Community discussions

MikroTik App

Search found 6200 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 21
by anav
Fri Mar 05, 2021 5:05 am
Forum: Wireless Networking
Topic: Point-to-point between directional and omni?
Replies: 5
Views: 238

Re: Point-to-point between directional and omni?

Of course I disagree with the master bpwl, but only because I expect to learn something!! ;-) (1) , show me how sxt gets one 1gigabit connection like the cube does. (2) also, why would you expect the wapac to outperform the omintik poe 5ac Lets look at facts..... wapac - Wireless 5 GHz Max data rate...
by anav
Fri Mar 05, 2021 4:56 am
Forum: General
Topic: ASK [rule over mangle]
Replies: 2
Views: 69

Re: ASK [rule over mangle]

What is the requirement and I dont mean in terms of a small snippet of the config.
How many wans, how many lans and what would you like users/devices to be do or not do..........
by anav
Fri Mar 05, 2021 2:35 am
Forum: Forwarding Protocols
Topic: Remote WinBox
Replies: 2
Views: 361

Re: Remote WinBox

What am I missing here. Is there some sort of automated VPN setup to reach ones router via winbox remotely.
Please clarify as up to now I thought one had to use something like IKEv2 VPN to connect like from my iphone and then use the MT app to configure the router via the vpn tunnel.
by anav
Thu Mar 04, 2021 8:13 pm
Forum: General
Topic: Need to power cycle after loss of WAN connection
Replies: 8
Views: 303

Re: Need to power cycle after loss of WAN connection

Are you actually paying money for said service?
Have you had the lines between the road and their modem checked?
Is their modem due for a firmware update or complete replacement?
Have you checked the lines between the modem and the router??
by anav
Thu Mar 04, 2021 8:11 pm
Forum: General
Topic: Multiple ip WAN and isolated VLANs
Replies: 1
Views: 99

Re: Multiple ip WAN and isolated VLANs

(1) It would be helpful to see your config. /export hide-sensitive file=anynameyouwish (2) Is that a managed switch or a dumb switch on ether1? (3) For layer 3 separation there are two fundamental ways but will discuss the preferred way. Best method is to put a drop all else rule at the end of the f...
by anav
Thu Mar 04, 2021 5:50 pm
Forum: Scripting
Topic: Email Script When Interface Status Change (Running or Not Running)
Replies: 4
Views: 234

Re: Email Script When Interface Status Change (Running or Not Running)

Can we assume that the script can be applied to any interface on the router (aka its not specifically designed of the WAN interface)?
How is the script scheduled then??
by anav
Thu Mar 04, 2021 5:42 pm
Forum: General
Topic: Need to power cycle after loss of WAN connection
Replies: 8
Views: 303

Re: Need to power cycle after loss of WAN connection

1 - recommend upgrading to the Long term version vice the stable, its actually tends to have less firmware issues. 2 - you should setup a VPN connection from your home to the router and thus can config it at any time. You could even config it via vpn from your smart phone for example. But if you ha...
by anav
Thu Mar 04, 2021 4:16 pm
Forum: General
Topic: Need to power cycle after loss of WAN connection
Replies: 8
Views: 303

Re: Need to power cycle after loss of WAN connection

1 - recommend upgrading to the Long term version vice the stable, its actually tends to have less firmware issues. 2 - you should setup a VPN connection from your home to the router and thus can config it at any time. You could even config it via vpn from your smart phone for example. But if you hav...
by anav
Thu Mar 04, 2021 2:18 pm
Forum: Beginner Basics
Topic: Port forwarding
Replies: 1
Views: 112

Re: Port forwarding

I use plenty of apps on my smartphone as do others in the house. There are no issues with any of them working as I allow all LAN to WAN traffic. The default firewall rules also allow this. THus its difficult to understand exactly what your problems are. Need to see the config. /export hide-sensitive...
by anav
Thu Mar 04, 2021 5:33 am
Forum: Beginner Basics
Topic: CRS317 trunk VLAN configuration help
Replies: 5
Views: 259

Re: CRS317 trunk VLAN configuration help

Which method have you chosen? if its bridge vlan filtering I can be of some assistance but I need to see the entire config not excerpts.
/export hide-sensitive file=anynameyouwish
by anav
Wed Mar 03, 2021 7:07 pm
Forum: Beginner Basics
Topic: MikroTik WAP
Replies: 5
Views: 244

Re: MikroTik WAP

Why didnt you ask for advice prior to purchasing a unit you know nothing about? Thats the one question I am most interested in. Why don't you stop posting messages if you can't give an interesting answer? That's the second question I am also interested in. Because maybe the OP has time to return th...
by anav
Wed Mar 03, 2021 7:05 pm
Forum: Wireless Networking
Topic: Point-to-point between directional and omni?
Replies: 5
Views: 238

Re: Point-to-point between directional and omni?

(1) What was wrong with the ubiquiti products? (2) Also, leafs can get in the way, which may be part of your issue? Can you minimize that by culling some branches?? (3) In general but with no experience in such matters a chain is only as strong as its weakest link, all to say, sure the directional a...
by anav
Wed Mar 03, 2021 6:21 pm
Forum: Beginner Basics
Topic: Seperating one part of the network. [SOLVED]
Replies: 10
Views: 494

Re: Seperating one part of the network. [SOLVED]

You like people to suffer needlessly............. must be that contract with the devil ;-)
by anav
Wed Mar 03, 2021 5:10 pm
Forum: Beginner Basics
Topic: Seperating one part of the network. [SOLVED]
Replies: 10
Views: 494

Re: Seperating one part of the network. [SOLVED]

If the op selects
add chain=forward action=drop as the last rule in the forward chain, will not that stop the etherports from seeing each other at layer3?? (aka one rule replaces many rules??)
by anav
Wed Mar 03, 2021 4:43 pm
Forum: General
Topic: Cannot block traffic Across subnets
Replies: 9
Views: 316

Re: Cannot block traffic Across subnets

Theory or not, there are no forward chain rules of any significance at all. Lets just start from scratch LOL. I have configed up a new start but not complete due to many unanswered questions. Best to contact me via my signa, and perhaps we can skype/whatsapp/ or whatever medium to chat as typing tak...
by anav
Wed Mar 03, 2021 2:34 pm
Forum: General
Topic: Cannot block traffic Across subnets
Replies: 9
Views: 316

Re: Cannot block traffic Across subnets

Hey nsmamuel, I feel your pain brother, I am in the same boat. I have day users and when others get home they need it and even worse up to a little while ago I had two poker players going at all hours, it was nightmare to make a change and even worse during a power outage or other issues. I will tak...
by anav
Wed Mar 03, 2021 2:29 pm
Forum: Beginner Basics
Topic: MikroTik WAP
Replies: 5
Views: 244

Re: MikroTik WAP

Why didnt you ask for advice prior to purchasing a unit you know nothing about? Thats the one question I am most interested in.
by anav
Wed Mar 03, 2021 3:33 am
Forum: General
Topic: cAP ac after reset network does not working.
Replies: 1
Views: 60

Re: cAP ac after reset network does not working.

Need more info than what you have provided to be of assistance.
It is not clear what the problem is???
by anav
Wed Mar 03, 2021 3:32 am
Forum: General
Topic: Cannot block traffic Across subnets
Replies: 9
Views: 316

Re: Cannot block traffic Across subnets

What I would call a freakin mess.
I also abhor capsman and no need with only two capacs, so I wouldnt touch that part of the config.
If your willing to change the rest of the config I am willing to have a look.
If not, someone else may chime in.
by anav
Wed Mar 03, 2021 3:25 am
Forum: Beginner Basics
Topic: Seperating one part of the network. [SOLVED]
Replies: 10
Views: 494

Re: Seperating one part of the network. [SOLVED]

Please provide a network diagram to assist.
A smart switch would be a smart idea because any vlan subnets you make in the RB4011 could then be more easily distributed.
by anav
Wed Mar 03, 2021 3:19 am
Forum: Beginner Basics
Topic: Block Router Admin Access from the Wireless Interfaces
Replies: 7
Views: 357

Re: Block Router Admin Access from the Wireless Interfaces

I understand where you are coming from and I am simply extrapolating the requirement stated to the ACTUAL REQUIRMENT unstated! Yes we learn mind reading in the MTUNA certification!! Lets look at it logically, the OP has clearly stated he is concerned with people accessing the router besides the admi...
by anav
Wed Mar 03, 2021 12:00 am
Forum: Beginner Basics
Topic: Port forward subnetwork.
Replies: 6
Views: 385

Re: Port forward subnetwork.

Thanks. So then: In the TP-link router, port forward to the FTP server on port 21? In Mikrotik, should the incoming port 21212 be forwarded to the address of the TP-link router (192.168.88.200) as port 21? {PUBLIC IP}: 21212 (Mikrotik)---192.168.88.200:21 (TP-link)---192.168.0.18 (FTP server): 21? ...
by anav
Tue Mar 02, 2021 8:09 pm
Forum: Beginner Basics
Topic: dual WAN for newbies
Replies: 3
Views: 177

Re: dual WAN for newbies

Read through this topic lots of good learning...............
viewtopic.php?f=23&t=157048&p=840751&hi ... er#p840751
by anav
Tue Mar 02, 2021 8:05 pm
Forum: Beginner Basics
Topic: CRS326 VLAN Filtering
Replies: 1
Views: 118

Re: CRS326 VLAN Filtering

This is the best guide for vlans using switch chip..........
https://www.youtube.com/watch?v=Rj9aPoyZOPo

If using the bridge vlan method,
viewtopic.php?f=13&t=143620
by anav
Tue Mar 02, 2021 8:03 pm
Forum: Beginner Basics
Topic: Port forward subnetwork.
Replies: 6
Views: 385

Re: Port forward subnetwork.

Sorry if you dont understand that the TP LINK needs port forwarding rules set on its own configuration to get the feed from the primary router on its WAN port, to transfer it to the TP link LAN, and then to the server on the TPLINK LAN, then you are beyond help. Is there something not understood abo...
by anav
Tue Mar 02, 2021 8:01 pm
Forum: Beginner Basics
Topic: CRS317 trunk VLAN configuration help
Replies: 5
Views: 259

Re: CRS317 trunk VLAN configuration help

This is the best guide for vlans using switch chip..........
https://www.youtube.com/watch?v=Rj9aPoyZOPo

If using the bridge vlan method,
viewtopic.php?f=13&t=143620
by anav
Tue Mar 02, 2021 7:55 pm
Forum: Beginner Basics
Topic: Block Router Admin Access from the Wireless Interfaces
Replies: 7
Views: 357

Re: Block Router Admin Access from the Wireless Interfaces

FIRST IGNORE the advice from above. The pony is pretty but those are LSD colours! ;-P There are many ways to accomplish this task, I use most of them. There is nothing specific you have to set in wireless settings. (1) Input chain firewall rules. add action=accept chain=input comment="Allow ADM...
by anav
Tue Mar 02, 2021 2:30 pm
Forum: Beginner Basics
Topic: RouterOS - Newbie CCR1009-7G-1C-1S+
Replies: 12
Views: 565

Re: RouterOS - Newbie CCR1009-7G-1C-1S+

Hi Cliff, sorry I dont use google home but it sounds like its a special case functionality.
Try searching in the forums for google home and see if there are any hits.
by anav
Tue Mar 02, 2021 2:28 pm
Forum: Beginner Basics
Topic: Opening ports
Replies: 7
Views: 335

Re: Opening ports

Glad its working but nothing about your setup was defaults, so you must have got the router from someone else or made many changes.
by anav
Tue Mar 02, 2021 5:26 am
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 594

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

You dont have a clue of what you are talking about.
Moving on to help others.
by anav
Tue Mar 02, 2021 5:23 am
Forum: Beginner Basics
Topic: RouterOS - Newbie CCR1009-7G-1C-1S+
Replies: 12
Views: 565

