Community discussions

Search found 13 matches

by bolmsted
Sun Aug 18, 2019 4:48 pm
Forum: Beginner Basics
Topic: Can't ping router IPs from router
Replies: 1
Views: 305

Re: Can't ping router IPs from router

Here's a network diagram. Trying to create the bridge for ether2/3 (lan-bridge) and can't ping the IPs on the lan-bridge or VLANs below. I just noticed for some reason I can't ping the IP on ether1 (my internet IP) which I'm pretty sure I could ping before but I can ping the internet default gateway...
by bolmsted
Sun Aug 18, 2019 7:46 am
Forum: Beginner Basics
Topic: Can't ping router IPs from router
Replies: 1
Views: 305

Can't ping router IPs from router

I'm a little baffled why I can't ping the router IP address from the MikroTik itself. As you can see below, I can ping from a machine on the network to the various interfaces in the router, my switch (.2) my second switch (.3), my AP#1 (.10), my AP#2 (.11), my NAS (.5). What is going on here? I've b...
by bolmsted
Tue Aug 06, 2019 7:09 pm
Forum: Beginner Basics
Topic: connectivity between ports
Replies: 1
Views: 372

connectivity between ports

I have a hEX (rb750gr3) configured as my internet gateway and would like some help here. I want to avoid a misconfiguration leading to loss of access as it is painful to recover but thankfully I have a backup on the flash. I have following setup as my port configuration - ether1 - WAN - ether2-maste...
by bolmsted
Thu Nov 23, 2017 10:12 am
Forum: General
Topic: NFS browsing issue
Replies: 6
Views: 1834

Re: NFS browsing issue

So long story it wasn't an NFS or Mikrotik issue but the database within KODI for all of the content on my NAS share referenced by the old IP address of the NAS before i split it up onto various VLAN segments.
by bolmsted
Thu Nov 23, 2017 10:11 am
Forum: General
Topic: NFS browsing issue
Replies: 6
Views: 1834

Re: NFS browsing issue

OK I just updated the lib nfs issue log and Kodi forums on this but back tracking to here where I posted originally https://forum.kodi.tv/showthread.php?tid=324431 https://github.com/sahlberg/libnfs/issues/232 OK status update.... I just tried mounting within LibreELEC and I was able to mount the fi...
by bolmsted
Wed Nov 22, 2017 5:51 am
Forum: General
Topic: NFS browsing issue
Replies: 6
Views: 1834

Re: NFS browsing issue

The client and NAS are on the same segment (192.168.30.0/24) Synology NAS root@DiskStation:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:11:32:1D:6D:7E inet addr:192.168.88.5 Bcast:192.168.88.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:59951 errors:0 dropped:0...
by bolmsted
Tue Nov 21, 2017 7:24 pm
Forum: General
Topic: NFS browsing issue
Replies: 6
Views: 1834

NFS browsing issue

I'm experiencing a weird problem and trying to identify the cause of the problem and not sure where it is happening. I recently put a Mikrotik RB750GR3 in place to replace my (2) consumer grade TP-Link WDR4300 router/access point and the TP-Link devices have been relegated to AP's for now until I ca...
by bolmsted
Thu Nov 16, 2017 3:59 am
Forum: General
Topic: Port knocking source address list [SOLVED]
Replies: 23
Views: 2435

Re: Port knocking source address list [SOLVED]

OK I'm a bit confused now... does the Mikrotik have an implicit permit all at the end of the firewall rules that we have to explicitly deny? I just inserted a new rule 25 to explicitly drop wan dstnat at the very end.... iptables which I imagine this firewall is based on has an implicit deny all at ...
by bolmsted
Thu Nov 16, 2017 3:27 am
Forum: General
Topic: Port knocking source address list [SOLVED]
Replies: 23
Views: 2435

Re: Port knocking source address list [SOLVED]

Thanks but I'm still not getting the results I desire using this method..... I put your suggested rule into rule 27 but perhaps I have it in the wrong position? Only thing changed below is the actual ports using search/replace I guess I should remove 16,17,18,19,20 since I use the input-knock chain ...
by bolmsted
Wed Nov 15, 2017 1:40 am
Forum: General
Topic: Port knocking source address list [SOLVED]
Replies: 23
Views: 2435

Re: Port knocking source address list [SOLVED]

I have one comment about your port knock design. This may sound nit-picky, but following best practice and "structured" design helps make things easier to troubleshoot for both yourself and for anyone else who has to administrate a box after you.... May not be an issue if this is a home router, but...
by bolmsted
Tue Nov 14, 2017 3:02 am
Forum: General
Topic: Port knocking source address list [SOLVED]
Replies: 23
Views: 2435

Re: Port knocking source address list [SOLVED]

I was following this example for setting up the Port Knocking so you are basically saying the nat should look like this chain=dstnat action=dst-nat to-addresses=192.168.88.254 to-ports=22 protocol=tcp in-interface=ether1 dst-port=1234 and you rely on the filter of PORTKNOCK_ALLOWED to actually allow...
by bolmsted
Tue Nov 14, 2017 12:56 am
Forum: General
Topic: Port knocking source address list [SOLVED]
Replies: 23
Views: 2435

Re: Port knocking source address list [SOLVED]

What I was trying to explain (but perhaps I was in a rush just before posting) is... 1) Use port knocking 3 or 4 steps or whatever to get in to the protected device (e.g. a computer behind the Mikrotik or the Mikrotik itself) 2) Limit which hosts can actually do the port knocking to a specific set o...
by bolmsted
Mon Nov 13, 2017 7:12 pm
Forum: General
Topic: Port knocking source address list [SOLVED]
Replies: 23
Views: 2435

Port knocking source address list [SOLVED]

I’ve been looking through the wiki and googling but haven’t found anything on this I’ve got port knocking working in my basement lab connected to my internal network and verified the wan side from my existing lan segment (before I move to be my primary router to the Internet) However I wonder if I c...