Community discussions

Search found 23 matches

by moham96
Sat Jun 15, 2019 4:10 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

..., so obviously my ISP is using dst-nat to redirect all request on port 53 to their own servers, ... - router has 208.67.222.222 (on port 53) as a resolver from the router dns settings(obviously not dst-nated) so it connect to 208.67.222.222 directly through the 53 port So the question is, does r...
by moham96
Sat Jun 15, 2019 4:08 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

The issue of course is that he wants to use opendns via port 5353. It is not possible to set that in the route DNS resolver, only the server can be specified and not the port number. That should really be fixed by MikroTik, That won't be easy to fix, if the routerboard advertises the dns settings w...
by moham96
Fri Jun 14, 2019 9:36 am
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

I'm not a fan of that hack either. :) But what I'm trying to say is that as it is now: - client doesn't use router as resolver - router doesn't use the same resolver as client So getting different addresses for same hostname (which uses CDN) is very possible. hmmm, right now i have the dst-nat to t...
by moham96
Fri Jun 14, 2019 1:01 am
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

Problem is, it doesn't do what you think. You need the router to use the right resolver (i.e. not ISP's) and client to use router (default is 192.168.88.1; you can have different config) as resolver. What actually happens is that when client gets 192.168.88.1 and tries to use it, dstnat forwards al...
by moham96
Thu Jun 13, 2019 2:51 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207929

Re: Feature requests

How about adding "use peer DNS" to the OVPN Client similar to other clients like PPPoE and dhcp client, right now when i establish a connection to the openvpn server I'm forced to have the advertised openvpn dns server, I can disable the dns server on the openvpn server but I would like other client...
by moham96
Wed Jun 12, 2019 9:53 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

@pe1chl @Sob I probably should've explained why I'm using dst-nat, the reason is that my ISP is advertising his own dns server that they use to block some sites(e.g protonmail.com resolves to 127.0.0.1) and even if i set another resolver i get the same DNS record, so obviously my ISP is using dst-na...
by moham96
Wed Jun 12, 2019 9:47 am
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

Akamai is CDN, i.e. huge network with servers all over the world, doing load balancing and stuff. Everything is dynamic. Address of given website is CNAME with decent TTL, but target e7772.g.akamaiedge.net really has only 20 seconds TTL. You might get the same address again and usually you will, bu...
by moham96
Wed Jun 12, 2019 9:41 am
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

That is the issue that Sob mentioned above. You need to carefully read and understand it. Basically, this method is not going to work for what you want to do unless you use the MikroTik DNS resolver on all your internal systems. Having "the same DNS server" is NOT going to cut it! You need to have ...
by moham96
Tue Jun 11, 2019 8:46 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

I've face another problem, I'm trying to apply a mangle rule to this site: http://processors.wiki.ti.com but I can never get it to work,If I add processors.wiki.ti.com to the address list it adds the ip "23.9.34.154" but if i ping or run dns lookup on the hostname my laptop shows the following: proc...
by moham96
Tue Jun 11, 2019 8:06 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

W.r.t. your other suggestion: you have to understand that this method of setting up an address list is not at all related to actual traffic. The DNS queries are made (once everytime the TTL runs down to zero) no matter if there is any related traffic, and any traffic only matches what is in the add...
by moham96
Mon Jun 10, 2019 12:22 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

It would require to change how it works. Now you give it hostname and router actively resolves it. It's obvious that it can't try to resolve all possible combinations. So it would have to be as you suggest, not actively resolve anything, only look for what's already in cache. But it wouldn't work f...
by moham96
Sat Jun 08, 2019 2:50 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

Ok, After testing, it seems there is one thing missing from this feature which is adding a wildcard hostnames, so instead of adding wiki.example.com forums.example.com blog.example.com the address list should accept wildcards like .example.com and add dynamic rules to anything in the dns cache and c...
by moham96
Thu May 09, 2019 3:18 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

Wish granted: /ip firewall address-list add address=www.mikrotik.com list=mikrotik add address=forum.mikrotik.com list=mikrotik /ip firewall filter add action=accept chain=forward dst-address-list=mikrotik Wow, Didn't think that was already implemented, do you know what was the first version of Rou...
by moham96
Wed May 08, 2019 4:25 pm
Forum: General
Topic: firewall src add and dst add
Replies: 38
Views: 3986

