Community discussions

Search found 73 matches

by sjafka
Fri Aug 09, 2019 12:32 pm
Forum: General
Topic: Address list importing with other name
Replies: 9
Views: 648

Re: Address list importing with other name

"all that you wrote" thank you Sindy, again! i disable all services in mikrotik, expect winbox and i only portforward one port, the VPN-s! And sure, its not PPTP :) basically, all the effort ive put in the fw it seems, that only allowing from internal subnet/singel IP address in chain INPUT and ICM...
by sjafka
Fri Aug 09, 2019 12:28 pm
Forum: General
Topic: Address list importing with other name
Replies: 9
Views: 648

Re: Address list importing with other name

"all that you wrote" thank you Sindy, again! i disable all services in mikrotik, expect winbox and i only portforward one port, the VPN-s! And sure, its not PPTP :) basically, all the effort ive put in the fw it seems, that only allowing from internal subnet/singel IP address in chain INPUT and ICM...
by sjafka
Fri Aug 09, 2019 12:19 pm
Forum: General
Topic: Firewall log help needed
Replies: 8
Views: 711

Re: Firewall log help needed

If you use Winbox, it's drag and drop. If you use WebFig, press the [Download] button in the file list. If you use command line, use scp from your PC to download the file.
i thought that it will work this way, but no, ill check later! :) thank you!!!
by sjafka
Fri Aug 09, 2019 12:01 pm
Forum: General
Topic: Address list importing with other name
Replies: 9
Views: 648

Re: Address list importing with other name

However, the process stops on first duplicate address encountered. so basically this is a no-go, and i have to make for all names that i have in address list (which are fetched via the scheduler) a "drop input addresslist:nameofthelist" rule, right? and if yes, should i do that for my clients too? ...
by sjafka
Fri Aug 09, 2019 11:59 am
Forum: General
Topic: Address list importing with other name
Replies: 9
Views: 648

Re: Address list importing with other name

Blocking portscanners is a nice hobby project to gain experience in the different technologies of the MikroTik router, but after you are done with it and see how it works, you should simply remove it. It serves no useful purpose, and it can cause nasty side-effects that you can easily oversee. I wa...
by sjafka
Fri Aug 09, 2019 11:08 am
Forum: General
Topic: Address list importing with other name
Replies: 9
Views: 648

Re: Address list importing with other name

https://wiki.mikrotik.com/wiki/Drop_port_scanners i found it, this is it, now i know,i saw this and wanted to use it, but i was really beginner, and i didnt understood, whats going on,so i didnt used it. But now i see, this is totally the same...what a shame... And if i do a scan with "port scan and...
by sjafka
Fri Aug 09, 2019 10:36 am
Forum: General
Topic: Address list importing with other name
Replies: 9
Views: 648

Address list importing with other name

Hello Dear MikroTIKers! I would like to do this: i see that, a lot of ppl try to get in, when watching the logs, with ports for SMB and SSH and stuff like that, like port scanners. I implemented a port scanner, what a mikrotik teacher put online, but when i tested with a portsscan.exe and from kali ...
by sjafka
Fri Aug 09, 2019 10:27 am
Forum: General
Topic: Firewall log help needed
Replies: 8
Views: 711

Re: Firewall log help needed

Hey Sindy,

thank you again! :)

Thanks for the clarification! I cant fint the option to download the file, after stopped sniffing! Could you please help me out again?

