Community discussions

Search found 1274 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 26
by anav
Tue Jan 15, 2019 9:52 pm
Forum: Beginner Basics
Topic: Recommended DNS Approach.
Replies: 3
Views: 112

Re: Recommended DNS Approach.

Well for internal clients all the DHCP servers and gateways are set such that they should all be pointed to theire respective gateway which then point to my set of IP DNS servers. If those can still be manually bypassed by someone manually setting up a proxy of some sort or perhaps their own DNS ser...
by anav
Tue Jan 15, 2019 9:42 pm
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

Thanks much!!! /interface bridge vlan add bridge=HomeBridge tagged=HomeBridge,ether3-WAP untagged=ether2-Guest vlan-ids=99 Perhaps it's not obvious, the config line is about vlan-id. But you can rewrite config to 3 commands, one per port/vlan and if you group commands by port, it'll become more appa...
by anav
Tue Jan 15, 2019 9:34 pm
Forum: General
Topic: Allow all traffic between one LAN and WAN interface
Replies: 1
Views: 43

Re: Allow all traffic between one LAN and WAN interface

No idea but you have to conduct 3 separate and sometimes related rules. a. NAT the traffic appropriately b. Route the traffic appropriately. c. If necessary apply firewall filter rules to allow traffic to flow Sometimes one has to use mangle type rules to correctly identify the traffic to be routed.
by anav
Tue Jan 15, 2019 9:27 pm
Forum: General
Topic: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?
Replies: 3
Views: 264

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

You dont need the att modem/gateway because its not really a modem at least for the internet, all it does is provide a ready made vlan setting for you. I have my mickrotik directly connected to the ONT, ONT to me means fiber to ethernet modem. Its this device that needs to be registered to your acco...
by anav
Tue Jan 15, 2019 9:08 pm
Forum: Beginner Basics
Topic: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)
Replies: 8
Views: 218

Re: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)

Good choice!! I think my ONTs old and new are of the lucent alcatel variety by the way. The Bell support should end at the ONT anyway so not a concern. The technician has to specially program the ONT to work for your particular account and ont device etc........ Once thats done what you do after is ...
by anav
Tue Jan 15, 2019 9:01 pm
Forum: Beginner Basics
Topic: Recommended DNS Approach.
Replies: 3
Views: 112

Recommended DNS Approach.

I was reading a link from a MUM that contained the following advice......... THIS PART WAS LABELLED WRONG! /ip dns set allow-remote-requests=yes servers=8.8.8.8 ● /ip firewall nat add action=masquerade chain=srcnat out-interface=Internet ● /ip firewall filters add action=fasttrack-connection chain=f...
by anav
Tue Jan 15, 2019 8:43 pm
Forum: Beginner Basics
Topic: Forcing single URL to use specific WAN
Replies: 8
Views: 230

Re: Forcing single URL to use specific WAN

Hmm okay, that elicited a response that was incomprehensible so I will rephrase the question LOL. Will the rule I created based on your example work? Which is more efficient. I have not setup any mangle rules by the way and your example shows no reference (preferred source etc) or link to any mangle...
by anav
Tue Jan 15, 2019 8:39 pm
Forum: General
Topic: Dual wan fail over, fail back not working
Replies: 6
Views: 192

Re: Dual wan fail over, fail back not working

So Sebastia, what do you recommend if the Authors Two WANIPs are dynamic/////////////?? typical recursive setup............. /ip route add check-gateway=ping distance=2 gateway=8.8.4.4 add distance=2 dst-address=8.8.4.4/32 gateway=DynamicFiberGateway scope=10 (primary) add distance=3 gateway=Dynamic...
by anav
Tue Jan 15, 2019 7:26 pm
Forum: General
Topic: Vlan Routing Problem
Replies: 11
Views: 612

Re: Vlan Routing Problem

Well we should be talking apples to apples. Suggest you update your router to 6.43.8 before continuing. Confirm following ether2 - connected to managed switch in your diagram, only need vlan5 traffic on this port ether3 - connected to what looks like an unmanaged switch to connect to PCs only runnin...
by anav
Tue Jan 15, 2019 7:20 pm
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

haha okay so no reason other that those are the only offered options LOL. So I understand why PVID=99 for ether2. It is to ensure all untagged packets coming from guest computers are tagged by the router when entering ether2 port. The ingress filtering ensures that no other vlan tagged traffic is al...
by anav
Tue Jan 15, 2019 7:12 pm
Forum: Beginner Basics
Topic: Forcing single URL to use specific WAN
Replies: 8
Views: 230

Re: Forcing single URL to use specific WAN

add action=lookup dst-address=<ip mail server> table=static-wan1 Can you break down how that works. I have a fail over dual WAN scenario and the mail server is on the secondary WAN, Thus i created a route rule so that this works in my case....... /ip route add check-gateway=ping distance=2 gateway=...
by anav
Tue Jan 15, 2019 7:00 pm
Forum: Beginner Basics
Topic: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)
Replies: 8
Views: 218

