Community discussions

MikroTik App

Search found 5408 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 19
by anav
Wed Oct 28, 2020 10:52 pm
Forum: General
Topic: Attacked in ur router 3311
Replies: 6
Views: 162

Re: Attacked in ur router 3311

Are you saying they would need physical access??
by anav
Wed Oct 28, 2020 8:18 pm
Forum: General
Topic: Attacked in ur router 3311
Replies: 6
Views: 162

Re: Attacked in ur router 3311

How would one know after a netinstall, if the router was still compromised??
I thought netinstall was foolproof?
by anav
Wed Oct 28, 2020 8:17 pm
Forum: General
Topic: Randomly loosing connection with router from internet
Replies: 8
Views: 167

Re: Randomly loosing connection with router from internet

why not use team viewer or this instead of RDP;............ or something like
https://www.zerotier.com/
by anav
Wed Oct 28, 2020 8:10 pm
Forum: Beginner Basics
Topic: help with denial of service internet minecraft server
Replies: 6
Views: 320

Re: help with denial of service internet minecraft server

Who is they?
Do you not control the router?

Do you use winbox to access the router??
by anav
Wed Oct 28, 2020 8:09 pm
Forum: Beginner Basics
Topic: Redirect subnet to interface
Replies: 2
Views: 99

Re: Redirect subnet to interface

Not sure if mangling is required, would this not work?? Need four routes and two route rules Normal route 1 ISP1 distance=5 Normal route 2 ISP 2 distance=5 Extra route ISP1 distance=5 routing_mark=routeISP1 Extra route ISP2 distance=5 routing_mark=routeISP2 route rule src address=subnet A action=loo...
by anav
Wed Oct 28, 2020 3:40 pm
Forum: General
Topic: DHCP on VLAN
Replies: 8
Views: 390

Re: DHCP on VLAN

I am allergic to the chip-switch method so cannot help you there.
The vlan bridge method is easy to setup and get working and is straightforward.
by anav
Wed Oct 28, 2020 3:31 pm
Forum: Beginner Basics
Topic: public nat ip problem
Replies: 7
Views: 280

Re: public nat ip problem

If those are all the firewall rules you have and the router faces the internet then you need to pull the plug as its not setup securely.
by anav
Wed Oct 28, 2020 4:23 am
Forum: Beginner Basics
Topic: help with denial of service internet minecraft server
Replies: 6
Views: 320

Re: help with denial of service internet minecraft server

Who is they?
Post your config............
/export hide-sensitive file=anynameyouwish
by anav
Tue Oct 27, 2020 9:48 pm
Forum: General
Topic: DHCP on VLAN
Replies: 8
Views: 390

Re: DHCP on VLAN

/export hide-sensitive file=anynameyouwish

But only after you have read this reference and have attempted to apply it.

viewtopic.php?f=13&t=143620
by anav
Tue Oct 27, 2020 2:24 pm
Forum: Forwarding Protocols
Topic: Noob, L2TP interface and PPPOE interface, Port Forwarding does not work (NAT)
Replies: 2
Views: 114

Re: Noob, L2TP interface and PPPOE interface, Port Forwarding does not work (NAT)

What does port forwarding have to do with L2TP? That is a VPN method.
Are you saying you wish to vpn tunnel from work to home, or home to work or anywhere to work.
by anav
Tue Oct 27, 2020 1:34 pm
Forum: Beginner Basics
Topic: Adding cAP AC to my network
Replies: 17
Views: 611

Re: Adding cAP AC to my network

Wisp mode,
Add vlans to cap bridge
add wireless rules
add bridge port and bridge vlan settings....
mostly thats it
by anav
Tue Oct 27, 2020 12:39 am
Forum: Wireless Networking
Topic: Multiple AP and cannot connect (Signal Strength > 80db)
Replies: 29
Views: 735

Re: Multiple AP and cannot connect (Signal Strength > 80db)

You are braver than I Sir! I only play the switch game between two 5Gzh wlans (meaning two different APs) and not between a 2 and a 5 either on the same or different APs.
by anav
Tue Oct 27, 2020 12:37 am
Forum: General
Topic: WLAN / Bridge / Vlan filtering / ARP issue
Replies: 7
Views: 240

Re: WLAN / Bridge / Vlan filtering / ARP issue

MKX.... ur slippen! Plus you are fined for duplicating Linked URLs to the same article. Not very green of you wasting 1s and 0s.
As this is an informational, educational and punitive post, I will not be fined. ;-P
by anav
Tue Oct 27, 2020 12:33 am
Forum: Beginner Basics
Topic: Adding cAP AC to my network
Replies: 17
Views: 611

Re: Adding cAP AC to my network

Yup,
Give it a whirl, then post your config here on both devices.
I will break out the popcorn and beer for the laughs!! ;-)
by anav
Mon Oct 26, 2020 10:23 pm
Forum: General
Topic: WLAN / Bridge / Vlan filtering / ARP issue
Replies: 7
Views: 240

Re: WLAN / Bridge / Vlan filtering / ARP issue

Thats what I am saying. you vlan by groups, not by bridge. You only need one bridge, no dhcp just bridge. Rest is vlans. If you need to group anything, then it makes sense from a firewall rules point of view. and simply group the vlans as such VIA INTERFACE LIST. (you can use vlans 2-9 for one group...
by anav
Mon Oct 26, 2020 6:05 pm
Forum: Wireless Networking
Topic: Confusion on vlans regarding wifi [SOLVED]
Replies: 2
Views: 122

Re: Confusion on vlans regarding wifi [SOLVED]

Ignore youtube, for your own sanity LOL.
Here is the current standard on using vlans.....
Works for wired and wireless as you will see.
viewtopic.php?f=13&t=143620
by anav
Mon Oct 26, 2020 4:26 pm
Forum: General
Topic: WLAN / Bridge / Vlan filtering / ARP issue
Replies: 7
Views: 240

Re: WLAN / Bridge / Vlan filtering / ARP issue

First is update firmware to latest long term version. The would remove all the extra bridges and use ONLY one bridge. I would use Vlans to separate subnets. I would add vlans to the one single bridge. I would assign brigde port interfaces appropriately (ingress trunk or access ports) I would assign ...
by anav
Mon Oct 26, 2020 2:31 pm
Forum: General
Topic: Device in LAN - check open port by RouterOS
Replies: 4
Views: 189

Re: Device in LAN - check open port by RouterOS

There should be no concern unless its open to the internet you can use gibsons port checker to see what is 'showing'.
https://www.grc.com/shieldsup
by anav
Mon Oct 26, 2020 2:30 pm
Forum: General
Topic: Strange Tracking Problem on Mikrotik Filter rules
Replies: 8
Views: 330

Re: Strange Tracking Problem on Mikrotik Filter rules

Post your config if you want help, already asked once..........
by anav
Mon Oct 26, 2020 2:25 pm
Forum: Beginner Basics
Topic: Schedule Question [SOLVED]
Replies: 4
Views: 211

Re: Schedule Question [SOLVED]

Well there is a time function on IP Firewalls, found in the EXTRA tab. However if a session has started before the time becomes active, I dont think the router stops it. I did recently where that was an issue under parental controls that was noted and perhaps MT was addressing this to stop sessions ...
by anav
Mon Oct 26, 2020 2:04 am
Forum: Wireless Networking
Topic: Basic WiFi roaming in SoHo
Replies: 15
Views: 1775

Re: Basic WiFi roaming in SoHo

I bpwl so you are saying i should move my 5 secs down to 3 secs on the timing on the weaker connection.
by anav
Mon Oct 26, 2020 1:56 am
Forum: General
Topic: VLANs setup (the new way)
Replies: 24
Views: 5133

Re: VLANs setup (the new way)

I dont agree with Mudcharm. ;-) I absolutely prefer to see the Untagged lines in the config. Much easier to read and the visual of seeing the relationship of ingress and egress makes configuring and reading configs IMHO opinion much easier. Functionality wise no difference for course and its persona...
by anav
Mon Oct 26, 2020 1:50 am
Forum: Beginner Basics
Topic: Lots of crap in Firewall logs - request rules review please? [SOLVED]
Replies: 6
Views: 326

Re: Lots of crap in Firewall logs - request rules review please? [SOLVED]

Rule of thumb, dont add stuff you see from the internet.
Best to come here and point to it and ask does this really work...... etc..
by anav
Sun Oct 25, 2020 8:30 pm
Forum: Beginner Basics
Topic: firewall filter with internet allow unauthorized LAN trafic
Replies: 11
Views: 469

Re: firewall filter with internet allow unauthorized LAN trafic

I have not had a chance to review the config, but you can always have an interface list called LAN, and put all the vlans on that as well. Then you can use the LAN in your interface lists to covers off all other rules and just use the VLAN interface lists for access to internet. Otherwise gets a tad...
by anav
Sun Oct 25, 2020 8:26 pm
Forum: Beginner Basics
Topic: [problem] high ping latency - MultiWAN
Replies: 14
Views: 657

Re: [problem] high ping latency - MultiWAN

Too much bloatware not required. Paired down and with more efficient use of drop all rule...... I would start with this much cleaner and leaner approach. If you are having specific issues after that, then address them as applicable. CONCEPT IS A. DEFAULT RULES B. RULES FOR TRAFFIC YOU WISH TO ALLOW ...
by anav
Sun Oct 25, 2020 4:38 pm
Forum: Beginner Basics
Topic: 750G download speed very slow
Replies: 21
Views: 583

Re: 750G download speed very slow

MMIPS for 750G, Long term version. MMIPS is only for the 750Gr3 (second version of the hEX). The original 750G, which the OP has, and the 750Gr2 (first version of the hEX) are MIPSBE. The /system routerboard settings set cpu-frequency=150MHz will be reducing the performance, it should be several ti...
by anav
Sun Oct 25, 2020 3:59 pm
Forum: General
Topic: VLAN switch and bridge combination - advice please [SOLVED]
Replies: 16
Views: 551

Re: VLAN switch and bridge combination - adwise please [SOLVED]

If this router is attached to the internet and these are the fw filter rules the OP has put in, then there is no point in fixing any capsman or vlans until the OP understands the purpose of the firewall and how to put in a safe config (default for starters is good).
by anav
Sun Oct 25, 2020 3:31 pm
Forum: Beginner Basics
Topic: 750G download speed very slow
Replies: 21
Views: 583

Re: 750G download speed very slow

For now the firewall only have one rules default, it's correct ? No it is not correct - although I have no idea why MT would not include the default firewalls on new releases even for old equipment. Did you use netinstall to work with the latest long term version of firmware? OLD 750 unit is MIPSBE...
by anav
Sun Oct 25, 2020 4:07 am
Forum: General
Topic: Two wan with in the same subnet
Replies: 19
Views: 666

Re: Two wan with in the same subnet

Geez why didnt I think to look it up in my handy Mikrotik for Dummies Handbook, you know the chapter on Everything you wanted to know about ARP but were too drunk to ask!!
by anav
Sun Oct 25, 2020 1:13 am
Forum: General
Topic: CCR 2004 compatibility with SFP 10/100/1000 modules.
Replies: 3
Views: 661

Re: CCR 2004 compatibility with SFP 10/100/1000 modules.