Re: RouterOS - Newbie CCR1009-7G-1C-1S+

Yes.
The first one wasnt literal, I meant your pppoe connection,
So it should match the name you have chosen.

pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
by anav
Tue Mar 02, 2021 3:36 am
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 594

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

One of my capacs, Check out on the wifi tab advanced mode (HT) tab!
by anav
Tue Mar 02, 2021 3:33 am
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 594

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

Ahh I see you come from the planet, EASILY FOOLED. Lets talk facts, the capac is rated loosely as a 1200speed wifi device. Breaking it down 300 2gig and 867 5gig. You must come from the Country called ADVERTISING SUCKER Those speeds are two way speeds not one way and finally wifi suffers losses. So ...
by anav
Tue Mar 02, 2021 3:24 am
Forum: Beginner Basics
Topic: RouterOS - Newbie CCR1009-7G-1C-1S+
Replies: 12
Views: 565

Re: RouterOS - Newbie CCR1009-7G-1C-1S+

No silly questions when trying to tame the beast. (1) This -from /ip firewall nat add action=masquerade chain=srcnat -to /ip firewall nat add action=masquerade chain=srcnat out-interface=pppoe-1 (2) Add ether1 (or whatever physical port attaches to ISP, to WAN interface list members for completeness...
by anav
Tue Mar 02, 2021 3:05 am
Forum: Beginner Basics
Topic: Opening ports
Replies: 7
Views: 335

Re: Opening ports

I would say your config is non-standard or you dont know what you are doing. (1) Is there any reason why your DHCP client is part of the bridge?? (2) This is compounded because now sfpplus is both a member of the LAN 9(via the bridge) and the WAN (Interface list members). (3) Why would you set all t...
by anav
Mon Mar 01, 2021 8:42 pm
Forum: Beginner Basics
Topic: Opening ports
Replies: 7
Views: 335

Re: Opening ports

Post your config and draw a network diagram

/export hide-sensitive file=anynameyouwish
by anav
Mon Mar 01, 2021 6:23 pm
Forum: Beginner Basics
Topic: Lag Spikes and Dropped game connections
Replies: 7
Views: 383

Re: Lag Spikes and Dropped game connections

In that vein of thinking, if you have access to a different provider, it may be worthwhile trying it for a month to see if it performs better...........
Is your current modem old, perhaps you missed an update to equipment from the ISP
by anav
Mon Mar 01, 2021 5:10 pm
Forum: General
Topic: Firewall rules for the second router needed or not?
Replies: 1
Views: 128

Re: Firewall rules for the second router needed or not?

I dont read diagrams of configs, hurts my eyes, but I will read a config.
In general only the RB4011 needs firewall rules. In some cases on an AP there may be a need for further access list or other measures taken.
However that depends on the requirements which were not provided.
by anav
Mon Mar 01, 2021 5:04 pm
Forum: General
Topic: Port Forwarding Not Working but Shows Packets
Replies: 20
Views: 4746

Re: Port Forwarding Not Working but Shows Packets

Hi there, glad its working for you. Normally its covered by default firewall rules and when people stray from them at all, things can get messed up pretty fast.
by anav
Mon Mar 01, 2021 5:00 pm
Forum: Beginner Basics
Topic: Lag Spikes and Dropped game connections
Replies: 7
Views: 383

Re: Lag Spikes and Dropped game connections

I see that LOL.
Sorry cannot help much further.
by anav
Mon Mar 01, 2021 4:59 pm
Forum: Beginner Basics
Topic: Quickset Mode ?
Replies: 9
Views: 450

Re: Quickset Mode ?

No need to enable the WLANS that come with the router and then its only wired.
by anav
Mon Mar 01, 2021 4:58 pm
Forum: Beginner Basics
Topic: Port forward subnetwork.
Replies: 6
Views: 385

Re: Port forward subnetwork.

Well you start at the TP LINK Port forward port 21 to the lanip of the FTP server. At the next stop, the MT, you will be forwarding port 21 to the WANIP of the TPLINK (its LANIP on the MT subnet). Since its coming into the MT as a different port you will need port translation in your Dst Nat rule. W...
by anav
Mon Mar 01, 2021 4:54 pm
Forum: Beginner Basics
Topic: passing traffic from one bridge to another
Replies: 2
Views: 127

Re: passing traffic from one bridge to another

Post your config as your design is not usual. Typically one does not need to assign the internet etherport to any bridge. One simply assigns the dhcp client as appropriate and ensures WAN interfaces and interfaces members and firewall rules etc all jive. All the other wlans and etherports can be on ...
by anav
Mon Mar 01, 2021 3:03 am
Forum: Wireless Networking
Topic: WIFI 6 Roadmap
Replies: 78
Views: 41246

Re: WIFI 6 Roadmap

Thats a dilemma for sure.
WHere are the 60hz smartphones and pads from MT to go along with the wifi.
by anav
Mon Mar 01, 2021 3:01 am
Forum: General
Topic: hEX PoE // Powersupply
Replies: 13
Views: 2022

Re: hEX PoE // Powersupply

Geez Sindy, go with your gut feeling, forget the blinking lights lol. ;-)
by anav
Mon Mar 01, 2021 2:59 am
Forum: Beginner Basics
Topic: Quickset Mode ?
Replies: 9
Views: 450

Re: Quickset Mode ?

The extra memory capacity I believe is the reason for its ability to get the improved wifi update when it becomes available.
As for omada cloud crap, I dont use it. I manage TPs via stand alone mode. Works fast and easy.
by anav
Sun Feb 28, 2021 10:47 pm
Forum: General
Topic: hEX PoE // Powersupply
Replies: 13
Views: 2022

Re: hEX PoE // Powersupply

As far as I know, POE in to power the hex is probably standard but outgoing POE to passively power other devices is like 1/2 of the standard, it may power MT access points etc but I would use it with caution for any non MT devices.
by anav
Sun Feb 28, 2021 10:41 pm
Forum: Beginner Basics
Topic: Lag Spikes and Dropped game connections
Replies: 7
Views: 383

Re: Lag Spikes and Dropped game connections

Nothing you are doing makes sense??? If you have upnp enabled you should not need any port forwarding. So its really confusing what the heck you are doing??? Finally big red flag for me is you attempting to put DNS ports in port forwarding rules............ Also port 80 If you have games that needs ...
by anav
Sun Feb 28, 2021 10:36 pm
Forum: Beginner Basics
Topic: Lag Spikes and Dropped game connections
Replies: 7
Views: 383

Re: Lag Spikes and Dropped game connections

What model is it that you have? (how old)? What is the throughput of your ISP.
Just thinking out loud you simply may be bandwidth limited in some respects.
by anav
Sun Feb 28, 2021 10:35 pm
Forum: Beginner Basics
Topic: hAP Lite: How to connect ethernet/LAN device to WLAN subnet?
Replies: 4
Views: 225

Re: hAP Lite: How to connect ethernet/LAN device to WLAN subnet?

Yes create a bridge.
Put the wlan on the bridge and the physical port on the hap lite on the bridge.

How does the lan device supposed go get dhcp etc. (wehre does it get it now??)

You really need to draw a network diagram and post your config
/export hide-sensitive file=anynameyouwish
by anav
Sun Feb 28, 2021 10:31 pm
Forum: Beginner Basics
Topic: Quickset Mode ?
Replies: 9
Views: 450

Re: Quickset Mode ?

If you insist on MT wifi, at least get the hapac3. Its become clear in the beta forum that very few MT wifi devices will benefit from finally getting a WIFI5 standard working (5 years behind everyone else), like the Audience Mesh stuff and apparently the hapac3. Alternatively get yourself a decent r...
by anav
Sun Feb 28, 2021 9:13 pm
Forum: Beginner Basics
Topic: Quickset Mode ?
Replies: 9
Views: 450

Re: Quickset Mode ?

What wifi device were you thinking of purchasing?
by anav
Sun Feb 28, 2021 6:39 pm
Forum: Beginner Basics
Topic: Exclude local IP from internal resources, allow internet access only
Replies: 6
Views: 360

Re: Exclude local IP from internal resources, allow internet access only

This is plain nuts, Provide a friggen network diagram so its clear from the start! (indicate which devices are managed or unmanaged including any secondary routers or access points aka can handle vlans). Also your config /export hide-sensitive file=anynameyouwish Also the RJO1 copper cage for the SF...
by anav
Sat Feb 27, 2021 10:13 pm
Forum: General
Topic: Email notification not working
Replies: 7
Views: 403

Re: Email notification not working

yup thanks amended my initial post after playing around.
by anav
Sat Feb 27, 2021 9:36 pm
Forum: General
Topic: Email notification not working
Replies: 7
Views: 403

Re: Email notification not working

Okay got my email to work from port 25 to email server of my ISP.
Getting TLS working was a bit harder, using the right port and setting tls only, was the key to success.
I did not need to enable www-ssl at all.
I am using email addresses and passwords not domain names!
by anav
Sat Feb 27, 2021 9:24 pm
Forum: Beginner Basics
Topic: I need help about installation mikrotik on VMware Esxi 6.0
Replies: 3
Views: 251

Re: I need help

Without seeing a well detailed network diagrams and the config of the MT whatever you call it, progress will be slow.
Disappointed, I though the thread was k666 asking for help LOL.
by anav
Sat Feb 27, 2021 6:56 pm
Forum: Forwarding Protocols
Topic: VPN Client Isolation from one another
Replies: 7
Views: 433

Re: VPN Client Isolation from one another

Haha, Im on the east coast, Halifax. Maybe attempt to open the exit door on the A/C when coming up to the coast of Canada, and with any luck you will be diverted to Halifax. I promise to visit you in jail (to pick up the chocolate). The OP wants to prevent crosstalk between vlans, my rule does that....
by anav
Fri Feb 26, 2021 5:38 pm
Forum: Forwarding Protocols
Topic: VPN Client Isolation from one another
Replies: 7
Views: 433

Re: VPN Client Isolation from one another

Nice move Chris, I raised you one forward chain firewall rule, and you want all SCRIPT ON ME!! Hmm, I would still think a small one liner is more efficient but I think your solution is more elegant and perhaps more holistic in that it may solve other issues for the OP. Just send me some swiss chocol...
by anav
Fri Feb 26, 2021 5:31 pm
Forum: General
Topic: Feature requests
Replies: 1302
Views: 311360

Re: Feature requests

at Win10 we can Snap windows by Win + [Left/Right arrow]. For working with 3 monitors it's OK. Easy for a teddy bear with straw for a neck!!! As for features I believe I read this somewhere recently where someone was suggesting firewall lists within firewall lists. That way we can select a number o...
by anav
Fri Feb 26, 2021 5:26 pm
Forum: Beginner Basics
Topic: Xbox and other beginner issues [SOLVED]
Replies: 2
Views: 214

Re: Xbox and other beginner issues [SOLVED]

Well I hope the SSH port showing in the config is not the real one, and if so just change it...........and ensure its not included in future posts. UPNP is a router service (like DNS) and thus besides the settings I believe you have to enable it for your pc you need to allow it to access the router....
by anav
Fri Feb 26, 2021 2:25 am
Forum: Wireless Networking
Topic: Any product recommendations for MikroTik wifi router?
Replies: 13
Views: 1114

Re: Any product recommendations for MikroTik wifi router?