Thank you :)
by sjafka
Wed Aug 07, 2019 2:22 pm
Forum: General
Topic: Firewall log help needed
Replies: 8
Views: 711

Re: Firewall log help needed

if i check in winbox -> ip -> dhcp client -> STATUS tab i see that my DHCP server is: 10.250.0.1, so im confused?! anyone could brighten me up?
by sjafka
Wed Aug 07, 2019 2:17 pm
Forum: General
Topic: Firewall log help needed
Replies: 8
Views: 711

Re: Firewall log help needed

update: we have 2 isp-s, i changed them, the "attack" of 192168.255.254:67 and port 68 stopped, but know it begins the same, but with other local ip: 10.10.0.1 now i begin to think, this is theese two are the two dhcp server ip local addresses of the ISP! but why does this happen? i get all the time...
by sjafka
Wed Aug 07, 2019 1:11 pm
Forum: General
Topic: Firewall log help needed
Replies: 8
Views: 711

Re: Firewall log help needed

i checked the src-mac what the log says, it begins with 64:XXXXXXXxxxxx
in interface wan, only my modem is connected to it, but its mac address is something else. what could this be?!
by sjafka
Wed Aug 07, 2019 1:06 pm
Forum: General
Topic: Firewall log help needed
Replies: 8
Views: 711

Re: Firewall log help needed

whats strange, if i ping this ip address, 192168.255.254 i get answer (from wan port with PING in winbox) and i get an aswer like, every 10 second, like the rule i made for icmp, limit it to 6 per minute, so i get an aswer for ping every 10 sec, its like im "attacking myself"??? ill post updates i f...
by sjafka
Wed Aug 07, 2019 1:00 pm
Forum: General
Topic: Firewall log help needed
Replies: 8
Views: 711

Firewall log help needed

Hello Dear MikroTIKERS! I see in my log this-> firewall,info input: in:ether-1-wan out:(unknown 0),scr-mac HERE IS A MAC ADDRESS,proto UDP,192.168.255.254:67->255.255.255.255:68,len 328 and i see this every second multiple times. 67-68 should be DHCP, and ether-1-wan is my WAN port, with a dhcp clie...
by sjafka
Thu Jul 18, 2019 10:49 am
Forum: General
Topic: check/verify L2 seperation
Replies: 0
Views: 232

check/verify L2 seperation

Dear MikroTIK-ers!

I'd like to ask, whats your method, to check/verify eg.: when making a vlan network, that it is really seperated on L2, not only L3?
by sjafka
Wed Jul 17, 2019 10:49 am
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

Re: connection state question [SOLVED]

Sob, i totally understand now how this works and what the problem was, thank you for pointing out my mistake, this really helpd me a lot to understand the mikrotik way of thinking!
by sjafka
Wed Jul 17, 2019 9:58 am
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

Re: connection state question [SOLVED]

So you can imagine all following rules as having connection-state=new. Do you really want to accept all new connections from WAN? Probably not. No, sure i dont want to do this, thank you for pointing out the mistake! " So you can imagine all following rules as having connection-state=new." -> you m...
by sjafka
Tue Jul 16, 2019 5:28 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

Re: connection state question [SOLVED]

This doesn't look like something you want to have: accept forward destination-address list: 192.168.1.0/24 in-interface:WAN Source-AddressList: !BOGONS It's basically that everything from WAN (including new connections) is allowed to access your LAN (except what's in BOGONS address list). You shoul...
by sjafka
Tue Jul 16, 2019 5:04 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

Re: connection state question [SOLVED]

This doesn't look like something you want to have: accept forward destination-address list: 192.168.1.0/24 in-interface:WAN Source-AddressList: !BOGONS It's basically that everything from WAN (including new connections) is allowed to access your LAN (except what's in BOGONS address list). You shoul...
by sjafka
Tue Jul 16, 2019 4:25 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

Re: connection state question [SOLVED]

Dear 2frogs and stoser,

thank you, for your time, now i got it and it helpd meg a lot :)

I marked 2frog-s reply as an aswer, bc that was the answer for the original question, but your answer was helping me too, to fully understand what im doing :)

Thank you and have a nice day!
by sjafka
Tue Jul 16, 2019 3:48 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

Re: connection state question [SOLVED]

Correct! It is already accepted! Thank you, now im in a state, where i do understand, few seconds later again the whole thing is just crazy. If i have 4 forward rules (which affect the, for example: browsing web on my lapton) accept forward established/releated drop forward invalid accept forward d...
by sjafka
Tue Jul 16, 2019 3:44 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