I have a CCR1009. The 10gig copper module in the sfp+ port DOES NOT WORK with my ISPs (both a standard plain ethernet cable connection nor a bell fibre connection). This is with a MT module not another brands. I dont think I have tried it (with MY ISPs) with the SFP copper cage as that is connected ...
by anav
Sun Oct 25, 2020 1:07 am
Forum: General
Topic: VLAN switch and bridge combination - advice please [SOLVED]
Replies: 16
Views: 551

Re: VLAN switch and bridge combination - adwise please [SOLVED]

As for the first config......... It highlights the main issue from me............ incomplete config. Where is the IP pool for the management vlan and the DHCP Server and the dhcp-server-network?? Also doing the thing I detest..........asking the bridge to do dhcp serving instead of simply creating a...
by anav
Sun Oct 25, 2020 12:48 am
Forum: General
Topic: VLAN switch and bridge combination - advice please [SOLVED]
Replies: 16
Views: 551

Re: VLAN switch and bridge combination - adwise please [SOLVED]

capsman is just another level of management on the router that will continue to compound the number of errors that can be made in a config.
If you only have one or two APs save yourself the grief..........
by anav
Sat Oct 24, 2020 9:10 pm
Forum: Wireless Networking
Topic: Basic WiFi roaming in SoHo
Replies: 15
Views: 1775

Re: Basic WiFi roaming in SoHo

Well my settings are 30 secs if it is a strong signal currently attached (gives the user up to 30 secs grace before kicking......) the opposite, if one meanders out of the crappy signal into the good signal,,,,,,i want the op to go the better signal faster................. Something like that anyway...
by anav
Sat Oct 24, 2020 9:06 pm
Forum: Wireless Networking
Topic: HAP AC2 does not accept WIFI connections anymore
Replies: 24
Views: 678

Re: HAP AC2 does not accept WIFI connections anymore

Well dont be a big douche and provide the outputs bpwl is requesting........... he is here helping you, if you have forgotten.
by anav
Sat Oct 24, 2020 9:02 pm
Forum: General
Topic: Two wan with in the same subnet
Replies: 19
Views: 666

Re: Two wan with in the same subnet

And when Mikrotik wants to send the packet, it uses IP address and interface as search criteria in the query to the ARP table ...
So I'm still confused ...
You just might be MTUNA material after all...............
by anav
Sat Oct 24, 2020 5:28 pm
Forum: General
Topic: Add to address list and nat rule
Replies: 14
Views: 487

Re: Add to address list and nat rule

Ouch, how did I miss that............ I will have to go back and read again............sigh
At least I got to show off my ms Paint skills...........
by anav
Sat Oct 24, 2020 5:21 pm
Forum: Beginner Basics
Topic: public nat ip problem
Replies: 7
Views: 280

Re: public nat ip problem

/export hide-sensitive file=anynameyouwish

I was saving heavy guns for next step ... right now I assume OP has some too broad src-nat rule in action.
So you want to peel off the clothes slowly and leave something to the imagination....................
by anav
Sat Oct 24, 2020 5:20 pm
Forum: Beginner Basics
Topic: DHCP2DNS problem!
Replies: 3
Views: 150

Re: DHCP2DNS problem!

Up yours LOL
How the heck is anyone supposed to help when you provide NO details.
Script?
Config??

/export hide-sensitive file=anynameyouwish
by anav
Sat Oct 24, 2020 5:17 pm
Forum: Beginner Basics
Topic: firewall filter with internet allow unauthorized LAN trafic
Replies: 11
Views: 469

Re: firewall filter with internet allow unauthorized LAN trafic

(1) I still see you have not moved your fw filter rules around so that all INPUT are viewed together and all FORWARD are viewed together makes it hard to read............. (2) /ip firewall filter add action=accept chain=input in-interface=ether1 src-address=192.168.88.2 This rule should be removed, ...
by anav
Sat Oct 24, 2020 4:30 pm
Forum: Beginner Basics
Topic: firewall filter with internet allow unauthorized LAN trafic
Replies: 11
Views: 469

Re: firewall filter with internet allow unauthorized LAN trafic

Strange config as things dont show up together.............. In any case here is what is missing......... the next post will look at FW rules. 13 vlans 2 wans 7 dhcp servers (missing 6) 5 pools ( missing 8 - vlans 10,17,20,30,40,50,60,70 ) 5 dhcp servers (now only missing 1 - vlan17 ) 2 bridge ports...
by anav
Sat Oct 24, 2020 4:11 pm
Forum: Beginner Basics
Topic: Airplay inside the LAN
Replies: 1
Views: 95

Re: Airplay inside the LAN

Sounds more like wifi combined with multicast issues ASSUMING all devices are on the same subnet?? (and not within bluetooth range). Try setting in WIFIs Select the WLAN, select wifi settings, select ADVANCED TAB on the right hand menu, Scroll down to the very bottom where it says multicast helper. ...
by anav
Sat Oct 24, 2020 4:03 pm
Forum: Beginner Basics
Topic: logging into any website doesn't work
Replies: 8
Views: 261

Re: logging into any website doesn't work

So its ISP_Modem ----> ASUS router ------> MT (10gig)-------> other devices
If so, what IP structure does the ASUS for its private LANS, which the MT is on?
by anav
Sat Oct 24, 2020 4:01 pm
Forum: Beginner Basics
Topic: HELP
Replies: 1
Views: 76

Re: HELP

Can you clarify
Do you have 3 different modems and three different ISPs, with three different wan IP gateways?
(are they all wired)?
by anav
Sat Oct 24, 2020 3:59 pm
Forum: Beginner Basics
Topic: Ilo4 Access over Internet trough Mikrotik Router Firewall
Replies: 5
Views: 360

Re: Ilo4 Access over Internet trough Mikrotik Router Firewall

I would say use wireguard but tis only in beta right now, its apparently very easy to configure and is reasonably fast.
Are you going to be connecting from a smartphone, a windows PC ????
by anav
Sat Oct 24, 2020 3:55 pm
Forum: General
Topic: PSA: Trickbot is using compromised Mikrotik devices. Secure your routers reachable from the internet.
Replies: 18
Views: 1060

Re: PSA: Trickbot is using compromised Mikrotik devices. Secure your routers reachable from the internet.

@tippenring .. thanks for sharing .... shodan does a nice job.
Nice job of what,
I put in my IP and I didnt understand the response but in any case they thinly disguise your need to buy their service SURPRIZE!
by anav
Sat Oct 24, 2020 3:53 pm
Forum: General
Topic: Add to address list and nat rule
Replies: 14
Views: 487

Re: Add to address list and nat rule

Thats fine because I ignored the bridging flow diagram as it didnt apply. The fact of the matter is the incoming wan data goes to preouting gets dsntated (port translation) and connection tracking, heads tot he forward chain and there gets forward filtered............
by anav
Sat Oct 24, 2020 3:49 pm
Forum: General
Topic: Two wan with in the same subnet
Replies: 19
Views: 666

Re: Two wan with in the same subnet

I have to ask, what is the purpose of two modems from the same ISP? If you need more throughput why not ask for a greater throughput single WAN modem, or change providers to get higher throughput. Finally, there is no redundancy THE MAIN reason for dual WAN, so that when one provider goes down one s...
by anav
Sat Oct 24, 2020 3:41 pm
Forum: General
Topic: Wildcard DNS
Replies: 15
Views: 740

Re: Wildcard DNS

Hmm crystal mud clear.
So are you saying in the instant the IP address actually changes, the DYNU hostname may not be accurate/updated until 1, 2, 5, 10 minutes after or NEVER.
Is my script required again (I thought using c-name would bypass need for script boohoo)
by anav
Sat Oct 24, 2020 3:32 pm
Forum: General
Topic: Network config help on HEX S & Cisco Switches.
Replies: 32
Views: 982

Re: Network config help on HEX S & Cisco Switches.

Out of curiousity Mozerd, at home do you run MT with mOAB or are you using CISCO with UTM.
What do you recommend for your clients.............. ie what threshold do you insist they move to CISCO
by anav
Sat Oct 24, 2020 3:30 pm
Forum: General
Topic: Wildcard DNS
Replies: 15
Views: 740

Re: Wildcard DNS

But if you'd like to use them to "track" some remote hostname (/add cname=forum.mikrotik.com name=mikrotik.alias type=CNAME), it won't work well, because client will ask for A/AAAA and RouterOS will answer that it doesn't have data for that. Interesting, I have a dynu hostname and c-name it to the ...
by anav
Sat Oct 24, 2020 3:27 pm
Forum: Beginner Basics
Topic: Home User RouterOS Consultancy - Uber for MikroTik
Replies: 11
Views: 582

Re: Home User RouterOS Consultancy - Uber for MikroTik

Hi. Does anyone have any suggestions about help setting up my router? First with whatever connection you have now download winbox The default setup of the router is a good starting place. That means a network is setup on etheport2. Just plug you pc into etherport 2 and you should gain access (assum...
by anav
Sat Oct 24, 2020 3:20 pm
Forum: Beginner Basics
Topic: public nat ip problem
Replies: 7
Views: 280

Re: public nat ip problem

/export hide-sensitive file=anynameyouwish
by anav
Sat Oct 24, 2020 12:16 am
Forum: Wireless Networking
Topic: HAP AC2 does not accept WIFI connections anymore
Replies: 24
Views: 678

Re: HAP AC2 does not accept WIFI connections anymore

I am not convinced of the use of this setting to date,,,,,,,,,, so I would remove it. /interface detect-internet set detect-interface-list=all As for the error, it would be this one......... maybe not the root cause but an error. /ip address add address=192.168.88.1/24 comment=defconf interface= eth...
by anav
Sat Oct 24, 2020 12:10 am
Forum: General
Topic: Add to address list and nat rule
Replies: 14
Views: 487

Re: Add to address list and nat rule

However we have to tackle the Bridge Packet flow diagram. Or do we?? The answer I think is no, our entry point it letter I, as the traffic came in the WAN PORT not a bridge port. Thea actual traffic arrives at the Router A. The first question is this coming in on a bridge port interface - answer = N...
by anav
Fri Oct 23, 2020 11:57 pm
Forum: General
Topic: Add to address list and nat rule
Replies: 14
Views: 487

Re: Add to address list and nat rule

Unfortunately, the english in your translation is more confusing than helpful. So lets establish ground truths otherwise we are on quicksand!! (1) DST-NAT is done in pre-routing. (2) The first firewall filter is seen in the input chain, after prerouting. (3) The packets are not headed to the router ...
by anav
Fri Oct 23, 2020 10:10 pm
Forum: Beginner Basics
Topic: InterVLAN Routing
Replies: 10
Views: 450

Re: InterVLAN Routing

My bad switch............... how bout simply move the traffic around in an L2 construct via vlan tagging and bridge and etherports to other smart devices taht will use that incoming L2 traffic in any way they see fit, for example attaching to their IP DHCP client settings for example...................
by anav
Fri Oct 23, 2020 10:05 pm
Forum: General
Topic: VLAN switch and bridge combination - advice please [SOLVED]
Replies: 16
Views: 551

Re: VLAN switch and bridge combination - adwise please [SOLVED]

So is using VLANs with EOIP a. possible, and b. recommended?
by anav
Fri Oct 23, 2020 9:59 pm
Forum: General
Topic: Add to address list and nat rule
Replies: 14
Views: 487

Re: Add to address list and nat rule

Interesting!! Lets debate the issue. WHAT I THINK YOU ARE SAYING So sindy if the person is looking to capture the addresses (source) for a dst nat there are two ways for a scenario of translated port? 1. add address list in the INPUT CHAIN with the dst-port used in the associated dst-nat rule? 2. ad...
by anav
Fri Oct 23, 2020 9:49 pm
Forum: General
Topic: What does the advantage put the router before firewall and internet?
Replies: 7
Views: 310

Re: What does the advantage put the router before firewall and internet?

How can you prove we are not in a simulation???
by anav
Fri Oct 23, 2020 9:48 pm
Forum: General
Topic: Address List Group???
Replies: 3
Views: 408

Re: Address List Group???

