Community discussions

MikroTik App

Search found 41 matches

by meazz1
Sun May 24, 2020 5:43 pm
Forum: General
Topic: Need help with firewall rules to prevent VLAN access to LAN
Replies: 21
Views: 2657

Re: Need help with firewall rules to prevent VLAN access to LAN

Ok, I made some changes to my scripts and I think it's what I really want. Only sticking points are, not sure if the firewall rules are correct, secondly, should I be able to enable on "1-default" vlan-filtering? I could not get the ether5 to communicate if I enabled filtering. /interface bridge add...
by meazz1
Tue May 19, 2020 8:51 pm
Forum: General
Topic: Need help with firewall rules to prevent VLAN access to LAN
Replies: 21
Views: 2657

Re: Need help with firewall rules to prevent VLAN access to LAN

Here's a diagram.
All I need is VLAN20 not see any LAN resource.
Please ask if any confusion.
Eth5 is MGMT port.

Image
by meazz1
Tue May 19, 2020 4:28 am
Forum: General
Topic: Need help with firewall rules to prevent VLAN access to LAN
Replies: 21
Views: 2657

Re: Need help with firewall rules to prevent VLAN access to LAN

@anav @sindy Thanks here are some answers. This is for my home use for 4 of us. I have an Unifi AP-AC lite with 3 ssid for each VLANs. My current router is an EdgerouterX. I want to replace this router with Mikrotik Hex. My main lan is VLAN4. Most of my day to day stuff like PC, laptop, unifi ac-lit...
by meazz1
Mon May 18, 2020 4:29 am
Forum: General
Topic: Need help with firewall rules to prevent VLAN access to LAN
Replies: 21
Views: 2657

Re: Need help with firewall rules to prevent VLAN access to LAN

@anav Thank you. I played around with your configuration and got it up and running. Before I dive deep into this I have a question. Using a managed switch I 'm able to access all the VLAN. How do I supposed to access IP on the ether5 MGMT port on the router? I really appreciate all the help you folk...
by meazz1
Sun May 17, 2020 12:30 am
Forum: General
Topic: Need help with firewall rules to prevent VLAN access to LAN
Replies: 21
Views: 2657

Re: Need help with firewall rules to prevent VLAN access to LAN

Here is the latest and greatest config. I have redone everything, all collected from different google search and my own understanding. Again, my goal is to block VLAN 20 from talking to any other LAN device but only access to internet. All firewall rules are default except this block rule. #5.3 Bloc...
by meazz1
Fri May 15, 2020 9:36 pm
Forum: General
Topic: Need help with firewall rules to prevent VLAN access to LAN
Replies: 21
Views: 2657

Re: Need help with firewall rules to prevent VLAN access to LAN

I usually dont comment on snippets as the whole config tells the story /export hide-sensitive file=anynameyouwish So far so good (but without the rest a meaningless statement). The order within a chain is critical and thus to make it read far easier most admins put all the input rules first and the...
by meazz1
Fri May 15, 2020 4:44 pm
Forum: General
Topic: Need help with firewall rules to prevent VLAN access to LAN
Replies: 21
Views: 2657

Re: Need help with firewall rules to prevent VLAN access to LAN

Something like this? Be easy on the newbe, lol. add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: ac...
by meazz1
Thu May 14, 2020 6:42 pm
Forum: General
Topic: Need help with firewall rules to prevent VLAN access to LAN
Replies: 21
Views: 2657

Need help with firewall rules to prevent VLAN access to LAN

I have basic networking for my soho with 3 VLANss. I'm using default firewall rules and need a filter/rules to prevent VLAN10 and VLAN20 from accessing other VLANs. I have googled and add some rules but it seems not block the access. So, I restore the router to default cong and setup all the VLANs a...
by meazz1
Sat Sep 14, 2019 5:45 pm
Forum: Announcements
Topic: v6.45.6 [stable] is released!
Replies: 59
Views: 39658

Re: v6.45.6 [stable] is released!

Upgraded from v6.45.5 to v6.45.6 on my hex mmips and no problem but setup is very simple and straight forward.
by meazz1
Sat Aug 31, 2019 5:35 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 23359

Re: v6.45.5 [stable] is released!

