MikroTik

mt99

Well, I can share what I do with the iDevices on my network. If I care about assigning an IP, I just give it a DHCP reservation with a client ID. That way I don't have to bother with turning off the private IP address feature. It's been a while since I set it up, but if you go into configure IP on t...

mt99

Other than it being a "factory only release", and that it was released at the same time as 7.13.3, I can't find any other information about it anywhere. What's it for? Does it backport fixes from the 7.13.x branch?

mt99

I don't see much evidence that Mikrotik is taking this storage space issue seriously. But they have to do something for devices that can't run v6 and are still being sold, because they have guaranteed a minimum of 5 years support. Whether they break out monolithic packages, come up with a "lite...

mt99

:if ([/system package get 0 version] ~ "^6") do={:execute "/export terse" as-string} else={:execute "/export terse show-sensitive" as-string} Syntax will not be checked in string for execute, it will only break execute if is wrong syntax in it. This use of :execute for...

mt99

Please tell me that US-locked WAPs don't default to "Latvia"! Totally agree with others that these kind of functionality updates are what the beta is for, but I guess regulatory changes don't need testing.

mt99

I understand the frustration, especially when you're in a work setting where you need to get something functioning under a deadline. Sometimes we all need to vent a little bit. But seriously, it might be worth it to hire a consultant. Not to do everything, but to help fill in some of the specific it...

mt99

Mikrotik should publish the hash of their firmwares and winbox software Totally agree that MT should publish the Winbox hash in their checksums list like their NPKs. In the meantime, I'm used to validating the digital signature. But I recently moved to running Winbox in Wine and I wasn't able to fi...

mt99

Hi, thanks for responding. I just prefer to provision resources in accordance with least privilege. I know the Pihole only requires Internet access to the adlist servers to get its updates, so that's what I give it. But I expected my first question would be "Do you need to run Pihole and NextDN...

mt99

Greetings all - I have a couple existing Docker containers that I want to migrate to RouterOS. I have a Pihole container that handles DNS for internal clients, and then an Alpine container I built that runs the NextDNS client (since unfortunately they don't support RouterOS natively) for DoH. The Pi...

mt99

Hence my suggestion to proceed as I described in my previous post. It gives device admin chance to clean up the config on the way :idea: Thanks for your thoughtful reply. Ugh, I was hoping to avoid rebuilding from scratch but you're probably right :) I wonder what your thoughts are for importing in...

mt99

If device, being worked on, is properly working under v6, then I wonder what good would netinstall do (compared to "normal" ROS upgrade via "upgrade" channel) That's a fair question. These devices are kind of old (back from when RouterBOOTs had changelogs :D ) and have been upgr...

mt99

Yes, something like that :lol: I guess what I'm wondering is whether people have had bad experiences with importing an R6 config onto R7. Is that the recommended way to go, or is it just asking for trouble? I'm just trying to avoid a situation where the import doesn't complete and now you have a dev...

mt99

Greetings all. I previously migrated one router from R6 to R7 with Netinstall instead of upgrading it. I wanted to do it that way to make the migration as clean as possible, and I didn't care about the previous config. I have other routers to migrate and I'd like to keep using Netinstall, but I want...

mt99

Hi folks, I installed 7.8 on my RB3011 and got pihole up and running on it. I want to kick off a script in the container when it boots up. Is there a way to trigger this from the router? Basically I'm looking for an equivalent to "docker exec pihole bash -c 'mycoolscript.sh'"

mt99

In my case, a new Ubuntu 22.04 server I migrated to wouldn't use the identity file even though I was using the proper syntax. The -vv switch argument on the SSH command showed that the signature algorithm wasn't being accepted. Create a new file in /etc/ssh/ssh_config.d, call it anything .conf, and ...

mt99

If you're in or can get to NE Illinois, maybe you might be interested in this - https://www.govdeals.com/index.cfm?fa=Main.Item&itemid=42&acctid=17271 I swear I'm not involved in this in any way, just saw it out there. Personally I think they're asking too high, but I know supplies are tight...

mt99

When will RouterOS v6 reach end of life?