Most folks use a combination of interface lists as well as address lists. Clearly address lists solve most issues of random IP addresses or subsets of IP addresses. What is causing you to create large lists of IP addresses. Not normal requirement from what I have seen. That may help us figure out so...
by anav
Fri Oct 23, 2020 9:45 pm
Forum: Beginner Basics
Topic: 750G download speed very slow
Replies: 21
Views: 583

Re: 750G download speed very slow

When back up with a fresh install of the latest stable ROS (better than the last one released IMHO). Then return here post your config and requirements and will help at that time.
by anav
Fri Oct 23, 2020 9:42 pm
Forum: Beginner Basics
Topic: InterVLAN Routing
Replies: 10
Views: 450

Re: InterVLAN Routing

For a standard setup, there is no requirement to identify the WAN with a VLAN. For a stadard setup, there's no requirement for any VLAN whatsoever. However, if one configures router in ROS (Router On a Stick) manner, it is vital to get WAN to router tagged. Why would one want to do it? Well, in my ...
by anav
Fri Oct 23, 2020 7:17 pm
Forum: General
Topic: What does the advantage put the router before firewall and internet?
Replies: 7
Views: 310

Re: What does the advantage put the router before firewall and internet?

Just imagine if your ISP gets hacked ............everything that it feeds into becomes now vulnerable,,,,,,,,,,,,,,, hence regardless of what we do, we rely expect that the ISP is not hacked. Similarly we have to protect the router as it feeds into our LANS. Is also why most of the MT routers come w...
by anav
Fri Oct 23, 2020 7:14 pm
Forum: General
Topic: Best way to configure multi-SSID-AP with VLAN-breakout
Replies: 12
Views: 568

Re: Best way to configure multi-SSID-AP with VLAN-breakout


EDIT2: I might have jumped to conclusion too quickly, my issue might have been FW connections have not timed out yet and restart of chr might have resolved the problem also, so ignore above
I usually do !! ;-PP
by anav
Fri Oct 23, 2020 7:07 pm
Forum: General
Topic: Network config help on HEX S & Cisco Switches.
Replies: 32
Views: 982

Re: Network config help on HEX S & Cisco Switches.

Thats okay Mozerd is going to pay for them!! ;-P
One should be held responsible for promises of 'wow' security!!!!!!!!
by anav
Fri Oct 23, 2020 7:02 pm
Forum: General
Topic: Add to address list and nat rule
Replies: 14
Views: 487

Re: Add to address list and nat rule

If you are trying to capture addresses attempting to connect to your server on those ports............ Well you could simply log them all? Would just provide viewing after the fact. OR (add a rule before the accept rule to capture source?) add action= add src to address list chain=forward comment="a...
by anav
Fri Oct 23, 2020 6:47 pm
Forum: Beginner Basics
Topic: Lots of crap in Firewall logs - request rules review please? [SOLVED]
Replies: 6
Views: 326

Re: Lots of crap in Firewall logs - request rules review please? [SOLVED]

I dont see anything viciously wrong with your rules....... The one thing I dont understand is why you have a source address here. add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN src-address=192.168.1.0/24 The whole point of that line is to block all...
by anav
Fri Oct 23, 2020 6:28 pm
Forum: Beginner Basics
Topic: DHCP server offering lease without success
Replies: 30
Views: 40535

Re: DHCP server offering lease without success

No sympathy for anyone that uses vlan1 and further no sympathy for anyone using vlans and has the bridge providing DHCP services. Associate the DHCP services to the vlans and leave the poor bridge alone (so it can focus on bridge ports and bridge vlan filtering) ;-) Yeah its that kind of hard ass Fr...
by anav
Fri Oct 23, 2020 2:44 pm
Forum: General
Topic: Add to address list and nat rule
Replies: 14
Views: 487

Re: Add to address list and nat rule

What the heck is in-interface-list=WANlist??
You use dst-address=WANIP as well and in-interface=wan in another.

So lets be consistent.......... do you have one WANIP?
Is your wanip(s) dynamic or static/fixed?
by anav
Fri Oct 23, 2020 2:40 pm
Forum: Beginner Basics
Topic: View from local pc images upload in Mikrotik directory
Replies: 7
Views: 290

Re: View from local pc images upload in Mikrotik directory

So basically you want to be able to use a server on the lan to show images >
When you say clients do you mean people on the internet (external WANIPs)?
by anav
Fri Oct 23, 2020 3:38 am
Forum: General
Topic: Network config help on HEX S & Cisco Switches.
Replies: 32
Views: 982

Re: Network config help on HEX S & Cisco Switches.

Have you had an opportunity to use the Cisco Business Dashboard? Yes I have .... that’s why I stated outstanding. Btw, it’s really not a fair comparison between the RB4011 and the RV340 ... the Cisco is a security appliance plus it does near line rate NAT +++ Anyway, this is MikroTik forum so let’s...
by anav
Fri Oct 23, 2020 3:35 am
Forum: Beginner Basics
Topic: InterVLAN Routing
Replies: 10
Views: 450

Re: InterVLAN Routing

For a standard setup, there is no requirement to identify the WAN with a VLAN.
My wanisp internet is on a vlan so I have to assign a vlan to the wan interface but no dhcp or anything like that.
By identifying the wan with IP Client, the router does all the heavy lifting.
by anav
Thu Oct 22, 2020 10:13 pm
Forum: Beginner Basics
Topic: Adding cAP AC to my network
Replies: 17
Views: 611

Re: Adding cAP AC to my network

Ahh, I didnt know that, perhaps because in our MTUNA cert, we use underscore or dashes between characters. ;-P
by anav
Thu Oct 22, 2020 8:45 pm
Forum: General
Topic: PSA: Trickbot is using compromised Mikrotik devices. Secure your routers reachable from the internet.
Replies: 18
Views: 1060

Re: PSA: Trickbot is using compromised Mikrotik devices. Secure your routers reachable from the internet.

The obvious one LOL
Go check Shodan for your public IP space to see what they've discovered.
by anav
Thu Oct 22, 2020 5:33 pm
Forum: General
Topic: PSA: Trickbot is using compromised Mikrotik devices. Secure your routers reachable from the internet.
Replies: 18
Views: 1060

Re: PSA: Trickbot is using compromised Mikrotik devices. Secure your routers reachable from the internet.

Okay so WTF do I do at that site.......... it tells me nothing other than to sign up for an account and then what...............
by anav
Thu Oct 22, 2020 5:27 pm
Forum: Beginner Basics
Topic: Adding cAP AC to my network
Replies: 17
Views: 611

Re: Adding cAP AC to my network

Shhhhhh, dont say that so loud, you will gain the wrath of the entire beauty products industry.........
or as Shakespeare so eloquently put it!
"God gave you one face and you paint yourself another."
by anav
Thu Oct 22, 2020 5:25 pm
Forum: Beginner Basics
Topic: 750G download speed very slow
Replies: 21
Views: 583

Re: 750G download speed very slow

Post you config
/export hide-sensitive file=anynameyouwish

Just ensure you scrub your wanip if stated anywhere.
by anav
Thu Oct 22, 2020 3:43 pm
Forum: Wireless Networking
Topic: Basic WiFi roaming in SoHo
Replies: 15
Views: 1775

Re: Basic WiFi roaming in SoHo

I have multiple capacs and they are on different frequencies for sure, with same SSID. Here is my setup for one........ (verbose) /interface wireless access-list add allow-signal-out-of-range=5s ap-tx-limit=0 authentication=no \ client-tx-limit=0 disabled=no forwarding=no interface=Gym-5AC \ mac-add...
by anav
Thu Oct 22, 2020 2:31 pm
Forum: Beginner Basics
Topic: InterVLAN Routing
Replies: 10
Views: 450

Re: InterVLAN Routing

(1) I would change vlan1 to any other number make it 10. (2) You could get away with this........ add bridge=local tagged=ether5,local vlan-ids=4,8,16 (3) I dont understand why you created a vlan for ether1 your WAN connection (vlan2) because you pvid it which means the router assigns the vlan tag t...
by anav
Thu Oct 22, 2020 2:30 pm
Forum: Beginner Basics
Topic: 2WAN 2LAN PPOE Cant Access local LAN ips
Replies: 2
Views: 154

Re: 2WAN 2LAN PPOE Cant Access local LAN ips

Cant say much without the full config
If this router is connected to the internet then it needs to be disconnected until you have sufficient fw rules.
by anav
Thu Oct 22, 2020 2:28 pm
Forum: Beginner Basics
Topic: RB4011iGS+ VLAN filtering issues. [SOLVED]
Replies: 9
Views: 466

Re: RB4011iGS+ VLAN filtering issues. [SOLVED]

Awesome, there is nothing like the feeling of a working config!!
by anav
Thu Oct 22, 2020 2:24 pm
Forum: Beginner Basics
Topic: Adding cAP AC to my network
Replies: 17
Views: 611

Re: Adding cAP AC to my network

Sure...........
by anav
Thu Oct 22, 2020 5:36 am
Forum: General
Topic: IKEv2 IOS - Cannot Connect [SOLVED]
Replies: 21
Views: 3316

Re: IKEv2 IOS - Cannot Connect [SOLVED]

I also published my setup here in the comments and it may have some other ideas......
https://jcutrer.com/howto/networking/mi ... n-mikrotik

I changed routers but not setup vpn yet so I may give it a try this weekend.
by anav
Thu Oct 22, 2020 3:48 am
Forum: Beginner Basics
Topic: Adding cAP AC to my network
Replies: 17
Views: 611

Re: Adding cAP AC to my network

Geez not even on the capac yet........... LOL
by anav
Thu Oct 22, 2020 3:33 am
Forum: Beginner Basics
Topic: Adding cAP AC to my network
Replies: 17
Views: 611

Re: Adding cAP AC to my network

KK going to bed but quick look do the numbers add up???? 6 vlans but 8 pools?? 6 dhcp servers 8 ip addresses 7 dhcp-server networks DO you really need this enabled............ /ip upnp set enabled=yes /ip upnp interfaces add interface="Home Bridge" type=internal add interface="PPPoE WAN" type=extern...
by anav
Thu Oct 22, 2020 12:06 am
Forum: Beginner Basics
Topic: Adding cAP AC to my network
Replies: 17
Views: 611

Re: Adding cAP AC to my network

NCR, shouldnt that now be the Covid Capital,,,,, yuck yuck a Maritimes joke. Just be aware that as soon as you pass the signal through a single wall the AC network will be diminished and would say behind two walls, you will need another AP for AC> The 2Ghz network has more distance capability so one...
by anav
Wed Oct 21, 2020 7:42 pm
Forum: General
Topic: Network config help on HEX S & Cisco Switches.
Replies: 32
Views: 982

Re: Network config help on HEX S & Cisco Switches.

Good to hear Mozerd!
If you have practical experience that says otherwise, that is more valuable.
by anav
Wed Oct 21, 2020 7:40 pm
Forum: Beginner Basics
Topic: Bridge and VLANs configuration
Replies: 7
Views: 511

Re: Bridge and VLANs configuration

I believe the bridge is tagged because the bridge is involved in routing traffic (L3) for that ether port?? Probably wrong but my guess.
by anav
Wed Oct 21, 2020 6:55 pm
Forum: General
Topic: Network config help on HEX S & Cisco Switches.
Replies: 32
Views: 982

Re: Network config help on HEX S & Cisco Switches.

One connection is different from many connections and the CPU and ram accordingly is designed for a home environment and you have something far greater in the planning. Thats why I stated it the hex S is a good play toy and lab toy and a TEMPORARY backup for a main router. I could run a marathon, I ...
by anav
Wed Oct 21, 2020 6:52 pm
Forum: General
Topic: HOWTO: Dual WAN PCC with Dynamic IP from same ISP
Replies: 3
Views: 298

Re: HOWTO: Dual WAN PCC with Dynamic IP from same ISP

I am interested any speed test with a PC directly connected to both ONT ports, separately then run simultaneously. I am curious to see if you have ONE PIPE for volume or two pipes. For example do you have a single pool of 200 which all is available to internet and they cap the TV to 100 (shared) Ind...
by anav
Wed Oct 21, 2020 6:37 pm
Forum: General
Topic: Mikrotik block access to Microsoft Outlook 365 account
Replies: 8
Views: 405

Re: Mikrotik block access to Microsoft Outlook 365 account

So it had nothing to do with Mikrotik, you do know that you hurts its feelings...... :-(
MT may sue for slander!! ;-)
Thank god MT detected the anomaly and card fault, albeit not directly. :-)

In any case, keep your OS current is the one thing you should get out of this thread!!!
by anav
Wed Oct 21, 2020 6:26 pm
Forum: General
Topic: Network config help on HEX S & Cisco Switches.
Replies: 32
Views: 982

Re: Network config help on HEX S & Cisco Switches.