You have wisps in North Idaho?
Crikes, dont you just have acres and acres of potato farms?
I think you meant Crisps, as in crispy taters. ;-))
by anav
Thu Feb 25, 2021 11:27 pm
Forum: Beginner Basics
Topic: VLAN & Trunk on CRS354 & other questions
Replies: 4
Views: 271

Re: VLAN & Trunk on CRS354 & other questions

For switch chip configs........
https://www.youtube.com/watch?v=Rj9aPoyZOPo

For Bridge vlan configs
viewtopic.php?f=23&t=143620
by anav
Thu Feb 25, 2021 7:39 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 2
Views: 398

Re: Hairpin NAT - the easy way

There are several ways to handle hairpin nat. Understand hairpin nat is a situation where the admin wants local users, ON THE SAMELAN subnet as the server, to access the server NOT by lanip address but by the routers public IP address. An easy work around for this problem (often called loopback on o...
by anav
Thu Feb 25, 2021 7:35 pm
Forum: Useful user articles
Topic: Free mikrotik 3011
Replies: 1
Views: 123

Re: Free mikrotik 3011

Are you sure?
I can help you get port forwarding working.
Just post your latest config here
/export hide-sensitive file=anynameyouwish

to get started.
by anav
Thu Feb 25, 2021 7:32 pm
Forum: General
Topic: how to set a firewall address list group
Replies: 5
Views: 438

Re: how to set a firewall address list group

Seems so logical................... a no-brainer?
by anav
Thu Feb 25, 2021 5:44 pm
Forum: Wireless Networking
Topic: How to create a virtual port or wlan
Replies: 2
Views: 132

Re: How to create a virtual port or wlan

Is that license good for 24 hrs or one week.
Egads could I have a coffee please, sure.
Oh by the way this coffee needs sugar, oh thats extra $$............ ;-(

Since when do you nickel and dime on virtual wlans?
Either the radio is capable of it or it is not.
by anav
Thu Feb 25, 2021 5:41 pm
Forum: Forwarding Protocols
Topic: VPN Client Isolation from one another
Replies: 7
Views: 433

Re: VPN Client Isolation from one another

Mein namma ist llama Perhaps if you lived in one location, you would have time to read the OPs post vice travelling back and forth all the time ;-P He specifically made it clear that he has a gazillion vlans and doesn't want to be firewalled to death with having to make 2xgazillion rules. Being effi...
by anav
Thu Feb 25, 2021 4:23 pm
Forum: Wireless Networking
Topic: WiFi 2.4 Ghz terrible ping and throughput on RB4011iGS
Replies: 9
Views: 562

Re: WiFi 2.4 Ghz terrible ping and throughput on RB4011iGS

Unfortunately there is nothing documented specific to MT wifi. Suggest talking to closest neighbours (be it in apt or houses) to ask if they are using ISP WIFI and if they say no and its still ON, to ask them to turn it off LOL. I tried the TPLINK eap245 wifi and it was more stable for me than the c...
by anav
Thu Feb 25, 2021 4:18 pm
Forum: Beginner Basics
Topic: The problem behind NAT
Replies: 1
Views: 104

Re: The problem behind NAT

Cannot help without seeing config.
/export hide-sensitive file=anynameyouwish

Please confirm you are using a mail server that requires authentication of some sort (Https, ftps, or whatever kind of encryption is normally used in email TLS? vice plain text password in the clear).
by anav
Thu Feb 25, 2021 4:15 pm
Forum: Beginner Basics
Topic: MikroTik Antenna - FTP over SSL port 21 is blocked
Replies: 5
Views: 271

Re: MikroTik Antenna - FTP over SSL port 21 is blocked

To further add, having removed all firewall rules is
a. not necessary
b. can be dangerous depending upon the rest of your network configuration.

/export hide-sensitive file=anynameyouwish

Will allow us to help you!!!
by anav
Thu Feb 25, 2021 2:28 pm
Forum: Forwarding Protocols
Topic: VPN Client Isolation from one another
Replies: 7
Views: 433

Re: VPN Client Isolation from one another

Very little info to go on. My suggestion is that at the end of the forward chain you have add chain=forward action=drop. That will kill all L3 vlan to valn connectivity (one rule not 5K). Then you only need rules for permitted traffic above this. like vlan to wan allowed etc.... or users in vlanA, n...
by anav
Thu Feb 25, 2021 2:21 pm
Forum: Wireless Networking
Topic: Any product recommendations for MikroTik wifi router?
Replies: 13
Views: 1114

Re: Any product recommendations for MikroTik wifi router?

Yeah but Tom is a Yankee, its all square miles when you put in an "m" in there! ;-) Well, Yankees are known not to know what units to use. Last time they tried to do anything coherent, they crashed Mars climate orbiter ... Okay this cannot stand, one has to defend ones closest neighbour!!...
by anav
Thu Feb 25, 2021 2:18 pm
Forum: Wireless Networking
Topic: WIFI 6 Roadmap
Replies: 78
Views: 41246

Re: WIFI 6 Roadmap

So those complaining that they will not get wifiwave2 because of their device not being capable of it in some way, should buy for example linksys velop which can be very pricey anyway. They are just like MikroTik adding more features all the time- ON SUBSCRIPTION BASIS! Like seriously, paying 4$ a ...
by anav
Thu Feb 25, 2021 2:10 pm
Forum: General
Topic: hEX PoE // Powersupply
Replies: 13
Views: 2022

Re: hEX PoE // Powersupply

Strange decision from Mikrotik to bundle 24V with PoE router, but ... It is not surprising at all. I expect most people to be using this device to power other Mikrotik devices, and those are fine being powered by 24V Passive PoE. Actually what is surprizing is that you are thinking so myopically. I...
by anav
Thu Feb 25, 2021 2:02 pm
Forum: Beginner Basics
Topic: Simple VLAN fails....
Replies: 8
Views: 428

Re: Simple VLAN fails....

All the piecemeal advice is useless, by that I mean well-intentioned but off the mark. if one doesnt know how to config the MT, snippets will not be helpful. There is one good guide to setting up vlans for switch/routers -switch chip method: https://www.youtube.com/watch?v=Rj9aPoyZOPo There is one g...
by anav
Wed Feb 24, 2021 11:40 pm
Forum: Wireless Networking
Topic: WIFI 6 Roadmap
Replies: 78
Views: 41246

Re: WIFI 6 Roadmap

Didnt know that, good thing, i only do IPv4.
And when I do go IPv6, I am convinced that will only be as far as my public IP and the rest of my internal lan will still be IPv4 based so not to worried.
If I am still alive when IPv6 gets jammed down our throats.
by anav
Wed Feb 24, 2021 10:40 pm
Forum: Wireless Networking
Topic: WIFI 6 Roadmap
Replies: 78
Views: 41246

Re: WIFI 6 Roadmap

There are stable and dependable wifi5 Access points just as cheap as the capac (TPLINK EAP245) that runs circles around it. This hinges on Wave 2 features actually mattering. My case for a cAP ac is to provide about 500 mbps to a single line of sight device, but I'd have multiple cAPs for multiple ...
by anav
Wed Feb 24, 2021 10:34 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

I just got a TP link switch with a fan. I noticed that is seems to suck air on one side and push air out the other side. So.......... for the two small 3 Inch fans I bought for the exterior of the CCR1009, should I put one fan on one side blowing air into the unit and one on the other side reverse t...
by anav
Wed Feb 24, 2021 10:28 pm
Forum: Beginner Basics
Topic: VLAN with internet Access
Replies: 1
Views: 95

Re: VLAN with internet Access

follow this guide,
viewtopic.php?f=23&t=143620
If you use the default firewall rules you should be connected to the internet.
if not post your config here
/export hide-sensitive file=anynameyouwish
by anav
Wed Feb 24, 2021 6:03 pm
Forum: Wireless Networking
Topic: Transparent AP Setup with VLANs
Replies: 1
Views: 75

Re: Transparent AP Setup with VLANs

Correct, Never used that MT device, however ROS is pretty standard. Basic is to use a bridge to handle all the vlans and wlans. Identify the vlans on the MT device. Set up bridge ports and bridge vlans appropriatelly Set up wifi appropriately. This guide may be helpful in that regard. The only trick...
by anav
Wed Feb 24, 2021 5:59 pm
Forum: Wireless Networking
Topic: WIFI 6 Roadmap
Replies: 78
Views: 41246

Re: WIFI 6 Roadmap

So those complaining that they will not get wifiwave2 because of their device not being capable of it in some way, should buy for example linksys velop which can be very pricey anyway. They are just like MikroTik adding more features all the time- ON SUBSCRIPTION BASIS! Like seriously, paying 4$ a ...
by anav
Wed Feb 24, 2021 5:51 pm
Forum: Beginner Basics
Topic: Bridge VLANs on RB4011iGS+RM
Replies: 6
Views: 403

Re: Bridge VLANs on RB4011iGS+RM

If going to use bridge vlans, this is the reference guide you will need!
viewtopic.php?f=23&t=143620
by anav
Wed Feb 24, 2021 12:32 am
Forum: Beginner Basics
Topic: VLAN-Problems [SOLVED]
Replies: 18
Views: 1030

Re: VLAN-Problems [SOLVED]

Hmm good point,
the powerline unit may not pass vlan tags is what you are thinking??
i missed that in your diagram??
by anav
Tue Feb 23, 2021 5:38 pm
Forum: Scripting
Topic: Script to Report DHCP CLient Changes
Replies: 0
Views: 78

Script to Report DHCP CLient Changes

hi the logging tools are not very specific in terms of pinpointing when dhcp client leases change etc. I would like the router to be able to email a log item but the logging rules are like a sledgehammer, while I only need a pencil so to speak. Thus looking for a a short script that will meet the fo...
by anav
Tue Feb 23, 2021 5:23 pm
Forum: Beginner Basics
Topic: help please
Replies: 10
Views: 439

Re: help please

less frigging with your config please so that you can take the 10 seconds to post your config.
Trying to pinpoint a grain of sand on a beach is no fun.
by anav
Tue Feb 23, 2021 3:45 pm
Forum: General
Topic: hAP-ac2 vs hAP-ac3 vs Audience wifi perfomance
Replies: 3
Views: 1496

Re: hAP-ac2 vs hAP-ac3 vs Audience wifi perfomance

MT is working on updated Wifi5 software for their WIFI devices, with a small caveat it wont be available for most of the existing products save the hapac3 for one. So if its future proofing, the choice is clear. Not familiar with mesh products. It would be interesting for someone to chime in that ha...
by anav
Tue Feb 23, 2021 3:41 pm
Forum: Beginner Basics
Topic: help please
Replies: 10
Views: 439

Re: help please

/export hide-sensitive file=anynameyouwish

A view of the config may provide some clues.......
by anav
Tue Feb 23, 2021 5:35 am
Forum: Scripting
Topic: Two Scripts need deciphering.
Replies: 4
Views: 246

Re: Two Scripts need deciphering.

:if (\$bound=1) do={ :local newgw [ip dhcp-client get [find interface="vlanbell"] gateway]; :local routegw [/ip route get [find comment="bellroute"] gateway ]; :if ($newgw != $routegw) do={ /ip route set [find comment="bellroute"] gateway=$newgw; } } Where vlanbell is ...
by anav
Tue Feb 23, 2021 5:28 am
Forum: Wireless Networking
Topic: cAP AC Access Points... best quick set? (resolved with no quick set as best option, but solution provided) [SOLVED]
Replies: 22
Views: 984

Re: cAP AC Access Points... best quick set? [SOLVED]

Yes, why didnt you ask about recommended wifi units before purchasing. I no longer recommend the capacs, they will not be able to handle the wifi updates MT is working and the range and stability of the capacs are questionable. I changed to the TPLINK eap245 for a similar priced but stable and depen...
by anav
Tue Feb 23, 2021 5:24 am
Forum: General
Topic: block internet access but allow some sites - NOT WORKING
Replies: 7
Views: 394

Re: block internet access but allow some sites - NOT WORKING

what are you trying to accomplish?
without talking about the config, in terms of users? what do you want to allow or not allow.
by anav
Tue Feb 23, 2021 5:22 am
Forum: General
Topic: Best low end poe-out switch?
Replies: 5
Views: 264

Re: Best low end poe-out switch?

I just purchased this switch, 116W of POE output power. https://www.tp-link.com/us/business-networking/smart-switch/t1500g-10mps/ https://www.newegg.com/tp-link-t1500g-10mps-8-x-rj45-2-x-sfp/p/N82E16833704422?Description=tplink%20t1500g-10mps&cm_re=tplink_t1500g-10mps-_-33-704-422-_-Product&...
by anav
Mon Feb 22, 2021 10:41 pm
Forum: Scripting
Topic: Two Scripts need deciphering.
Replies: 4
Views: 246

Re: Two Scripts need deciphering.

