Community discussions

MikroTik App

Search found 72 matches

by shafiqrahman
Sun Jul 04, 2021 9:09 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 33
Views: 7334

Re: [Script] Automatically change DNS if Pi-hole is no longer working

I use pihole inside a container. But, glad it worked for you.
by shafiqrahman
Fri Jul 02, 2021 3:55 am
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 33
Views: 7334

Re: [Script] Automatically change DNS if Pi-hole is no longer working

https://forum.mikrotik.com/viewtopic.php?f=13&t=175322&p=858329#p858329 This link might help you. Basically, all ethernet ports are attached to a bridge. You detach your desired ethernet port from that bridge. Make a DHCP server for that port,add ip addresses and define ip pool. Also there ...
by shafiqrahman
Wed Jun 30, 2021 10:56 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 33
Views: 7334

Re: [Script] Automatically change DNS if Pi-hole is no longer working

@Ddram,
Will you please share the unbound functionality or usage here? To my understanding unbound kinda unnecessary because mikrotik already act as a dns cache. If not I am interested too. Also, please let us know your test result with the new setup. Any update/issue will be highly appreciated. :D
by shafiqrahman
Sun May 23, 2021 12:28 am
Forum: General
Topic: Connect Two different Subnets
Replies: 9
Views: 1035

Re: Connect Two different Subnets

Please give me the name of the hotel, I wish to be paid directly. Nice one :)) I was serious LOL, Go through all the posts from this chap. He is being paid to do work clearly and yet doesnt want to pay someone for their expertise, or do the proper thing of taking courses, getting books and being pr...
by shafiqrahman
Sat May 22, 2021 8:16 pm
Forum: General
Topic: Connect Two different Subnets
Replies: 9
Views: 1035

Re: Connect Two different Subnets

Please give me the name of the hotel, I wish to be paid directly.
Nice one :))
by shafiqrahman
Sat May 22, 2021 8:00 pm
Forum: General
Topic: Winbox for linux
Replies: 15
Views: 883

Re: Winbox for linux

That mac version was popular though. But, I replaced the exe inside with the 64bit version winbox exe mac. For mac crossover can also be used, I have few games in a single bottle. Also, unofficial winewrapper (only mac) developer is also a great guy, still directly troubleshoot issues via discord,
by shafiqrahman
Fri May 21, 2021 8:45 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

Issue solved thank you @2frogs. If someone needed: Mikrotik new subnet /interface bridge port remove [find interface="ether5"] /interface list member add interface=ether5 list=LAN /ip address add address=192.168.188.1/24 comment=pinet interface=ether5 network=192.168.188.0 /ip pool add nam...
by shafiqrahman
Fri May 21, 2021 5:52 am
Forum: Beginner Basics
Topic: Find specific NAT rule
Replies: 13
Views: 1262

Re: Find specific NAT rule

Kinda, but still not working. The script should enable some NAT rule when pihole is down, and disable it when it is up again. ref: https://forum.mikrotik.com/viewtopic.php?f=2&t=174873&p=858144#p858144 . For some weird reason scheduler doing nothing. But, the script was nice though, thank yo...
by shafiqrahman
Fri May 21, 2021 5:37 am
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Thank you, @rextended I already removed that. The new config is still in testing,posted it just to inform you guys :D
by shafiqrahman
Thu May 20, 2021 9:48 pm
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Update report: @rextended Seems like removing /ip route add check-gateway=ping distance=1 gateway=104.16.248.249 routing-mark=to_ISP1 add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=to_ISP1 add check-gateway=ping distance=2 gateway=104.16.249.249 routing-mark=to_ISP1 add distance=1...
by shafiqrahman
Thu May 20, 2021 7:58 pm
Forum: Beginner Basics
Topic: Find specific NAT rule
Replies: 13
Views: 1262

Re: Find specific NAT rule

Thank you , @rextended for clearing out the mess again :)) :D, Actually, that line was a part of fallback script. I am still ironing out again :D /ip fire nat :if ( [get [find where comment="pihole_bypass"] disabled] = yes) do={ :resolve google.com server=192.168.188.25; } on-error={ :put ...
by shafiqrahman
Thu May 20, 2021 5:50 pm
Forum: Beginner Basics
Topic: Find specific NAT rule
Replies: 13
Views: 1262