I find it strange someone is building commercial phones based on openvpn and not other protocols that are not so 3rd party ish. I would rather find a phone that is on a forward edge, such as the efficient wireguard vpn, vice openvpn which is a dodo going extinct. Where I disgaree with SINDY (hope I ...
by anav
Wed Oct 21, 2020 6:18 pm
Forum: Beginner Basics
Topic: SFTP client inside router
Replies: 2
Views: 129

Re: SFTP client inside router

by anav
Wed Oct 21, 2020 5:37 pm
Forum: Beginner Basics
Topic: x86 switch ???
Replies: 2
Views: 578

Re: x86 switch ???

What switch tab??
by anav
Wed Oct 21, 2020 7:06 am
Forum: Beginner Basics
Topic: How to access other network device through Mikrotik [SOLVED]
Replies: 7
Views: 350

Re: How to access other network device through Mikrotik [SOLVED]

Glad its working for you!
Too bad I have no clue what just transpired LOL.
Perhaps because I dont understand PPPOE? Bamboozled applies. :-)
by anav
Wed Oct 21, 2020 6:14 am
Forum: General
Topic: Network config help on HEX S & Cisco Switches.
Replies: 32
Views: 982

Re: Network config help on HEX S & Cisco Switches.

Well to be honest, this setup is not for an untrained person.
It makes more sense to me that this is more a University Course type question or mini project to get the student to explore all the consideration and requirements for design
Is this a course thing you have to do?
by anav
Wed Oct 21, 2020 6:12 am
Forum: General
Topic: 4011 Not able to access
Replies: 1
Views: 94

Re: 4011 Not able to access

Tough luck.
If I was closeby I would attempt to do it for you,,,,,but I live up here in Canada.
If you let us know at least what State you are in or major City perhaps someone is close by such that even shipping the unit for an attempt to fix will not be expensive.
by anav
Wed Oct 21, 2020 4:21 am
Forum: General
Topic: Network config help on HEX S & Cisco Switches.
Replies: 32
Views: 982

Re: Network config help on HEX S & Cisco Switches.

What is your training ON MT products, or any IT networking certifications, it will help us guide the advice.
by anav
Wed Oct 21, 2020 3:56 am
Forum: Beginner Basics
Topic: RB4011iGS+ VLAN filtering issues. [SOLVED]
Replies: 9
Views: 466

Re: RB4011iGS+ VLAN filtering issues. [SOLVED]

I actually detest configs where people mix input chain and forward chain.................... argggg. Also you actually put a name of interface with quotes as part of name, which really hurts my eyes as quotes are used for COMMENTS!! Thus change the name to remove quotes. I also removed any DNS rule ...
by anav
Wed Oct 21, 2020 3:32 am
Forum: Beginner Basics
Topic: RB4011iGS+ VLAN filtering issues. [SOLVED]
Replies: 9
Views: 466

Re: RB4011iGS+ VLAN filtering issues. [SOLVED]

Another thing I see rarely used and if used causes issues.........
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

Why did you set it (specific reason)? In most cases one simply uses the IP firewall rules!!!
by anav
Wed Oct 21, 2020 3:27 am
Forum: Beginner Basics
Topic: RB4011iGS+ VLAN filtering issues. [SOLVED]
Replies: 9
Views: 466

Re: RB4011iGS+ VLAN filtering issues. [SOLVED]

Okay I am just comparing line by line to my config................ /ip dhcp-server add address-pool=dhcp disabled=no interface=LanBridge name=defconf add address-pool=dhcp_pool5 disabled=no interface=VLAN5 lease-time=3d name=dhcp5 src-address=192.168.5.1 add address-pool=dhcp_pool10 disabled=no inte...
by anav
Wed Oct 21, 2020 3:22 am
Forum: Beginner Basics
Topic: RB4011iGS+ VLAN filtering issues. [SOLVED]
Replies: 9
Views: 466

Re: RB4011iGS+ VLAN filtering issues. [SOLVED]

Why do you have ingress filtering on all bridge ports except ether8? Not that it matters just seems quirky. Whilst looking at the config, I will say this. I personally DO NOT get the bridge to have anything to do with DHCP etc. At home I created vlan 100 for example and that goes to all my home trus...
by anav
Tue Oct 20, 2020 11:42 pm
Forum: Beginner Basics
Topic: RB4011iGS+ VLAN filtering issues. [SOLVED]
Replies: 9
Views: 466

Re: RB4011iGS+ VLAN filtering issues. [SOLVED]

Gotta go out but a quick look
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0

should be your bridge.
by anav
Tue Oct 20, 2020 6:49 pm
Forum: Beginner Basics
Topic: Firewall: Input Accept LAN doesn't work
Replies: 6
Views: 275

Re: Firewall: Input Accept LAN doesn't work

Vlans are part of the bridge as they are assigned to the bridge interface. They may not be considered part of the LAN when one puts the bridge as part of the LAN interface list. THis certainly needs to be clarified by someone who knows OS better than I........ Capsman should have nothing to do with ...
by anav
Tue Oct 20, 2020 4:36 pm
Forum: Beginner Basics
Topic: How to access other network device through Mikrotik [SOLVED]
Replies: 7
Views: 350

Re: How to access other network device through Mikrotik [SOLVED]

I am confused, do you have two Different WAN providers?
Do you have one wan provider that gives you two different WANIPs one wifi and one wired.
by anav
Tue Oct 20, 2020 4:34 pm
Forum: Beginner Basics
Topic: Blocked SMPT port 25
Replies: 12
Views: 446

Re: Blocked SMPT port 25

I cannot help. My advice is to reset back to default rules and get rid of all the bloatware. Then focus on SMTP as needed and get it working and expand your requirements any other ACTUAL services, port forwardings etc... from there with a clean setup. Then add the garbage after the fact if you think...
by anav
Tue Oct 20, 2020 4:17 pm
Forum: Beginner Basics
Topic: Firewall: Input Accept LAN doesn't work
Replies: 6
Views: 275

Re: Firewall: Input Accept LAN doesn't work

Okay understand about IP route. Please confirm that under IP DHCP CLIENT selection, under "Add Default Route" you have YES selected! Looking a bit more closely in the bridge vlan rules I see many potential errors. I have highlighted the most obvious. You state that WLAN cap1_iot is an access port ac...
by anav
Tue Oct 20, 2020 4:03 pm
Forum: Beginner Basics
Topic: Firewall: Input Accept LAN doesn't work
Replies: 6
Views: 275

Re: Firewall: Input Accept LAN doesn't work

Yes, as I stated, Forward chain (Oreo Cookie, the cream are the rules you want to permit traffic) (1) Default Rules......... (2) All the accept rules you need.... (3) Last rule drop all. So for internet you could put something like add chain=forward action=accept in-interface-list=LAN out-interface=...
by anav
Tue Oct 20, 2020 3:27 am
Forum: Beginner Basics
Topic: Firewall: Input Accept LAN doesn't work
Replies: 6
Views: 275

Re: Firewall: Input Accept LAN doesn't work

(1) A vlan interface is not a Bridge Port t(traffing is ingressing the ports, and these two lines should be removed. Bridge ports are in the form of a. etherport or b. wlan port add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=vlan_iot pvid=10 add bridge=bridge1 frame...
by anav
Mon Oct 19, 2020 10:54 pm
Forum: Wireless Networking
Topic: Mikrotik wifi roaming expirience
Replies: 19
Views: 1099

Re: Mikrotik wifi roaming expirience

Thanks, that was informative and entertaining............ We should make Normis recite that part of the WIKI 2000 times............
by anav
Mon Oct 19, 2020 8:50 pm
Forum: Wireless Networking
Topic: Mikrotik wifi roaming expirience
Replies: 19
Views: 1099

Re: Mikrotik wifi roaming expirience

Thanks I will adjust timings to 30 seconds. Thus my 0-75 out of range time is now 30 seconds --> If the signal drops to low, i dont want to kick off a device prematurely SHOULD I, change my -76 to -120 delay time to 5 seconds LOL, or keep at 10. ----> Presumably if the signal is poor, the quicker I ...
by anav
Mon Oct 19, 2020 8:48 pm
Forum: Beginner Basics
Topic: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address
Replies: 12
Views: 510

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

I guess you entered pi-hole as DNS server in IP -> DNS? You should additionally specify pi-hole as DNS server in IP -> DHCP -> Networks Hi, Yes. Attached known bug. It's not really a bug though. Setting in IP->DNS tells the router what DNS server it should use, for requests not cached or locally de...
by anav
Mon Oct 19, 2020 4:26 pm
Forum: General
Topic: VLAN DHCP on MAIN router not working to WLAN on AP [SOLVED]
Replies: 13
Views: 484

Re: VLAN DHCP on MAIN router not working to WLAN on AP [SOLVED]

Surprised hasnt been noted yet but your best reference is this!
viewtopic.php?t=143620

Once you follow this thread, and have modified your config, then post your config if still having problems.
by anav
Mon Oct 19, 2020 4:24 pm
Forum: Beginner Basics
Topic: help with denial of service internet minecraft server
Replies: 6
Views: 320

Re: help with denial of service internet minecraft server

/export hide-sensitive file=anynameyouwish
by anav
Mon Oct 19, 2020 3:02 am
Forum: Beginner Basics
Topic: Unknown setting is preventing a DNS change [SOLVED]
Replies: 4
Views: 197

Re: Unknown setting is preventing a DNS change [SOLVED]

Hey little pony, I have missed everything today, nothing but wrong or bad advice............why break my record. :-(
Truth be told, once I started seeing slave-local, my eyes glazed over.
Next time I will ask the OP to bold his errors so I can spot them amongst all the noise. ;-)
by anav
Mon Oct 19, 2020 3:01 am
Forum: Beginner Basics
Topic: Each port of mikrotik is separate from others
Replies: 7
Views: 314

Re: Each port of mikrotik is separate from others

Can you draw a diagram so its a little clearer,
by anav
Mon Oct 19, 2020 3:00 am
Forum: Beginner Basics
Topic: Forcing Gaming traffic only through WAN 1
Replies: 6
Views: 236

Re: Forcing Gaming traffic only through WAN 1

Yes, I have no experience with such requirements. Plus I have been batting zero percent all day and why would I break my losing streak LOL. So I take it that there is no way to identify and thus control gaming traffic. Well faced with this impossibility, if I was the OP I would not hesitate to chang...
by anav
Mon Oct 19, 2020 1:48 am
Forum: Beginner Basics
Topic: NAT over 2 ports - cant get it to work (dstnat, srcnat or masquerade)
Replies: 2
Views: 97

Re: NAT over 2 ports - cant get it to work (dstnat, srcnat or masquerade)

Okay so the PBX works, I will assume that you have a separate line from the ISP via the switch to the router for all the router stuff. I will assume that the PBX assigns itself its own network and in this case 192.168.1.1 I will assume you want to create a way for the router ADMIN to gain access to ...
by anav
Mon Oct 19, 2020 1:38 am
Forum: Beginner Basics
Topic: Unknown setting is preventing a DNS change [SOLVED]
Replies: 4
Views: 197

Re: Unknown setting is preventing a DNS change [SOLVED]

Weird, why I am seeing slave local and stuff, thought that was old configs but maybe still in vogue with switch chip configuration ??? In any case most of it was beyond me but I did pick this up /ip address add address=192.168.88.1/24 comment="default configuration" i nterface=wlan1 \ network=192.16...
by anav
Mon Oct 19, 2020 1:31 am
Forum: Beginner Basics
Topic: Forcing Gaming traffic only through WAN 1
Replies: 6
Views: 236

