Community discussions

Search found 711 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 15
by anav
Sat Aug 11, 2018 3:30 pm
Forum: General
Topic: Security breached devices - Port TCP 4145
Replies: 9
Views: 585

Re: Security breached devices - Port TCP 4145

Hi Cableguy, you lost me when you said you didnt have control of individually managed routers. So how did you manage to change their FW rules and see their traffic??
by anav
Sat Aug 11, 2018 3:27 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 60
Views: 12000

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

We have the same problem, i noticed the problem is in versions before 6.37, i was able to resolve this problem upgrading the RouterOS to 6.42.1 and upgrading the firmware. No need to fresh install anything just upgrade to the last version and the problem is fixe. There's a worm infecting RouterOS a...
by anav
Fri Aug 10, 2018 6:59 pm
Forum: Beginner Basics
Topic: Block youtube on specific physical port
Replies: 2
Views: 89

Re: Block youtube on specific physical port

I believe you need to conduct layer 7 programming. TLS-HOST programming is also a new tool that may help curb https access to such sites. http://www.mikrotik.co.id/artikel_lihat.php?id=282 (need to translate) Best to research this and then come back with specific questions. Did you simply want to de...
by anav
Fri Aug 10, 2018 6:56 pm
Forum: Beginner Basics
Topic: Open Ports
Replies: 7
Views: 270

Re: Open Ports

As was noted, if you are scanning from a PC within the LAN, the scan is filtered by whats going out to the LAN in accordance with the security apps on your PC and you are scanning your LAN and not the router. If you want a more valid test of your router (not the litmus test but a reasonable test) go...
by anav
Tue Aug 07, 2018 7:15 pm
Forum: General
Topic: MOAB mother of all blacklists
Replies: 26
Views: 1323

Re: MOAB mother of all blacklists

Great concept!! Much thanks and have been using it with no issues. When I first started out on my hex, on my own, I found some available firehol lists...... and started reading about spamhouse, dshield, malcode. country lists and other lists. They would all pump out files to use. Then I came accross...
by anav
Mon Jun 25, 2018 4:30 am
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

No capiche :-( I still have no idea how to ensure incoming traffic (new connections on WAN2) will go back out WAN2 when WAN1 is the primary WAN. I am more confused on packet flow then ever. I will stop assisting others as everything I thought I knew is wrong.............. My posting days are over fo...
by anav
Sun Jun 24, 2018 11:50 pm
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

Okay Sob, But mangling only outgoing packets doesnt help in this scenario because we are dealing with incoming packets on WAN2 What is funny is I now can make sense of that prerouting chain LOL. It was like Greek to me before........ Perhaps edible and drinkable but not understandable. ;-) Okay so, ...
by anav
Sun Jun 24, 2018 10:31 pm
Forum: Beginner Basics
Topic: What dictates the source IP when traffic leaves the router? [SOLVED]
Replies: 5
Views: 281

Re: What dictates the source IP when traffic leaves the router? [SOLVED]

Well source nat tells the router to provide the public IP of the specified interface vice private IP when packets leave the router out the specified interface. Destination Nat tells the router that traffic forwarded to the router for a particular service should be sent to a particular lan IP and por...
by anav
Sun Jun 24, 2018 5:37 pm
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

... since we are not routing on the way in, the mark route is useless and has no effect ... No no no no no. There's always some routing (well, unless there's bridging instead, but that's not our case). And nothing unexpected happens. What you set is what you get. We have two rules: 1) RULE1: /ip fi...
by anav
Sun Jun 24, 2018 3:31 pm
Forum: General
Topic: Best SOHO router with passive cooling [SOLVED]
Replies: 7
Views: 411

Re: Best SOHO router with passive cooling [SOLVED]

No one mentioned the
RB450Gx4
by anav
Sat Jun 23, 2018 10:16 pm
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

Good explanations result in fewer questions. No more questions.... Just kidding LOL So how was I supposed to assume that the second PREROUTING MANGLE RULE for mark route magically happened or was applied ONLY on and when the return packets from the server were sent? Where is this described? I think ...
by anav
Sat Jun 23, 2018 7:58 pm
Forum: Beginner Basics
Topic: Triple WAN VOIP Load Balancing
Replies: 8
Views: 363

Re: Triple WAN VOIP Load Balancing

JAJAJAJAJAJA

I have to warn you yoshimauk, once you go SOB you never go back.
Its like entering Hotel California.
Make sure your will is up to date!!!
by anav
Sat Jun 23, 2018 6:59 pm
Forum: General
Topic: Using 2 Gateways/WANs/ISPs and Monitoring them
Replies: 16
Views: 545

