General
Topic: Block All activity for an specific IP
Replies: 6
Views: 564

Re: Block All activity for an specific IP

I have a RB3011. I need to block any internet access to 16 IPs. They are CCTV cameras. I do not want access to the cameras out side the network. I need to set the 16 cameras as static ips and then block internet traffic to them. I basically do not want anyone to get into the cameras using the IP ad...
by bennyh
Wed May 30, 2018 10:06 am
Forum: General
Topic: WebBlocker URL Filtering WatchGuard Technologies
Replies: 11
Views: 891

Re: WebBlocker URL Filtering WatchGuard Technologies

perfect, I see how to write the script because I'm not very experienced in mikrotik. Is there any example of a script? as regards the block, on the whole subnet pc thank you so much valerio To download and apply blacklist rules: https://www.squidblacklist.org/downloads/routeros-blacklist-fetch.txt ...
by bennyh
Wed May 30, 2018 8:54 am
Forum: General
Topic: Does webproxy support IPv6?
Replies: 2
Views: 414

Does webproxy support IPv6?

I tried the webproxy (ROS 6.42.1) and there is IPv6 direct connectivity. I can ping from the router IPv6 targets on the internet, but IPv6 test sites trough proxy dosent show ipv6 connectivity, and for IPv6 only sites I get DNS error or network loop error from the proxy. I tried to allow everithing ...
by bennyh
Wed May 30, 2018 8:45 am
Forum: General
Topic: WebBlocker URL Filtering WatchGuard Technologies
Replies: 11
Views: 891

Re: WebBlocker URL Filtering WatchGuard Technologies

no advertising, I have customers who mount both watchguard and mikrotik, if I can solve the problem of blocking sites with mikrotik, I wanted to pass everything to mikrotik. My clients have problems with users who instead of working around the social networks, so they want to block everything Then ...
by bennyh
Tue May 29, 2018 12:53 pm
Forum: General
Topic: WebBlocker URL Filtering WatchGuard Technologies
Replies: 11
Views: 891

Re: WebBlocker URL Filtering WatchGuard Technologies

I do not understand your answer, but returning to the problem, is there a possible configuration? I would not change my mikrotik with watchguard I dont understand you. What do you want? Blocking websites with free methods to replace the w*gu@rd stuffs, or advertising the w*gu@rd? What the hell is w...
by bennyh
Tue May 29, 2018 10:25 am
Forum: General
Topic: WebBlocker URL Filtering WatchGuard Technologies
Replies: 11
Views: 891

Re: WebBlocker URL Filtering WatchGuard Technologies

I have a customer who would like to block sites like ebay facebook and social networks, there is something that can be entered manually.
Is this program valid?
https://store.biostudio.com.ar/it/home/ ... ering.html
Tudja a hóhér!
In english: I dont know.
by bennyh
Tue May 29, 2018 9:40 am
Forum: General
Topic: WebBlocker URL Filtering WatchGuard Technologies
Replies: 11
Views: 891

Re: WebBlocker URL Filtering WatchGuard Technologies

on pfsense ok, but I would like to block all over the network using mikrotik, is there a script or something else? If you need auto upgradable blocklists, check this site: http://www.squidblacklist.org/downloads.html These are free blocklists in RouterOS rules. With a simple scheduled script, you h...
by bennyh
Tue May 29, 2018 8:53 am
Forum: General
Topic: WebBlocker URL Filtering WatchGuard Technologies
Replies: 11
Views: 891

Re: WebBlocker URL Filtering WatchGuard Technologies

You need a simple web server, where you can upload a wpad.dat proxy script, and you can modify the DNS and DHCP settings too, to a client on your network recognize automatically the proxy settings. Then you can block in forward chain the destination tcp 80 and 443 ports. https://doc.pfsense.org/inde...
by bennyh
Thu May 24, 2018 12:49 pm
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 1269

Re: How to block URL-s contains IP address (Proxy)

