Community discussions

Search found 433 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9
by anav
Sun May 27, 2018 5:29 am
Forum: Beginner Basics
Topic: Email Sorta Works........... Rcve Only :-(
Replies: 0
Views: 18

Email Sorta Works........... Rcve Only :-(

This is a beginner question, not one of those Complex General ones that creep into this hex for dummies forum. :-) Okay when I had my hex in test mode - attached to second IP of Cable modem was hooked up to my PC, I could send and receive email with ease. I put the hex in house mode -attached to bot...
by anav
Sun May 27, 2018 5:18 am
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

Thanks Sob, so the argument that I needed to add "new" to my current dsntnat forward rule is false. Great!
Okay leaving untracked in there!
by anav
Sun May 27, 2018 2:14 am
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

Hopefully Sindy can chime in with direct responses to the Qs posed. I do appreciate the input, unfortunately my lack of knowledge of synning and acking is limited.;-)
.................. old school, new school, I am looking for the "right" school" LOL. Or as I like to call it chameleon school!
by anav
Sun May 27, 2018 2:10 am
Forum: RouterOS v6 RC and v7 BETA
Topic: ROS vulnerable to conficker virus infection?
Replies: 3
Views: 281

Re: ROS vulnerable to conficker virus infection?

When you stated the sinkhole port 80, would this rule help with the issue or overall for security be a good practice?

/ip firewall filter
add chain=output action=drop protocol=tcp src-port=80
by anav
Sun May 27, 2018 12:47 am
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

Great answers which pick apart my lack of knowledge. Sadly I have never had a forward chain accept rule for anything NEW? In fact at this expert link.............. https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router uou will note that there is no NEW noted anywhere similarly one will not see ...
by anav
Sat May 26, 2018 9:03 pm
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

So sindy can you guarantee that any port forwarding I need, will get through the router without my ALLOW Dstnat rule in place on the forward chain??

(one can assume I have an allow rule for established, related in forward chain).
by anav
Sat May 26, 2018 9:01 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 7
Views: 225

Re: Several isolated networks

Interesting way of adding an IP to an existing FW rule. Great tis unlikely that someone port knocks your router in the right sequence but the port knocking is done in the clear. However, I still prefer to make a VPN connection and use winbox from there. What the OP wants/is willing to do is up to hi...
by anav
Sat May 26, 2018 8:10 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 7
Views: 225

Re: Several isolated networks

The only method I would consider safe is a VPN connection to the router and then use winbox.
by anav
Fri May 25, 2018 10:15 pm
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

I have the rule in place because my last forward rule is DROP ALL. Thus dstnat connections would also get dropped.
I also assume that the more definitions in place for traffic, the harder it is to spoof.
by anav
Fri May 25, 2018 10:07 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 7
Views: 225

Re: Several isolated networks

The following example puts the work stuff on a bridge and makes use of HW offloading. The guest wifi is by itself on ether3. Thus the guest wifi is blocked from the work stuff at layer two by bridge separation and the forward rules drop everything so the router will not route between the work bridge...
by anav
Thu May 24, 2018 11:20 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: How to protect CCR router from DNS attacker.
Replies: 4
Views: 317

Re: How to protect CCR router from DNS attacker.

Why was api service enabled?
by anav
Thu May 24, 2018 9:54 pm
Forum: Beginner Basics
Topic: hAP ac vs hAP ac^2 - which to choose for home?
Replies: 5
Views: 285

Re: hAP ac vs hAP ac^2 - which to choose for home?

Good questions. I would say and this is only my very uneducated opinion ( so much so, that this could be a comedy sketch). 1) Depends on how many devices will be concurrently using the wifi. 2) Depends on how many VLANS/SSIDS you will be creating. If (1) is above a certain number I imagine people wi...
by anav
Thu May 24, 2018 9:46 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 33
Views: 12276

Re: VPNfilter official statement

Bartoz, email me as that is a separate discussion.................
by anav
Thu May 24, 2018 8:45 pm
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

Your are potentially maybe, perhaps achieving an inkling of truth........... perhaps I should have used obfuscation in my oratory. However, I digress! I too seek more clarity on this thread, in regards to what was the key issue preventing OP success and how CZFANs advice was magically correct and ho...
by anav
Thu May 24, 2018 8:25 pm
Forum: Beginner Basics
Topic: Schedule disable ethernet interface?
Replies: 15
Views: 368

Re: Schedule disable ethernet interface?