Re: Find specific NAT rule

Is this argument corect?
:if ([/ip firewall nat get [find where comment=pihole_bypass] disabled]=yes) do={
Seems, like the only thread discussing nat get find :D
by shafiqrahman
Thu May 20, 2021 5:25 am
Forum: Beginner Basics
Topic: Redirect outgoing DNS requets to internal DNS server
Replies: 15
Views: 5048

Re: Redirect outgoing DNS requets to internal DNS server

Almost, done. Only issue with fallback script and performance.
viewtopic.php?f=2&t=174873&p=858144#p858144 Post #5 by @2frogs.
viewtopic.php?f=13&t=175322&p=858137#p858137 Post #4 by @anav No.1 point.
by shafiqrahman
Thu May 20, 2021 4:12 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

@2frogs Post #5 solves the issue, but the fallback script doesn't work.
by shafiqrahman
Thu May 20, 2021 1:54 am
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Thank you :D
Its done

/interface detect-internet> print
detect-interface-list: none
lan-interface-list: none
wan-interface-list: none
internet-interface-list: none
by shafiqrahman
Wed May 19, 2021 10:35 pm
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Thank you, @rextended. here is the result as per your suggestion: /ip upnp interfaces add interface=bridge type=internal add interface=pppoe-out1 type=external add interface=ether5 type=internal :D @anav, thank you :D. Here is the output: /ip neighbor discovery-settings set discover-interface-list=L...
by shafiqrahman
Wed May 19, 2021 7:54 am
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Thank you, @anav. { src-address-list="" } was a typo and removed. /interface list member is also as you mentioned. ENABLE LAN to WAN also changed to LAN from bridge the very first time you mentioned. The last two drop rules also removed. And the newly added rules were also reallocated as p...
by shafiqrahman
Wed May 19, 2021 4:40 am
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Here is the full config: # may/19/2021 06:28:44 by RouterOS 6.48.2 # # model = RouterBOARD 962UiGS-5HacT2HnT /interface bridge add admin-mac=xxxxxxxx auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether3 ] advertise=\ 100M-half,100M-full,1000M-half,1000M-full set...
by shafiqrahman
Wed May 19, 2021 2:07 am
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Thank you, @rextended , Will remove these rules and post an update.

for upnp
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
Thoough, the isp connection is pppoe-out1.
by shafiqrahman
Wed May 19, 2021 1:09 am
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

If you want to feel more secure you can always add these ones in the forward chain.
add chain=forward action=drop destport=53 protocol=tcp/udp \
in-interface-list=wan
This was the comment when you configure the firewall last time, so they must go? And is it ok if I add the ether 5 in /ip upnp?
by shafiqrahman
Tue May 18, 2021 10:57 pm
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Hello, @anav. Nice to see you dropping by and thank you for pointing out the mistakes. Seems, like add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface=\ bridge out-interface-list=WAN the bridge portion was a mistake/typo during the securing process of the firewall. I d...
by shafiqrahman
Mon May 17, 2021 5:09 pm
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

Re: How do I connect two subnet in a single router? [SOLVED]

Thank you for the response. After applying /ip dhcp-server network add address=192.168.188.0/24 comment=pinet gateway=192.168.188.1 netmask=24 issue still remains. device IP on new subnet is 192.168.188.40. Pinging from 192.168.88.246 returns: ping 192.168.188.40 PING 192.168.188.40 (192.168.188.40)...
by shafiqrahman
Mon May 17, 2021 3:54 pm
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 1475

How do I connect two subnet in a single router? [SOLVED]

My default subnet is 192.168.88.0/24 which has DHCP of its own. I have created another subnet 192.168.188.0/24 with its own DHCP. The target was that both subnet can communicate to each other and both have internet access. The original intention was to send all dns traffic to pihole for filtering ad...
by shafiqrahman
Sat May 15, 2021 5:44 pm
Forum: Scripting
Topic: [Script] Fallback script for DNS traffic redirection using DHCP Server without NAT rules..
Replies: 1
Views: 989

Re: [Script] Fallback script for DNS traffic redirection using DHCP Server without NAT rules..

