MikroTik

tomislav91

Hi, i found alert configuration manual on https://wiki.mikrotik.com/wiki/Manual:T ... ifications, and it is ok, working as charm, but i get for all services alert when router is down. I want only for ping, can I somehow change it?

tomislav91

Please list your configuration, so it's clear what is where... /export compact hide-sensitive # model = 951Ui-2HnD # serial number = 815708D04500 /interface bridge auto-mac=no comment="created from master port" name=bridge1 protocol-mode=none /interface ethernet set [ find default-name=ether1 ] adv...

tomislav91

I am having a 10.106.0/24 local subnet in bridge for my devices, and some pc connected to wifi which subnet is 192.168.100.0/24. How can i manage to get a wifi 192.168.100.40 see local subnet or just one IP 10.10.6.50/24 I tried to add src nat masqaraude but not working add action=masquerade chain=s...

tomislav91

What really means phases from 1 to 3 in defence of brute force? After phase 3 ip is forwarding to address list which has been dropped via rule. But what really means phase 1 2 and 3? I have allways ip in addreess list from phase 1 and dissapear because of timeout. Never goes to phase 2 and 3 and fin...

tomislav91

I am having a firewall rules add action=jump chain=input comment="Jump to RFC SSH Chain" jump-target=\ "RFC SSH Chain" log=yes log-prefix=PSD add action=add-src-to-address-list address-list="Black List (SSH)" \ address-list-timeout=none-dynamic chain="RFC SSH Chain" comment=\ "Transfer repeated atte...

tomislav91

Winbox is to control the router and the router setup. It should not be done via WAN connection (direct), it should be done with a VPN or at the very minimum the Port Knocking technique. Theese are okay if you are using just a few mikrotiks. But when you get plenty of them in different places around...

tomislav91

What about this?
https://rickfreyconsulting.com/basic-mi ... e-version/

I found basic firewall settings.
Can I add this to my routers?

tomislav91

If you need to use winbox from the outside you do not have many option. 1. VPN (best option) 2. Open Winbox but: a. change to other port than 8291 b. set an access list to reduce who can access it c. use port knocking d. setup some monitoring. example getting email every time some logs inn. Hi, i a...

tomislav91

To begin with, remove the value entered with "/ip services set winbox address=X.X.X.X/Y". That's just plain bad! Even if you're coming in from other offices, don't see it as coming in through the WAN port. You're coming in through a point-to-point link (L2TP/IPSEC, which is great) from an other LAN...

tomislav91

Winbox is to control the router and the router setup. It should not be done via WAN connection (direct), it should be done with a VPN or at the very minimum the Port Knocking technique. If you want access to a LAN from the WAN side, then again if its to a specific server use DESTINATION NAT. In oth...

tomislav91

Hello, Do you realize that by giving your public IP address, you basically invited everybody to test your security? Make sure you have a strong firewall and have secured your router. Best regards, Sent from Tapatalk can you than tell me how to secure winbox port? I want access only within my local ...

tomislav91

I added to ip services winbox that address is my WAN IP.
But i cant access it.
Why?
I wrote this

set winbox address=x.x.x.x/29

tomislav91

Hi, i want to enable one and disable another policy.
Can you check it why give me error no such item?

ip ipsec policy set disabled=no numbers=2
no such item

I have policies
#1 and #2 in IPsec policy tab...

tomislav91

Thanks all for you replies! appreciate!!! I did it like this. Get in the first way, all dhcp lease, and than with some command filter only IP addresses grep -i -w kl locations.txt > locations1.txt;cat locations1.txt | awk -F " " '{print $2, $3}' > locations2.txt; sed 's/D//g' locations2.txt > locati...

tomislav91

I'm not familiar with sshpass but judging from the on-line documentation it will return stdout from remote process just like ssh does. You have two possibilities: you can take whole output from your script (I don't know how exactly does it look like, are data fields comma-separated within single li...

tomislav91

Because a dash was missing in what I wrote. Now I got home and tried using the Tab button:
Code: Select all
[me@MyTik] > put [ip dhcp-server lease get [find host-name=my-HP] address]
192.168.88.254

if I have more than one with same name, it throws me

invalid internal item number

tomislav91

If you're going to fetch lease info from linux box via ssh, then you can easily do filtering with some simple commands on linux box itself. One-liner that does the trick: WANTED=my-host-name; LEASES=$( ssh user@routerboard.my.domain '/ip dhcp-server lease { :foreach i in=[find (!dynamic && status="...

tomislav91

If you really do want the file name to be sourced from variable n as you suggest, you have to do what I wrote earlier. There is no file modifier to put , nor there is a way to make print print a single value. So you have to generate a file with any bogus contents: /routing print file=$n and then re...

tomislav91

:global n [ip dhcp-server lease get [find host-name=PC] address];/file print file=$n This line of code says: - set the value of a global-scoped variable named n to the ip address leased to device with hostname PC - print the list of existing files into a file whose name is retrieved from the global...

tomislav91

thanks for reply. Problem lies somewhere alse abvious. When sshpass this command ip dhcp-server lease print file=$n my script execute without problem. I use that variable n in later lines of code. But i dont need all dhcp lease, only with PC hostname, we solve that, but what is difference with that ...

tomislav91

Because a dash was missing in what I wrote. Now I got home and tried using the Tab button: [me@MyTik] > put [ip dhcp-server lease get [find host-name=my-HP] address] 192.168.88.254 thanks man! It works now. Only last problem, i must put that into file. sshpass -p $pass ssh -o $log -n $user@$h -p 41...