Re: Forcing Gaming traffic only through WAN 1

Probably the only way. A. group ports for rules, (maintain a list in MS Works, separated by commas) and just copy and paste into dst-port for rules) B. Conversely use a NOT rule (apply rules NOT using any port, and put in the ports that folks use that are not gaming ports 80,443 and others for examp...
by anav
Mon Oct 19, 2020 1:13 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 30199

Re: DNS over HTTPS

So if I put the pi-hole on its own VLAN give it a fixed IP. I then put that IP address for each of my vlan dhcp-server-network entries? Do I need firewall rules to allow the pi-hole anything specific on teh input chain? Do I need firewall rules to allow users from all other vlans to the pi-hole vlan...
by anav
Mon Oct 19, 2020 1:09 am
Forum: General
Topic: CCR1016 SFP issues [SOLVED]
Replies: 7
Views: 344

Re: CCR1009 SFP issues

I also have a CCR1009 model. I can get the SFP port to talk to other smart devices, specifically to SFP port on 260GS for example and other vendor SFP ports. HOWEVER, no matter what I do I cannot connect my SFP + port to my TWO ISPs, one is straight normal ethernet cable, and the other is bell fibre...
by anav
Sun Oct 18, 2020 8:27 pm
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

Wow, I have a completely different understanding. Seeing as you have more gray than me (even though I am only slightly younger), I acquiesce to your experience and knowledge. Especially now realize that my use of the word dynamic was wrong............. I see now that they are specifically the ISP se...
by anav
Sun Oct 18, 2020 8:14 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 448

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

Easy, mkx, you have to read between the synapses!!
Any time you want to email me with your dissertation of IPIP parameters in such a setup that would be swell. ;-)
by anav
Sun Oct 18, 2020 8:12 pm
Forum: Beginner Basics
Topic: Route via a Specific Interface Only
Replies: 10
Views: 336

Re: Route via a Specific Interface Only

Hmm never used blackhole, interesting.
I guess I find it hard to fathom not providing internet since one has a backup ISP.
by anav
Sun Oct 18, 2020 8:08 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 448

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

Totally lost LOL, a simple vlan networks turns into an IPIP parameters and PTP links nightmare. Will go back to munching my grass.
by anav
Sun Oct 18, 2020 6:23 pm
Forum: Beginner Basics
Topic: Route via a Specific Interface Only
Replies: 10
Views: 336

Re: Route via a Specific Interface Only

Wild assed guess, where primary ISP is the one you dont want to go to the backup route and 192.168.1.0/24 is your subnet that you wish to apply to the scenario. Ip route primary ISP distance=5 Ip route secondary ISP distance=10 Ip route primary ISP distance 8 Routing Mark=StopmeNOW Ip route rule Sou...
by anav
Sun Oct 18, 2020 6:13 pm
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

Hi,
Its up to you, my only comment is make sure you put an entry in the dhcp-server network of either the subnet gateway vice blank, (my usual preference) or the 1.1.1.1 servers directly.
by anav
Sun Oct 18, 2020 5:52 pm
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

If its working, fine, then ignore anything I said LOL.
by anav
Sun Oct 18, 2020 5:40 pm
Forum: Wireless Networking
Topic: Mikrotik wifi roaming expirience
Replies: 19
Views: 1099

Re: Mikrotik wifi roaming expirience

HI gotsprings, the problem with that (in my case ) is a user will then most likely stick with the AP on a very weak signal when a much better signal is available?????
by anav
Sun Oct 18, 2020 5:34 pm
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 30199

Re: DNS over HTTPS

Hi Darknate, I am interested in how you added the pi-hole to the MT Router for this functionality. Is it on its own subnet for example. How do you point users to pi-hole. How do you point pi-hole to the external servers you wish to use What firewall rules are germane to the setup for the pihole and ...
by anav
Sun Oct 18, 2020 5:29 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 448

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

Wrong, the point is.
a. ask first before purchasing
b. nail down requirements and then ask help here for a design
c. purchase products
d. blame xvo and sob when things dont work
e. get advice from the llama to fix the config
or something like that... ;-)
by anav
Sun Oct 18, 2020 5:26 pm
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

Wait, say it isnt so...............are you guys now talking about DNS entries ??? ;-))) bpwl your fired or maybe just me LOL.......... I find DNS usage on MT hard to understand but what I get from this is. a. You can use the routers DNS service and associated cache to handle DNS, in this case one en...
by anav
Sun Oct 18, 2020 2:08 am
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

I dont know I am still not sure about how you have setup up DNS. /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 ??????????????? add address=192.168.99.0/24 gateway=192.168.99.1 ??????????????? /ip dns set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1 /ip dns static add ...
by anav
Sat Oct 17, 2020 10:16 pm
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

Looking at the main router, I see you dont allow DNS via the router but you do have DNS servers on the net that you have identified. Maybe blind but I didnt see an ip route rule? Other than that nothing obvious I am used to vlans so these configs seem naked to me LOL. I noticed this.. /ip dns set al...
by anav
Sat Oct 17, 2020 8:44 pm
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

Post your latest configs
/export hide-sensitive file=anynameyouwish
by anav
Sat Oct 17, 2020 8:31 pm
Forum: Beginner Basics
Topic: how to configure https for my websites
Replies: 6
Views: 264

Re: how to configure https for my websites

(1) /ip address add address=192.168.100.1/24 comment=defconf interface= ether2 network=\ 192.168.100.0 should be /ip address add address=192.168.100.1/24 comment=defconf interface= bridge network=\ 192.168.100.0 (2) I don't understand your destination nat rules. Do you have a fixed WANIP (static) if...
by anav
Sat Oct 17, 2020 5:06 pm
Forum: General
Topic: VLAN not working on latest version - hAP lite
Replies: 5
Views: 390

Re: VLAN not working on latest version - hAP lite

Sorry I dont do.
a. chip vlan based solutions
b. wifi solutions where vlans are identified in the WLAN.

For my assistance purposes please use the following link to configure vlans OR wait for a more knowledgable and patient assistant................
viewtopic.php?t=143620
by anav
Sat Oct 17, 2020 5:01 pm
Forum: General
Topic: Need help to Setup Dual Gateway
Replies: 12
Views: 438

Re: Need help to Setup Dual Gateway

I am confused, did you want the easy way or the complicated way?
Oh well fill your boots and go down the mangling rabbit hole Gluck !!
Still havent provided an export as requested so I am outta here.
by anav
Sat Oct 17, 2020 4:56 pm
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

Yes, the primary router handles all the firewall rules. I did not touch firewall rules at all when configuring the hex for a switch or for my capacs when configuring vlans and wifi. (Just leave whatever default rules are in place and there should be no issues). To be clear, the switch and access poi...
by anav
Sat Oct 17, 2020 2:16 am
Forum: General
Topic: join 2 ports without dhcp
Replies: 2
Views: 187

Re: join 2 ports without dhcp

I would use VLANS to separate the subnets and all tied to one bridge. That way all the interfaces can be on the bridge (except ether1 to your modem) and then you can run vlans (subnets) over any interface you wish (max flex). Finally use Firewall forward chain rules to create any cross talk you wish...
by anav
Sat Oct 17, 2020 2:11 am
Forum: General
Topic: Port forward not working [SOLVED]
Replies: 4
Views: 262

Re: Port forward not working [SOLVED]

(1) What is the purpose of this rule in the forward chain?? add action=accept chain=forward comment="cust: accept 80,443 from WAN" dst-port=80,443 in-interface=wan1 protocol=tcp It looks like a destination nat type rule in the wrong place? (2) The first rule ........... is YY.YY.YY your fixed WANIP ...
by anav
Fri Oct 16, 2020 11:56 pm
Forum: Wireless Networking
Topic: Tip: Faster Roaming without STP
Replies: 14
Views: 733

Re: Tip: Faster Roaming without STP

bpwl, err god of WIFI unfortunately MT uses STP as the TAB entry and as a sub-selection of protocol mode. My interpretation was that the OP was talking about the TAB entry so all the selections in general not the specific sub-selection variant of STP. Perhaps when you rewrite the MT wifi documentati...
by anav
Fri Oct 16, 2020 11:50 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 1649

Re: NTH load balancing

Does acquiescence equal an apology?? ;-)
by anav
Fri Oct 16, 2020 11:41 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 448

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

I would use the router with the most oomph in terms of CPU ram/etc..... the one interfacing with the ISP and the rest acting as switches or ap/switches via VLAN routing. For example I would have bought a hap AC2 perhaps as the main router or even an RB450Gx4 (no wifi). If you know the rest will be s...
by anav
Fri Oct 16, 2020 9:08 pm
Forum: Beginner Basics
Topic: Using RouterOS to VLAN your network
Replies: 144
Views: 78860

Re: Using RouterOS to VLAN your network

Correct, designate one of the ports on the switch (ex. pink) as BASE VLAN PORT, and in this case to a 'dumb device' (cannot read tags), it would an access port. The BASE VLAN would be one of the vlans coming into the switch on a TRUNK Port (purple).
by anav
Fri Oct 16, 2020 7:51 pm
Forum: Wireless Networking
Topic: Tip: Faster Roaming without STP
Replies: 14
Views: 733

Re: Tip: Faster Roaming without STP

Source of new found information please?
Voices told me so dont count neither does, tiktok, instragram or facebook sources.
by anav
Fri Oct 16, 2020 5:24 pm
Forum: Wireless Networking
Topic: Mikrotik wifi roaming expirience
Replies: 19
Views: 1099

Re: Mikrotik wifi roaming expirience

I use 78 for one AP and 75 for the other AP as cutoffs with a 10 second grace period)
So far things are smooth.
by anav
Fri Oct 16, 2020 5:09 pm
Forum: General
Topic: Client isolation and proxy-arp
Replies: 12
Views: 449

Re: Client isolation and proxy-arp

Why force yourself into an untenable or overly complex scenario. If the clients should not see each other put them on a different subnet period.
They can always share devices or you can set up certain pC to pC connectivity via firewall rules.

What is driving you to this insane design??
by anav
Fri Oct 16, 2020 4:49 pm
Forum: Beginner Basics
Topic: Forward local dns server to wan
Replies: 2
Views: 269

Re: Forward local dns server to wan

THe first coupler of dst-nat rules are missing one part........... where are they headed? (to your router) If your wanip is static/fixed from the ISP then use dst-address to it.. If your wan is dynamic use the active wan interface in-interace=activewaninterface (depending could be etherport, pppoe i...
by anav
Fri Oct 16, 2020 4:46 pm
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

oopsie, never noticed a missing ip routes....... (better add that to my checklist)!
by anav
Fri Oct 16, 2020 2:36 am
Forum: General
Topic: HAP AC Wired and Wireless VLAN CPU optimisation
Replies: 8
Views: 355

Re: HAP AC Wired and Wireless VLAN CPU optimisation

MikroTik has too many SKUs. For 100mb service, consider the RB3011 or better the RB4011. Hang the Wifi AP's off available ports.
Sure but does the RB3011 have wifi, I think he wants devices at both sites to provide wifi!
by anav
Fri Oct 16, 2020 2:33 am
Forum: Beginner Basics
Topic: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)
Replies: 47
Views: 941

Re: Beginner questions (mostly regarding wiring two Mikrotik hAPs together)

You didnt mention VLANS but if you go that route this article is very good on detailing devices acting as routers only, routers with wifi, access point-switches, and switches. In your case you have the second and third cases. https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Didnt see anything ...
by anav
Fri Oct 16, 2020 2:24 am
Forum: Beginner Basics
Topic: Mikrotik Blocking Remote Access Randomly
Replies: 9
Views: 506

Re: Mikrotik Blocking Remote Access Randomly

(1) I find it confusing you have the bridge handing out DHCP and you have ethernet 2 part of the bridge, but look at your ip address!!!,,,,,,,,,,, /interface bridge port add bridge=bridge comment=defconf i nterface=ether2 /ip address add address=10.192.0.1/24 comment=defconf interface= ether2 networ...
by anav
Thu Oct 15, 2020 10:36 pm
Forum: Beginner Basics
Topic: Why do most firewalls have Input rules first?
Replies: 7
Views: 336

Re: Why do most firewalls have Input rules first?