Ahh I see, its a conditional thing. If the lease is added or changed execute the script So are you saying thats missing from the second script?? ":if (\$bound=1) do= How do I add this to the front and close off any required notation??? :local newgw [ip dhcp-client get [find interface="vlan...
by anav
Mon Feb 22, 2021 10:35 pm
Forum: Beginner Basics
Topic: Playing with Routes.
Replies: 4
Views: 332

Re: Playing with Routes.

Oh thats too easy, you escape artist you!! So there are not two normal routes? Just four abnormal routes (no table main then)??? Now lets see that with recursive routing, I will help immensely, here are my routes. /ip route add check-gateway=ping distance=3 gateway=1.0.0.1 add check-gateway=ping dis...
by anav
Mon Feb 22, 2021 9:44 pm
Forum: Beginner Basics
Topic: hAP ac2 setup with VLAN
Replies: 4
Views: 312

Re: hAP ac2 setup with VLAN

To answer small or large questions, I need to see the config LOL

/export hide-sensitive file=anynameyouwish
by anav
Mon Feb 22, 2021 8:15 pm
Forum: Scripting
Topic: Two Scripts need deciphering.
Replies: 4
Views: 246

Two Scripts need deciphering.

What I am trying to achieve in terms of functionality is that when the primary ISP goes down for any reason, when it comes back up and the gateway is changed, the script will find the new gateway (from status), and implement it such that the IP recursive routing associated starts working again. I th...
by anav
Mon Feb 22, 2021 7:44 pm
Forum: Beginner Basics
Topic: DELETE THIS TICKET [SOLVED]
Replies: 13
Views: 630

Re: see device on separate network [SOLVED]

Egads,,,,,,,,,, mkx, do you want to be named in a lawsuit, for giving a guy advice that leads to patients deaths, getting wrong medications and the list goes on.
Run while you can!

Seriously dude, configuration as in.
/export hide-sensitive file=anynameyouwish.
by anav
Mon Feb 22, 2021 7:02 pm
Forum: Beginner Basics
Topic: Email Logging
Replies: 0
Views: 80

Email Logging

How do I be a tad specific on my logging. I want to have any change in my DHCP client settings emailed but I cannot determine the optimal way to do this using the logging function. There does not seem to be a way to isolate and use dhcp-client as a parameter of "detect this, log and email it&qu...
by anav
Mon Feb 22, 2021 7:00 pm
Forum: Beginner Basics
Topic: First time port-forwarding
Replies: 1
Views: 84

Re: First time port-forwarding

Post your config
/export hide-sensitive file=anynameyouwish

Also are only external users using your servers?
If you have internal users are they accessing the server via its LANIP or the public IP (loopback).
by anav
Mon Feb 22, 2021 6:57 pm
Forum: Beginner Basics
Topic: DELETE THIS TICKET [SOLVED]
Replies: 13
Views: 630

Re: see device on separate network [SOLVED]

Sorry I must have been confused by this statement "I'm asking for your advice as beginner." If you are a beginner on MT equipment WTF are you doing trying to configure Hospital IT?? Get a consultant STAT, or you will bleed all over your current and future employment prospects. Is this like...
by anav
Mon Feb 22, 2021 1:27 pm
Forum: Wireless Networking
Topic: PtMP link on Moving Boat
Replies: 6
Views: 392

Re: PtMP link on Moving Boat

Absolutey. But still, omni's is better than a p2p pointing in the wrong direction.. :)
Not if you are out of range of omni, how fricken far do you think omni wifi extends over water and we are not talking flat lake.
Wifi is not meant for ship to shore communications period.
by anav
Mon Feb 22, 2021 1:25 pm
Forum: General
Topic: Problem with L2/L3 Tunnel VLAN
Replies: 14
Views: 736

Re: Problem with L2/L3 Tunnel VLAN

If you read the post above you would realize that you need to /export hide-sensitive file=anynameyouwish and then open the file in notepad++ and then post it here in the thread but using the code tags above (black square with white square brackets) No one is going to open the crap site posting you p...
by anav
Mon Feb 22, 2021 1:22 pm
Forum: Beginner Basics
Topic: DELETE THIS TICKET [SOLVED]
Replies: 13
Views: 630

Re: see device on separate network [SOLVED]

What you have to do is ask the Hospital IT staff to make the necessary changes. If it is required to get work done, it will be addressed.
by anav
Mon Feb 22, 2021 12:37 am
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 4
Views: 332

Re: Port Forwarding

True dat, more so I thought is the fact that really port forwarding is just one example of what dstnat rules can do.
They can be used anywhere but I am not comfortable using them within LANs for example, not sure what I would be doing LOL
by anav
Sun Feb 21, 2021 9:44 pm
Forum: Beginner Basics
Topic: Basic routing
Replies: 11
Views: 706

Re: Basic routing

Still not clear.

THE ISP gives you one ISP for internet.
Are you saying the ISP has its own security camerass that are locked onto another PUBLIC IP that the ISP gives you.
Never heard of that before.

You really need to draw a diagram to show the equipment and networks...........
by anav
Sun Feb 21, 2021 9:42 pm
Forum: Beginner Basics
Topic: ISP problems
Replies: 11
Views: 734

Re: ISP problems

yes, if you dont want your RB4011 I will pay for shipping to my location.
by anav
Sun Feb 21, 2021 2:14 pm
Forum: Beginner Basics
Topic: hAP ac2 setup with VLAN
Replies: 4
Views: 312

Re: hAP ac2 setup with VLAN

For a simple home network, I wouldnt bother about switch chip method, far too complicated. you could have been up and run using pCUNITEs examples yesterday! Give it a try and see your results. Then use this guide for switch chip and see the results, and which you like better......... https://www.you...
by anav
Sun Feb 21, 2021 2:11 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 4
Views: 332

Re: Port Forwarding

K6ccc, i made the same config type errors as many will do coming from other routers to MT. In most routers one makes two complete list of rules for port forwarding and firewall rules. Not so in the MT world. One firewall rule is required for port forwarding and the the heavy lifting is all done on t...
by anav
Sat Feb 20, 2021 5:58 pm
Forum: General
Topic: Can't Make New NAT Rules Work [SOLVED]
Replies: 13
Views: 516

Re: Can't Make New NAT Rules Work [SOLVED]

Did you check if your Windows firewall or AV at the PC is getting in the way??
by anav
Sat Feb 20, 2021 2:35 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

Yes, those are very nice fans, dont see any USB connectors however and they are too big. Ended up getting this pair, and I have three UPS where the Router is located and two have USB ports. https://www.amazon.ca/gp/product/B00IJ2J2K0/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 Dont need the...
by anav
Sat Feb 20, 2021 12:05 am
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

Okay but looking at fans, I see we can get USB fans but what is ideal..................... This looks Really promising, Roughly 6 inches wide, 2.4 inches high and 1.5 inches deep https://www.amazon.ca/Portable-Reducing-External-Cooling-Console/dp/B085S129N8/ref=sr_1_17?dchild=1&keywords=xbox+coo...
by anav
Fri Feb 19, 2021 11:42 pm
Forum: Beginner Basics
Topic: Playing with Routes.
Replies: 4
Views: 332

Re: Playing with Routes.

Okay but before hitting recursive routing, is this what you mean??? So besides the two NORMAL Standard FAILOVER ROUTING for two WANs. ISP 1 distance= 5 check gateway=ping ISP2 distance = 10 route 3 isp1 wan , route-rule lan1 go to isp1 via table:lan1 distance=? Check gateway=ping? route 4 isp1 wan, ...
by anav
Fri Feb 19, 2021 11:29 pm
Forum: Beginner Basics
Topic: Basic routing
Replies: 11
Views: 706

Re: Basic routing

The OP didnt say IPTV as that has multicast issues as well.
I dont think it will be a difficult issue to config once its understood.
by anav
Fri Feb 19, 2021 9:19 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

Why 3 wires? I see a + and - on the previous diagram what is the third soldered spot for, closest to the back of the chassis??
I suppose one could check if they are powered by hooking up a multimeter? I wonder if that capacitor close by (11 oclock)is affiliated or not...........
by anav
Fri Feb 19, 2021 7:10 pm
Forum: Beginner Basics
Topic: Basic routing
Replies: 11
Views: 706

Re: Basic routing

Probably because your description is confusing.

VLAN for pppoe I understand.
VLAN for cams private network???

Whose video cameras? Where are they located, makes no sense to me because you didnt describe a use case???
Did you ask for this vlan and if so for what purpose.
by anav
Fri Feb 19, 2021 3:57 pm
Forum: SwOS
Topic: Can SwitchOS pass VLAN's to other MikroTik switches?
Replies: 4
Views: 482

Re: Can SwitchOS pass VLAN's to other MikroTik switches?

Haha, no wonder California has power issues, K6ccc ur hogging all the power! ;-)
by anav
Fri Feb 19, 2021 2:56 pm
Forum: Wireless Networking
Topic: PtMP link on Moving Boat
Replies: 6
Views: 392

Re: PtMP link on Moving Boat

My gut feeling is that this will not be stable.. But I would try it, that's the only way to find out.. This would be easy if the clients were stationary , but I totally see why you would need omni's on the boats. Is is a regatta of some sorts? If sailing boats, ensure that the antennas is high enou...
by anav
Fri Feb 19, 2021 2:52 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

Okay I see, the orange X, is where you recommend I somehow attach a fan to the unit to suck air out.

A. how to attach it to the unit?
B. how to power it?

I recently soldered new capacitors into a zyxel unmanaged switch so have some basic skills, just need pointing in the right direction.
by anav
Fri Feb 19, 2021 2:50 pm
Forum: General
Topic: How to make 2 isolated networks on 2 different PPPoE interfaces?
Replies: 2
Views: 170

Re: How to make 2 isolated networks on 2 different PPPoE interfaces?

Please post your config
/export hide-sensitive file=anynameyouwish

Also provide a network diagram so we can better understand .
by anav
Fri Feb 19, 2021 2:48 pm
Forum: General
Topic: Problem with L2/L3 Tunnel VLAN
Replies: 14
Views: 736

Re: Problem with L2/L3 Tunnel VLAN

Plus a diagram would help as well.
When you say directly connected HOW. Do you mean there is a dedicated cable between the two offices??
by anav
Fri Feb 19, 2021 2:46 pm
Forum: Beginner Basics
Topic: Looking for guides to mikrotik router gui
Replies: 7
Views: 478

Re: Looking for guides to mikrotik router gui

Have you tried this http://letmegooglethat.com/?q=mikrotik+guide ? hahaha thanks for the morning laugh! Here is what I recommend as reference materials https://www.amazon.ca/Routeros-Example-2nd-Stephen-Discher/dp/0692777903/ref=sr_1_3?dchild=1&keywords=mikrotik+book&qid=1613738532&sr=8...
by anav
Fri Feb 19, 2021 2:03 am
Forum: SwOS
Topic: 260GSP vs. CSS106-1G-4P-1S
Replies: 12
Views: 5986

Re: 260GSP vs. CSS106-1G-4P-1S

Thanks for correcting me. But my question stands as before: did packet buffers increase? No. Still 1Mbit (128kB) Can you elaborate....... I feel a stupid question coming on!!! How is 1Mbit = 128kB? and thus so is 4Mbit = 512kB Reason I ask is that I am looking at two switches, one is advertised as ...
by anav
Fri Feb 19, 2021 1:50 am
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

Correct, The input chain is for traffic to/fro the router (Wan to router, router to Wan, lan to router router to lan), the forward chain is for traffic across the router wan to lan, lan to wan, lan to lan. Yes most people get rid of the admin account in the USERS settings and create their own, that ...
by anav
Fri Feb 19, 2021 12:34 am
Forum: General
Topic: Help on wiring solution
Replies: 18
Views: 1331