Re: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)

Just a heads up, when they upgraded me with the single unit (wifi, powersupply, ont), I asked can you put this thing in bridge modem as I want to get a public IP and run my own router, not be using Bells router. The tech said its possbily flaky when trying to do that. Luckily they have another basic...
by anav
Tue Jan 15, 2019 2:38 pm
Forum: Beginner Basics
Topic: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)
Replies: 8
Views: 218

Re: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)

Interesting discussion I recently got bell Fiber but not ppooee and yes using vlan35. 1. Create ethernet interface 2. Create vlan interface under the ethernet interface, 3. all other rules point to the vlan interface. With a hex router getting 400up 300 down (It maxes out for sure) With an rb450gx4 ...
by anav
Mon Jan 14, 2019 11:40 pm
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

What's intended purpose of ether2? Wired access port to GuestAccess? In that case it should be /interface bridge port add bridge=HomeBridge comment="Guest, wired" frame-types=admit-only-untagged-and-priority-tagged pvid=99 ingress-filtering=yes interface=ether2-Guest /interface bridge vlan add brid...
by anav
Mon Jan 14, 2019 10:31 pm
Forum: General
Topic: Firewall: dynamic ip lookup instead of static address list?
Replies: 20
Views: 467

Re: Firewall: dynamic ip lookup instead of static address list?

Great explanation Mozerd! Much thanks. I hope the dude that lives in the little red car is paying attention!!
by anav
Mon Jan 14, 2019 9:13 pm
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

So MKX....... /interface bridge port (dont add ports if not used in general) add bridge=homebridge comment=defconf interface=ether6 add bridge=homebridge comment=defconf interface=ether7 add bridge=homebridge comment=defconf interface=ether8 add bridge=homebridge comment=defconf interface=ether9 add...
by anav
Mon Jan 14, 2019 7:12 pm
Forum: General
Topic: Firewall: dynamic ip lookup instead of static address list?
Replies: 20
Views: 467

Re: Firewall: dynamic ip lookup instead of static address list?

None, sorry. I dont have time to play silly games with lists. I wasted lots of time looking at various lists and attempting smallish items and realized I was only fooling myself if I thought I was actually doing something productive LOL. Good luck though!
by anav
Mon Jan 14, 2019 7:11 pm
Forum: General
Topic: Whatsapp video being blocked
Replies: 2
Views: 135

Re: Whatsapp video being blocked

Wrong, I use whatsapp all the time behind my mikrotik. It has to be your ISP. Looking at your rules its hard to figure out what you are doing wrt to DNS but if it works for you great. :-) I didnt realize 208.67.222. 123 or 208.67.220. [flash=]123[/flash] were valid servers......... I thought they we...
by anav
Mon Jan 14, 2019 6:49 pm
Forum: General
Topic: Firewall: dynamic ip lookup instead of static address list?
Replies: 20
Views: 467

Re: Firewall: dynamic ip lookup instead of static address list?

There aint new fish in the pond, its fetch and script remove and add, and until known limitations are removed not sure more can be done. Mozerd has eked out performance optimums with his setup is my understanding. For a few pennies (or cups of coffee a month) the MOAB is excellent value for most of ...
by anav
Mon Jan 14, 2019 5:52 pm
Forum: Beginner Basics
Topic: Route vlans
Replies: 3
Views: 91

Re: Route vlans

Well, asking specific questions without providing your config is not all that helpful
If you want me to guess, then I suspect you need firewall rules allowing it (FORWARD CHAIN).

/export hide-sensitive file=mylatestconfig
by anav
Mon Jan 14, 2019 5:50 pm
Forum: Beginner Basics
Topic: Route vlans
Replies: 3
Views: 91

Re: Route vlans

Well, asking specific questions without providing your config is not all that helpful
If you want me to guess, then I suspect you need firewall rules allowing it (FORWARD CHAIN).
by anav
Mon Jan 14, 2019 5:41 pm
Forum: Beginner Basics
Topic: How to forward ports to multiple WAN interfaces?
Replies: 1
Views: 45

Re: How to forward ports to multiple WAN interfaces?

