So why would they post this again if it was fixed in April?According to changelog it is fixed
What's new in 6.40.8 (2018-Apr-23 11:34):
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
That doesn't make sense. 172.16.16.106 sits on the other network and cannot be reached from 19184.108.40.206 directly. Even adding it as a route shows it as unreachabletraffic towards 192.168.6.20 should be routed to 172.16.16.106, not 172.16.16.1
change your static routing at home router
How would you get all porn site's IP's? There are literally hundreds and thousands of them.You should filter by DNS.
L7 will not help against HTTPS, because the traffic is encrypted. Just redirect all DNS requests to your router and set some filters in the DNS static list.
Layer 7 will use quite a lot of memory. How would you block porn with DNS regexp?Layer 7 or DNS regexp mb.
Отправлено с моего iPhone используя Tapatalk
I want to sign up with a VPN provider too. Can you please confirm, could you connect to the ExpressVPN through your MikroTik? Either with PPTP or OpenVPN?Ok Thanks... I'm using ExpressVPN also and Using PPTP for this. but I think OVPN is better than PPTP. we will wait for mikrotik
I have been looking for an SMB client on the MikroTik as well...That's a shame.
The FTP client is sorely lacking in features, and it would be really handy if I could use the samba client to limit the client to a particular folder and then use fetch to download from that folder.
Have you tried it? I see it can be done on Version 6.40.2, and possibly some of the earlier ones as well.I think what I'm asking for is the ability to bind a dhcp server to a bridge.
How can it probably choose the wrong source address? I only specified one subnetThe router is probably choosing wrong source address. Set the right one 192.41.100.x (I assume .1) using src-address parameter for ping.
Great, thanx for the helpE.g. this on one router and reverse on another (swap src and dst) should do the trick:Code: Select all
/ip firewall nat add action=masquerade chain=srcnat dst-address=220.127.116.11/24 src-address=192.168.4.0/24
I am guessing the "Other" traffic is traffic that isn't defined. i.e. it's not HTTP / SMTP / FTP / SSH / etc, etc traffic, perhaps IGMP or IPV6 traffic, etcno one?
Thanx, I guessed as much, but honestly don't know what NAT rule to put in.Yes, NAT can probably help you. If you add masquerade rule for traffic from remote site (tunnel) to local, everything will appear as comming from router's internal address, i.e. from local LAN.
Code: Select all
/ip firewall layer7-protocol add name=MicrosoftUpdates regexp="^.+(update.microsoft|windowsupdate|download.microsoft|wustat|ntservicepack).*\$" [/quote] Is there an updated list for 2017?