I would say, unless we see a new testing branch for v6, that v6 feature development is winding down. But hopefully Mikrotik will make some kind of statement about that so their customers can plan accordingly.

mt99

The estimates in the video seem rather arbitrary to me. The fact that the test results for both devices are the same tells you everything you need to know - they are comparable from a performance perspective. But the fact that the RB760IGS has the SFP port, as well as POE out, is a distinctive diffe...

mt99

...that you run your own fiber and start your own ISP: https://arstechnica.com/information-technology/2021/01/jared-mauch-didnt-have-good-broadband-so-he-built-his-own-fiber-isp/ Guy likes his cheap, Mikrotik CPE though: "At customer homes, Mauch installs a Mikrotik RBFTC11 media converter with...

mt99

So I wonder if anyone happened to see this in the 6.46.7 (long term) changelog:

*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;

Apologies if this isn't news, as I typically only pay attention to long term. I also don't want to get anyone's hopes up :)

mt99

I didn't read this thread closely and there's already been some good suggestions - but is your external IP on Shodan? You don't need a logon or API key to check for one IP on their site. https://www.shodan.io/search?query= and type in your external IP at the end of the link. Once I saw activity from...

mt99

I'm not familiar with these devices, but I took a look at the CRS125. It's got a lot going for it, but whether it's the best choice depends on the capabilities you need now or anticipate needing soon. Take a look at https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches to see how it stack...

mt99

First of all, good job in asking these questions before making the purchase. There's so many posts where someone bought a CRS, thinking or hoping that it could be their all in one solution, only to be schooled the hard way. I would never call myself a expert in Mikrotik gear, but I don't think any C...

mt99

So there has to be years worth of "please enable feature X in v7" threads, why not investigate and prioritize those? If you don't know the use cases already, you have a solution in search of a problem. As for what to do with the torrent client, perhaps it's too simplistic but from a securi...

mt99

Assuming you connected the USB, it's formatted, and shows up as disk1 in System -> Disks:

/system backup save name=disk1/yourbackup.backup

mt99

Everything starting with my_* should be customized for your environment. I use the router as the DNS server so I can still have control and a central place to redirect via NAT rule. For this to work best, I also recommend setting the router as a second DNS server address on all clients. This works f...

mt99

This is exactly correct, all DNS servers are equal to the client so setting a “secondary” DNS server doesn’t work the way you might think. I use a Pihole which runs on a 2010 Mac Mini, and even though I dropped in a new hard drive I had concerns about redundancy. So I use scripts with netwatch to se...

mt99

I think it's great that Zerodium started a bug bounty program for Mikrotik. It's not like the bad guys don't know, they're just providing incentives for full disclosure. So patch early and patch often my friends! Unfortunately that isn't how it works. Zerodium will pay for Mikrotik exploits and the...

mt99

Agree. Changelog should reflect the fact that this is a security fix rather claiming it's some sort of "improvement" pe1chl called this in post #2 of the 6.43.12 thread so nice catch by him. It's a shame but people who want to get a heads up on recently disclosed RouterOS vulnerabilities ...

mt99

R1CH, I think you're exactly right. I own my own cable modem, and I just unplugged it from the router and was still able to access TCP port 1720 externally. I feel stupid/relieved. Thanks.

mt99

No, luckily socks is still disabled and no UPnP either. I don't have any reason to believe that the router is compromised, everything looks the way I set it. But I'm concerned that there's no way to stop a compromise if someone can figure out a way to exploit that open port. I can't close it, or dro...

mt99

I decided to nmap my external IP today to see how my firewall is doing. I was surprised to see that TCP 1720 is wide open to the Internet, and I was confirmed being able to telnet to the port and stay connected as long as I want. I have firewall rules that specifically drop new inbound connections f...

mt99

Nice write up.