Okay so no harm done by having it but then it doesnt really do much.
by anav
Thu Oct 15, 2020 9:59 pm
Forum: General
Topic: HAP AC Wired and Wireless VLAN CPU optimisation
Replies: 8
Views: 355

Re: HAP AC Wired and Wireless VLAN CPU optimisation

Concur, another thought is that the RB450Gx4 routerboard has a similar CPU to the HAPAC2 but honking more RAM and memory which could also help (if you didnt need more wifi at all, otherwise the hapac2 as the router makes sense.)
by anav
Thu Oct 15, 2020 9:56 pm
Forum: Beginner Basics
Topic: Using hAP lite as a dumb WISP device? [SOLVED]
Replies: 7
Views: 321

Re: Using hAP lite as a dumb WISP device? [SOLVED]

Not a very good idea unless you are connecting on one freq 2.4Ghz and then re-tx on a different radio ie 5Ghz........ Otherwise your traffic throughput will suffer terribly.
by anav
Thu Oct 15, 2020 9:54 pm
Forum: Beginner Basics
Topic: Mikrotik Blocking Remote Access Randomly
Replies: 9
Views: 506

Re: Mikrotik Blocking Remote Access Randomly

Post your entire config
/export hide-sensitive file=anynameyouwish
by anav
Thu Oct 15, 2020 9:52 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 1649

Re: NTH load balancing

Awesome, now I can put Nth where the sun don't shine and not worry my one brain cell with it anymore. ( I like brevity - NTH sucks, PCC good ;-) )
by anav
Thu Oct 15, 2020 8:31 pm
Forum: General
Topic: Dual WAN Failover with DHCP on WAN port.
Replies: 7
Views: 7536

Re: Dual WAN Failover with DHCP on WAN port.

Distance I understand,
Scope is still a mystery..........
by anav
Thu Oct 15, 2020 8:23 pm
Forum: Beginner Basics
Topic: Why do most firewalls have Input rules first?
Replies: 7
Views: 336

Re: Why do most firewalls have Input rules first?

So Sob,
Do you use block bogons in your firewall rules? (of either the two methods not important just if you do)
If not why not?
by anav
Thu Oct 15, 2020 6:43 pm
Forum: Beginner Basics
Topic: How to send PM to other user (ie. privately contacting a user)? [SOLVED]
Replies: 17
Views: 2835

Re: How to send PM to other user (ie. privately contacting a user)? [SOLVED]

None, he is arleady in my bad books, no more maple syrup in the mail, until he hires bpwl to help MT with wifi (documentation and coding).
Bugging staff is not usually a good idea.
by anav
Thu Oct 15, 2020 6:36 pm
Forum: Beginner Basics
Topic: Why do most firewalls have Input rules first?
Replies: 7
Views: 336

Re: Why do most firewalls have Input rules first?

The input and forward chains are separate chains and thus it doesn't matter which is first. However most folks put them this way because they prefer to define access to the router first in the hierarchy of security and services and then move to the forward chain to define what the users on the LANS ...
by anav
Thu Oct 15, 2020 3:06 pm
Forum: Beginner Basics
Topic: Slow upload speed with MikroTik hEX S RB760iGS
Replies: 1
Views: 98

Re: Slow upload speed with MikroTik hEX S RB760iGS

The only error I could spot on your config is this one. From /ip address add address=192.168.1.1/24 comment=defconf interface= ether2 network=\ TO /ip address add address=192.168.1.1/24 comment=defconf interface =bridge network=\ Other than that I would check your cabling. When I used a HEX I had no...
by anav
Thu Oct 15, 2020 3:02 pm
Forum: Beginner Basics
Topic: how to block user?
Replies: 1
Views: 122

Re: how to block user?

At least put some thought into it.
What do you think would be one way to do this...... if you are the admin for the router then you must be aware of the basic settings etc.........
How are users identified on the router is a clue.............
by anav
Thu Oct 15, 2020 3:00 pm
Forum: Beginner Basics
Topic: How to send PM to other user (ie. privately contacting a user)? [SOLVED]
Replies: 17
Views: 2835

Re: How to send PM to other user (ie. privately contacting a user)? [SOLVED]

They were fiddling with their website recently perhaps the default is closed and it has to enabled again??
by anav
Thu Oct 15, 2020 2:57 pm
Forum: Beginner Basics
Topic: how to configure https for my websites
Replies: 6
Views: 264

Re: how to configure https for my websites

/export hide-sensitive file=anynameyouwish

A full view of the config is best to determine what may be blocking the traffic.
by anav
Wed Oct 14, 2020 9:40 pm
Forum: Forwarding Protocols
Topic: Plex Server Firewall Rules
Replies: 11
Views: 454

Re: Plex Server Firewall Rules

No ssantos, you came here looking for help but were so arrogant to think you know which information is required for us to assist with your problem.
Dont worry you are not the first, nor the last to suffer from this affliction.
by anav
Wed Oct 14, 2020 9:25 pm
Forum: Beginner Basics
Topic: Alternatives for RB450G router
Replies: 9
Views: 269

Re: Alternatives for RB450G router

Do you have the older RB450G or the newer RB450Gx4 https://mikrotik.com/product/rb450gx4 What is your budget? as the new model is only $99 (and would use the older RB450G as the backup). The RB450Gx4 has the throughput to use a full 1gig internet connection. If your budget it less than look at the h...
by anav
Wed Oct 14, 2020 9:04 pm
Forum: Beginner Basics
Topic: Separate two lines from each other in the Mikrotik
Replies: 3
Views: 689

Re: Separate two lines from each other in the Mikrotik

It is not possible to understand what you mean.
Please
a. provide a network diagram and
b. provide the config

/export hide-sensitive file=anynameyouwish
by anav
Wed Oct 14, 2020 8:41 pm
Forum: General
Topic: Best Setup 2 Internet Line from same ISP
Replies: 19
Views: 676

Re: Best Setup 2 Internet Line from same ISP

This Thread is interesting as it talks about (near the end) a combo approach that may be optimal in that it uses PCC where required HTTPS type connections and then Nth for the rest........... Would love Sindys comments on that approach!!! https://forum.mikrotik.com/viewtopic.php?f=14&t=167416&p=8223...
by anav
Wed Oct 14, 2020 5:02 pm
Forum: General
Topic: Multiple hotspot profiles on multiple VLAN interfaces on a bridge
Replies: 17
Views: 610

Re: Multiple hotspot profiles on multiple VLAN interfaces on a bridge

Requesting experts @sindy @sob and @anav for any advice here. I am framing this in Gold on plaque by the way! ;-) I think its better worded if we look at it a bit more pragmatically, He wants to be able to use multiple vlans to separate groups of users, but all of them have a common SSID. Which mea...
by anav
Wed Oct 14, 2020 4:54 pm
Forum: General
Topic: NAT by incoming interface
Replies: 3
Views: 499

Re: NAT by incoming interface

How many WANIPs do you have? Lets say two, (A) takes care of masquerade out the router. sourcenat masquerade out-interface=wan1 sourcenat masquerade out-interface=wan2 (or sourcenat masquerade out-interface-list=WAN) (B) takes care of ensuring ethernet5 to the interenet uses WAN2. ip route primary I...
by anav
Wed Oct 14, 2020 4:48 pm
Forum: Beginner Basics
Topic: Vlans problem
Replies: 6
Views: 341

Re: Vlans problem

Post your latest config for viewing please.
/export hide-sensitive file=anynameyouwish.

Unifi switches as I am finding out do not act like normal managed switches, perhaps they should be renamed UNIFI managed witches!!
by anav
Wed Oct 14, 2020 4:46 pm
Forum: Beginner Basics
Topic: Blocked SMPT port 25
Replies: 12
Views: 446

Re: Blocked SMPT port 25

rags, can you post an export of your config here? /export compact hide-sensitive Copy all and put result here. It's hard to guess what is happening there. OR, dont post your config and the folks before me will continue to guess, I am assuming they thrive or perhaps get off on trying to attempt assi...
by anav
Wed Oct 14, 2020 3:13 pm
Forum: Beginner Basics
Topic: Blocked SMPT port 25
Replies: 12
Views: 446

Re: Blocked SMPT port 25

how bout you post your config not snippets, to get a proper view.
/export hide-sensitive file=anynameyouwish
by anav
Wed Oct 14, 2020 6:47 am
Forum: General
Topic: Allow FTP huge transfers file from port scanners checking
Replies: 7
Views: 393

Re: Allow FTP huge transfers file from port scanners checking

I would get rid of the port scanning rules,,,,,,,,,,, they are more bloatware than effective IMHO.
The fact that they are interfering with your user experience is reason enough to suspend its use until you know more.
by anav
Wed Oct 14, 2020 2:39 am
Forum: Beginner Basics
Topic: Bridge port received packet with own address as source, probably loop.
Replies: 1
Views: 120

Re: Bridge port received packet with own address as source, probably loop.

Well obviously the answer is provided by Egyptian code embedded in the grainy blue text.
Since I need glasses I prefer to read the config

/export hide-sensitive file=anynameyouwish
by anav
Tue Oct 13, 2020 10:51 pm
Forum: General
Topic: What is the right way to do port forward with multiple WANs and LANs
Replies: 32
Views: 947

Re: What is the right way to do port forward with multiple WANs and LANs

That would be the sambuca flaming! ;-)
by anav
Tue Oct 13, 2020 10:45 pm
Forum: Forwarding Protocols
Topic: Routing Advices
Replies: 4
Views: 334

Re: Routing Advices

Much as I will always think of you as Zero now, or is that Zorro............ I believe xvo, is closer to the mark that the OP wants network to network connectivity. The question he posed so elegantly is a. does one want to separate networks that can see each other readily (as if on the same LAN). b....
by anav
Tue Oct 13, 2020 9:05 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 1649

Re: NTH load balancing

Hi Darknate,
Can you post a generic config with the useful bits to show that split personality config on bandwidth load balancing........
by anav
Tue Oct 13, 2020 8:39 pm
Forum: General
Topic: NAT with a specific IP external
Replies: 8
Views: 311

Re: NAT with a specific IP external

Clear as polish potatoe schnapps!! (one glass, any more and things get fuzzy right quick)
by anav
Tue Oct 13, 2020 8:36 pm
Forum: Beginner Basics
Topic: "ERROR: could not connect to 192.168.1.1"
Replies: 10
Views: 405

Re: "ERROR: could not connect to 192.168.1.1"

Sorry your experience has been less than satisfactory. Try to find out what other users are doing in your local area as that may provide a path to the best mix of equipment.
by anav
Tue Oct 13, 2020 5:22 pm
Forum: Beginner Basics
Topic: "ERROR: could not connect to 192.168.1.1"
Replies: 10
Views: 405

Re: "ERROR: could not connect to 192.168.1.1"

Hi good sir, not dumb, just misplaced! Perhaps you will have more luck here: https://community.plus.net/t5/Fibre-Broadband/I-have-a-SAGEMCOM-Router/td-p/1241070 https://forums.redflagdeals.com/wireless-router-use-bell-sagemcom-1464139/ Reading a few more posts, nobody likes sagecom products............
by anav
Tue Oct 13, 2020 5:17 pm
Forum: General
Topic: Best Setup 2 Internet Line from same ISP
Replies: 19
Views: 676