tomislav91

it throws me "no such item"

tomislav91

I got via

ip dhcp-server lease print where host-name="pc"

but you help me how to get only Ip address without unnecessary information from result of command?

tomislav91

Sorry, can you use another wording? It is not clear to me what you need. Ok, look, i have my dhcp lease on several computers. I want to get Ip address of hostname PC. SO i wrote a bash script that connect via ssh to mikrotik and run a terminal command. Problem is that I dont know how to get IP addr...

tomislav91

That looks to me as an insufficient indication to bash what it should handle and what not.. Try to place the whole command for Mikrotik into quotes and escape the symbols ",$,\ you need to make it to Mikrotik: sshpass -p $pass ssh -o $log -n $user@$h -p 4111 " /ip dhcp-server lease { :foreach i in=...

tomislav91

does it possible from that script to get only ip addresses with hostname i define?

tomislav91

sshpass -p $pass ssh -o $log -n $user@$h -p 4111 /ip dhcp-server lease { :foreach i in=[find (!dynamic && status="bound")] do={ :local activeAddress [get $i active-address]; :local activeMacAddress [get $i active-mac-address]; :local hostname [get $i host-name]; :put ($outputContent . "\n" . $activ...

tomislav91

can i get via terminal ip address of hostname only?

part of my script is

ip dhcp-server lease print file=$n

but this give me all dhcp lease addresses. can I find somehow ip of hostname="pc"?
My all devices have all the same hostname, and i need all ip addresses for all pc's.

tomislav91

It gives me error. It works directly to mirkotik but from ssh i cant do it.
Does it possible to resolve that issue?

tomislav91

How it possible to do it in one line of code in terminal this command i found here on forum /ip dhcp-server lease { :foreach i in=[find (!dynamic && status="bound")] do={ :local activeAddress [get $i active-address] :local activeMacAddress [get $i active-mac-address] :local hostname [get $i host-nam...

tomislav91

i need to change a several address from a mikrotik via terminal. I find how to change a ip address /ip address set [/ip address find address="10.0.0.1/24"] address=20.0.0.1/24 I need also to change /ip dhcp-server network add address=10.10.0.0/24 gateway=10.10.0.1 /ip pool add name=dhcp_pool1 ranges...

tomislav91

binding is not priority for now. Mikrotik reads hostname from a netbios name and it is ok.

Just curious how to make a script to make it easier. I will do it via bash, but how to search it in mikrotik terminal? If for example hostname is "warrior".

tomislav91

Hello, i was wondering does ti possible to have some script which will show a IP address from a hostame.
So if I have pcs and want ip of it, just to search by hostname "PC" and to find an ip.
I have several hostnames, and just want to make things quicker.

tomislav91

which version must i install and put it into router? it is a server.
In download section is more than 1 version

tomislav91

I manage to succeed something. I add in routes of these two routers in destinatiom address whole subnet of second router amd gateway set to l2tp, which I with main router have access to them. Do in my main router i have l2tp connection over ipsec. And now two routers can communicate and can see any...

tomislav91

i make virtual linux machine which connect through ssh to router and backup all..

tomislav91

i have also linux machines and no ping as well..

tomislav91

I manage to succeed something. I add in routes of these two routers in destinatiom address whole subnet of second router amd gateway set to l2tp, which I with main router have access to them. Do in my main router i have l2tp connection over ipsec. And now two routers can communicate and can see anyt...

tomislav91

no subnets are for the different routers, two routers and two subnets, each for router. These two routers are connected via vpn to the main router.

tomislav91

Hello, i have two routers in two different networks. 10.0.8.0/24 and 10.0.58.0/24 I want to manage that that two subnet see each other. I added ip firewall filter add action=accept chain=forward dst-address=10.0.58.0/24 and different in another router, but there is no connection between them. Where ...

tomislav91

How can I check which device consume most upload in my network? And which column should I look for.

tomislav91

why do u use script?

just use route

/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8
add check-gateway=ping distance=2 gateway=8.8.4.4
add distance=2 dst-address=8.8.4.4/32 gateway=192.168.1.1 scope=10
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.0.1 scope=10

tomislav91

i think that u need is in Queue, than in simple queues click + sign and than choose target and bottom you have max limit. There you can do it, if this is what you want

tomislav91

can anyone give me idea what to try?

tomislav91

But i have connected to l2tp and have access to the internet. So l2tp is working, just i cant cant access to 88 where are switches

tomislav91

no? Must I?
And where to configure? ON my router where are switches connected?
I often use l2tp and all works just fine

tomislav91

I have connected to my router via l2tp. To that router is connect several switches with adresses in range 192.168.88.1-254. I set dhcp pool with that l2tp profile to range which switches are configured. But I cant see switches, i cant ping, but tp link easy smart configuration utility cant see them....

tomislav91

Hi guys, i wanted to have some monitor my network.
Configuration is next:
i have my main router and clients routers and i want to have some maybe windows-linux based web server to monitor my rotuers and traffic between (which app users open, downloaded, etc).

tomislav91

I have problem with connecting several switches. I have internet connection to one switch and want to share with all because there is no possibility to connect all,cable goes through wall. I connect main switch where is internrt connection from mikrotik router, on port 24 to port 23 of another switc...

tomislav91

https://drive.google.com/file/d/0Bxq9Ym ... JCYkk/view

Can I make a change of this function to test a more than 1 peek? At least 4, because maybe ping is 24ms,23ms,222ms,10ms, and alert me. I want to have alert, yeah, but when high ping is at leasst 4 passes.

Search found 80 matches