Re: Help on wiring solution

A very good document for your reading on vlans follows. My personal belief is that you leave capsman to the very end, it adds a layer of complication that is unnecessary while figuring out the BASICS of configuring WIFI on MT device and figuring out the BASICS of configuring vlans. Once you have bot...
by anav
Fri Feb 19, 2021 12:22 am
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

Looks good! The default rules are excellent in that a user can plug in the router and safely work right away. However they can be refined. You may have noticed that the default rules are setup with a design that says, EVERYTHING IS ALLOWED, unless we deny it. So it relies on the user to know which t...
by anav
Fri Feb 19, 2021 12:00 am
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

I never thought it was my firewall since I added a custom rule that accepts port 25565 on all networks... Anyways.. I will mark your post as the solution, but could you elaborate more on those filter rules you said are required to make my router secure? Sure post your latest config assuming you mad...
by anav
Thu Feb 18, 2021 11:58 pm
Forum: Wireless Networking
Topic: MİkroTik Wireless Gig+ Test
Replies: 14
Views: 1036

Re: MİkroTik Wireless Gig+ Test

Intel AX200 connected at 1.2Gbit/s at Aruba AP-555 with 80 MHz channel == stable 800 Mbit/s up and down while copy a big file to and from a SMB file server. Tell the rest of the class what you paid for the Aruba. Hahah what a tard, anuser....... https://www.cdw.com/product/hpe-aruba-ap-555-us-campu...
by anav
Thu Feb 18, 2021 11:53 pm
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

No worries, it was a logical conclusion based on the info provided. If RDP was on the same PC wouldnt the firewall have blocked that as well??
by anav
Thu Feb 18, 2021 11:43 pm
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

So the issue is not necessarily the config............. Can you confirm that the client WANIP your router gets, is the same that cloudfare is reporting and is the same that is the MT cloud IP?? In other words, there is only ONE PUBLIC IP associated with your account?? I am assuming yes because RDP p...
by anav
Thu Feb 18, 2021 11:40 pm
Forum: General
Topic: Help on wiring solution
Replies: 18
Views: 1331

Re: Help on wiring solution

Sindy is like the guru of MT knowledge, when he breathes I learn stuff through osmosis ;-) That being said, I do disagree about using Capacs in a mixed environment MT WIFI=PISSED OFF USERS. The reason I went to same price TPLINK EAP245 was not for speed but for stability and reliability of all types...
by anav
Thu Feb 18, 2021 11:33 pm
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

Can you clarify if its EXTERNAL users that cannot reach or your server?
If by chance you mean internal users on the LAN, are they attempting to connect via the servers LANIP or the routers WANIP (loopback)?
by anav
Thu Feb 18, 2021 11:30 pm
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

Would tidy this up for sure....... the ones in red should be removed. /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN add list=WAN add list=WAN add interface=pppoe-out list=WAN Can you clarify if its EXTERNAL users that cannot reach ...
by anav
Thu Feb 18, 2021 11:28 pm
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

Sure, no worries, I would do the netinstall thing regardless.
Yes you need both input chain and forward chain firewall rules.

In any case, did you make the rest of the changes noted?? (ie the bridge IP address)?
by anav
Thu Feb 18, 2021 9:59 pm
Forum: Wireless Networking
Topic: MİkroTik Wireless Gig+ Test
Replies: 14
Views: 1036

Re: MİkroTik Wireless Gig+ Test

The reported result are bogus.............. 1753/3 = 583Mpbs is what is more likely with direct LOS and no interfering obstacles. At 1300/3 = 433Mbps speed can be expected. Rough rule of thumb (take advertised two way speed, divide by two for one way and then subtract losses). 1/3 rule is a good sta...
by anav
Thu Feb 18, 2021 9:54 pm
Forum: Wireless Networking
Topic: PtMP link on Moving Boat
Replies: 6
Views: 392

Re: PtMP link on Moving Boat

Why would you use an omni antenna, aka what do you think the range would be?? As for the ships unless they are in relatively flat water, not past the breaker line, how in the heck would they aim anything. I would think WIFI for small boats is really practical when moored in marina. Now even here one...
by anav
Thu Feb 18, 2021 9:50 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

No NO, that looks like a stock picture of inside the CCR1009. It has those BIG copper pipes leading to the heat sink with large fins. THe fins get really hot, I think I could use them for cooking LOL.
by anav
Thu Feb 18, 2021 9:46 pm
Forum: General
Topic: Help on wiring solution
Replies: 18
Views: 1331

Re: Help on wiring solution

Yes I did earlier, Any person that does not know an un-managed switch cannot handle vlans is like a mother who doesnt know that a baby needs warm milk from a bottle, like coming out of an warm blooded teat!! :-) In other words you have no business setting up a network for a business. I am being a ki...
by anav
Thu Feb 18, 2021 9:40 pm
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

Okay added the rules.. Did not know i needed them :/ Anyways... Yes because i have seen viruses enter networks via RDP port specifically 3389 so changing it to 3399 seems "more" secure. MC server just goes from 25565 to 25565 EDIT: I did notice A LOT of login attempts yesterday so disable...
by anav
Thu Feb 18, 2021 7:59 pm
Forum: Wireless Networking
Topic: Wanting to recreate WIFI Ranger Elite AC
Replies: 4
Views: 345

Re: Wanting to recreate WIFI Ranger Elite AC

Will you be dealing mostly with RV Access Points that are attached to omni directional or Sector Antennas.?
In other words to optimize connectivity you may want a sector antenna which you can rotate for optimal signal.
https://mikrotik.com/product/mantbox_52_15s
by anav
Thu Feb 18, 2021 7:51 pm
Forum: Beginner Basics
Topic: Playing with Routes.
Replies: 4
Views: 332

Playing with Routes.

GIven ROUTES ISP1 distance=5 ISP2 distance=10 Bur our requirements are lets say we have lanA and lanB. We want lanA to go out ISP1 but failover to ISP2 We want lanB to go out ISP2 but failover to ISP1 Can this be done without mangling is the challenge ? Ignoring fail over for now, if I add a third r...
by anav
Thu Feb 18, 2021 7:30 pm
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

/ip address add address=10.20.0.1/24 comment=defconf interface= ether2 network=10.20.0.0 should be /ip address add address=10.20.0.1/24 comment=defconf interface= bridge network=10.20.0.0 You are missing input rules so your router is not protected from the internet? ? Unplug it from the internet and...
by anav
Thu Feb 18, 2021 5:17 pm
Forum: General
Topic: NAT https with aditional port
Replies: 3
Views: 204

Re: NAT https with aditional port

Hi Thomas, Your explanation is confusing. Lets say you have Server on your lan 192.168.0.20 and the server expects traffic on port 9152 So why the heck are you discussing ports 443 and showing a port on a log for 6335??? Also are you wanting EXTERNAL users only to connect to the server OR also LAN u...
by anav
Thu Feb 18, 2021 2:47 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

Yes I do use mini heat sinks on the SFP ports.
Do you mean a fan sucking air away from the large heat sink on the outside of the unit??
by anav
Thu Feb 18, 2021 2:44 pm
Forum: Beginner Basics
Topic: Forwarding Minecraft server [SOLVED]
Replies: 23
Views: 821

Re: Forwarding Minecraft server [SOLVED]

/export hide-sensitive file=anynameyouwish

Please post your config....
by anav
Thu Feb 18, 2021 2:43 pm
Forum: Beginner Basics
Topic: How to select all interfaces not in a bridge using find command?
Replies: 1
Views: 99

Re: How to select all interfaces not in a bridge using find command?

I suspect there is some fancy pants CLI command but I am pictures guy LOL.
by anav
Thu Feb 18, 2021 2:41 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 2742

Re: NAT not working...

Read and understand this document it contains really good information.
viewtopic.php?t=143620
by anav
Thu Feb 18, 2021 3:33 am
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

Do you know if anyone has added a fan to a CCR1009??
by anav
Wed Feb 17, 2021 9:16 pm
Forum: Wireless Networking
Topic: Outdoor AP as a Long Range Client - External Antennas
Replies: 4
Views: 321

Re: Outdoor AP as a Long Range Client - External Antennas

Sorry, I thought you meant a setup for the harbor to serve the boats! w32pamela is right, this would be overkill for a boat. For a boat inside a harbor, an omni is fine. If you want to connect also while out of the harbor, I'd go with a directional antenna, mounting it so that you can point it (man...
by anav
Wed Feb 17, 2021 9:06 pm
Forum: General
Topic: IPv6 and NAT - how I changed my mind
Replies: 31
Views: 13757

Re: IPv6 and NAT - how I changed my mind

As a simple user, the idea of my ISP being able to allow me to stay within my IPV4 bubble whilst they handle the IPV6 for as long as possible is damned attractive (although I have no clue if that's a viable interim path). In other words, no need yet on my MT router. At what point will I slowly conve...
by anav
Wed Feb 17, 2021 8:04 pm
Forum: General
Topic: Routing and mangle
Replies: 7
Views: 557

Re: Routing and mangle

So lets summarize ;-)))
msatter:0, anav:1
by anav
Wed Feb 17, 2021 8:01 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

Heh, not to hard to find something. https://www.amazon.es/Aukru-Disipador-heatsinks-Raspberry-Aluminio/dp/B07W9JTDFZ/ref=sr_1_8?__mk_es_ES=%C3%85M%C3%85%C5%BD%C3%95%C3%91&dchild=1&keywords=raspberry+pi+heatsink+kit&qid=1613584822&sr=8-8 I know what you are thinking!!!! Gracias, tu ll...
by anav
Wed Feb 17, 2021 7:50 pm
Forum: Beginner Basics
Topic: VLAN-Problems [SOLVED]
Replies: 18
Views: 1030

Re: VLAN-Problems [SOLVED]

Will echo TDW in most respects 1. Leave bridge default to pvid=1 and remove ingress filtering for now (I dont use it at my place for my bridge) /interface bridge add ingress-filtering =yes name=Bridge pvid=10 vlan-filtering=yes /interface bridge add name=Bridge pvid=1 vlan-filtering=yes 2. No need t...
by anav
Wed Feb 17, 2021 5:29 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

Sure, https://www.amazon.ca/gp/product/B07Q8RW5Y2/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 (this is what I got) Similar https://www.amazon.com/Raspberry-Heatsink-Conductive-Adhesive-Aluminum/dp/B07YR6M6F6/ref=sr_1_13?dchild=1&keywords=Heatsink+kit&qid=1613575672&sr=8-13 https...
by anav
Wed Feb 17, 2021 5:24 pm
Forum: Beginner Basics
Topic: speed-test between CCR2004 and CCR1009
Replies: 4
Views: 338

Re: speed-test between CCR2004 and CCR1009

That makes NO sense to me whatsoever. If your real world ISP to both and routes inbetween yield 450Mbps between each device (and remember they are both capable of way more than 1gig of traffic in either direction SO ARE NOT THE LIMITING FACTORS) then your IPSEC should be almost exactly the same. Thi...
by anav
Wed Feb 17, 2021 2:52 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2471

Re: Add cooling fan to CRS-326-24P-2S+ ?