Upgraded my hex mmips from 64.45.3 to 6.45.5, no upgrade issue and everything seems good. My setup is just basic out of the box for my home use.
by meazz1
Sat Jun 22, 2019 4:32 am
Forum: General
Topic: How to add column with data in WinBox login screen
Replies: 0
Views: 420

How to add column with data in WinBox login screen

I'm running WinBox v3.18 on my Linux Mint in Wine. How do I populate the login screen with MAC, Version, IP etc. I looked but not able to figure out. Google was not help for me either. https://lh3.googleusercontent.com/2U3WRZQXZ3VmBwx02fcEwFawbMg8Y6N0xPTbailXeUTbYninmSVBpQ66zOP-vjJGGOmvRkg1c0hn6qsOm...
by meazz1
Sat Jun 01, 2019 4:55 am
Forum: General
Topic: My firewall rules - please advise
Replies: 9
Views: 1437

Re: My firewall rules - please advise

So I will delete everything from IP---> Firewall and open a terminal and paste your scripts? No way! The "script" contains your existing rules with no effective change, just re-grouped by their membership in chains but keeping your original order within each chain, and numbered so that I could refe...
by meazz1
Fri May 31, 2019 6:25 pm
Forum: General
Topic: My firewall rules - please advise
Replies: 9
Views: 1437

Re: My firewall rules - please advise

@sindy
Really appreciate your time and help.
So I will delete everything from IP---> Firewall
and open a terminal and paste your scripts?

Thanks
by meazz1
Fri May 31, 2019 5:46 am
Forum: General
Topic: Terminal shows many failed logins from unknown IP
Replies: 3
Views: 570

Re: Terminal shows many failed logins from unknown IP

If you not use telnet and SSH, disable it from IP -> Services

Regards.
Thanks.
What I did is made both available from my local subnet only 192.168.4.0/24.
Is that good?
by meazz1
Fri May 31, 2019 5:19 am
Forum: General
Topic: Terminal shows many failed logins from unknown IP
Replies: 3
Views: 570

Terminal shows many failed logins from unknown IP

I just saw this when I logged in to my winbox today while I'm sitting at home. Any idea? 22:15:06 echo: system,error,critical login failure for user service from 92.115.171.102 via telnet [amgg@Tulip] > 22:15:07 echo: system,error,critical login failure for user admin from 92.115.171.102 via telnet ...
by meazz1
Fri May 31, 2019 4:47 am
Forum: General
Topic: My firewall rules - please advise
Replies: 9
Views: 1437

Re: My firewall rules - please advise

Here's my /export hide-sensitive file # may/30/2019 21:24:29 by RouterOS 6.45beta50 # software id = S1MG-NEED # # model = RouterBOARD 750G r3 # serial number = xxxxxxxxxxx /interface bridge add name=bridge1 /interface list add name=WAN add name=LAN /ip pool add name=dhcp ranges=192.168.4.10-192.168....
by meazz1
Fri May 31, 2019 4:44 am
Forum: General
Topic: My firewall rules - please advise
Replies: 9
Views: 1437

Re: My firewall rules - please advise

Here is my ip firewall filter export # may/30/2019 21:27:33 by RouterOS 6.45beta50 # software id = S1MG-NEED # # model = RouterBOARD 750G r3 # serial number = XXXXXXXXXXX /ip firewall filter add action=accept chain=forward connection-state=established,related add action=fasttrack-connection chain=f...
by meazz1
Thu May 30, 2019 4:52 am
Forum: General
Topic: My firewall rules - please advise
Replies: 9
Views: 1437

My firewall rules - please advise

I basically copied the rules for mikrotik wiki and added the fasttrack action. Can you tell me if this looks ok for my basic protection for the home use? https://lh3.googleusercontent.com/TFj3cuO9a04zxpwI_Lj6vIjTLIVPS3aHMlivv2Z95nWfYsZyxHv-lxL5Cn7yTQnidrbWLWwX8fDyjj48LexNRV5P7IQmBa7E0BEf1a6PKeqpDb7t...
by meazz1
Tue May 28, 2019 10:37 pm
Forum: General
Topic: Looking for a good web content filter
Replies: 4
Views: 637

Re: Looking for a good web content filter

I use at home a raspberry pi device running pi-hole.
You have the option to whitelist or blacklist sites, etc.

https://pi-hole.net/
by meazz1
Tue May 28, 2019 5:03 pm
Forum: General
Topic: Pining my IP from outside LAN
Replies: 3
Views: 489

Re: Pining my IP from outside LAN

any suggestion?
by meazz1
Sat May 25, 2019 1:25 am
Forum: General
Topic: Pining my IP from outside LAN
Replies: 3
Views: 489