Re: Best Setup 2 Internet Line from same ISP

However, 6/6 won't work with PCC - for 5:2 distribution, you have to use 7/0 to 7/6 (the number to the left of the slash is the divider, the number to the right is the remainder, and the remainder is always between zero included and the divider not included . That there is Gold information!! Thanks!!
by anav
Tue Oct 13, 2020 5:11 pm
Forum: General
Topic: NAT with a specific IP external
Replies: 8
Views: 311

Re: NAT with a specific IP external

I might need a GPS for that explanation...... :-)
by anav
Tue Oct 13, 2020 4:58 pm
Forum: Beginner Basics
Topic: "ERROR: could not connect to 192.168.1.1"
Replies: 10
Views: 405

Re: "ERROR: could not connect to 192.168.1.1"

Really, is this the best use of the top dogs/banana's time? LOL> Shouldn't he be like working on documentation for the hiring bwpl to fix wifi, or coding up fq_strudel or something. (MTUNA "Immutable Law" - Grab the easy posts - I dont recall Normis passing the exam????) Did you know...... Normis ch...
by anav
Tue Oct 13, 2020 4:44 pm
Forum: Beginner Basics
Topic: Home User RouterOS Consultancy - Uber for MikroTik
Replies: 11
Views: 582

Re: Home User RouterOS Consultancy - Uber for MikroTik

Anav, that's the list of professional taxi drivers which charge starting fee, by minute, by mile and by coffee. OP is after friendly uber drivers who will do everything for a beer. Yup, that's you. Yes, but if he wants to get to his destination before a vaccine for covid is released the OP should r...
by anav
Tue Oct 13, 2020 4:40 pm
Forum: General
Topic: Vlan not working for me,
Replies: 13
Views: 529

Re: Vlan not working for me,

Okay, understood, Thanks!
by anav
Tue Oct 13, 2020 4:37 pm
Forum: General
Topic: Best Setup 2 Internet Line from same ISP
Replies: 19
Views: 676

Re: Best Setup 2 Internet Line from same ISP

Nice pickup but I got queasy when you typed nth.............. I havent seen anyone recommend nth before. WHy not use pcc classifier method (both addresses) and for different loading use something like. (3 Wan example where one loads connections onto WAN3 at a greater ratio than the other wans 1:1:2)...
by anav
Tue Oct 13, 2020 4:16 pm
Forum: General
Topic: NAT with a specific IP external
Replies: 8
Views: 311

Re: NAT with a specific IP external

MkX graduated from Hogwarts and is a full fledged wizard!! He is in the matrix of MT. ;-)
by anav
Tue Oct 13, 2020 4:12 pm
Forum: General
Topic: What is the right way to do port forward with multiple WANs and LANs
Replies: 32
Views: 947

Re: What is the right way to do port forward with multiple WANs and LANs

I would change your input chain slightly. From..... add action=accept chain=input comment="Allow WinBox connections from IPs in winbox address list" dst-port=8291 protocol=tcp src-address-list=winbox add action=accept chain=input comment="Allow local networks to access router" src-address-list=local...
by anav
Tue Oct 13, 2020 3:43 pm
Forum: General
Topic: Vlan not working for me,
Replies: 13
Views: 529

Re: Vlan not working for me,

So one would assume that all the etherport (2,3,4) are trunk ports in that they are carrying
a. bridge dhcp
b. all the vlans dhcp

My question is how do devices attached to the ports handle it?
What if one of the ports goes to a PC?

Too many unknowns........
by anav
Tue Oct 13, 2020 3:30 pm
Forum: General
Topic: What is the right way to do port forward with multiple WANs and LANs
Replies: 32
Views: 947

Re: What is the right way to do port forward with multiple WANs and LANs

You should not allow access to winbox to external WANIPs, very unsafe practice.
If you need to access the router while remote, use a VPN connection to access the router.
I use IKEV2 via my Iphone and the MT App for example.
by anav
Tue Oct 13, 2020 3:28 pm
Forum: Beginner Basics
Topic: "ERROR: could not connect to 192.168.1.1"
Replies: 10
Views: 405

Re: "ERROR: could not connect to 192.168.1.1"

What router/device are you connecting to and is it the first time connecting? (new unit)
(typically you connect your PC via ethernet port 2)
by anav
Tue Oct 13, 2020 2:22 pm
Forum: General
Topic: Need help to Setup Dual Gateway
Replies: 12
Views: 438

Re: Need help to Setup Dual Gateway

Hi, Thanks for reply. Unfortunately I don't get you. for example: ip route main ISP distance=5 what do you mean with Main ISP? should i change "Main ISP" with its actual IP address or its interface? same goes for others as well. Well unless you post your config its difficult to provide actual detai...
by anav
Tue Oct 13, 2020 3:59 am
Forum: General
Topic: Vlan not working for me,
Replies: 13
Views: 529

Re: Vlan not working for me,

So each port is a trunk port carrying both the bridge subnet and all the vlans??
I am not clear on how this setup works.........
by anav
Tue Oct 13, 2020 12:14 am
Forum: General
Topic: Vlan not working for me,
Replies: 13
Views: 529

Re: Vlan not working for me,

Hmm I already pointed out the errors, but okay since you stroked my.............................. ego. (1) Okay so vlan881 please dont name it vlan1 that is so confusing LOL. Call it vlanISP if anything as its required to connect to the ISP. (2) Config is incomplete and confusing. a. assigned vlans ...
by anav
Mon Oct 12, 2020 11:55 pm
Forum: General
Topic: Need help to Setup Dual Gateway
Replies: 12
Views: 438

Re: Need help to Setup Dual Gateway

/export hide-sensitive file=anynameyouwish so we can make sure your config is not causing issues!! If you only have a few wanips then it should be doable since i have not done this particular iteration, not 100% sure. IP Routes a. ip route main ISP distance=5 b. ip route secondary ISP distance=10 c....
by anav
Mon Oct 12, 2020 6:59 pm
Forum: Beginner Basics
Topic: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]
Replies: 15
Views: 526

Re: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]

Okay, understood all, address lists are specific to firewall rules and not routing (but it would nice .................. )
Yes, i get the message one cannot resist the Mangle Borg...........
by anav
Mon Oct 12, 2020 4:59 pm
Forum: General
Topic: Strange Tracking Problem on Mikrotik Filter rules
Replies: 8
Views: 330

Re: Strange Tracking Problem on Mikrotik Filter rules

Anav translating Sob's post for the OP.

Hello Mr OP, please provide the effing config ( I said please but I know what you were thinking)

/export hide-sensitive file=anynameyouwish
by anav
Mon Oct 12, 2020 4:55 pm
Forum: Beginner Basics
Topic: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]
Replies: 15
Views: 526

Re: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]

Okay, question still lingers about my Route Rule............ /ip route rule add action=lookup-only-in-table interface=EastlinkDirect table=WAN2 (NEW) I wanted all traffic from vlan50 (EastlinkDirect) to go to ISP2. The above seems to do that! There are two other arguments that one can use, source ad...
by anav
Mon Oct 12, 2020 4:40 pm
Forum: General
Topic: Need help to Setup Dual Gateway
Replies: 12
Views: 438

Re: Need help to Setup Dual Gateway

I am not understanding the breakdown of accessing internet vice whatever else you are talking about specific sites?
Do you mean that you have a list of external WANIPs, that you can apply such that all users going to those IPs use WAN2?
by anav
Mon Oct 12, 2020 4:34 pm
Forum: General
Topic: Vlan not working for me,
Replies: 13
Views: 529

Re: Vlan not working for me,

Agree with erlinded, you config is really messed up in structure (mixing vlans bridges addresses etc.......) and get rid of upnp settings. Use the reference and then post another attempt. ex. four VLans identified but only 3 with all the settings required ex. putting vlans on a bridge but then provi...
by anav
Mon Oct 12, 2020 4:27 pm
Forum: General
Topic: Strange Tracking Problem on Mikrotik Filter rules
Replies: 8
Views: 330

Re: Strange Tracking Problem on Mikrotik Filter rules

Hmmmm,, not quite sure I buy that! My understanding is that a firewall rule traffic allowing traffic from one subnet to another (for example vlanA to printer on vlanB) means that VlanA can initiate traffic and reach VlanB. The key being originate!! The return traffic from VlanB in response to a quer...
by anav
Mon Oct 12, 2020 4:18 pm
Forum: Beginner Basics
Topic: extending hAP lite with another AP: CAPsMAN + VLAN, or?
Replies: 4
Views: 219

Re: extending hAP lite with another AP: CAPsMAN + VLAN, or?

I have two capacs and dont use capsman, if I added more I might be tempted but I am quite happy without.
by anav
Mon Oct 12, 2020 4:16 pm
Forum: Beginner Basics
Topic: Unwanted reset mikrotik hex
Replies: 4
Views: 207

Re: Unwanted reset mikrotik hex

As long as you are using a recent version of MT OS, and winbox, and only permit access to the router itself (input chain) for you, then its not a hacker!
As long as you only access router locally and if remotely by VPN.
As long as you setup your own password etc etc.
by anav
Sun Oct 11, 2020 10:27 pm
Forum: Beginner Basics
Topic: Unwanted reset mikrotik hex
Replies: 4
Views: 207

Re: Unwanted reset mikrotik hex

Yes no IT equipment likes power issues. Do you have it running on a backup power supply??
by anav
Sun Oct 11, 2020 10:24 pm
Forum: Beginner Basics
Topic: need help with VLAN guest wireless on router and ap
Replies: 7
Views: 331

Re: need help with VLAN guest wireless on router and ap

Cant believe my friend recommended Mikrotik, "it's the best router" he said, "and if you have a problem they help you on forum" what a bullshit. Did a fly land on your head too? If it looks like shit, If it smells like shit, and a fly lands on it.... Its shit. Seriously, the forum responses are don...
by anav
Sat Oct 10, 2020 10:17 pm
Forum: General
Topic: What is the right way to do port forward with multiple WANs and LANs
Replies: 32
Views: 947

Re: What is the right way to do port forward with multiple WANs and LANs

I am still stuck on your failover setup.
If you have hard coded LAN1 to ISP 1 and LAN2 to ISP 2, then why fail over??
When ISP 1 goes down, LAN1 users have nowhere to go????
by anav
Sat Oct 10, 2020 10:10 pm
Forum: Beginner Basics
Topic: firewall filter with internet allow unauthorized LAN trafic
Replies: 11
Views: 469

Re: firewall filter with internet allow unauthorized LAN trafic

Okay What I see are 12 vlans and yet only I only see 6 DHCP servers I see only only 5 dhcp pools Then I see 5 more DHCP servers WTF is going on?? So thats a total of 11 DHCP servers. Then I see 12 more vlans (same as above but duplicated......... Please provide the output as requested not made up sh...
by anav
Sat Oct 10, 2020 6:00 pm
Forum: General
Topic: Help with 6 wan or more load balance...
Replies: 1
Views: 755

Re: Help with 6 wan or more load balance...