I put those mini heat sinks on all my SFP to copper cage locations, seems to work well.
The CCR1009 does get very hot and have toyed with the idea of a fan for that but too chicken to try it.
by anav
Wed Feb 17, 2021 2:49 pm
Forum: Beginner Basics
Topic: VLAN-Problems [SOLVED]
Replies: 18
Views: 1030

Re: VLAN-Problems [SOLVED]

Okay, yes hybrid ports are a bit trickier,
I will have a look sometime today at the config you posted to see what I can discern, apologies for my negative tone yesterday.
by anav
Wed Feb 17, 2021 1:17 am
Forum: General
Topic: Best Bandwidth Throttling Solution
Replies: 11
Views: 1274

Re: Best Bandwidth Throttling Solution

So cool Tom, thanks for sharing what you do, always fascinating to see people work in large scale, i can barely cope with a single router and a couple of access points.
by anav
Tue Feb 16, 2021 9:06 pm
Forum: Beginner Basics
Topic: Help with ACL
Replies: 3
Views: 189

Re: Help with ACL

https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless The ap access-list is used one of two ways, depending on the "default-authentication" setting in "/interface wireless". (1) Access List is a DENY List If default-authentication=yes, then you can block connections from certa...
by anav
Tue Feb 16, 2021 4:33 pm
Forum: General
Topic: How do I interconnect 3 DHCP Server
Replies: 4
Views: 303

Re: How do I interconnect 3 DHCP Server

Very messy explanation
I get three WANs, but the rest is gobblity gook.
Please draw and label a network diagram it will help greatly.
by anav
Tue Feb 16, 2021 4:31 pm
Forum: General
Topic: RB750GL - Port Redirect
Replies: 6
Views: 389

Re: RB750GL - Port Redirect

Okay, so that I understand. You have a device that sends data OUTwards on port 80 but to where? Not sure of this functionality? Is it a multicast ??? This output is sent via ethernet? You have another device that is capable of accepting these types of outputs but not on Port 80 but can on Port 2000....
by anav
Tue Feb 16, 2021 4:22 pm
Forum: General
Topic: Routing Specific LANs to Specific Public IPs
Replies: 1
Views: 126

Re: Routing Specific LANs to Specific Public IPs

I would do it differently Normal two routes /ip route add gateway=213.6.222.149 distance=1 add gateway=213.6.111.165 distance=1 A standard fail-over approach is to differentiate the distance difference so that all traffic goes to WAN1, and if WAN1 goes down, all traffic goes to WAN2. /ip route add g...
by anav
Tue Feb 16, 2021 4:12 pm
Forum: General
Topic: 2.5G port hardware compatibility
Replies: 6
Views: 440

Re: 2.5G port hardware compatibility

Hi thank you for your answer, I would like to plug only copper cables...
That helps, also the cable from the ISP modem/ont to the Mikrotik, would this be copper or fiber cable?
by anav
Tue Feb 16, 2021 4:09 pm
Forum: Beginner Basics
Topic: Opening firewall ports
Replies: 4
Views: 283

Re: Opening firewall ports

What do you mean SSH from a different network into my home network.

Do you mean from an external location (not behind the same router)?

If so recommend using VPN not SSH.
by anav
Tue Feb 16, 2021 4:07 pm
Forum: Beginner Basics
Topic: Help with ACL
Replies: 3
Views: 189

Re: Help with ACL

Check the wireless settings in winbox...........
Access Lists is the fourth tab I believe.......
by anav
Tue Feb 16, 2021 4:03 pm
Forum: Beginner Basics
Topic: Basic configuration problems
Replies: 5
Views: 388

Re: Basic configuration problems

If you intend to use the bridge vlan filtering method this is the best document..........
viewtopic.php?t=143620

If you intend on using the switch chip based vlan method this is a decent resource............
https://www.youtube.com/watch?v=Rj9aPoyZOPo
by anav
Tue Feb 16, 2021 3:59 pm
Forum: Beginner Basics
Topic: wan to wan port forwarding
Replies: 1
Views: 86

Re: wan to wan port forwarding

Draw a diagram showing the connectivity you have and desired.......
Description is messy thus far.
by anav
Tue Feb 16, 2021 3:55 pm
Forum: Beginner Basics
Topic: [Beginner] WiFi without internet access
Replies: 1
Views: 98

Re: [Beginner] WiFi without internet access

Not swept up on IPTV stuff but did note the following...... maybe add this line to the existing setup???? /interface list member add interface=bridgeIPTV list=WAN ??????????????????? Can you confirm on dhcp client that you are a. bound, and b. when double clicking on the client connection, does the ...
by anav
Tue Feb 16, 2021 3:45 pm
Forum: General
Topic: 2.5G port hardware compatibility
Replies: 6
Views: 440

Re: 2.5G port hardware compatibility

Hi there
Not sure if your intention is to cable with fiber to devices or use copper cages and transfer to ethernet cable.
How many devices do you have that can use SFP ports/speeds?
by anav
Tue Feb 16, 2021 2:33 pm
Forum: Beginner Basics
Topic: Upgrade path from 6.40.5
Replies: 3
Views: 184

Re: Upgrade path from 6.40.5

Download and use the long term version of firmware not the latest one. The long term version actually tends to be the one that is 'more' stable.
This is currently 6.47.9
The rest of the advice was spot on!!

Edit: the advice below to use defaults to start and then adjust is better.
by anav
Tue Feb 16, 2021 12:49 am
Forum: Beginner Basics
Topic: Using wireless interfaces on bridge mode mikrotic hAP AC2
Replies: 2
Views: 202

Re: Using wireless interfaces on bridge mode mikrotic hAP AC2

I would say that MT wifi devices in general are 'marketed as wifi 5' but have never achieved proper results in speed and stability. For example the TPLINK EAP245 is wifi5 and works great (stable and reaches the speeds it should). However for occulus rift one would have to check what WIFI client capa...
by anav
Tue Feb 16, 2021 12:44 am
Forum: Beginner Basics
Topic: VLAN-Problems [SOLVED]
Replies: 18
Views: 1030

Re: VLAN-Problems [SOLVED]

Try actually configuring according to the ref guide below!!!........
Not going to bother helping until you have a better understanding (clue bridge vlanid is the same as guest vlanid)

viewtopic.php?t=143620
by anav
Mon Feb 15, 2021 7:00 pm
Forum: General
Topic: How to connect vrrp'ed routers to wan (ISP)
Replies: 12
Views: 666

Re: How to connect vrrp'ed routers to wan (ISP)

Hmm what about a managed switch in between?
For example ISP1 to port1, ISP2 to port2 (basic port vlan)
Port1 connected to ports 3,4
Port2 connected to ports 5,6

Router1 connections to ports 3,5
Router2 connections to ports 4,6

Assuming will need one dedicated router1 to router2 connection as well.
by anav
Mon Feb 15, 2021 6:56 pm
Forum: General
Topic: Mikrotik multiple VLAN's
Replies: 2
Views: 174

Re: Mikrotik multiple VLAN's

I am not familiar with that model, but yes very doable in general.
Please read this document as a guide.
viewtopic.php?f=13&t=143620
by anav
Mon Feb 15, 2021 6:46 pm
Forum: Beginner Basics
Topic: 2 ISPs 1 LAN [SOLVED]
Replies: 1
Views: 113

Re: 2 ISPs 1 LAN [SOLVED]

Okay so you are not proposing a backup router, but a backup such that at least one ISP is available at all times on the LAN, if one goes down. Well you dont need two routers for that, one will suffice! It all depends on how you setup your routing for the most part. Attach both ISP modems to the prim...
by anav
Mon Feb 15, 2021 6:44 pm
Forum: Beginner Basics
Topic: Port Forwarding after ISP Switch
Replies: 3
Views: 159

Re: Port Forwarding after ISP Switch

What ISP uses VLAN1 for connectivity, thats nuts!
Mine for fiber uses something like 32 for example.
by anav
Mon Feb 15, 2021 5:14 am
Forum: Beginner Basics
Topic: Confused why NAT not working..
Replies: 3
Views: 235

Re: Confused why NAT not working..

THe issue is not clear to me as I would not configure it the way you have but it may be hidden in the firewall rules......... They are kinda like the default but not quite and the additions/modification suck (sorry tdw ;-P ) Suggest from this..... /ip firewall filter add action=accept chain=input co...
by anav
Sun Feb 14, 2021 9:38 pm
Forum: General
Topic: RB750GL - Port Redirect
Replies: 6
Views: 389

Re: RB750GL - Port Redirect

Im a bit confused so you want port redirect within the same LAN, and not a WAN to LAN port forwarding? Also, it seems that the Server is initiating communication with the client, is this normal? Or does actually the client initiate the conversation? If you can explain the requirement more fully with...
by anav
Sun Feb 14, 2021 9:33 pm
Forum: General
Topic: Routing and mangle
Replies: 7
Views: 557

Re: Routing and mangle

You do not need the marking in Mangle because NAT is doing the work here and you don't need the extra marking. https://wiki.mikrotik.com/wiki/Manual%3AIP/Firewall/NAT#Masquerade_2 Marking is needed if both ISP gateway's are on the same ether port. Whatsa matter, msatter?? Lost the bubble LOL? Natti...
by anav
Sun Feb 14, 2021 5:19 pm
Forum: Wireless Networking
Topic: [wifiwave2] for cAP ac, hAP ac2
Replies: 40
Views: 5345

Re: [wifiwave2] for cAP ac, hAP ac2

any capac2 variant should not be a fix to the current wifi5 old implementation, a slap in the face to current capac owners, they should go straight to wifi 6. So its a real change worth considering.
by anav
Sun Feb 14, 2021 4:15 pm
Forum: General
Topic: deny winbox access to hotspot users
Replies: 2
Views: 260

Re: deny winbox access to hotspot users

I have not used hotspot functionality but there are several places to limit winbox access. 1 . INPUT CHAIN . At the end of the input chain of the default firewall rules I do three modifications, after GETTING RID of the !LAN rule. a. create a rule to allow only those on an admin access firewall list...
by anav
Sun Feb 14, 2021 4:01 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 66
Views: 38132

Re: DHCP Offering Lease Without Success

Still a fish, even though it's probably old, rotten and stinks. :D Au contraire, the fish procured was succulent and tasty and most satisfying, so much so I went back for more! Before I would mess with unknown wifi settings. IF as you describe, then the MT wifi design is so flawed, why is that func...
by anav
Sun Feb 14, 2021 3:56 pm
Forum: General
Topic: Help 3 router one behind the other
Replies: 4
Views: 330

Re: Help 3 router one behind the other

Also according to your information the first HAPAC would get nothing!! if its wanip is 192.168 .2.1, seeing as the DMZ on the original router is 192.168 .1.2 Why does your ISP have to provide NAT, can you not get them to provide a public IP, or passthrough mode. Concur with others, avoid double and ...
by anav
Sat Feb 13, 2021 5:20 pm
Forum: General
Topic: for 3 years about chain mangle game ?
Replies: 5
Views: 489

Re: for 3 years about chain mangle game ?

/export hide-sensitive file=anynameyouwish

Unable to really figure out what you are trying to do.
by anav
Sat Feb 13, 2021 5:18 pm
Forum: General
Topic: created VLAN but cannot route through to internet from it.
Replies: 4
Views: 252

Re: created VLAN but cannot route through to internet from it.

if you post your config it will be clearer what you are attempting to do. The requirements are not well stated thus far. /export hide-sensitive file=anynameyouwish. It is not clear to me if you simply want one subnet (vlan) to use a specific WAN interface (assuming you have more than one) or somethi...
by anav
Sat Feb 13, 2021 5:16 pm
Forum: Beginner Basics
Topic: Splitting Ports into Seperate Isolated Networks
Replies: 25
Views: 1443

Re: Splitting Ports into Seperate Isolated Networks

Thus MKX the question in my mind remains,
a. having a drop all else rule in the input chain, will prevent.
b. computer on subnet A, being able to ping gateway of subnet B.

????????
by anav
Sat Feb 13, 2021 5:13 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 2742

Re: NAT not working...