Re: firewall src add and dst add

Hi, I would like to resurrect this old thread instead of opening a new feature request I'm currently using host based firewall rules to route specific sites to a VPN interface instead of routing everything. the mikrotik wiki has a script to achieve this( a bit of a dirty solution but it works) https...
by moham96
Thu Apr 25, 2019 2:26 pm
Forum: General
Topic: [Feature Request] show the pppoes message
Replies: 1
Views: 351

[Feature Request] show the pppoes message

Hi, I have a pppoe-client in my mikrotik router, the pppoe server is from cisco, upon successful authentication or error the server sends a message field in the pppoes response that indicate the type of error or success for example: 1- if the pppoe user is already logged in it fails to log in and se...
by moham96
Fri Mar 22, 2019 7:57 am
Forum: The User Manager
Topic: Radius server not responding in recent RouterOS
Replies: 3
Views: 947

Re: Radius server not responding in recent RouterOS

Can be either oversight, or perhaps user manager is considered advanced config, which default firewall is not made for and you have to tweak it. The new rule is safer, because it will block access from everywhere except LAN, while the old one blocked only access from WAN. But there can be more (e.g...
by moham96
Tue Mar 19, 2019 2:42 pm
Forum: The User Manager
Topic: Radius server not responding in recent RouterOS
Replies: 3
Views: 947

Radius server not responding in recent RouterOS

Hi, after setting up hotspot and usermanager in RouterOS I get "Radius server not responding" when trying to login in the hotspot page The issue persist in recent RouterOS versions, 6.39.3 version works fine, 6.44 and 6.44.1 not working. After digging it turns out the issue is in one of the firewall...
by moham96
Mon Mar 18, 2019 8:03 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 365
Views: 243237

Re: Metarouter images

Hi, why doesn't mikrotik push their changes to mainline linux and official openwrt instead of releasing a patch for each version ? I hope Mikrotik engineers can provide us with an answer. this will ensure that the metarouter will always be supported,and maintained by linux kernel experts, all bugs w...
by moham96
Sat Dec 23, 2017 2:18 pm
Forum: Virtualization
Topic: run openwrt metarouter on RB952Ui-5ac2nD-TC [SOLVED]
Replies: 6
Views: 2362

Re: run openwrt metarouter on RB952Ui-5ac2nD-TC [SOLVED]

Or it can be solved from your side by obtaining proper device with big flash disk. Or you can run a virtualization server in your network that allows you whatever you may want to. well if my device was not supposed to run metarouter it shouldn't have metarouter feature enabled and showing in winbox...
by moham96
Sat Dec 23, 2017 8:27 am
Forum: Virtualization
Topic: run openwrt metarouter on RB952Ui-5ac2nD-TC [SOLVED]
Replies: 6
Views: 2362

Re: run openwrt metarouter on RB952Ui-5ac2nD-TC [SOLVED]

After some testing openwrt is not useable, once i installed nano and python hdd got filled, this could be solved from mikrorik side by either allowing metarouters to be installed on the usb drive or exposing the flash drive to the metarouter so we can setup extroot to use flash drive to install pack...
by moham96
Sat Dec 23, 2017 6:49 am
Forum: Virtualization
Topic: run openwrt metarouter on RB952Ui-5ac2nD-TC [SOLVED]
Replies: 6
Views: 2362

Re: run openwrt metarouter on RB952Ui-5ac2nD-TC [SOLVED]

Metarouter can not be run from removable drive. It has to be stored internally. You can free used space by removing of unnecessary packages and files. Thanks, i ended up removing all packages except for system,wireless,ppp and dhcp to be able to run one metarouter(my hdd space maxed). unfortunately...
by moham96
Thu Dec 21, 2017 11:09 pm
Forum: Beginner Basics
Topic: how to unbrick rb952 using netinstall can't open the case
Replies: 1
Views: 400

how to unbrick rb952 using netinstall can't open the case

Hi, I have RB952Ui-5ac2nD-TC I wanted to uninstall some packages to make some space but they were installed as a bundle and i can't uninstall single packges so i downloaded the packages as multiple npk files and uploaded them to the router and after reboot the router is dead not wifi no lan. I tried...
by moham96
Thu Dec 21, 2017 3:34 pm
Forum: Virtualization
Topic: run openwrt metarouter on RB952Ui-5ac2nD-TC [SOLVED]
Replies: 6
Views: 2362

run openwrt metarouter on RB952Ui-5ac2nD-TC [SOLVED]

Hi, i'm trying to run metarouter in my hap ac lite tower, I downloaded openwrt image that's provided in the wiki and put it on flash drive, connected the drive to the router and tried to import the image from winbox but it fails with Couldn't continue - import failed: could not extract ./bin/busybox...