Why would four be different from six ? The process and setup would be very similar just adding two more.
by anav
Sat Oct 10, 2020 5:58 pm
Forum: Beginner Basics
Topic: firewall filter with internet allow unauthorized LAN trafic
Replies: 11
Views: 469

Re: firewall filter with internet allow unauthorized LAN trafic

/export hide-sensitive file=anynameyouwish
by anav
Sat Oct 10, 2020 3:49 pm
Forum: Beginner Basics
Topic: New HAP ac2 as ATT Bridge (slow, sites not loading)
Replies: 23
Views: 1027

Re: New HAP ac2 as ATT Bridge (slow, sites not loading)

Well that is some cool bypass, that clearly I dont understand.
It would take Sob probably a few paragraphs (like Lord of the Ring books long) to put in terms I could understand.
by anav
Sat Oct 10, 2020 3:59 am
Forum: Beginner Basics
Topic: New HAP ac2 as ATT Bridge (slow, sites not loading)
Replies: 23
Views: 1027

Re: New HAP ac2 as ATT Bridge (slow, sites not loading)

Okay I would like to know what is the the ATT RG Thingy? What is significant about vlan 222?? I get the ISP is connected on ether1 (the ont) and assuming internet comes in through that?? Or are you saying you have two separate ISPs?? Is the ruckus a managed switch?? or an access point with extra por...
by anav
Sat Oct 10, 2020 3:56 am
Forum: Beginner Basics
Topic: New HAP ac2 as ATT Bridge (slow, sites not loading)
Replies: 23
Views: 1027

Re: New HAP ac2 as ATT Bridge (slow, sites not loading)

If any body is a noob and wants to learn to avoid the OPs mistakes, AVOID going to the internet and pulling stuff from other sources, because you are a noob. Start with the default setup and come here and let us know what you want to change (deviate from default) and guidance will ensue. Please plea...
by anav
Sat Oct 10, 2020 3:52 am
Forum: Beginner Basics
Topic: Port forwarding issues (SYN not getting acked)
Replies: 7
Views: 797

Re: Port forwarding issues (SYN not getting acked)

The config smells funny. Why is your WAN the WLAN1 have the DHCP setup instead of ether1 your LAN setup. Your dstnat rules are missing in-interface-list=WAN (Besides the already noted src nat being wrong) Finally why did you frig with the default firewall rules. What you have is horrible unless you ...
by anav
Fri Oct 09, 2020 11:29 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 15
Views: 459

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

By the way your port forwarding rules....................... could be encapsulated in two rules LOL. add action=dst-nat chain=dstnat dst-port=2200,5900,10000 in-interface-list=WAN\ protocol=tcp to-addresses=192.168.1.100 add action=dst-nat chain=dstnat dst-port=2210,3389,5910,10010 in-interface-list...
by anav
Fri Oct 09, 2020 11:21 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 15
Views: 459

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

Comments: 1. USE only one bridge! 2. USE interface lists or address lists or my preference is vlans to separate subnets. ++++++++++++++++++++++++++++++++++++++++ The above are suggestions but not necessary. (3) The below is a problem as quite clearly you cant both using the same address!! /ip addres...
by anav
Fri Oct 09, 2020 10:56 pm
Forum: Beginner Basics
Topic: New HAP ac2 as ATT Bridge (slow, sites not loading)
Replies: 23
Views: 1027

Re: New HAP ac2 as ATT Bridge (slow, sites not loading)

The first question is why a bridge for the WAN?? This adds complexity where it may not be required. You identify the VLAN to the appropriate ethernet interface (lets assume internet connected on ether1) You need to add VLAN as part of the WAN interface list. Why is your bridge wan on a DCHP server l...
by anav
Fri Oct 09, 2020 10:00 pm
Forum: Beginner Basics
Topic: New HAP ac2 as ATT Bridge (slow, sites not loading)
Replies: 23
Views: 1027

Re: New HAP ac2 as ATT Bridge (slow, sites not loading)

Yeah your config is hosed, has some conflicting issues, will look at it later
by anav
Fri Oct 09, 2020 9:57 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 15
Views: 459

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

Recommend one bridge and use the vlans to separate out separation of subnets. As for groupings the better ways to accomplish this and also support firewall rules are interface lists and address group lists. Rule of thumb if you have whole as single subnet or part subnet use IP addresses If you have ...
by anav
Fri Oct 09, 2020 9:51 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 15
Views: 459

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

my apologies for the wrong syntax! glad you found the right one!!
by anav
Fri Oct 09, 2020 5:57 pm
Forum: Beginner Basics
Topic: New HAP ac2 as ATT Bridge (slow, sites not loading)
Replies: 23
Views: 1027

Re: New HAP ac2 as ATT Bridge

/export hide-sensitive file=anynameyouwish
by anav
Fri Oct 09, 2020 5:02 pm
Forum: Beginner Basics
Topic: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]
Replies: 15
Views: 526

Re: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]

Concur, too funny it always takes me 5 minutes to find RULES, vice route!! So the next question is lookup table or lookup ONLY table. In this case lookup ONLY table seems to be the most accurate as going to the main table to use BELL would be useless. So far........ /ip route add distance=10 gateway...
by anav
Fri Oct 09, 2020 4:23 pm
Forum: Beginner Basics
Topic: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]
Replies: 15
Views: 526

Re: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]

Just so I understand, Both you and SIb are suggesting I need to make another secondary wan route rule defining a TABLE (mine are recursive so will have to figure that out). Then another route rule specific to the PC or in my case dont really care the whole VLAN works. Its this second rule where you ...
by anav
Fri Oct 09, 2020 3:05 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 15
Views: 459

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

post the complete config
/export file=sensitive file=anynameyouwish
by anav
Fri Oct 09, 2020 1:03 am
Forum: Beginner Basics
Topic: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]
Replies: 15
Views: 526

Re: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]

Much thanks! Awesome we have the best technical support folks on the planet in these forums!!
One of these for each of you as promised!
by anav
Thu Oct 08, 2020 10:25 pm
Forum: Beginner Basics
Topic: Unable to Access
Replies: 5
Views: 177

Re: Unable to Access

Yes there are ways to limit winbox access by IP address!!
by anav
Thu Oct 08, 2020 10:10 pm
Forum: Beginner Basics
Topic: I can't configure rb750
Replies: 6
Views: 289

Re: I can't configure rb750

Just for giggles set your PC an IP address of 192.168.88.5 with network of 192.168.88.1 and 255.255.255.0 and see if it detects the router via winbox.
by anav
Thu Oct 08, 2020 10:07 pm
Forum: General
Topic: BLOCK YOUTUBE Y 2020
Replies: 2
Views: 229

Re: BLOCK YOUTUBE Y 2020

I do not believe what your are asking is possible with an MT device. One would need a specialized type device (simliar to what Barracuda systems produce for email spam) or a heavier grade Router that has IDS type paid services on top. It sounds like you need to deal with human behaviour and incentiv...
by anav
Thu Oct 08, 2020 10:05 pm
Forum: Wireless Networking
Topic: MikroTik HAP AC2 - unable to get 867 Mbit/s on 5 Ghz - LOCAL network
Replies: 11
Views: 698

Re: MikroTik HAP AC2 - unable to get 867 Mbit/s on 5 Ghz - LOCAL network

867 is advertised two way transmission. So lets start with reality! For one way transmission Divide by TWO (2). Second one has normal propagation losses, compounded by walls and their materials and plain ole distance. Thirdly there may be interfering electronic devices, wiring, lights etc. Fourthly ...
by anav
Thu Oct 08, 2020 9:44 pm
Forum: Beginner Basics
Topic: Dual ISP - Need One PC on the Secondary FailOver [SOLVED]
Replies: 15
Views: 526

Dual ISP - Need One PC on the Secondary FailOver [SOLVED]

Hi folks, I am asking for the most efficient (read easiest for me to config, for those without an MTUNA accreditation that means no scripts, and least number of lines or characters LOL) way to add a single device on my network that only uses the second Failover ISP. The issue is that to change an Em...
by anav
Thu Oct 08, 2020 9:36 pm
Forum: Beginner Basics
Topic: rb4011igs+rm VLANs with one Internet Access [SOLVED]
Replies: 5
Views: 249

Re: rb4011igs+rm VLANs with one Internet Access [SOLVED]

Yes, opinions are free LOL. I dont like your firewall rules!! INPUT CHAIN I like your management rule thats good! However how do your users get DNS, normally I put in a rule to allow the LAN interface to access DNS, as most use the router as a conduit for DNS. By the WAY I also reallly like the last...
by anav
Thu Oct 08, 2020 2:24 am
Forum: General
Topic: Mikrotik routers - Firewall?
Replies: 9
Views: 413

Re: Mikrotik routers - Firewall?

If you want plugNplay, then Mikrotik is not for you.
I am curious as to who is suggesting that there is openwrt for MT routers??
by anav
Thu Oct 08, 2020 1:41 am
Forum: Beginner Basics
Topic: Help setting up new router - RB4011
Replies: 2
Views: 170

Re: Help setting up new router - RB4011

How did you make the change, quickset?
Do you mean the wan IP is fixed at that IP??
Not sure what you were referring to.
by anav
Wed Oct 07, 2020 7:28 pm
Forum: General
Topic: Connection NAT state srcnat?
Replies: 9
Views: 444

Re: Connection NAT state srcnat?

Without providing your config
/export hide-sensitive file=anynameyouwish

I am not sure how you expect assistance.
by anav
Wed Oct 07, 2020 5:39 pm
Forum: Beginner Basics
Topic: rb4011igs+rm VLANs with one Internet Access [SOLVED]
Replies: 5
Views: 249

Re: rb4011igs+rm VLANs with one Internet Access [SOLVED]

Use this as a reference to help guide you.
viewtopic.php?t=143620

After you attempt this, then after post your config
/export hide-sensitive file=anynameyouwish
by anav
Wed Oct 07, 2020 5:37 pm
Forum: Beginner Basics
Topic: Vlans problem
Replies: 6
Views: 341

Re: Vlans problem

If you have configured from quickset, then the config is probably hosed.
Suggest you reset to defaults and follow this post as the best reference.
viewtopic.php?t=143620
by anav
Tue Oct 06, 2020 10:28 pm
Forum: Beginner Basics
Topic: RB4011 VLAN + unifi [SOLVED]
Replies: 14
Views: 523

Re: RB4011 VLAN + unifi [SOLVED]

Like laws of gravity LOL. How an untagged flow of traffic into a switch can then be turned into tagged traffic coming out other ports of the switch is PFM or MKX I guess LOL. I suppose now thinking about it one could let this security mess continue and let the untagged traffic also flow out other po...
by anav
Tue Oct 06, 2020 8:52 pm
Forum: Beginner Basics
Topic: Trying to set up cAP ac as a simple bridge
Replies: 4
Views: 224

Re: Trying to set up cAP ac as a simple bridge

I can only note what I did as I dont use scripts. Attached my capac to an unmanaged switch on the subnet I wish it get an IP via ether1 This is assigned to the existing bridge automatically. Next I assign the vlans to the bridge Next I create the Interfaces List if required (I do one called Winbox, ...
by anav
Tue Oct 06, 2020 8:45 pm
Forum: Beginner Basics
Topic: RB4011 VLAN + unifi [SOLVED]
Replies: 14
Views: 523

Re: RB4011 VLAN + unifi [SOLVED]

Okay if the goal is to pass VLAN 100 as untagged to the Ubiquiti so it gets an IP address on the VLAN100, you must realize that this prevents vlan 100 from being used at any other ports on the ubiquiti. The way to ensure vlan100 is available to be passed on to the other ports on the switch is to se...
by anav
Tue Oct 06, 2020 6:44 pm
Forum: General
Topic: Connection NAT state srcnat?
Replies: 9
Views: 444

Re: Connection NAT state srcnat?

Invalid packets are blocked on the input chain and forward chain by default.
Suggest you
a. provide a diagram
b. state the functionality desired (in terms of users and not config)
c. /export hide-sensitive file=anynameyouwish
by anav
Tue Oct 06, 2020 6:42 pm
Forum: General
Topic: DNAT is changing the src IP to look like the Router's LAN IP
Replies: 12
Views: 430

Re: DNAT is changing the src IP to look like the Router's LAN IP

Hi blake, your explanation is hard to follow.
One has no idea what functionality you would like to have (user requirements not config).
No diagram of network...

Best start would be to post your config
/export hide-sensitive file=anynameyouwish
by anav
Tue Oct 06, 2020 6:39 pm
Forum: Beginner Basics
Topic: RB4011 VLAN + unifi [SOLVED]
Replies: 14
Views: 523

Re: RB4011 VLAN + unifi [SOLVED]

Interesting, In that case I would do the following. Okay if the goal is to pass VLAN 100 as untagged to the Ubiquiti so it gets an IP address on the VLAN100, you must realize that this prevents vlan 100 from being used at any other ports on the ubiquiti. The way to ensure vlan100 is available to be ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 19