These scripts were elegantly enhanced by @2frogs https://forum.mikrotik.com/viewtopic.php?f=2&t=174873&p=857287#p856719 . So, all credits for this script go to @2frogs. Here is the final code for reference if someone needs it: :local IPsubnet "192.168.88.0/24" :local currentDNS :lo...
by shafiqrahman
Thu May 13, 2021 5:35 pm
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

Changed the firewall as per your suggestion: /ip firewall filter add action=accept chain=input comment="defconf: accept established,related" \ connection-state=established,related add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=ac...
by shafiqrahman
Thu May 13, 2021 5:40 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

After creating the new subnet, DHCP server leases shows the device. But, the device doesn't have any internet, neither I can ping that device from another subnet. I am posting my config file, any help will be highly appreciated. # may/13/2021 08:15:52 by RouterOS 6.48.2 # model = RouterBOARD 962UiGS...
by shafiqrahman
Tue May 11, 2021 3:36 pm
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

Update: /interface bridge port remove [find interface="ether5"] /interface list member add interface=ether5 list=LAN /ip address add address=192.168.188.1/24 comment=pinet interface=ether5 network=192.168.188.0 /ip pool add name=pinet ranges=192.168.188.20-192.168.188.40 /ip dhcp-server ad...
by shafiqrahman
Tue May 11, 2021 5:48 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

/Ip firewall filter add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface=\ bridge out-interface-list=WAN add action=drop chain=forward comment="Drop All Else" add action=drop chain=forward dst-port=53 in-interface-list=WAN protocol=tcp add action=drop chain=f...
by shafiqrahman
Mon May 10, 2021 9:37 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

Nat rule didn't work, probably the best route is to use a different subnet. Pihole kinda buggy by it self and I am using it in a docker, which makes it even buggier. Also, most official developer doesn't release an arm version of containers. Most containers for arm mostly developed by developers wit...
by shafiqrahman
Mon May 10, 2021 4:49 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

Thank you for clarifying, this router is the only one I have and it seems like creating a new subnet for raspberry is the better choice. Which will take me a day or two to report back. Though, the script I made worked as intended but at the end its breaks the DoH. But, will you please do the honor o...
by shafiqrahman
Sun May 09, 2021 9:09 pm
Forum: Scripting
Topic: [Script] Fallback script for DNS traffic redirection using DHCP Server without NAT rules..
Replies: 1
Views: 989

[Script] Fallback script for DNS traffic redirection using DHCP Server without NAT rules..

This script will act as a fallback mechanism in the scenario where redirected DNS fails. The original idea was Client --> Mikrotik-->pihole-->Mikrotik as a DNS--> wan You can find the full development in the original post https://forum.mikrotik.com/viewtopic.php?f=2&t=174873&p=856271#p856271...
by shafiqrahman
Sun May 09, 2021 8:50 pm
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

I have somehow managed to complete the script. There is only a single issue that is "dhcp changed by" entries in logs. There are two variants, though they are both the same and do the same things. Script 1 :local gateway "192.168.88.1" :local currentDNS [/ip dhcp-server network g...
by shafiqrahman
Sun May 09, 2021 5:11 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

Thank you for the reply. I have too many containers in my raspberry with their own static IP using macvlan, So, excluded the different subnet. So, I had this dhcp-server network setup with the nat rule you provided: /ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.5 gateway=...
by shafiqrahman
Thu May 06, 2021 1:37 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 33
Views: 7334

Re: [Script] Automatically change DNS if Pi-hole is no longer working

These are the command that are added: /ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.5 gateway=192.168.88.1 netmask=24 add address=192.168.88.5/32 dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24 For fallback I modified the script and need some help, whether its wri...
by shafiqrahman
Thu May 06, 2021 1:05 am
Forum: General
Topic: DNS Failover
Replies: 23
Views: 10063

Re: DNS Failover

I am also searching for a DNS failover script. My intention was to route all traffic from the router (192.168.88.1) to pihole (192.168.88.5) then back to router and then out to WAN(using 1.1.1.1). Client --> Mikrotik-->pihole-->Mikrotik as a DNS--> wan After trying dst-nat rules nothing worked and f...
by shafiqrahman
Thu May 06, 2021 12:35 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

Figured it out using /ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.5 gateway=192.168.88.1 netmask=24 add address=192.168.88.5/32 dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24 Solution by @vecernik87 https://forum.mikrotik.com/viewtopic.php?t=141616#p698276 . Now...
by shafiqrahman
Fri Apr 30, 2021 6:59 pm
Forum: Beginner Basics
Topic: Redirect outgoing DNS requets to internal DNS server
Replies: 15
Views: 5048

Re: Redirect outgoing DNS requets to internal DNS server

I have been using my mikrotik with DoH since last year without any issues. So, I recently bought a raspberry pi for the purpose of blocking ads. My previous attempt of blocking ads with scripts in mikrotik doesn't go well. After some search I found this post and implemented this: /ip firewall nat ad...
by shafiqrahman
Thu Apr 29, 2021 7:17 pm
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Re: Mikrotik,pihole & unbound. [SOLVED]