Routik, your example was clear, unambiguous and to the point and without any rotting whiff of arrogance. Well done mate!
by anav
Thu May 24, 2018 7:50 pm
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

CZFAN, no apologies needed or accepted, I found your post to be both amusing and witty and spot on due to containing historical context to my previous crappy posts LOL. I enjoy our dialogue!! Please do not refrain from being colourful!! More to the point answer the damned questions Pretty Please :-)...
by anav
Thu May 24, 2018 7:44 pm
Forum: General
Topic: Weird NAT issue on v6.42.1
Replies: 8
Views: 249

Re: Weird NAT issue on v6.42.1

Hi Hairyone, just trying to follow the thread, is the wan setup as follows. Block of IPs from provider given to you. USING 172.168.1.1 as the one assigned to the mikrotik (for the purposes of a private LAN behind and administration) (many to one NAT) Using 172.168.1.2 - 172.168.1.4 as 3 public IP ad...
by anav
Thu May 24, 2018 7:03 pm
Forum: Beginner Basics
Topic: Fortigate SSL-VPN connection
Replies: 10
Views: 6125

Re: Fortigate SSL-VPN connection

Sounds like the need for a WIKI for an IPSEC connection between a mikrotik and a fortinet device. Extrapolate away...................... https://www.draytek.com/.upload/pdffiles/b41bd92397eed6417966c407b9d65847.pdf https://blog.webernetz.net/ipsec-site-to-site-vpn-fortigate-cisco-router/ https://clo...
by anav
Thu May 24, 2018 6:55 pm
Forum: Beginner Basics
Topic: Schedule disable ethernet interface?
Replies: 15
Views: 368

Re: Schedule disable ethernet interface?

Routik, great helpful post! I enjoyed reading it and was not at all disturbed by the HORRIBLE conflict between a comment and code entry item. Overlooking this terrible crime, I give you a big thumbs up!!
by anav
Thu May 24, 2018 6:40 pm
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

Oh you are going hold my bridge obsession over my head for awhile LOL. :-) Well you will be happy to know that I have concluded one bridge is enough as two bridges breaks HW offloading! When I get to implementing approx 3 vlans I will come back begging for help. "Fancy" was both a compliment and 'wh...
by anav
Thu May 24, 2018 6:33 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 33
Views: 12276

Re: VPNfilter official statement

BartosP are you working for juniper ;-P
Nokia-Alcatel-Lucent has strong presence in Poland with numerous competence centers, Juniper perhaps doesn't :)
You mean Roland or PPoland They are on the slippery slope of being pwned by he who shall not be named!! No happy face! - makes me sad.
by anav
Thu May 24, 2018 5:41 pm
Forum: The Dude
Topic: The Dude - real world examples? How do *you* use it?
Replies: 13
Views: 4295

Re: The Dude - real world examples? How do *you* use it?

Have not made the leap to DUDE, maybe when it has a more inclusive name: PAT for example. ;-)
In any case, for a homeowner, is there a convincing argument to take the time and effort to include this functionality??
by anav
Thu May 24, 2018 5:35 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 33
Views: 12276

Re: VPNfilter official statement

BartosP are you working for juniper ;-P CISCO has their own issues, they are not virginal. https://www.bankinfosecurity.com/200000-cisco-network-switches-reportedly-hacked-a-10788 https://www.scmagazine.com/cisco-patched-bug-in-secure-sockets-layer-ssl-vpn-functionality-of-the-asa-function/article/7...
by anav
Thu May 24, 2018 5:27 pm
Forum: General
Topic: Port foward HTTPS
Replies: 22
Views: 529

Re: Port foward HTTPS

Well that wasn't all that fancy. All CZFAN did was combine two separate rule into one rule on the DSTNAT side. There was nothing wrong there with the two rules, but one can put more than one port in the port entry slots. Further, typically a firewall filter rule is NOT required for port forwarding. ...
by anav
Thu May 24, 2018 5:12 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 33
Views: 12276

Re: VPNfilter official statement

Thanks for the update and the reminder (link) to the good security practices page!
by anav
Wed May 23, 2018 9:01 pm
Forum: Beginner Basics
Topic: What do i need to learn to become proficient quickly?
Replies: 20
Views: 708

Re: What do i need to learn to become proficient quickly?

Well get a hap AC2 if you want a router OS and wifi in one box for cheap.