Re: Pining my IP from outside LAN

If you wanted your router to be completely invisible from outside its WAN subnet, you'd have to disable also the TFTP - port scanners scan using multiple ports and protocols. So if you need the TFTP service to be available for requests received via WAN, disabling ping will not add much invisibility...
by meazz1
Fri May 24, 2019 7:24 pm
Forum: General
Topic: Pining my IP from outside LAN
Replies: 3
Views: 489

Pining my IP from outside LAN

I have the default firewall rules running on my router. Only thing I added is the "fasttrack" feature. Not having good idea about how ping should work, here's my question. Is is ok form my router to return reply if I ping my IP from outside of my network? Here's my firewall rules. # may/24/2019 12:1...
by meazz1
Fri May 24, 2019 5:22 am
Forum: General
Topic: Uninstall Wireless and other packages [SOLVED]
Replies: 4
Views: 970

Re: Uninstall Wireless and other packages [SOLVED]

@meazz1: by default, Routerboard devices have installed package bundle and it's not possible to completely uninstall individual packages ... it's only possible to disable them. If you want to completely uninstall some packages, you have to "unbundle" ROS first. The procedure is as follows (you only...
by meazz1
Fri May 24, 2019 5:21 am
Forum: General
Topic: Uninstall Wireless and other packages [SOLVED]
Replies: 4
Views: 970

Re: Uninstall Wireless and other packages [SOLVED]

The "ppp" package is also for VPNs. So if you don't need them, then yes.
thanks for your suggestion.
by meazz1
Thu May 23, 2019 5:26 am
Forum: General
Topic: Uninstall Wireless and other packages [SOLVED]
Replies: 4
Views: 970

Uninstall Wireless and other packages [SOLVED]

I have a Router 750G r3 without wireless feature. I also use a gig fiber connection without the PPPoE option.
In that case, will it be ok to uninstall package "wireless"and "ppp"?
by meazz1
Fri Feb 09, 2018 7:07 pm
Forum: Beginner Basics
Topic: IPTV is buffring but other streaming devices are not
Replies: 1
Views: 400

IPTV is buffring but other streaming devices are not

I have a gig fiber at my house. I have an IPTV box connected to my Mikrotik hEX router running 6.41 firmware. I also have a raspberry pi running pi-hole for DNS and adblocking. Everyting on the LAN is forced to use the local DNS address. For some reason the IPTV box is buffering but my other streami...
by meazz1
Mon Feb 05, 2018 3:33 am
Forum: Beginner Basics
Topic: Need help converting a port with it's own vlan
Replies: 2
Views: 488

Need help converting a port with it's own vlan

I have a very basic setup and I need guidance. I had been using consumer grade router and new to Mikrotik configurations. i'm still learning Currently, ether2 is master and ether3,ether4 and ether5 are salves. ether5 is connected to a gig switch. I want to make ether4 a seprate port with it's own IP...
by meazz1
Sat Dec 23, 2017 3:10 am
Forum: Beginner Basics
Topic: Do I need to buy license for hEX RB750Gr3
Replies: 1
Views: 688

Do I need to buy license for hEX RB750Gr3

I looked but couldn't find the answer. I just bought a wired router hEX RB750Gr3 and was wondering if I need to purchase a license? It's been up for less than a week but I'm confused if it will shut down after 15 days. For another router AP I'm planing to buy for my 2nd house if that needs licensing...
by meazz1
Wed Dec 20, 2017 3:30 pm
Forum: Beginner Basics
Topic: Need help with my firewall rules [SOLVED]
Replies: 3
Views: 794

Re: Need help with my firewall rules [SOLVED]

There's no need to have a rule to explicitly drop ICMP in your posted filter rules. add action=drop chain=input in-interface=!ether1 protocol=icmp icmp-options=8:0-255 add action=accept chain=input connection-state=established add action=accept chain=input connection-state=related add action=drop c...
by meazz1
Tue Dec 19, 2017 5:39 am
Forum: Beginner Basics
Topic: Need help with my firewall rules [SOLVED]
Replies: 3
Views: 794

Need help with my firewall rules [SOLVED]

I added an entry to drop pings from the wan side with the help of google, does it look right? I added the entry in line #16. /ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept ...
by meazz1
Tue Dec 12, 2017 4:13 am
Forum: Beginner Basics
Topic: How to access my AT&t gateway router from LAN [SOLVED]
Replies: 2
Views: 643

Re: How to access my AT&t gateway router from LAN [SOLVED]

Add a second IP to your router's WAN interface - if the modem is connected to ether1, for instance: /ip address add address=192.168.1.253/24 interface=ether1 next add a srcnat rule to access the modem: /ip firewall nat add chain=srcnat dst-address=192.168.1.254 action=src-nat to-address=192.168.1.2...
by meazz1
Sat Dec 09, 2017 2:45 am
Forum: Beginner Basics
Topic: How to access my AT&t gateway router from LAN [SOLVED]
Replies: 2
Views: 643

How to access my AT&t gateway router from LAN [SOLVED]

My lan Ip is 192.168.4.0/24. My At&t gateway is 192.168.1.254 and in passthru mode. What route or firewall rules I need to implement so I can access it from any lan pc? I'm new in this Mikrotk world.