Yes, as a Doh client, following this post https://forum.mikrotik.com/viewtopic.php?f=2&t=164078&p=818234#p818234 . Netwatch will solve the dns reliability problem. Currently getting a second pihole is not an option. I will be okay without the 2nd pihole. But , how do I route the dns traffic ...
by shafiqrahman
Thu Apr 29, 2021 5:27 pm
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2720

Mikrotik,pihole & unbound. [SOLVED]

I have been using my mikrotik with DoH since last year without any issues. So, I recently bought a raspberry pi for the purpose of blocking ads. My previous attempt of blocking ads with scripts in mikrotik doesn't go well. Though, pi hole itself has its own issue, but the main thing is that its reli...
by shafiqrahman
Mon Sep 21, 2020 10:23 pm
Forum: General
Topic: doh server connect error network is unreachable
Replies: 9
Views: 3260

Re: doh server connect error network is unreachable

@DarkNate , sorry for replying late, how do I find those expanded ip's which are near me (lowest ping). For single isp with google server is the below example work? /ip dns set allow-remote-requests=yes query-server-timeout=100ms query-total-timeout=5s servers=8.8.8.8,8.8.4.4,2001:4860:4860::8888,??...
by shafiqrahman
Sun Aug 16, 2020 2:46 pm
Forum: General
Topic: doh server connect error network is unreachable
Replies: 9
Views: 3260

Re: doh server connect error network is unreachable

I have the same problem, specially after a power failure or a reboot. Sometimes its even preventing pppoe connection. My isp provides internet through pppoe. But, if I disbale to regular dns it starts working. /ip dns set allow-remote-requests=yes cache-max-ttl=2d use-doh-server=\ https://dns.google...
by shafiqrahman
Fri Jan 31, 2020 11:10 am
Forum: General
Topic: Reddit packet marking on address list.
Replies: 1
Views: 798

Reddit packet marking on address list.

I want to mark packets for reddit, but apparently nothing is appearing on the address list. How do I mark the packets? Here is mangle rule for address list: ;;; reddit chain=prerouting action=add-dst-to-address-list src-address-list=reddit.com address-list=reddit address-list-timeout=none-dynamic lo...
by shafiqrahman
Wed Jan 01, 2020 10:03 am
Forum: General
Topic: Policy based routing and vpn
Replies: 10
Views: 3280

Re: Policy based routing and vpn

so, there is no working solution for that ?
by shafiqrahman
Thu Dec 26, 2019 9:38 am
Forum: General
Topic: Policy based routing and vpn
Replies: 10
Views: 3280

Re: Policy based routing and vpn

Like this? Mangle rule: chain=preoruting action=add-dst-to-address-list protocol=tcp address-list=reddit address-list-timeout=none-dynamic log=no log-prefix="" tls-host=reddit.com NAT rule: chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address-list=reddit out-interface=l2t...
by shafiqrahman
Wed Dec 25, 2019 9:00 am
Forum: General
Topic: Policy based routing and vpn
Replies: 10
Views: 3280

Re: Policy based routing and vpn

Can you please elaborate it a bit more?
by shafiqrahman
Thu Dec 19, 2019 7:13 am
Forum: General
Topic: Policy based routing and vpn
Replies: 10
Views: 3280

Re: Policy based routing and vpn

Anyone wiling to help please?
by shafiqrahman
Wed Dec 11, 2019 1:51 pm
Forum: General
Topic: Policy based routing and vpn
Replies: 10
Views: 3280

Re: Policy based routing and vpn

# dec/11/2019 15:53:51 by RouterOS 6.45.7 # software id = BM4W-X3GK # # model = RouterBOARD 962UiGS-5HacT2HnT # serial number = xxxxxxxxx /interface bridge add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether3 ] advertise=\ 100M-h...
by shafiqrahman
Wed Dec 11, 2019 7:15 am
Forum: General
Topic: Policy based routing and vpn
Replies: 10
Views: 3280

Policy based routing and vpn

I want to route a specific traffic through a vpn, prefrebably sstp (MS-sstp configuration from vpn gate). I was successfully able to connect to the vpn server, but my traffic not routing through the vpn. I followed this https://wiki.mikrotik.com/wiki/Policy_Base_Routing . Any help will be highly app...
by shafiqrahman
Tue Sep 24, 2019 5:02 pm
Forum: General
Topic: Block internet access based on schedule [SOLVED]
Replies: 1
Views: 798

Block internet access based on schedule [SOLVED]

I am trying to block internet access of certain device based on their mac address on a scheduled time. Search result yields that adding the following firewall filter rule will do the job. add action=drop chain=forward comment=IPHONE src-mac-address=\ ab:cd:ef:gh:ij:kl time=12h15m-19h,sun,mon,tue,wed...
by shafiqrahman
Thu May 23, 2019 2:37 am
Forum: General
Topic: hAP ac and gigabit ethernet speed.
Replies: 1
Views: 593

hAP ac and gigabit ethernet speed.