The Stephen Discher book RouterOS by Example, is being reprinted as we speak so the second edition in the near future will also include the 6.42 information.
by anav
Wed May 23, 2018 8:50 pm
Forum: Beginner Basics
Topic: Access from WAN to LAN
Replies: 3
Views: 141

Re: Access from WAN to LAN

Well that made no sense to me at all. Lets go back to description and I will make up numbers............. PC1 LANIP 172.54.2.10 PC1 Gateway 172.54.2.1 PC1 LAN 172.54.2.0/24 PC2 LANIP 150.54.80.10 PC2 GATEWAY 150.54.80.1 PC2 LAN 150.54.80.0/24 Router1 - ISP1 Unknown IP, Unknown Gateway IP will make i...
by anav
Wed May 23, 2018 2:45 pm
Forum: Beginner Basics
Topic: Access from WAN to LAN
Replies: 3
Views: 141

Re: Access from WAN to LAN

Just to be sure I understand is it.... a. User on the internet (EXTERNAL to your network) wants to access a server behind the router on your INTERNAL private network? b. User on the INTERNAL private network wants to access a server behind the router also on your INTERNAL private network but by using...
by anav
Wed May 23, 2018 2:33 pm
Forum: Beginner Basics
Topic: What do i need to learn to become proficient quickly?
Replies: 20
Views: 708

Re: What do i need to learn to become proficient quickly?

The Hex unit is like what $60US, you can sneeze out a couple of lattes and its paid for.........
Get it for yourself at home after you use it to practice..........
by anav
Wed May 23, 2018 2:32 am
Forum: Beginner Basics
Topic: Stuck with Mangle on Dual WAN/DualLAN?
Replies: 2
Views: 95

Re: Stuck with Mangle on Dual WAN/DualLAN?

Here is my guess............ but I am sure someone will rescue you from my attempt. ;-) Assumes ISP1-WAN1-PRIMARY WAN ISP2-WAN2-SECONDARY WAN LAN1 - 192.168.1.0/24 (USERS) LAN2 - 192.168.2.0/24 (VOIP) Using Google and OPENDNS to check gateway status. /ip firewall nat add action=masquerade chain=srcn...
by anav
Tue May 22, 2018 1:06 am
Forum: General
Topic: Access to PC's in separate network with 2 routers [SOLVED]
Replies: 4
Views: 160

Re: Access to PC's in separate network with 2 routers [SOLVED]

Sweet someone should send you a nice piece of triple chocolate cake (fudge, mousse and dark chocolate)!!
by anav
Tue May 22, 2018 1:03 am
Forum: Beginner Basics
Topic: Normal Traffic or Mikrotik Induced.
Replies: 3
Views: 210

Re: Normal Traffic or Mikrotik Induced.

Hard to say as I am using winbox log to view LOL...........
I can peak at wireshark when and compare,
sandbox lan, cable internet - hex1
sandbox lan, cable internet -hex2
real homelan behind zyxel 40USW

And see if there is any appreciable difference from my PC.
by anav
Mon May 21, 2018 3:32 pm
Forum: Beginner Basics
Topic: What do i need to learn to become proficient quickly?
Replies: 20
Views: 708

Re: What do i need to learn to become proficient quickly?

Awesome karlisi, I can hear Sob telling me to read that wiki!!
by anav
Mon May 21, 2018 3:00 pm
Forum: Beginner Basics
Topic: What do i need to learn to become proficient quickly?
Replies: 20
Views: 708

Re: What do i need to learn to become proficient quickly?

The one thing to learn quickly is that mikrotik is an onion, as soon as you think you have understood something, there is another friggen layer. If you do not have training, knowledge in packet flow and Networking principles, and are not a real nerd (cannot pronounce Linux - charlies brown's friend ...
by anav
Mon May 21, 2018 4:45 am
Forum: Beginner Basics
Topic: Normal Traffic or Mikrotik Induced.
Replies: 3
Views: 210

Normal Traffic or Mikrotik Induced.

Okay one thing about log prefix on rules is you see all the crap that normally is dropped that you were not aware of. Case in point, I have been playing with my sandboxes (one PC, two HEXes). What was annoying was. 1. BOGON hits (not due to my source LAN - ) but due to destination of 224.0.0.252 (RF...
by anav
Sun May 20, 2018 7:37 pm
Forum: Beginner Basics
Topic: Purpose of UNTRACKED and New Connections
Replies: 5
Views: 259

Re: Purpose of UNTRACKED and New Connections

Your right sob, I think I remember reading that before............ good to know, its not needed.
I see how you avoided the hard question about a new connection and how it is or is not compared to the filter rules, before becoming established.
by anav
Sun May 20, 2018 6:57 pm
Forum: Beginner Basics
Topic: Purpose of UNTRACKED and New Connections
Replies: 5
Views: 259

Re: Purpose of UNTRACKED and New Connections

Feel free to point me in the right direction as I have gone over the wiki and havent found any answers. I may have missed the right section. :-(
by anav
Sun May 20, 2018 6:47 pm
Forum: Beginner Basics
Topic: Purpose of UNTRACKED and New Connections
Replies: 5
Views: 259