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Ha, okay, no idea about setting a static route to a host on my network. I dont have any such hosts? Also never used netwatch. In another thread I am losing the bubble on mangling, I recently found out my entire conception of how bridges work was shattered. I seem to be getting less able to work on t...
by anav
Sat Jun 23, 2018 6:57 pm
Forum: Beginner Basics
Topic: Failover on two connections
Replies: 11
Views: 495

Re: Failover on two connections

Up to you if its working aint broke, dont fix it.
In general dynamic public IP use masquerade action
If fixed public IP use srcsnat action.
by anav
Sat Jun 23, 2018 6:55 pm
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

Okay lets see if I have a better grasp. We mark the inbound connections in pre-routing with connection marks. We do not bother route marking yet because these packets will not retain the route markings once they hit the server and return traffic is generated. However the return traffic will retain t...
by anav
Sat Jun 23, 2018 6:45 pm
Forum: Beginner Basics
Topic: Triple WAN VOIP Load Balancing
Replies: 8
Views: 363

Re: Triple WAN VOIP Load Balancing

Post config /export hide-sensitive file=nameofyourchoosing. I would not share VOIP between two different WANS. I would assign one VOIP to one WAN and the other VOIP to the other WAN. My limited experience is that VOIPs dont like being switched unless its necessary (failover). I dont see how you are ...
by anav
Sat Jun 23, 2018 4:58 am
Forum: Forwarding Protocols
Topic: IP Rules/ NAT Setup for FTP - RouterOS v6.30.1
Replies: 10
Views: 369

Re: IP Rules/ NAT Setup for FTP - RouterOS v6.30.1

Do you use WinBox? I'm almost in love with that thing. Nice, powerful, intuitive, ... at least for me. If you use plaintext FTP, conntrack helper will snoop in control connection (if it's on standard port) for any PASV/PORT commands, mark data connections as "related" and change addresses if needed...
by anav
Sat Jun 23, 2018 4:55 am
Forum: General
Topic: Using 2 Gateways/WANs/ISPs and Monitoring them
Replies: 16
Views: 545

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Hmm, can you script that for whenever the primary WANIP changes?
Like over to the failover IP and then back to the primary? Each time?
(would be useful to clear my VOIP stuck on old IP issues)
by anav
Sat Jun 23, 2018 4:52 am
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

Nope, stone cold lack of understanding. Your speaking a foreign language. I asked about whether or not the packets retain their routing marks after hitting the server they were intended to reach. Not even close to being discussed or answered. I assume that they are marked inbound and reach the serve...
by anav
Fri Jun 22, 2018 8:49 pm
Forum: Forwarding Protocols
Topic: IP Rules/ NAT Setup for FTP - RouterOS v6.30.1
Replies: 10
Views: 369

Re: IP Rules/ NAT Setup for FTP - RouterOS v6.30.1

My issue is the age of the OS you are using.
Not sure which product you are using but the latest is, 6,42.4........
by anav
Fri Jun 22, 2018 8:42 pm
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

Still zinging over my head.......... I understand marking connections initiated from web coming in on WAN2 I understand marking route for those connections. Thus all packets coming on WAN2 to a destination on the LAN will have these markings. I guess it boils down to what happens when a server on th...
by anav
Fri Jun 22, 2018 4:03 pm
Forum: General
Topic: Using 2 Gateways/WANs/ISPs and Monitoring them
Replies: 16
Views: 545

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

So you have to script the process of clearing connections in firewall?
by anav
Fri Jun 22, 2018 3:59 pm
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

I have never seen return chain used but I dont think it is needed or does what you think it does. I would have also kept the in-interface=wan2 for the second mark rule. Other than that I think its fine with the two mangle rules (connection mark and route mark) It will interesting to see what SOB say...
by anav
Fri Jun 22, 2018 1:58 pm
Forum: Forwarding Protocols
Topic: 1 Server, 2WANs, 2LANs and problem
Replies: 3
Views: 209

Re: 1 Server, 2WANs, 2LANs and problem

Maybe a candidate for an EOIP tunnel with security option enabled. Assuming you want to do this 16km apart. In this regard it will be like he is on your LAN and thus no external access to your router has to be made (better security).
by anav
Fri Jun 22, 2018 1:48 pm
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

Im in the Oriion camp of small brains LOL.
I also dont get your devilishly clever programming. What is it saying/doing?