Re: connection state question [SOLVED]

Correct! It is already accepted! Thank you, now im in a state, where i do understand, few seconds later again the whole thing is just crazy. If i have 4 forward rules (which affect the, for example: browsing web on my lapton) accept forward established/releated drop forward invalid accept forward d...
by sjafka
Tue Jul 16, 2019 3:00 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

Re: connection state question [SOLVED]

i just wanted to write down, why i still dont understand, but now i get it, because there is NO rule, what is talkin about "conn-state:new", the rule is already enabled, right?
by sjafka
Tue Jul 16, 2019 11:21 am
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 1060

connection state question [SOLVED]

Dear MikroTIK Community, there is one thing, i cannot understand really, i think it has to do with my network knowledge but maybe you people could help me. When i do firewall rules, i do basically this: input drop invalid - input accept related,established and than the same with forward and at the e...
by sjafka
Thu Jul 11, 2019 3:55 pm
Forum: General
Topic: untagged vlan [SOLVED]
Replies: 9
Views: 640

Re: untagged vlan [SOLVED]

this is what I've suggested in post above hi sebastia if you mean this: "But what also possible: extend the access port (=untagged port) with "dumb" switch", than sorry, i misunderstood it, i thought you said i should do untagged vlans (not untagged ports :D) with dumb switches... :) But if there i...
by sjafka
Thu Jul 11, 2019 3:05 pm
Forum: General
Topic: untagged vlan [SOLVED]
Replies: 9
Views: 640

Re: untagged vlan [SOLVED]

Thank you guys, for your answers! One more question: if i do not bridge ports, i only use ONE, than i dont have any layer 2 connection between two ports right? So this way i can just give thoose two ports two seperate seubnets and do a layer 3 firewall filter (like forward from 192.168.0.0/24 to 192...
by sjafka
Thu Jul 04, 2019 1:32 pm
Forum: General
Topic: untagged vlan [SOLVED]
Replies: 9
Views: 640

Re: untagged vlan [SOLVED]

It could work like that: extend vlans with another smart switch. But what also possible: extend the access port (=untagged port) with "dumb" switch. To keep things simple I would just advise to setup independent ports, when when the need arrives you can re-evaluate your setup. thank you for your ti...
by sjafka
Thu Jul 04, 2019 12:52 pm
Forum: General
Topic: untagged vlan [SOLVED]
Replies: 9
Views: 640

Re: untagged vlan [SOLVED]

Hey Do you want these vlans to be tagged on other ports? Or do you want one vlan / port and only on that port? hey sebastia, thank you for your answer, i see you are really active on theese forums :) Now i don't want to tag, cuz the person who needs it, has two "not-smart" switches, usually i like ...
by sjafka
Thu Jul 04, 2019 12:06 pm
Forum: General
Topic: untagged vlan [SOLVED]
Replies: 9
Views: 640

untagged vlan [SOLVED]

Hello Community, i'd like to confirm, im doing this right, i wanted to achieve untagged-vlan! What i did: instead of putting the VLAN interface on the port itself (i need only one phisycal port for each subnet), i've put the port in a bridge and added the vlan to the bridge, after that the bridge go...
by sjafka
Fri Aug 24, 2018 10:25 am
Forum: General
Topic: Firewall rules
Replies: 0
Views: 342

Firewall rules

Dear MikroTikers, i'd like to ask to review my fw config, is it good against external threats! Thank you in advance (the rdp rules are only for me to see how many "ppl" try to get in via standard rdp port, does nothing else) /ip dns set allow-remote-requests=yes /ip firewall address-list add address...
by sjafka
Thu Jun 07, 2018 12:58 pm
Forum: General
Topic: L2TP IPSec speed [SOLVED]
Replies: 16
Views: 3920