Purpose of UNTRACKED and New Connections

A. Hi there I have seen many different ways of setting up filter rules but one of the most common is the INPUT or FORWARD CHAIN with ACTION=ACCEPT with two main variants: a. established, related b. established, related, untracked What is the purpose of putting untracked in the rule? 1. Is there a se...
by anav
Sun May 20, 2018 6:35 pm
Forum: General
Topic: S.O.S. HELP ME PLEASE
Replies: 11
Views: 540

Re: S.O.S. HELP ME PLEASE

BIte the bullet, give customers one free month of rental and reconfig your units and then backup regularly. I would also state you need to update your OS regularly and CLOSE all the open doors into your routers.
There is no other solution for shooting yourself in the foot.
by anav
Sun May 20, 2018 6:28 pm
Forum: Beginner Basics
Topic: Combination of two networks
Replies: 6
Views: 223

Re: Combination of two networks

My question is specific to your arrows. Are we to assume a physical connection between ISP modem and hex and a physical connection between the two hex units?
by anav
Sat May 19, 2018 9:28 pm
Forum: Beginner Basics
Topic: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]
Replies: 43
Views: 1193

Re: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]

Awesome, who needs the ghostbusters, call RoadkillX
by anav
Sat May 19, 2018 8:40 pm
Forum: Beginner Basics
Topic: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]
Replies: 43
Views: 1193

Re: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]

So If I dont use bridges at all, I can still achieve hw offloading on all future VLANS. I is confused..........
Cause eventually I want to have at least 2 or 3 (guest wifi, devices vlan, etc)
by anav
Sat May 19, 2018 8:38 pm
Forum: General
Topic: How to configure multiple vlan with hw-offload
Replies: 28
Views: 851

Re: How to configure multiple vlan with hw-offload

Nice site plisken! Luckily I have learned how to google translate the pages. :-)
by anav
Sat May 19, 2018 5:37 pm
Forum: General
Topic: S.O.S. HELP ME PLEASE
Replies: 11
Views: 540

Re: S.O.S. HELP ME PLEASE

THe best I can do is quote another user who gave really good advice!
No, you can only reset them completely and configure from scratch, this time, I suggest to follow these guidelines to protect against hijacking of any kind:
https://wiki.mikrotik.com/wiki/Manual:S ... our_Router
by anav
Sat May 19, 2018 5:08 pm
Forum: Beginner Basics
Topic: What To Do - Port 5678?
Replies: 1
Views: 145

What To Do - Port 5678?

I have a router setup for a LAN but only connecting to one PC at the moment (my sandbox). Is this the reason my PC wants to continually connect to 192.168.0.255 on port 5678>> Similarly the PC has many port 137 hits to .255 which are very much abated if I disable netbios over TCP on the adapter card...
by anav
Sat May 19, 2018 4:58 pm
Forum: Beginner Basics
Topic: Uh, can I think of the hAP ac as a wireless router?
Replies: 40
Views: 1357

Re: Uh, can I think of the hAP ac as a wireless router?

Im no vpn guru let alone mikrotik ready but it should do the IKEv2 thingamabobber!

https://wiki.mikrotik.com/wiki/Manual:I ... 2_RSA_auth


Not a mickrotik site thus caution
https://jcutrer.com/howto/networking/mi ... n-mikrotik
by anav
Sat May 19, 2018 1:39 am
Forum: Beginner Basics
Topic: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]
Replies: 43
Views: 1193

Re: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]

Actually you mean Californian, gonna stay away from dat sheet.
by anav
Sat May 19, 2018 1:37 am
Forum: Beginner Basics
Topic: Uh, can I think of the hAP ac as a wireless router?
Replies: 40
Views: 1357

Re: Uh, can I think of the hAP ac as a wireless router?

So basically before the R7000 really was not involved as the software on your PC handled the connection. What the plan would be is to move this work off the PC and program the mikrotik to do it for you. Now reading the FAQ on the nordvpn website, they state to expect a 30% loss in throughput using n...
by anav
Fri May 18, 2018 7:35 pm
Forum: Beginner Basics
Topic: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]
Replies: 43
Views: 1193

Re: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]

Bugger, HW is showing NO now. So basically one can set HW as on, and it turns itself off on its own. Not sure how long it takes but it does.
Damn, well okay the next wine I buy will be SAfrican. :-)
by anav
Fri May 18, 2018 2:00 pm
Forum: Beginner Basics
Topic: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]
Replies: 43
Views: 1193

Re: HOW SIMPLE THINGS SHUT DOWN CONNECTIVITY [SOLVED]

Yes showing that router is telling me HW is a YES for both bridges. No I dont have anything plugged into DMZ bridge at the moment but what has that got to do with anything.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9