There is no point considering the hapac2, as it has wifi of the old ilk. Reading the tea leaves, the hapac3 however has the capacity to receive the wifi of the new ilk (catching up to the rest of the worlds old stuff). Better specs all the way round. Most importantly it should easily handle 1gib con...
by anav
Sat Feb 13, 2021 5:04 am
Forum: Beginner Basics
Topic: Inter-vlan routing and default firewall
Replies: 4
Views: 338

Re: Inter-vlan routing and default firewall

Hi pcunit & anav, per anav pointer, I have read and did use your guide before getting started. It is an excellent resource for which I gave credit in the 1st post. But since I wasn't attempting to create any one of the specific topo that you outlined in the guide I decided my goal was more mode...
by anav
Fri Feb 12, 2021 8:29 pm
Forum: General
Topic: Outgoing SSH traffic is blocked
Replies: 5
Views: 1278

Re: Outgoing SSH traffic is blocked

I now had the same problem: blocked SSH packages. With deep analysis of logfiles it was clear that authentication worked well, but afterwards all packaed had been droped. The problem only appeared with Linux and macOS machines, it worked fine with Windows 10 build-in ssh. Exen disabling of all drop...
by anav
Fri Feb 12, 2021 8:27 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 66
Views: 38132

Re: DHCP Offering Lease Without Success

I fixed it with two of my capacs! Replaced with Tplink EAP245.
by anav
Fri Feb 12, 2021 4:55 pm
Forum: Beginner Basics
Topic: Isolate devices from same physical network.
Replies: 10
Views: 2717

Re: Isolate devices from same physical network.

For vlans to work, they need to interact with smart devices, vlan capable switches or vlan capable access points. At the point in time where you have to connect to a dumb device (pc etc, anything that cannot read vlans), then that is the last stop for the vlan. So for example if your access points w...
by anav
Fri Feb 12, 2021 4:53 pm
Forum: Beginner Basics
Topic: Confused how to do VLAN Firewall filters? [SOLVED]
Replies: 8
Views: 441

Re: Confused how to do VLAN Firewall filters? [SOLVED]

What I end up doing is modifying my input chain and forward chain with a last DROP all rule. add action=drop chain=input or forward comment="drop all else" What this does is basically drop any traffic that you, as an admin, have not explicitly allowed. So in the input chain BEFORE you do t...
by anav
Fri Feb 12, 2021 4:47 pm
Forum: Beginner Basics
Topic: Inter-vlan routing and default firewall
Replies: 4
Views: 338

Re: Inter-vlan routing and default firewall

Did you use this document as a ref guide??
viewtopic.php?f=13&t=143620
by anav
Fri Feb 12, 2021 4:26 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 65
Views: 12392

Re: v6.47.9 [long-term] is released!

Will upgrade my CCR but leave my capacs where they are for now. To many indications of wifi issues.
by anav
Thu Feb 11, 2021 8:29 pm
Forum: General
Topic: Help me setup 2 ISP
Replies: 3
Views: 219

Re: Help me setup 2 ISP

Much easier if you can dedicate a specific subnets, vlans, to use ISP 2. (no mangling required) If you want to do it by individual IIP addresses its harder but doable (mangling required) Dont recommend trying stuff by mac address gets complex. The first method allows some flexibility in that all tra...
by anav
Thu Feb 11, 2021 8:26 pm
Forum: General
Topic: Routing and mangle
Replies: 7
Views: 557

Re: Routing and mangle

Why do you need to mangle anything................. If ISP 1 is the main ISP for business uses................ for MAIN LAN. and ISP 2 is the secondary ISP for guest .......... GUEST LAN lets say subnet 192.168.0.0/24 or vlan40 (not sure what you have setup for guest users). Just add a third route i...
by anav
Thu Feb 11, 2021 8:15 pm
Forum: General
Topic: Home Network is Failing
Replies: 10
Views: 577

Re: Home Network is Failing

Concur for your setup its overkill but in a good way. The rb4011 is an excelled powerful wired router perfect for small business SOHO etc....... The EAP245 I have in two locations and both have been more stable rock solid with better speeds then my capacs. You have the right pieces. ......check cabl...
by anav
Thu Feb 11, 2021 8:09 pm
Forum: Beginner Basics
Topic: Port 22 / SFTP/SSH Being Blocked
Replies: 26
Views: 1298

Re: Port 22 / SFTP/SSH Being Blocked

what is this????????? # no interface add action=accept chain=input in-interface=*F00037 This rule bothers me for a number of reasons. a. you dont need it b. you put it before the other forward rules and thus is in the wrong order (outcome thus unknown). c. if you want a log rule for forward chain tr...
by anav
Thu Feb 11, 2021 7:59 pm
Forum: Beginner Basics
Topic: Isolate devices from same physical network.
Replies: 10
Views: 2717

Re: Isolate devices from same physical network.

This is not difficult to config, but its up to the op to provide how far he has gotten thus far.
/export hide-sensitive file=anynameyouwish

Highly recommend he.she other use this as a guide...........
viewtopic.php?t=143620
by anav
Wed Feb 10, 2021 2:35 pm
Forum: Beginner Basics
Topic: Splitting Ports into Seperate Isolated Networks
Replies: 25
Views: 1443

Re: Splitting Ports into Seperate Isolated Networks

Ahh I never see that phenomena as my input chain also had a drop all else rule at the end! (just make sure you have an admin access rule before it!!!) Good to know (layer of MT and networking knowledge depth I will never have). /ip firewall filter add action=accept chain=input comment=\ "defcon...
by anav
Wed Feb 10, 2021 2:30 pm
Forum: Beginner Basics
Topic: Need some advice for a Mikrotik beginner
Replies: 3
Views: 290

Re: Need some advice for a Mikrotik beginner

I could recommend an MT router but not MT wifi. For Access points, I would look at TP LINK eap245 as a low budget solid stable product. I would look at their newer EAP 620 and 660 for the higher speed wifis available. What is your ISP throughput? Most people run DNS or adguard type stuff on rasperry...
by anav
Wed Feb 10, 2021 2:00 am
Forum: Beginner Basics
Topic: Splitting Ports into Seperate Isolated Networks
Replies: 25
Views: 1443

Re: Splitting Ports into Seperate Isolated Networks

Not rules I suggested LOL, perhaps the one who gave you those rules,that leak like a sieve, can help you! ;-).
by anav
Tue Feb 09, 2021 8:58 pm
Forum: Beginner Basics
Topic: Basic configuration problems
Replies: 5
Views: 388

Re: Basic configuration problems

I am sure you will get plenty of help. Best thing is to document your requirements (put them in terms of use cases, what you need individual or groups of users, or single or groups of devices to do...... and dont word them in terms of configuration. Also provide notional network diagrams of what you...
by anav
Tue Feb 09, 2021 8:54 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 65
Views: 12392

Re: v6.47.9 [long-term] is released!

Awesome been waiting for the "real" stable release. Long term it is!!
by anav
Tue Feb 09, 2021 6:08 pm
Forum: Beginner Basics
Topic: which rules prevents access to services on the mikrotik? [SOLVED]
Replies: 4
Views: 293

Re: which rules prevents access to services on the mikrotik? [SOLVED]

The easy answer for both input chain and forward chain is to put a simpler last rule. add chain=forward (or) input action=drop comment="Drop All Else" What this does is drop all traffic to the router (input chain) OR across the router wan to lan, lan to wan, lan to lan, that you have not E...
by anav
Mon Feb 08, 2021 10:13 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 99
Views: 18814

Re: v6.48.1 [stable] is released!

Completely irrelevant! It is your own responsibility to ensure that you can operate your equipment at sufficient availability for your network. That includes being responsible for backups, rollback possibilities, spare hardware in case it breaks, and also if software is suitable for your purpose. Y...
by anav
Mon Feb 08, 2021 10:12 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 99
Views: 18814

Re: v6.48.1 [stable] is released!

BTW, the copyright needs to be updated for 2021... It still reads:
MikroTik RouterOS 6.48.1 (c) 1999-2020       http://www.mikrotik.com/
(And when you are at it... How about changing the url to https?)
Very observant worm!! +30 points for House of Invertebrate! ;-)
by anav
Mon Feb 08, 2021 10:04 pm
Forum: General
Topic: for 3 years about chain mangle game ?
Replies: 5
Views: 489

Re: for 3 years about chain mangle game ?

Please provide some requirements....
What is the use case or use cases?
Also a network diagram will help understand if this is for a single WAN router with a single LAN or something different.
If you want specifics you need to provide specifics.
by anav
Mon Feb 08, 2021 10:02 pm
Forum: Beginner Basics
Topic: Splitting Ports into Seperate Isolated Networks
Replies: 25
Views: 1443

Re: Splitting Ports into Seperate Isolated Networks

Superwhat? It must be some Yankee stuff again, I'm surprised you Canadiens fall for it so often. ;-)
Think of it as the Rugby World Championships but with padding!
by anav
Mon Feb 08, 2021 9:54 pm
Forum: Beginner Basics
Topic: Router setup with VLANs [SOLVED]
Replies: 10
Views: 998

Re: Router setup with VLANs [SOLVED]

Well done config, The only nitpicky thing I would do is modify your lines as follows........ add bridge=BR1 comment="Trunk/Uplink: V10, V20" interface=ether2 add bridge=BR1 comment=" Trunk:V20/Access: V10" ingress-filtering=yes interface=ether3 pvid=10 add bridge=BR1 comment=&quo...
by anav
Mon Feb 08, 2021 9:34 pm
Forum: Beginner Basics
Topic: Port 22 / SFTP/SSH Being Blocked
Replies: 26
Views: 1298

Re: Port 22 / SFTP/SSH Being Blocked

No worries, please post your complete config again as it is now.

/export hide-sensitive file=anynameyouwish
by anav
Mon Feb 08, 2021 2:25 pm
Forum: Beginner Basics
Topic: Splitting Ports into Seperate Isolated Networks
Replies: 25
Views: 1443

Re: Splitting Ports into Seperate Isolated Networks

I was bored, the Superbowl was so one sided LOL
Besides I thought you would be proud that I didnt use the word (sounds like a letter with a sharp point at the bottom and the word PAN)
by anav
Mon Feb 08, 2021 4:24 am
Forum: General
Topic: Which is better like Ubiquity
Replies: 7
Views: 653

Re: Which is better like Ubiquity

Naw for indoor residential wifi TPlink is better value than ubiquiti.
by anav
Mon Feb 08, 2021 3:46 am
Forum: Beginner Basics
Topic: Splitting Ports into Seperate Isolated Networks
Replies: 25
Views: 1443

Re: Splitting Ports into Seperate Isolated Networks

Sumptin like dis....... /interface ethernet set [ find default-name=ether1 ] name=ISP_eth1 set [ find default-name=ether2 ] name=Group1_eth2 set [ find default-name=ether3 ] name=Group1_eth3 set [ find default-name=ether4 ] name=Group2_eth4 set [ find default-name=ether5 ] name=Group2-eth5 /interfac...
by anav
Mon Feb 08, 2021 2:50 am
Forum: Beginner Basics
Topic: Networking Strucutre [SOLVED]
Replies: 20
Views: 1201

Re: Networking Strucutre [SOLVED]

Not impressed that you made changes not knowing what you are doing.
Reset back to defaults on the firewall and ask from help from there.
by anav
Sun Feb 07, 2021 3:56 am
Forum: Beginner Basics
Topic: Need help with port openings
Replies: 5
Views: 381

Re: Need help with port openings

Is this a business or a home setup?
by anav
Sun Feb 07, 2021 3:54 am
Forum: Beginner Basics
Topic: Need suggestions for WAF features and http traffic rules
Replies: 2
Views: 278

Re: Need suggestions for WAF features and http traffic rules

No one gives a shit if you dont have anything of value.............. In other words people go after you if. a.. you have something of value b. you have crappy security (easy mark). A default setup of an MT router is fine for 99% of folks. Why are you so paranoid? If you are running a business then o...
by anav
Fri Feb 05, 2021 4:03 am
Forum: General
Topic: Which is better like Ubiquity
Replies: 7
Views: 653

Re: Which is better like Ubiquity

An RB4011 wired only MT product is fantastic.
Even smarter using a TP Link EAP245 for a low priced but stable wifi.
Using a TP link EAP 620 or 660 for higher throughput.