Re: L2TP IPSec speed [SOLVED]

Some devices have special IPsec acceleration hardware built in. Like the hEX, new cAPac, new hAP ac^2
Hi Normis,

i tried the same with a hap ac2 and the result is the same if not a little bit slower. I get ~500kb/s with this router too. Could you please help me out?
by sjafka
Thu Jun 07, 2018 12:23 pm
Forum: General
Topic: Block after X attempts
Replies: 1
Views: 228

Block after X attempts

Dear MikroTik Community,

how can i achieve that, i created a l2tp ipsec vpn, that if someone tries to crack it with bruteforce or just trying with random pw-s, that after X attempts the account gets locked for X time?

Thank you in adnvace
by sjafka
Tue Jun 05, 2018 12:35 pm
Forum: General
Topic: Troubleshooting performance issues
Replies: 8
Views: 678

Re: Troubleshooting performance issues

I know this is not the most professional thing to do, but i would still disable all fw rules to see, if bandwith usage is okay or not without them
(yes, Sindy, u are totally right,[i wrote this here, to not make the thread longer, so more ppl will read your post m8]
by sjafka
Tue Jun 05, 2018 11:46 am
Forum: General
Topic: Wifi range extender
Replies: 0
Views: 526

Wifi range extender

Dear MikroTik Community, im using now for main Wifi a hAP mini and as range extender (like a wireless ap) a hAP lite. I can get around 400-600kb/s download, instead of 6-7MB/s. Im using it like this, bc the 2.4Ghz of the hAP lite is really shitty, thats why the mini is the main wifi. I tried differe...
by sjafka
Thu May 31, 2018 12:15 pm
Forum: General
Topic: L2TP IPSec speed [SOLVED]
Replies: 16
Views: 3920

Re: L2TP IPSec speed [SOLVED]

IPsec is the best and most secure. I also recommend using this VPN type.
PPTP is no longer considered secure.

Thank you!
by sjafka
Thu May 31, 2018 11:57 am
Forum: General
Topic: L2TP IPSec speed [SOLVED]
Replies: 16
Views: 3920

Re: L2TP IPSec speed [SOLVED]

IPsec is very CPU intensive. You need either a powerful machine, or IPsec acceleration chip. RB2011 is an older device, it may not be as powerful for IPsec at higher speed. Thank you for answering, i know this is other topic but i'll ask: i choosed IPsec because i read that this should be one the b...
by sjafka
Thu May 31, 2018 11:12 am
Forum: General
Topic: L2TP IPSec speed [SOLVED]
Replies: 16
Views: 3920

Re: L2TP IPSec speed [SOLVED]

Thank you guys, for your answer, ill check later out, my college has an ac2, ill try out, but on a RB2011UiAS i get somewhat about 500kbit/sec, is it normal(so i should just check out other HW), or should i check things out in my config (if yes, what would u check out?) Thank you in advance!
by sjafka
Wed May 30, 2018 3:41 pm
Forum: General
Topic: L2TP IPSec speed [SOLVED]
Replies: 16
Views: 3920

Re: L2TP IPSec speed [SOLVED]

Dear MikroTik Community,


i"ve set up an l2tpipsec vpn, but the speed is really slow, what should i check?


Thank you in andvance!
i searched and found a forum, where they said, lowering MRU did for them, so for me. Whats the impact now, thath i lowered MRU? Could someone pls explain?
by sjafka
Wed May 30, 2018 3:24 pm
Forum: General
Topic: L2TP IPSec speed [SOLVED]
Replies: 16
Views: 3920

L2TP IPSec speed [SOLVED]

Dear MikroTik Community,


i"ve set up an l2tpipsec vpn, but the speed is really slow, what should i check?