(PS the mangle rules looked okay to me except the middle one which is not needed and not sure why it was there?)
by anav
Fri Jun 22, 2018 5:05 am
Forum: Beginner Basics
Topic: Dual WAN mangle rules
Replies: 38
Views: 1166

Re: Dual WAN mangle rules

I dont understand the request or the reply. Firstly, all traffic going out WAN1 will go back through WAN1 All traffic going out WAN2 will go back through WAN2 and this is based on our SRCNAT RUles. YOu should have a masquerade rule for both (or action srcnat if a static public IP) Assuming WAN1 is y...
by anav
Fri Jun 22, 2018 12:23 am
Forum: Beginner Basics
Topic: wlan interfaces not running
Replies: 8
Views: 267

Re: wlan interfaces not running

No config no can help, perhaps others have better crystal balls.........
by anav
Thu Jun 21, 2018 11:25 pm
Forum: Beginner Basics
Topic: wlan interfaces not running
Replies: 8
Views: 267

Re: wlan interfaces not running

post config, otherwise just guessing.......
by anav
Thu Jun 21, 2018 11:24 pm
Forum: Beginner Basics
Topic: Trying to change a cheap TP-Link router for a cheap MikroTik one
Replies: 22
Views: 1093

Re: Trying to change a cheap TP-Link router for a cheap MikroTik one

Which model of Mikrotik? My understanding is that the default setup of the mikrotik is pretty much ready to go out of the box in terms of connectivity. Before plugging any internet connection into it however, I would at least. a. install winbox on my pc b. access the mikrotik via winbox c. change ad...
by anav
Thu Jun 21, 2018 8:55 pm
Forum: General
Topic: Routing assistance
Replies: 9
Views: 341

Re: Routing assistance

First thing would be to post your working config.....
use winbox and terminal and type
/export hide-sensitive file=nameofyourchoosing

Go to Files and download to the PC (rightclick on file name).
Then copy and paste here (recommend notepad ++)
by anav
Thu Jun 21, 2018 8:42 pm
Forum: Beginner Basics
Topic: icmp
Replies: 10
Views: 456

Re: icmp

Perhaps you wanted use a forward chain. Why do you suggest forward chain? ICMP is input to test the response of the router///////////// Tempted to slap Anumrak upside the head. ;-) Then I realize it says I am a long time user and I don't know sheite either LOL. Dude, I just saw he wanted forward IC...
by anav
Thu Jun 21, 2018 8:11 pm
Forum: Beginner Basics
Topic: Mikrotik CSR 125 - How to route all LAN traffic to a specific IP address.
Replies: 4
Views: 196

Re: Mikrotik CSR 125 - How to route all LAN traffic to a specific IP address.

Still confusing, he/she is asking to use the router like every router is already configured. Where is the catch? Just to be clear you cannot choose what your public IP will be. The ISP has to follow rules for public IPs on the internet. The main difference in public IPs is whether its a fixed IP add...
by anav
Thu Jun 21, 2018 1:52 pm
Forum: Beginner Basics
Topic: Mikrotik CSR 125 - How to route all LAN traffic to a specific IP address.
Replies: 4
Views: 196

Re: Mikrotik CSR 125 - How to route all LAN traffic to a specific IP address.

Not sure what you mean?
Do you mean you have two WANIPs but you want traffic to go through only one of hte WANIPs?
by anav
Thu Jun 21, 2018 4:48 am
Forum: General
Topic: Blocking Virus from Mikrotik
Replies: 15
Views: 1077

Re: Blocking Virus from Mikrotik

Download the software upgrade for the OS. Remove your router from the internet, Upgrade your OS to the latest version, change all your passwords, do not use the same ones you used before and change the admin name as well. And use the links provided to better secure the router. Dont allow external co...
by anav
Thu Jun 21, 2018 12:59 am
Forum: Beginner Basics
Topic: Failover on two connections
Replies: 11
Views: 495

Re: Failover on two connections

Okay so what you are saying is that Yuur BACKUP WAN connection is actually going to be WIFI ISP connection. Well I havent done that one yet, but I suppose you have to create a DHCP client for that wifi connection. Create a srcnat rule for that in NAT (masquerade if the WIFI IP public will change (dy...
by anav
Wed Jun 20, 2018 9:58 pm
Forum: Beginner Basics
Topic: Failover on two connections
Replies: 11
Views: 495

Re: Failover on two connections

Yes please, post new config.!
by anav
Wed Jun 20, 2018 3:12 pm
Forum: General
Topic: How do I specify which IP is used for outgoing traffic
Replies: 35
Views: 1043

Re: How do I specify which IP is used for outgoing traffic

My bad Kevinds, I didnt realize it was not a real VPN LOL. The kind where you control both ends of the stick. Relying on a "retail" operation from another source may not be the best approach as you have no control over how they manipulate their infrastructure on a day to day basis. I am also not sur...
by anav
Wed Jun 20, 2018 2:56 am
Forum: General
Topic: How do I specify which IP is used for outgoing traffic
Replies: 35
Views: 1043

Re: How do I specify which IP is used for outgoing traffic

What kind of VPN are you using. Try EOIP with security enabled and see if that owrks.........
by anav
Wed Jun 20, 2018 12:50 am
Forum: General
Topic: How do I specify which IP is used for outgoing traffic
Replies: 35
Views: 1043

Re: How do I specify which IP is used for outgoing traffic

Well as I found out its not called anavOS or kevindsOS its RouterOS and it has rules LOL.
by anav
Wed Jun 20, 2018 12:47 am
Forum: General
Topic: Using 2 Gateways/WANs/ISPs and Monitoring them
Replies: 16
Views: 545

Re: Using 2 Gateways/WANs/ISPs and Monitoring them

Sindy is quite correct, I will give him 10 points for Gryffindor, and if you want to see it with an associated route mark with mangling, you simply need to look at the configuration I provided.