Hi there not sure what you mean but for example I have two dynamic WANIPs one cable and one bell fiber. I have a masquerade rule for both. Be aware these rules do no routing, it simply tells the router that if traffic goes out ISP one, it should be given the associated WANIP and similarly if it the ...
by anav
Mon Jan 14, 2019 5:23 pm
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

For the reported issue: Try setting VLAN=1 for the home regular users (not vlan=0) and see what happens. I just noticed something else. In that your ether2 interface may allow non vlan99 traffic ++++++++++++++++++++++++++ add bridge=homebridge comment=defconf interface=ether2 frame-types=admit-only-...
by anav
Sun Jan 13, 2019 5:52 pm
Forum: Beginner Basics
Topic: Priority-only VLAN tags (VLAN-ID 0)
Replies: 8
Views: 312

Re: Priority-only VLAN tags (VLAN-ID 0)

Hey Sebastia is it just me or is that a new avatar.................... I mean, why post here when you could be driving LOL.
by anav
Sun Jan 13, 2019 4:59 am
Forum: General
Topic: RB2011 configuration question
Replies: 4
Views: 220

Re: RB2011 configuration question

Yes, the glaring error is that you are using old firmware. Update to 6.43.8.
by anav
Sun Jan 13, 2019 4:54 am
Forum: Beginner Basics
Topic: Port forward
Replies: 2
Views: 152

Re: Port forward

From your code snippet is seems people are coming to your router on port 3333 and you wish to have it translated to 4444. What you need is a generic firewall filter rule that enables the router to pass through DSTNAT connections. /ip firewall filter add action=accept chain=forward comment=\ "Allow P...
by anav
Sat Jan 12, 2019 5:06 pm
Forum: General
Topic: Mark the traffic for YouTube, Facebook, etc.
Replies: 5
Views: 1081

Re: Mark the traffic for YouTube, Facebook, etc.

So the example catches google.video.com but what about all the ones we dont know?
by anav
Sat Jan 12, 2019 3:39 pm
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

True enough, but there is merit in understanding that the default route exists for a reason (checkbox) and what the route means and that its separate but required from NAT either way etc........... I was trying to find a post I think you had made in another thread but couldnt find it, showing differ...
by anav
Sat Jan 12, 2019 3:32 pm
Forum: Beginner Basics
Topic: cAP ac / v6.40.4 - frequent disconnects?
Replies: 10
Views: 541

Re: cAP ac / v6.40.4 - frequent disconnects?

Then we should talk more about physics LOL. One of my potential future son-in-laws is currently doing a masters in Physics and it makes for interesting dinner conversation.
by anav
Sat Jan 12, 2019 5:23 am
Forum: General
Topic: MOAB mother of all blacklists
Replies: 54
Views: 4821

Re: MOAB mother of all blacklists

Please stop using the forum..........
Place a link to your website onc............
Please use the proper forum method for posts that you feel are not warranted, the triangle symbol with the question mark.
Yes, I triangled your post as spam! :-)
by anav
Sat Jan 12, 2019 3:05 am
Forum: General
Topic: Filtering Malicious Traffic
Replies: 6
Views: 338

Re: Filtering Malicious Traffic

I would certainly recommend trying a service that is decent at blocking crap from getting in...... Its effective and costs pennies and worth a shot to see if it helps in any way, developed by one of our posters for his clients ........ (do a trial) https://forum.mikrotik.com/viewtopic.php?t=137632 H...
by anav
Sat Jan 12, 2019 3:02 am
Forum: Beginner Basics
Topic: cAP ac / v6.40.4 - frequent disconnects?
Replies: 10
Views: 541

Re: cAP ac / v6.40.4 - frequent disconnects?

That is good news! Mkx is some kinda IT genius LOL
by anav
Sat Jan 12, 2019 12:17 am
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

I dont have a clue about what your talking about mkx.
I have two connections, one straight cable ethernet that always pulls an IP automatically and a vlan fiber connection that I normally have to bind and then find the gateway IP and stick it in my recursive rules.
by anav
Fri Jan 11, 2019 10:00 pm
Forum: General
Topic: Can't Upgrade router mikrotik because hacked
Replies: 7
Views: 1390

Re: Can't Upgrade router mikrotik because hacked

My understanding sebastia, is that the bugs were exploitable if basic security practices were not followed.
by anav
Fri Jan 11, 2019 9:56 pm
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

You can select default route (checkbox) in the IP DHCP client setup and it will create the ip route rule for you and you dont have to make one.

By the way when the DHCP client connects, shows as BOUND.
Double click on the entry and then to go the STATUS TAB, it will tell you the gatewayIP.
by anav
Fri Jan 11, 2019 2:42 pm
Forum: General
Topic: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???
Replies: 4
Views: 292

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

I have never used or noticed a chain called VIRUS?
Does anyone actually use this and for what purpose?
by anav
Fri Jan 11, 2019 2:40 pm
Forum: General
Topic: Inbound routing with 2 ISP lines
Replies: 3
Views: 175

Re: Inbound routing with 2 ISP lines

You should post your NAT Rules, Mangle Rules and IP Route rules here as well for assistance.
by anav
Fri Jan 11, 2019 2:38 pm
Forum: General
Topic: Filtering Malicious Traffic
Replies: 6
Views: 338

Re: Filtering Malicious Traffic

Sounds like education of clients is probably the most important part of a way forward.
Without knowing the root causes of being blacklisted its hard to point in the right direction other than perhaps you may need some fancy layer 7 work??
by anav
Fri Jan 11, 2019 2:35 pm
Forum: Beginner Basics
Topic: Why my network is Reachable ???
Replies: 12
Views: 439

Re: Why my network is Reachable ???