Thank you in andvance!
by sjafka
Wed May 30, 2018 2:30 pm
Forum: Beginner Basics
Topic: From one subnet to other but [SOLVED]
Replies: 10
Views: 632

Re: From one subnet to other but [SOLVED]

chain=forward action=accept protocol=tcp src-address=10.10.10.0/24 dst-address=192.168.11.0/24 dst-port=3389 chain=forward action=accept protocol=udp src-address=10.10.10.0/24 dst-address=192.168.11.0/24 dst-port=3389 chain=forward action=drop src-address=10.10.10.0/24 dst-address=192.168.11.0/24 t...
by sjafka
Wed May 30, 2018 2:24 pm
Forum: Beginner Basics
Topic: Basic help needed - restriction [SOLVED]
Replies: 3
Views: 347

Re: Basic help needed - restriction [SOLVED]

Why duplicate post???

viewtopic.php?f=13&t=135003
bc someone asked so much bs that i thought no one will read it and he asked the same thing x times. btw: how to delete a post?
by sjafka
Wed May 30, 2018 12:09 pm
Forum: Beginner Basics
Topic: Basic help needed - restriction [SOLVED]
Replies: 3
Views: 347

Basic help needed - restriction [SOLVED]

Dear MikroTik Community, i have a basic question, i cannot get it to work. I'd like to achieve, that from one subet to other (its NATted) only RDP should be working. I did this: chain=input action=drop protocol=udp src-address=10.10.10.0/24 dst-port=!3389 log=no log-prefix="" but i cannot connect vi...
by sjafka
Wed May 30, 2018 10:46 am
Forum: Beginner Basics
Topic: From one subnet to other but [SOLVED]
Replies: 10
Views: 632

Re: From one subnet to other but [SOLVED]

Guys, its getting out of hand, i already did the "system", eveything is good, but i want to limit the access from local resources for the VPN users. So the question would be, how can i make it happen, that from one subet, which is NATted to the other subnet,things ONLY on port 3389 work?! nothing el...
by sjafka
Tue May 29, 2018 6:10 pm
Forum: Beginner Basics
Topic: From one subnet to other but [SOLVED]
Replies: 10
Views: 632

Re: From one subnet to other but [SOLVED]

Excellent input! For me its about getting the requirements right. Please confirm a. some external users need access to VPN, to RDP But not to internal LAN b. some external users need access to VPN, to RDP and need access also to internal LAN c. some external users need access to VPN and need access...
by sjafka
Tue May 29, 2018 5:30 pm
Forum: Beginner Basics
Topic: From one subnet to other but [SOLVED]
Replies: 10
Views: 632

Re: From one subnet to other but [SOLVED]

So you are running an RDP on your LAN and you want users to VPN to the right LAN network and then use their RDP client to talk to the RDP server? Im running in the "internal lan"(192.168.X.X) an RDP server(terminal server), and from the "vpn lan"(10.10.10.X) its NATted to "internal lan" (where the ...
by sjafka
Tue May 29, 2018 4:00 pm
Forum: Beginner Basics
Topic: From one subnet to other but [SOLVED]
Replies: 10
Views: 632

From one subnet to other but [SOLVED]

UPDATE*: Guys, its getting out of hand, i already configured the "system", eveything is good, but i want to limit the access from local resources for the VPN users. So the question would be, how can i make it happen, that from one subet, which is NATted to the other subnet,things ONLY on port 3389 w...
by sjafka
Tue May 29, 2018 2:39 pm
Forum: Beginner Basics
Topic: L2TP IPSec VPN questions
Replies: 1
Views: 390

L2TP IPSec VPN questions

Okay, this was the case(in quote, but its long), but i figured out while i was writing this post, that the DNS suffix is the bad boy and i can "workaround" with giving it by hand to the advanced tcp/ipv4 VPN connection in windows, but is there a way, that DNS Suffix will be "transmitted" to the VPN ...
by sjafka
Thu May 24, 2018 10:00 am
Forum: General
Topic: Logging custom port [SOLVED]
Replies: 2
Views: 391

Re: Logging custom port [SOLVED]