Sindy, besides being really cool, what is the advantage or disadvantage of recursive routing??
by anav
Wed Jun 20, 2018 12:42 am
Forum: Beginner Basics
Topic: Mikrotik with 1 wan and multiple lan subnets
Replies: 10
Views: 461

Re: Mikrotik with 1 wan and multiple lan subnets

Damn, why me, I knew he would ask that question. Hmm because only one bridge can be HW meaning hardware offload - using wire speed of chip when passing packets back and forth between a subnet. So if your NAS is on the same subnet as other devices heavy with traffic, best to ensure that traffic (laye...
by anav
Wed Jun 20, 2018 12:36 am
Forum: Beginner Basics
Topic: icmp
Replies: 10
Views: 456

Re: icmp

Perhaps you wanted use a forward chain.
Why do you suggest forward chain?
ICMP is input to test the response of the router/////////////
Tempted to slap Anumrak upside the head. ;-)

Then I realize it says I am a long time user and I don't know sheite either LOL.
by anav
Wed Jun 20, 2018 12:35 am
Forum: Beginner Basics
Topic: Failover on two connections
Replies: 11
Views: 495

Re: Failover on two connections

Hi, Here's config [admin@MikroTik] > export hide-sensitive /interface bridge add admin-mac=CC:2D:E0:11:30:D6 auto-mac=no comment=defconf name=bridgeLAN /interface ethernet set [ find default-name=ether1 ] name=ether1LTE1 set [ find default-name=ether2 ] name=ether2LTE2 /interface wireless set [ fin...
by anav
Tue Jun 19, 2018 11:38 pm
Forum: Beginner Basics
Topic: no access to WLAN device from LAN
Replies: 1
Views: 104

Re: no access to WLAN device from LAN

Does your phone have a charged battery?
Just making a point, with basically no information, even my expensive crystal ball is useless.
by anav
Tue Jun 19, 2018 12:14 am
Forum: General
Topic: FROM/TO
Replies: 20
Views: 556

Re: FROM/TO

Hi Sindy, I think that we must be opposite thinkers. A. you assume I am a networking IT wizard B. I assume you know I am an idiot Hence we dont see eye to eye all the time. ;-) Basically the problem is you fail to understand how weak my knowledge is and throw in many boundary situations without expl...
by anav
Tue Jun 19, 2018 12:10 am
Forum: Beginner Basics
Topic: Social Login & Pay option
Replies: 1
Views: 137

Re: Social Login & Pay option

Sorry, all I know is that there is a hotspot capability within the router, but I don't think there is a built-in paid scheme. Sounds like one would have to run a radius server and work with a third party vendor? From what I have read it does everything but the money transaction bit.......... As soon...
by anav
Mon Jun 18, 2018 11:57 pm
Forum: Beginner Basics
Topic: Mikrotik with 1 wan and multiple lan subnets
Replies: 10
Views: 461

Re: Mikrotik with 1 wan and multiple lan subnets

Well I use Winbox and terminal Best is to get familiar with them. First thing I would do is have a read through this link and start there. https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router As for setup........................... You need to define the following.......... /interface ethernet...
by anav
Mon Jun 18, 2018 11:31 pm
Forum: General
Topic: FROM/TO
Replies: 20
Views: 556

Re: FROM/TO

Thanks Sindy for explaining the last bit. The switch chip is effective when devices are in the same subnet!
All I know has been gleaned from Sob, so I am bound to have a few misconceptions. ;-)

On a serious note, this will help me help others better!
by anav
Mon Jun 18, 2018 9:53 pm
Forum: General
Topic: How do I specify which IP is used for outgoing traffic
Replies: 35
Views: 1043

Re: How do I specify which IP is used for outgoing traffic

The router isnt designed to forward traffic from itself, traffic is forwarded through the router internet to lan or lan to internet. Traffic to the router is input chain, traffic out of the router is output chain. Input and output I see as administrative chains not to be used for the bulk of router ...
by anav
Mon Jun 18, 2018 8:40 pm
Forum: General
Topic: Bridge VLAN filtering and VLAN isolation
Replies: 3
Views: 274

Re: Bridge VLAN filtering and VLAN isolation

My understanding is that VLAN is a layer2 construct whereas the FW rules are needed to prevent the router from routing between the vlans at layer 3.
However I could be mistaken but that is my impression.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 15