Image

Image
by meazz1
Thu Dec 07, 2017 2:31 am
Forum: Beginner Basics
Topic: Help with fasttrack
Replies: 0
Views: 305

Help with fasttrack

I have been reading about fasttrack and checked my firewall and moved up "fasttrack" in the rules list.
No idea on how rules work, can someone look here at the screenshot and tell me if it's ok?
I have a hex router RouterBOARD 750G.

Image
by meazz1
Tue Dec 05, 2017 2:19 am
Forum: Beginner Basics
Topic: How do I connect using browser to router's IP address [SOLVED]
Replies: 2
Views: 486

Re: How do I connect using browser to router's IP address [SOLVED]

I'm using RouterOS 6.40.5 and the RouterBOARD 750G r3. I have the default setup with Ip 192.168.4.1 assigned to the router and the dhcp 192.168.4.10-100. I can connect from the windows box using IP 192.168.4.1 to winbox. If I try to use the same IP in a browser it doesn't connect. What or how do I ...
by meazz1
Mon Dec 04, 2017 3:46 am
Forum: Beginner Basics
Topic: How do I connect using browser to router's IP address [SOLVED]
Replies: 2
Views: 486

How do I connect using browser to router's IP address [SOLVED]

I'm using RouterOS 6.40.5 and the RouterBOARD 750G r3. I have the default setup with Ip 192.168.4.1 assigned to the router and the dhcp 192.168.4.10-100. I can connect from the windows box using IP 192.168.4.1 to winbox. If I try to use the same IP in a browser it doesn't connect. What or how do I e...
by meazz1
Sat Dec 02, 2017 3:43 am
Forum: Beginner Basics
Topic: Help with basic firewall rules
Replies: 7
Views: 1696

Re: Help with basic firewall rules

Thanks for helping the newbie here. As suggested, I reset configurations to default and ran most of the command in the link provided ( https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router ). 4 questions: 1. the default config has firewall rules already, should I still add the one in the link? ...
by meazz1
Fri Dec 01, 2017 6:01 pm
Forum: Beginner Basics
Topic: Help with basic firewall rules
Replies: 7
Views: 1696

Re: Help with basic firewall rules

Can someone point me to a preconfigured basic firewall script that works with default config on hEX RB750Gr3 router?
by meazz1
Fri Dec 01, 2017 5:14 pm
Forum: Beginner Basics
Topic: Is my interface done correctly [SOLVED]
Replies: 6
Views: 1008

Re: Is my interface done correctly [SOLVED]

It's working fine.
But if I want ethher1 to be WAN and other 4 to be just switch, how do I go about it?
by meazz1
Fri Dec 01, 2017 4:44 am
Forum: Beginner Basics
Topic: Is my interface done correctly [SOLVED]
Replies: 6
Views: 1008

Is my interface done correctly [SOLVED]

I configured my hex router after removing default configuration. I'm new to Mikrotik and learning my way here. I setup the router with At&t gateway and everything works. For some reason when I look at the interface screen, it looks something is not done correctly. In my case, ether1 is WAN port. Do ...
by meazz1
Fri Dec 01, 2017 4:30 am
Forum: Beginner Basics
Topic: Help with basic firewall rules
Replies: 7
Views: 1696

Re: Help with basic firewall rules

See this first, and implement the basic security as described. https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router Thanks for your help. Here is a script I made, let me know if this is ok. Any suggestion is welcom. /ip firewall filter add action=accept chain=input comment="default configurat...
by meazz1
Thu Nov 30, 2017 5:10 pm
Forum: Beginner Basics
Topic: Help with basic firewall rules
Replies: 7
Views: 1696

Help with basic firewall rules

I recently purchased a Mikrotik hEX RB750Gr3 5-port Ethernet Gigabit Router. I reset default configuration and have the basic setup, eth0=wan and eth1 to eth4 as switch. I need to get a basic firewall rule so my external IP is not visible from outside ping. I just need basic rules to protect me as a...