Dear Mikrotik Community! I have a question and i hope u guys/girls can help me understand this one; i made a port forward for RDP on a custom port lets say: 34321 and i did a dst-nat for it with public/privat ports (so i can now login to the servers with : "serverip:34321".. Now i need to log commu...
by sjafka
Wed May 23, 2018 5:15 pm
Forum: General
Topic: Logging custom port [SOLVED]
Replies: 2
Views: 391

Logging custom port [SOLVED]

Dear Mikrotik Community! I have a question and i hope u guys/girls can help me understand this one; i made a port forward for RDP on a custom port lets say: 34321 and i did a dst-nat for it with public/privat ports (so i can now login to the servers with : "serverip:34321".. Now i need to log commun...
by sjafka
Tue May 15, 2018 2:15 pm
Forum: General
Topic: Loggin
Replies: 3
Views: 325

Re: Loggin

You have to add rules with action=log , protocol=tcp and dst-port= <list of ports on which the services you are interested in listen> to the firewall filter chains input and forward, right after the initial "accept related, established" rule. Another such rule for services listening on UDP ports. T...
by sjafka
Tue May 15, 2018 11:33 am
Forum: General
Topic: Loggin
Replies: 3
Views: 325

Re: Loggin

I could solve the login attempts, but how could i get a log to an external server that there was traffic on RDP/VPN (1723,3389,etc..) and from which public ip it came? Thank you in adnvace
by sjafka
Mon May 14, 2018 3:32 pm
Forum: General
Topic: Loggin
Replies: 3
Views: 325

Loggin

Dear Community,


i"d like to ask, what is the best method, to log and send(email or syslog server) router logins attempts (succeed and unsuccefull too) and how could i log who did use specific ports like: 1723,3389(from wan side :) )


Thank you in andvance!

Daniel
by sjafka
Tue Apr 10, 2018 2:38 pm
Forum: General
Topic: Cisco modem + MikroTIk hEX
Replies: 1
Views: 286

Cisco modem + MikroTIk hEX

Dead MikroTik Community, im here again, to ask for help. I cannot believe how much sucky-sucky i need to get this hEX to work properly. I encountered this problem: the ISP assigns ip addresses dynamically, so i get (untill now every time the same) IP every 6 hours. hEX router connects via CAT6 cable...
by sjafka
Tue Apr 10, 2018 11:15 am
Forum: General
Topic: VLAN-AP
Replies: 4
Views: 399

Re: VLAN-AP

Thank you in advance! Im loosing hair already :D:S An issue with dhcp server attached to a bridge was reported in the 6.42rc topic and it is not clear to me whether it affects 6.41.x as well. I have not encountered that issue myself, and I have bad experience with attaching IP address and dhcp serv...
by sjafka
Mon Apr 09, 2018 6:14 pm
Forum: General
Topic: VLAN-AP
Replies: 4
Views: 399

Re: VLAN-AP

There are unsolved issues with the DHCP server on VLANs and bridges in 6.41.x. Downgrade to the bugfix version (6.40.7) and everything will probably work flawless. I will try tomorrow, thank you really much for your time and response! I'll mark this as answer, as soon i can say, this was the proble...
by sjafka
Mon Apr 09, 2018 5:30 pm
Forum: General
Topic: VLAN-AP
Replies: 4
Views: 399

VLAN-AP

Dead MikroTik Community, im here again, to ask :) I encounter (again) an error i cant fix or troubleshoot the good way. I have a main router (without wifi, its a hEX) with 2 vlans, one with and one without DHCP. I have 3 AP-s (hap mini) with tagged vlans (1 and 2) -> so that i can have a real guest ...
by sjafka
Thu Apr 05, 2018 6:24 pm
Forum: General
Topic: DHCP Client
Replies: 8
Views: 1723