Nobody I see is recommending MT wifi of late so not sure where it was recommended to you.
by anav
Fri Feb 05, 2021 3:57 am
Forum: Beginner Basics
Topic: Networking Strucutre [SOLVED]
Replies: 20
Views: 1201

Re: Networking Strucutre [SOLVED]

Yes,
please post your config to see what is currently attempted.

/export hide-sensitive file=anynameyouwish
by anav
Wed Feb 03, 2021 5:44 pm
Forum: General
Topic: need a cellular backup for CCR1009-7G-1C-1S+PC router
Replies: 7
Views: 441

Re: need a cellular backup for CCR1009-7G-1C-1S+PC router

From another thread in May 2019 I got a reply from @support: Unfortunately, we cannot recommend any Smart Card for use in MikroTik devices. The Smart Card support in RouterOS requires significant rebuild and currently it is on hold due to higher priority projects. My question for MT staff, nowhere c...
by anav
Wed Feb 03, 2021 5:19 pm
Forum: Beginner Basics
Topic: Cisco AP Autonomout Mode VLAN issue on one VLAN [SOLVED]
Replies: 17
Views: 982

Re: Cisco AP Autonomout Mode VLAN issue on one VLAN [SOLVED]

why are you using this proxy setting thingy......... ???? add arp=proxy-arp interface=BR1 name=SOHO_VLAN vlan-id=10 Incomplete setup - I see vlan interface and address for base but thats it!! Dont see pool for vlan99 Dont see dhcp server, Dont see dhcp server network so you have three WLANs per radi...
by anav
Wed Feb 03, 2021 5:17 pm
Forum: Beginner Basics
Topic: Help please!
Replies: 7
Views: 514

Re: Help please!

Looks pretty basic default ish, which is fine! I dont see any dhcp client settings though, Have a look at that part of the winbox menu IP DHCP CLIENT and see if you have established a public IP on your dhcp client AKA Status --> its BOUND !! By double clicking on the client you can also see the stat...
by anav
Tue Feb 02, 2021 10:33 pm
Forum: Wireless Networking
Topic: Any product recommendations for MikroTik wifi router?
Replies: 13
Views: 1114

Re: Any product recommendations for MikroTik wifi router?

Yeah but Tom is a Yankee, its all square miles when you put in an "m" in there! ;-)
by anav
Tue Feb 02, 2021 10:30 pm
Forum: General
Topic: Still no luck with simple Bridge
Replies: 12
Views: 854

Re: Still no luck with simple Bridge

Treat the WAP as device on the LAN. and make the LAN vlan20 Create a bridge on the WAP for the vlans for the incoming signal and assign vlan10 to that traffic (access port). On the HAP create the vlan structure for the lan vlan20 Associate vlan10 with the dhcp client and ethernet interface. Seems li...
by anav
Tue Feb 02, 2021 9:01 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 6
Views: 522

Re: hAP ac3 - VLAN & inter-VLAN

As CZFAN noted, the firewall rules are independent of the vlan switch chip functionality.
The firewall rules will be applied to the flow of traffic in and out of interfaces, subnets, ips etc at the router.
by anav
Tue Feb 02, 2021 7:39 pm
Forum: Beginner Basics
Topic: Block Connection to router
Replies: 4
Views: 438

Re: Block Connection to router

You will have to ask someone who is familiar with VPN.
I only use vpn to access the router from my smartphone when away from the house. IKEv2.
I do not connect to the router. I connect to the LAN and from the LAN IP then ensure I have admin permission to access the router.
by anav
Tue Feb 02, 2021 7:35 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 6
Views: 522

Re: hAP ac3 - VLAN & inter-VLAN

There are two ways to do vlans, the switch chip method as you noted (excellent video) and bridge vlan filtering method on the link I posted. I am familiar only with the latter. The switch chip method makes sense if your router has the right switch capabilities. The vlan bridge filtering method will ...
by anav
Mon Feb 01, 2021 10:36 pm
Forum: General
Topic: After Hack are we clean ?
Replies: 6
Views: 652

Re: After Hack are we clean ?

Its not clear to me that you were accessing the Routers remotely via VPN.
That is the way to do it, by accessing the LAN, and from the LAN then to the router. Restricting by external IPs is not security.
by anav
Mon Feb 01, 2021 8:50 pm
Forum: General
Topic: Two WAN Connections and Two Web servers
Replies: 5
Views: 411

Re: Two WAN Connections and Two Web servers

Okay best thing here is to post your current config without the attempt at any marking,.
Then I can explain it better with examples.

/export hide-sensitive file=anynameyouwish
by anav
Mon Feb 01, 2021 8:46 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 6
Views: 522

Re: hAP ac3 - VLAN & inter-VLAN

Hey steve, It can be overwhelming for sure!! This article will help you setup vlans, read it carefully, pick the example that fits your situation. When you have given it a go do not hesitate to provide your config and will help you get to a working config. /export hide-sensitive file=anynameyouwish ...
by anav
Mon Feb 01, 2021 3:49 pm
Forum: General
Topic: VLAN'S one port trunk
Replies: 1
Views: 177

Re: VLAN'S one port trunk

This is very easy.
Suggest you read this reference and setup your config.
If still having problems then post your config here for assistance.

viewtopic.php?t=143620
by anav
Mon Feb 01, 2021 3:43 pm
Forum: General
Topic: Two WAN Connections and Two Web servers
Replies: 5
Views: 411

Re: Two WAN Connections and Two Web servers

The reason is how youve configured your routes most likely. Since all traffic goes out the primary WAN, this will also be the case for any traffic entering via WAN2 (should be the only traffic really) and headed for that server. The return from this server will follow the rules you have set which is...
by anav
Mon Feb 01, 2021 3:29 pm
Forum: Beginner Basics
Topic: Tp-Link Archer C7 router Ac1750 + Mikrotik RB750Gr3
Replies: 4
Views: 2002

Re: Tp-Link Archer C7 router Ac1750 + Mikrotik RB750Gr3

Did you want to have the TPlink act as a router or simply access point/switch?
The TPLINK does not do vlans (by that I mean it cannot read vlan tags).
by anav
Mon Feb 01, 2021 4:01 am
Forum: General
Topic: L2, L3 Firewall with different VLANs - bridge two vlans (intern, extern)
Replies: 7
Views: 525

Re: L2, L3 Firewall with different VLANs - bridge two vlans (intern, extern)

Sorry no capiche. You would need to give me a zoom lesson to understand unfortunately.
I will have another think about it tomorrow.
by anav
Sun Jan 31, 2021 10:39 pm
Forum: General
Topic: L2, L3 Firewall with different VLANs - bridge two vlans (intern, extern)
Replies: 7
Views: 525

Re: L2, L3 Firewall with different VLANs - bridge two vlans (intern, extern)

mkx, is the basic idea that one wants to have an access trunk from switch to modem, lets say on switch port ether5. All packets coming in on this port are tagged with vlan10, all packets leaving this port back to the modem have their tags stripped. Then on ether4 on the switch one has a trunk port c...
by anav
Sun Jan 31, 2021 3:48 pm
Forum: General
Topic: L2, L3 Firewall with different VLANs - bridge two vlans (intern, extern)
Replies: 7
Views: 525

Re: L2, L3 Firewall with different VLANs - bridge two vlans (intern, extern)

Diagrams may help but why are you bridging the external interface?? Bridging is typically for behind the router (the lans or vlans)
Are you saying that your wan, internet connection comes in on a vlan from the provider?
by anav
Sun Jan 31, 2021 3:45 pm
Forum: Beginner Basics
Topic: ip forward between two local networks
Replies: 12
Views: 861

Re: ip forward between two local networks

LIke I said, when you are able to describe the use cases, the requirements in words without discussing configuration, I will be able to provide assistance.
by anav
Sun Jan 31, 2021 3:34 pm
Forum: Beginner Basics
Topic: Block Connection to router
Replies: 4
Views: 438

Re: Block Connection to router

Here is where you should start!!!!!!! Default rules......... /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" co...
by anav
Sun Jan 31, 2021 3:53 am
Forum: General
Topic: Notepad++ (npp) user-defined language (UDL) for RouterOS
Replies: 4
Views: 630

Re: Notepad++ (npp) user-defined language (UDL) for RouterOS

I see lots of pretty colours, is that what is meant by ROS language?
by anav
Sat Jan 30, 2021 5:29 pm
Forum: Beginner Basics
Topic: Block all internet traffic to one port except from one IP address
Replies: 9
Views: 732

Re: Block all internet traffic to one port except from one IP address

Concur with previous poster. As I clearly outlined, the allow port forwarding but block all other wan traffic (GOOD STARTING DEFAULT RULE), I normally recommend ditching once one is comfortable in understanding how the rules work. The reason being it forces one to have port forwarding allowed and se...
by anav
Sat Jan 30, 2021 5:23 pm
Forum: Beginner Basics
Topic: Router setup with VLANs [SOLVED]
Replies: 10
Views: 998

Re: Router setup with VLANs [SOLVED]

You are usually right, but I am not so smart or experienced (MT virgin so to speak) and cannot afford to guess or assume LOL.
by anav
Sat Jan 30, 2021 5:19 pm
Forum: Beginner Basics
Topic: ip forward between two local networks
Replies: 12
Views: 861

Re: ip forward between two local networks

Nothing you have said makes any sense to me. If you have two subnets that need full view of each other, then simply put them on the same subnet. You can try and put the two groups on different pools within the same subnet for example so they have some degree of separation. The only reason to have di...
by anav
Sat Jan 30, 2021 5:13 pm
Forum: Beginner Basics
Topic: Router setup with VLANs [SOLVED]
Replies: 10
Views: 998

Re: Router setup with VLANs [SOLVED]

Where are the DHCP settings for the VLANS. IMHO dont use the bridge to do anything but bridge (dont use it for dhcp for anything). I would expect to see two sets of everything for vlan 10 and 20 If you need a management vlan as well, then make and use 99 for example. It also appears that you are att...
by anav
Fri Jan 29, 2021 3:10 pm
Forum: General
Topic: IP Firewall Nat
Replies: 8
Views: 1137

Re: IP Firewall Nat

What is the use case that better describes the requirement instead of a forced solution approach.
What is the situation and what do you want users to be able to do or not do, in words without mentioning config at all.
by anav
Fri Jan 29, 2021 3:08 pm
Forum: Beginner Basics
Topic: ip forward between two local networks
Replies: 12
Views: 861

Re: ip forward between two local networks

Why have two separate subnets if they can see each other both ways?? The fact that you have different subnets means you are already starting to separate them at layer 2. You can make firewall rules to allow routing between them at L3, which is not NAT. Is that what you mean? I hope thats not your co...
by anav
Fri Jan 29, 2021 3:05 pm
Forum: Beginner Basics
Topic: Block all internet traffic to one port except from one IP address
Replies: 9
Views: 732

Re: Block all internet traffic to one port except from one IP address

Not 100% sure, but the general rule to allow port forwarded traffic the way Ive stated it, means 1 firewall rule to be matched. Simple, efficient. In your situation/config method you would end up making multiple firewall rules which are really not required. In any case a destination nat rule is also...
by anav
Thu Jan 28, 2021 7:40 pm
Forum: General
Topic: Router internal access rule
Replies: 8
Views: 495

Re: Router internal access rule

All good info!! I would add that one can make up INTERFACE Lists, Firewall ADDRESS Lists, use individual IPs, subnets etc. Lots of flexibility. Typically I use address lists when something else does not quite capture my intent. For example IP addresses that are a range within a subnet and not the wh...
by anav
Thu Jan 28, 2021 7:34 pm
Forum: Beginner Basics
Topic: Block all internet traffic to one port except from one IP address
Replies: 9
Views: 732

Re: Block all internet traffic to one port except from one IP address

There are two things at play here. 1. A firewall rule that allows port forwarding in general ( allow WAN to LAN traffic). 2. Create the specific destination or port forward rule in NAT (destination nat). 3. Not directly connected but one should also have the standard source nat rule in place (depend...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 21