https://www.trustwave.com/Resources/Spi ... he-World-/

mt99

I upgraded an RB750GL, a 3011, a CRS226, and a RB951G-2HnD from 6.41.4 to 6.42.4 with no issues. However, after the upgrade I noticed that the two routers with DNS servers (one for internal, one for my guest network) were no longer resolving. This wasn't an issue before the upgrade. I did see them ...

mt99

I upgraded an RB750GL, a 3011, a CRS226, and a RB951G-2HnD from 6.41.4 to 6.42.4 with no issues. However, after the upgrade I noticed that the two routers with DNS servers (one for internal, one for my guest network) were no longer resolving. This wasn't an issue before the upgrade. I did see them r...

mt99

Ive been testing 43RC11.. It addressed a huge number of issues posted in this thread. Good job Mikrotik. It does not address the short sighted feature neutering of Netwatch tho. I still cannot send a alert or change a LED state based on a ping of a target. Because I use Netwatch for many things, I ...

mt99

Just updated one of our Metal G-52SHPacn to new v6.42.1 RouterOS. tools/netwatch does not work anymore. When the tested server is "up", we run [:global srvstat "up"] to set the variable srvstat. Did work with 6.41.2 Looks like up event is not working. Version 6.42 has this chang...

mt99

nice of the info, could I use the nas synology or qnap to save or view the logs?

Synology NAS can do it if you install the Log Center package and configure it as the syslog destination for your Mikrotik. QNAP probably does something similar.

mt99

In the Checksums link on the Downloads page, I notice that there's no MD5 or SHA256 hash listed for winbox.exe. Can this please be added for Winbox 3.12, and future releases moving forward? If it's kept somewhere else, could somebody point out where? Many thanks....

mt99

I manage all sorts of systems and I get notified about all of the vulnerabilities for Windows, Windows Software, Linux, Apple, Android, and many others. I subscribe to many different security sites and I am used to detailed explanations of reasons to patch systems so I can determine whether or not ...

mt99

Emulation is the best idea when you want to learn, but I'm assuming you want to buy the hardware. I don't look at network gear as an investment, or put all my eggs in one basket. I scale out, not up, and buy smaller boxes that are meant for the tasks I have at hand. Let switches be switches and let ...

mt99

mt99, do you really expect that every owner of every MikroTik device would follow such a lengthy advise? No, that's why you script it. I would never hand edit all that stuff, plus scripting eliminates the possibility of mistakes. I have a deployment script that I run on every router that has baseli...

mt99

I agree that Mikrotik should move toward unique default passwords, which many other manufacturers have done (usually some component of the MAC address). But at least so far, it seems like these defacements have been happening in instances where the router's administrative services were available fro...

mt99

Yes, exact same device. I only have one RB750GL, and that's the only device I was working on at the time. I know you can't mix backups between devices, even if they are the same model. But I'm glad I got the box back up. It's a decent little performer and the 64 MB of NAND lets me have 3 partitions.

mt99

I'm just reporting what I personally experienced. I specifically posted this in the beginner forum with an acknowledgement that I might have done something wrong. If Netinstall can be reliably used to do all those things, I'm glad for such a useful tool and I look forward to seeing better documentat...

mt99

That's a good point, I know that ether1 works because you have to use it for Netinstall. But I hadn't thought about explicitly testing the rest of the ports since I was seeing link lights. So I went ahead and tried MAC Winbox on all of them and verified they are working. I got the box back in shape ...

mt99

Thanks for asking - I did do System > Reset Configuration as well, and even used the reset button to do the same thing. I always thought that Netinstall could reinstall the OS and apply the default config, but in this case it doesn't seem to do that. I'm hoping I just did something wrong, but not su...

mt99

Hi folks, I've read the forum for a while but here is my first question. I was settig up interVLAN routing on my switch and RB750GL router, when I noticed that I couldn't ping the default gateways on the router anymore. So I restored a known good backup on the router, but that didn't fix the problem...

Search found 48 matches