Re: DHCP Client

Thanks again! I found something intersting ,maybe this could be the culprit... i imported the same config on an other mikrotik i have here and i put the WAN port on a simple SOHO Asus router, where i set 120sec lease time (thats the minimum for him) and i saw that the router renews the IP at 1 minut...
by sjafka
Thu Apr 05, 2018 4:52 pm
Forum: General
Topic: DHCP Client
Replies: 8
Views: 1723

Re: DHCP Client

Router keeps the mac unchanged on the port unless you do that manually. If the port is bridge, use administrative mac address for it. When dhcp client looses the ip, it asks for it again. If not, just force the refresh and see the timings of the newly provided ip. May happen you describe real error...
by sjafka
Thu Apr 05, 2018 4:49 pm
Forum: General
Topic: DHCP Client
Replies: 8
Views: 1723

Re: DHCP Client

Dear MikroTik Community, i'd like to ask if someone else encounters this problem with the newest RouterOS version: dhcp client ("WAN" port) "looses" IP. My router: MikroTIk hEX 6.41.3 The log says: dhcp,critical,error dhcp-client on WAN-ETH1 lost IP address X.X.X.X received NAK from dhcp server 0.0...
by sjafka
Thu Apr 05, 2018 2:28 pm
Forum: General
Topic: DHCP Client
Replies: 8
Views: 1723

Re: DHCP Client

One more question: how can i view if the router automatically changes mac address of port? or something like this does not happen?! (I hope so, but if not, how can i check if my mac changed?)
by sjafka
Thu Apr 05, 2018 2:05 pm
Forum: General
Topic: DHCP Client
Replies: 8
Views: 1723

DHCP Client

Dear MikroTik Community, i'd like to ask if someone else encounters this problem with the newest RouterOS version: dhcp client ("WAN" port) "looses" IP. My router: MikroTIk hEX 6.41.3 The log says: dhcp,critical,error dhcp-client on WAN-ETH1 lost IP address X.X.X.X received NAK from dhcp server 0.0....
by sjafka
Tue Mar 27, 2018 6:13 pm
Forum: Wireless Networking
Topic: 2.4Ghz Guest wifi [SOLVED]
Replies: 3
Views: 712

Re: 2.4Ghz Guest wifi [SOLVED]

Thank you Petri for your time! We figured it out: after completing the config for the first AP i did an export file=filename and did restore this config on the other AP's. What i didnt knew, if you make a virtual interface and it has a MAC address than u clone the MAC too... all the "guest"s had the...
by sjafka
Tue Mar 27, 2018 5:13 pm
Forum: Wireless Networking
Topic: 2.4Ghz Guest wifi [SOLVED]
Replies: 3
Views: 712

Re: 2.4Ghz Guest wifi [SOLVED]

Thank you for your answer. Yes i know, i thought this wont be enough, i just wanted to be fast, 'cuz im working since days and im tired AF. Sooooooooo Basically: There is the main router: two VLAN's. On one vlan there is no dhcp (this is the main segment for my network) set up in the router, this jo...
by sjafka
Tue Mar 27, 2018 1:32 pm
Forum: Wireless Networking
Topic: 2.4Ghz Guest wifi [SOLVED]
Replies: 3
Views: 712

2.4Ghz Guest wifi [SOLVED]

Dead Mikrotik Community, [PLEASE READ THE 3. ENTRY - this is nonsense what i wrote here :) thank you] i need help from you! I set up 3 hap mini-s with (virtual) secondary SSID (guest wifi). The main ssid and the secondary are the same for the 3 AP-s. (like the main ssid is like : office and the seco...
by sjafka
Wed Feb 28, 2018 10:38 am
Forum: General
Topic: Wirele-less?!
Replies: 2
Views: 365

Wirele-less?!

Hy Mikrotik Community, i have two problems with my HAP AC Lite, i would like to get help from you or minimum confirmation. First problem: if i do a freq. usage on the wifi card i get disconnected after a few sec from winbox és if i re-log, than i see an "empty" winbox (the settings are still there, ...
by sjafka
Tue Feb 06, 2018 10:00 am
Forum: General
Topic: Permission error
Replies: 1
Views: 225

Permission error

Hello everyone!