Dump IPFire, install a small/old x86-PC running squid as local proxy within your network. This can do, what you want. It is always strange, to read some questions, having already a supposed-to-work answer included :-) This isnt the answer. I asked, how to do this with Mikrotik, you wrote how to do ...
by bennyh
Thu May 24, 2018 8:47 am
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 1269

Re: How to block URL-s contains IP address (Proxy)

Yes: Use a full-featured proxy, like squid. Your usage case is one more argument against using MT for hotspots with above-basic requirements. As in openwrt, I often integrated squid. Also to implement your requested functionality :-) Ha-ha, verry funny Now I use an IPFire proxy, and I want to get r...
by bennyh
Wed May 23, 2018 11:08 am
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 1269

Re: How to block URL-s contains IP address (Proxy)

Any idea? Meanwhile, I made a proxy auto config script, wich check if hostname is IP address with very simple regexp: "var ip_regexp=/\d+\.\d+\.\d+\.\d+$/" and check the logical value of this method call: "ip_regexp.test(host)" But would be better If I could block in the Mikrotik proxy or firewall,...
by bennyh
Tue May 22, 2018 10:49 am
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 1269

Re: How to block URL-s contains IP address (Proxy)

Any idea?
by bennyh
Fri May 18, 2018 10:03 am
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 1269

Re: How to block URL-s contains IP address (Proxy)

Somebody?
by bennyh
Thu May 17, 2018 4:13 pm
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 1269

Re: How to block URL-s contains IP address (Proxy)

Can the Layer 7 filter check the clients connections to the proxy? Maybe can somebody send me regexp code, to filter if a client sand an url to the proxy which url contains ip address and not domain name?
by bennyh
Thu May 17, 2018 12:55 pm
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 1269

Re: How to block URL-s contains IP address (Proxy)

I use the content filter in RAW to drop the direct IP traffic. You have to disable fast tracking for that direction or only engage fast tracking after 1100bytes. It was in a recent MUM presentation if I remember that correctly. This is for a known IP and if you want to filter all direct IP address ...
by bennyh
Thu May 17, 2018 12:02 pm
Forum: General
Topic: How to block URL-s contains IP address (Proxy)
Replies: 11
Views: 1269

How to block URL-s contains IP address (Proxy)

I'd like to block in Mikrotik web proxy to the proxy clients use URL-s contains direct IP address of remote (web,ftp) servers. I want to allow only domain names, because i'd like to filter web access by DNS service. Example: Allowed by proxy: https://www.mikrotik.com Blocked by proxy: https://159.14...
by bennyh
Fri Apr 27, 2018 10:12 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45810

Re: v6.42.1 [current]


Hi All,


What steps can i perform to check if the RB3011 is not bricked ?


Thanks
Maybe usefull for 3011 too:
viewtopic.php?t=132483
by bennyh
Thu Apr 26, 2018 9:36 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45810

Re: v6.42.1 [current]

@bennyh: I assume that you have RB's IP address set on bridge. Do you have admin-mac statically set and auto-mac=no? If not, bridge will assume mac address from one of member interfaces and if that member interface (momentarily) drops from bridge (I can imagine that happening when you change proper...
by bennyh
Thu Apr 26, 2018 10:11 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45810

Re: v6.42.1 [current]

@bennyh: I assume that you have RB's IP address set on bridge. Do you have admin-mac statically set and auto-mac=no? If not, bridge will assume mac address from one of member interfaces and if that member interface (momentarily) drops from bridge (I can imagine that happening when you change proper...
by bennyh
Wed Apr 25, 2018 8:52 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45810

Re: v6.42.1 [current]

We have two 912UAG-5HPnD in bridged configuration. All of them was upgraded yesterday from 41.4. Until the upgrade, i could switch between nv2 and Nstreme protocol without problems (the Nstreme is faster but high packet losses, I always try after upgrades with Nstreme if there is any changes with pa...
by bennyh
Fri Mar 03, 2017 1:02 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82532

Re: v6.39rc [release candidate] is released

I have too problem with PPPoE in RC40 with RB3011. When I ping the RB's address from pppoe client, there is no answer.
Torch trick is working, until it running I can ping the RB.