I have a hAP ac directly connected to my pc through a cat6 cable. My pc's NIC is also gigbit capable. But, on windows side it shows 100mbps link speed. I tried to switch 1000mbps on the router os , but it loses connection. So, do I need to change anything on the router or get a good patch cable, by ...
by shafiqrahman
Mon Mar 18, 2019 7:09 pm
Forum: General
Topic: Static IP not showing at DHCP server.
Replies: 8
Views: 5356

Re: Static IP not showing at DHCP server.

I've connected an old tplink router with my hAP AC to eliminate wifi weak spot. Both router connected via lan port to lan port. On tplink side dhcp turned off, and static ip was assigned on the tplink. Everything, working as expected. I can login to tplink's webconfig, internet working. But, coudn't...
by shafiqrahman
Sat Mar 09, 2019 4:08 am
Forum: General
Topic: Raspberry PI Zero and RouterOS, usb interface, lte
Replies: 11
Views: 7653

Re: Raspberry PI Zero and RouterOS, usb interface, lte

Hi, I am planning on adding a Pi Zero to run a Pi-hole server. And the plan is to connect the raspberry data port into the hAP Ac USB port. So, does rb assign an ip address to the usb device? This post is the only post contains both hAP AC and a Pi-Zero. And what will be the Putty command for the co...
by shafiqrahman
Sun Mar 03, 2019 11:14 pm
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

Thank You, Allow remote request enabled, All Dns servers added and add chain=forward action=drop destport=53 protocol=tcp/udp \
in-interface-list=wan also added to the firewall filter. So far gameranger still holding its connection, will let you know. Thank you again :D
by shafiqrahman
Sun Mar 03, 2019 8:22 pm
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

Done,

Code: Select all

add action=dst-nat chain=dstnat comment=GameRanger dst-port=xxxx \
in-interface-list=WAN protocol=udp to-addresses=192.168.88.xxx to-ports=\
xxxx
Lets wait and see whats happens. Btw, what about the new DNS rule? Allow remote request is turned off.
by shafiqrahman
Sun Mar 03, 2019 8:06 pm
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

Gameranger is a client, it needed an UDP port to open, that I did. Then, if some one host the game, the server will be on the internet and if I host then I will be the server. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related" \ connection-state...
by shafiqrahman
Sun Mar 03, 2019 7:36 pm
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

@anav Sorry for the delay needed some time to test the new settings. I changed the firewall rules as per your suggestion. Though, didn't changed the "allowed_to_router" list, cause every device on my network were dynamic. And it seems that assigning a static ip address to a Mac computer ca...
by shafiqrahman
Sat Mar 02, 2019 6:24 pm
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

So, the green colored rules should be removed?
by shafiqrahman
Sat Mar 02, 2019 11:57 am
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

Should I delete the green rules too? Going to try the the WAN settings in NAT . Actually I did was copy the upnp NAT rules, then disabled the upnp. It seems upnp took the ether1 by default. Update: Updated the In. Interface list to WAN. But, weird thing is that not after the implementation of rules,...
by shafiqrahman
Sat Mar 02, 2019 4:48 am
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

Based on your suggestion here is the new configuration with upnp disabled and port forwarded: # mar/02/2019 08:13:35 by RouterOS 6.43.12 # software id = BM4W-X3GK # # model = RouterBOARD 962UiGS-5HacT2HnT # serial number = xxxxxx /interface bridge add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no comment=...
by shafiqrahman
Fri Mar 01, 2019 7:46 pm
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

Thank you for the reply. /ip settings set rp-filter=strict changed from strict to loose /ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 The interface is changed from ether2 to bridge . "Remove and disable upnp , not required and a security risk. /...
by shafiqrahman
Fri Mar 01, 2019 3:14 pm
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Re: Securing Mikrotik router using firewall rules causing issues. [SOLVED]