I wanted to updgrade my firmware and nothing happened and now i dont have permission for a few things, like opening a console (Not permitted (9)) or upgrade firmware. What can i do about this?

Thank you in advance!
by sjafka
Wed Jan 10, 2018 4:57 pm
Forum: General
Topic: Simple question - bridges
Replies: 7
Views: 427

Re: Simple question - bridges

yes it should see each other because of using wrong nat rules /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.31.0/24 add action=masquerade chain=srcnat src-address=192.168.30.0/24 You have to specify output interface for each one. /ip firewall nat add action=masquerade chai...
by sjafka
Wed Jan 10, 2018 3:37 pm
Forum: General
Topic: NAT "trespassing"
Replies: 0
Views: 200

NAT "trespassing"

Hello Guys and Girls! A fellow member helped me out (i had "bad" NAT rules) and now i have two LAN networks which (now) cannot communicate with each other(and that was the goal). How can i make it happen, that the 192.168.30.0/24 can see/reach 192.168.31/0 but not vice versa. Thank you in advance! M...
by sjafka
Wed Jan 10, 2018 2:39 pm
Forum: General
Topic: Simple question - bridges
Replies: 7
Views: 427

Re: Simple question - bridges

"i can ping from 192.168.30.X to 192.168.31.X and vica versa" You can ping because your router routes traffic for network 30 from network 31 and vice versa. These (default) routes are defined under /ip route and are result of "connected networks". If you don't want them to reach each other you need...
by sjafka
Wed Jan 10, 2018 2:06 pm
Forum: General
Topic: Simple question - bridges
Replies: 7
Views: 427

Re: Simple question - bridges

yes it should see each other because of using wrong nat rules /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.31.0/24 add action=masquerade chain=srcnat src-address=192.168.30.0/24 You have to specify output interface for each one. /ip firewall nat add action=masquerade chai...
by sjafka
Wed Jan 10, 2018 11:10 am
Forum: General
Topic: Simple question - bridges
Replies: 7
Views: 427

Simple question - bridges

Hello Guys and Girls! I would like to ask you a question:why do the clients from the two bridges see each other (i can ping from 192.168.30.X to 192.168.31.X and vica versa). What is the connection/relation between theese two bridges? Is it the neighbor discovery and if not what does it do? Here is ...
by sjafka
Thu Jan 04, 2018 1:03 pm
Forum: Beginner Basics
Topic: DualWAN-DualLAN-seperated
Replies: 5
Views: 445

Re: DualWAN-DualLAN-seperated

Thank you for your answer!

And if i wanted to spicy up things with dual wan bonding? Or i dont know what it is called, basically i would like to achive something like adding the two wans bandwith together.. :) Thank you guys/girls in advance!
by sjafka
Thu Jan 04, 2018 9:57 am
Forum: Beginner Basics
Topic: DualWAN-DualLAN-seperated
Replies: 5
Views: 445

Re: DualWAN-DualLAN-seperated

Hi Sebastia, thank you for your help. But i was stupid, i didnt wrote my whole problem down, bc this is not so hard to configure, but where i got stuck is this: LAN1 will get IP address from a windows dhcp server, but LAN2 shouldn't -> LAN2 client should get IP address from mikrotik router and not w...
by sjafka
Wed Jan 03, 2018 5:59 pm
Forum: Beginner Basics
Topic: DualWAN-DualLAN-seperated
Replies: 5
Views: 445

DualWAN-DualLAN-seperated

Hello Community, im new in mikrotik, i just did the basic curse and now i would like to build something i dont know how to, that why i aks for help from you guys/girls! I have an RB201UiAS-RM with firmware v6.41(mipsbe). Just upgraded, so i saw that master/slave port got removed, insted of that we h...