Ahh yes, I see it now thanks. It may not be necessary for the second rule to checkgateway ping but not sure. In any case it works, so no need to mess with it. :-)
by anav
Thu Jan 10, 2019 10:47 pm
Forum: Forwarding Protocols
Topic: Plex port forwarding
Replies: 6
Views: 508

Re: Plex port forwarding

Two frogs is bang on for the NAT rule..... /ip firewall nat add action=dst-nat chain=dstnat comment="Plex port forwarding" dst-port=32400 in-interface=ether1 protocol=tcp to-addresses=192.168.1.18 You need a filter firewall rule not specific to that server but to allow DST NAT to be functional on th...
by anav
Thu Jan 10, 2019 9:01 pm
Forum: Beginner Basics
Topic: Why my network is Reachable ???
Replies: 12
Views: 439

Re: Why my network is Reachable ???

:D :D :D :D :D :D I try and try .... this worked with me =================================== Here's an example based off my config. 1.2.3.4 would be my "gateway" while 2.3.4.5 is the upstream device I am checking to verify connectivity. 3.4.5.6 would be a secondary route if your primary is down. /i...
by anav
Thu Jan 10, 2019 7:09 pm
Forum: General
Topic: Router o Firewall
Replies: 3
Views: 199

Re: Router o Firewall

Forget name calling, please state your requirements without any reference to equipment
What is it that you want to accomplish (functionality space, NOT solution space)
by anav
Thu Jan 10, 2019 7:08 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 331

Re: DHCP Setup on two ports

What router and what firmware version are you using please.
by anav
Thu Jan 10, 2019 7:02 pm
Forum: Beginner Basics
Topic: Guest VLAN help required
Replies: 23
Views: 681

Re: Guest VLAN help required

My tone is not always the best and my sense of humour whacky. :-) 1. Typos to the first question they should all be spelled and with the same case (me just lazy or paying attention to detail on that one). 2. Entries corrected: /ip address add address=192.168.111.2/24 comment="LAN gateway" interface=...
by anav
Thu Jan 10, 2019 2:36 pm
Forum: General
Topic: firewall rules
Replies: 18
Views: 663

Re: firewall rules

The only thing that concerns me is that you have two rules in input for WINBOX access. I think you may have gotten mixed up on this. Basically its allow whatever lanips you wish (think you will use to access winbox) to have to be able to access winbox. input, allow, source-address-list (of LANIPs), ...
by anav
Wed Jan 09, 2019 9:02 pm
Forum: Beginner Basics
Topic: Why my network is Reachable ???
Replies: 12
Views: 439

Re: Why my network is Reachable ???

Not much different from IP RoUTE method in winbox except add without any destination address as shown implies default setting of 0.0.0.0/0
by anav
Wed Jan 09, 2019 9:02 pm
Forum: Beginner Basics
Topic: Why my network is Reachable ???
Replies: 12
Views: 439

Re: Why my network is Reachable ???

Not much different from IP RoUTE in winbox except add without any destination address as shown implies default setting of 0.0.0.0/0
by anav
Wed Jan 09, 2019 5:35 pm
Forum: Beginner Basics
Topic: Mikrotik VLAN setup
Replies: 2
Views: 217

Re: Mikrotik VLAN setup

You already have a private VLAN, the default VLAN of PVID1. What you have created extra is a management VLAN and to be honest I don't yet see the need for this type of VLAN>??/ Where is the added value? So I will look at it from that perspective, if you want to add a management vlan after fill your ...
by anav
Wed Jan 09, 2019 5:08 pm
Forum: General
Topic: catch-all rule block all the traffic
Replies: 7
Views: 356

Re: catch-all rule block all the traffic

Why do you include input block rules for DNS? I also allow IP DNS remote requests and have identified 8,8,8,8 and 208.67.220.220 for example as available remote servers that can be accessed. For each DHCP network, I identify the DNS as being provided by the gateway, which then goes to the above list...
by anav
Wed Jan 09, 2019 5:02 pm
Forum: General
Topic: firewall rules
Replies: 18
Views: 663

Re: firewall rules

to add to what MKX stated. I have a DMZ LAN setup on my router using etherport 4, which is not on the bridge. My rules prevent the router from allowing cross talk between my bridge traffic (vlans and normal LAN) and the DMZ LAN. I also have VLANs on the bridge. To allow them access to internet traff...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 26