Here is the configuration: # mar/01/2019 18:37:27 by RouterOS 6.43.12 # software id = BM4W-X3GK # # model = RouterBOARD 962UiGS-5HacT2HnT # serial number = xxxxxxxxx /interface bridge add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no comment=defconf name=bridge /interface pppoe-client add add-default-rout...
by shafiqrahman
Fri Mar 01, 2019 5:02 am
Forum: General
Topic: Securing Mikrotik router using firewall rules causing issues. [SOLVED]
Replies: 21
Views: 3701

Securing Mikrotik router using firewall rules causing issues. [SOLVED]

I was trying to secure my router by following this firewall rules https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router . But, after implementing this rules I have issues with an application name Game Ranger. Sometimes I can sign in, but after few times Game Ranger lost connection and then it w...
by shafiqrahman
Fri Jan 18, 2019 9:30 am
Forum: General
Topic: How to fast track local bandwidth? [SOLVED]
Replies: 6
Views: 1005

Re: How to fast track local bandwidth? [SOLVED]

Thank You.
by shafiqrahman
Thu Jan 17, 2019 3:42 pm
Forum: General
Topic: How to fast track local bandwidth? [SOLVED]
Replies: 6
Views: 1005

Re: How to fast track local bandwidth? [SOLVED]

Yes, it is enabled in all ether ports except the ether1 which is the internet connection.
by shafiqrahman
Thu Jan 17, 2019 3:12 pm
Forum: General
Topic: How to fast track local bandwidth? [SOLVED]
Replies: 6
Views: 1005

Re: How to fast track local bandwidth? [SOLVED]

Yes they are all in the same subnet and a bridge.
by shafiqrahman
Thu Jan 17, 2019 2:44 pm
Forum: General
Topic: How to fast track local bandwidth? [SOLVED]
Replies: 6
Views: 1005

How to fast track local bandwidth? [SOLVED]

I have a hAP AC. I have three computers and few wireless devices. Can anyone tell me how do I fast track local bandwidth, so that all my local devices communicate with each other at full bandwidth?
by shafiqrahman
Sun Apr 23, 2017 1:05 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 162811

Re: HAP AC

There is a device (Amazon Fire) which disconnects and connects continuously, is there a way to make it stable? Another, thing is that , I use a broadband connection which prone to disconnection , with my previous router whenever something happens with the internet connection there is "Yellow tr...
by shafiqrahman
Sat Apr 22, 2017 9:42 pm
Forum: RouterBOARD hardware
Topic: hAP AC 5 GHZ issue
Replies: 5
Views: 1739

Re: hAP AC 5 GHZ issue

Thanks guys, solved the problem. By using "wifi analyzer' from google play. Search for a 5 GHz ssid. At first I thought the problem is on my phone, but later found out some 5ghz band. Configured that way and it worked. @Angelos , saved the screenshot for later use, currently don't have an iphon...
by shafiqrahman
Wed Apr 12, 2017 12:02 pm
Forum: RouterBOARD hardware
Topic: hAP ac (RB962UiGS-5HacT2HnT) - very weak TX power
Replies: 18
Views: 7072

Re: hAP ac (RB962UiGS-5HacT2HnT) - very weak TX power

Will anyone share the hAP AC temperature and the respecting room temperature. Mine is at 51-60c with 3% cpu use at 36c room temperature. It is OK, it will work fine even with CPU at more than 70C Thank you. Since its constantly hovering at 60c. I turned off the SFP and poe out at ether 5. Since the...
by shafiqrahman
Wed Apr 12, 2017 11:57 am
Forum: RouterBOARD hardware
Topic: hAP ac (RB962UiGS-5HacT2HnT) - very weak TX power
Replies: 18
Views: 7072

Re: hAP ac (RB962UiGS-5HacT2HnT) - very weak TX power

Will anyone share the hAP AC temperature and the respecting room temperature. Mine is at 51-60c with 3% cpu use at 36c room temperature.
by shafiqrahman
Wed Apr 12, 2017 1:51 am
Forum: RouterBOARD hardware
Topic: hAP AC 5 GHZ issue
Replies: 5
Views: 1739

hAP AC 5 GHZ issue

Recently, bought a hAP AC. I have three 5GHz enabled device at home (Htc One M7, Sony Xpeeria Z Ultra and Samsung S7 Edge). But, only the xperia phone is seeing the 5GHz ssid. Am I configured it wrong? I am attaching the configuration file. Any help will be highly appreciated.