Community discussions

Search found 758 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 16
by anav
Sun Oct 14, 2018 5:01 am
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

Okay last attempt for the evening, I greyed out the redirect DNS rules and it looks like I got more Natting going on but still no success. Here is the Sharkscribe jpeg https://imgur.com/a/H5ErRsQ Here are the logs..... https://imgur.com/FBdY31z It seems that it searching for something via NTP but ne...
by anav
Sun Oct 14, 2018 2:28 am
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

Hi Sob, So basically I will disable my redirect rules but keep my current allow LAN to DNS input chain rules (tcp, udp) and my allow remote requests DNS rule (in IP DNS). I should note that Skybell literature says the ports they use are 53, 123, 443 and a bunch of high ports, Now I noticed when my h...
by anav
Sun Oct 14, 2018 12:53 am
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

Hi Sob, are you sure 404? THey both work for me? I didnt plan on giving out 8888 to this device, I kept the router as is from original setup. This is a different device. By the way I hooked up an R7000 netgear plain vanilla wifi router to a spare WANIP and the other device the leak detector connects...
by anav
Sat Oct 13, 2018 8:13 pm
Forum: Beginner Basics
Topic: Different DNS based on interface
Replies: 11
Views: 363

Re: Different DNS based on interface

I agree SOB and continuing the discussion in the other thread Smart Devices. A different device has a similar issue, wifi not a problem but talking to home yes, and could be ICMP related?
I included some logs and sharkfile output to view. Leaving this thread nowl
by anav
Sat Oct 13, 2018 8:09 pm
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

Here are my results from teh Skybell. Seems perhaps to be more an ICMP issue than DNS?? What could cause ICMP failure in this case?

https://i.dslr.net/syms/d93bec898a262b9 ... 112451.jpg

https://i.dslr.net/syms/f46a474569c314c ... 3694a3.jpg
by anav
Sat Oct 13, 2018 3:11 am
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

I have successfully connected to some NEST products and the Honeywell T5 but not the leak detector and now also tried a skybell HD door bell with same frustrating results.......... Lot of traffic back and forth between the gateway of the LAN and the LAN IP of the Skybel with DNS traffic but no other...
by anav
Sat Oct 13, 2018 1:39 am
Forum: Beginner Basics
Topic: How to select one of two gateways
Replies: 1
Views: 98

Re: How to select one of two gateways

State your requirements more clearly.........
Hint. A one line is not sufficient.
by anav
Sat Oct 13, 2018 1:33 am
Forum: Beginner Basics
Topic: Different DNS based on interface
Replies: 11
Views: 363

Re: Different DNS based on interface

Hmm okay, in that case I prefer the !192.168.0.98 src address entry in the existing rules. Well no combination of rules tried has allowed this device to get thru, however funnily enough, the T5 thermostat also Honeywell, connects just fine. It produced quite a convoluted wire shark file with connect...
by anav
Fri Oct 12, 2018 8:05 pm
Forum: Beginner Basics
Topic: Different DNS based on interface
Replies: 11
Views: 363

Re: Different DNS based on interface

I notice you do not delineate the port or protocol, is too wide open?
by anav
Fri Oct 12, 2018 7:54 pm
Forum: Beginner Basics
Topic: Router Attack [SOLVED]
Replies: 6
Views: 387

Re: Router Attack [SOLVED]

Find out what PC this is coming from and wipe the hard drive completely and do a fresh install.
by anav
Fri Oct 12, 2018 12:14 am
Forum: Beginner Basics
Topic: Different DNS based on interface
Replies: 11
Views: 363

Re: Different DNS based on interface

Much thanks SOB, I have added 192.168.0.98/32 and assigned DNS server 8.8.8.8 to the dhcp server list. So that part seems fairly easy. I also added 8.8.8.8 to my DNS server list but probably not required. /ip dns set allow-remote-requests=yes servers=8.8.4.4,8.8.8.8,208.67.220.220 and have the follo...
by anav
Thu Oct 11, 2018 11:49 pm
Forum: Beginner Basics
Topic: Best Way to Isolate Untrusted Device on My Home Network?
Replies: 9
Views: 359

Re: Best Way to Isolate Untrusted Device on My Home Network?

I will try my best at some advice. Methinks the ham radio needs to be on a different subnet and not on the same bridge as the homeLAN. Your firewall rules ((FORWARD)) should include a drop all rule at the end. Your firewall rules ((FORWARD)) should include a 192.168.x.x (your pc on homelan) to 192.1...
by anav
Thu Oct 11, 2018 8:57 pm
Forum: Beginner Basics
Topic: Whatsapp group mikrotik
Replies: 10
Views: 1469

Re: Whatsapp group mikrotik

Discord....... heck are you under 30 or something ;-P or a rabid gamer LOL.
I thought the post was a hacker trolling for next victims or someone trying desperately to get a date. :-)
by anav
Thu Oct 11, 2018 7:04 pm
Forum: Beginner Basics
Topic: Different DNS based on interface
Replies: 11
Views: 363

Re: Different DNS based on interface

Sob, could DNS be also assigned on a per VLAN basis?
How bout on LAN IP basis?
All traffic using this VLAN should go out the internet and use DNS 8.8.8.8 ??
or LanIP 192.168.2.xx shall use DNS 8.8.8.8 ??
by anav
Thu Oct 11, 2018 4:34 pm
Forum: Announcements
Topic: URGENT security reminder
Replies: 32
Views: 4316

Re: URGENT security reminder

Always think of security as the first step before plugging cable into the wall and use the concept defense in layers.
Assume somewhere along the line a user will make an error and bad guys will be on the inside of your network as well.
by anav
Thu Oct 11, 2018 4:29 pm
Forum: Beginner Basics
Topic: use second Wan Only to go outside for one ip
Replies: 13
Views: 404

Re: use second Wan Only to go outside for one ip

Ahhh, Mr. PSG! ;-P Bonjour mon ami! Barca et mon equippe! Now I understand the third item. You wish to access your providers Router. I have no idea how to do that and not sure what permissions you have? Personally I would throw their hunk of junk away and simply use the mikrotik but that is probably...
by anav
Thu Oct 11, 2018 4:34 am
Forum: Beginner Basics
Topic: use second Wan Only to go outside for one ip
Replies: 13
Views: 404

Re: use second Wan Only to go outside for one ip

Nothing is cleared up by your answers.
I have no idea what you are trying to accomplish.
Suggest write up IN DETAIL, with full explanations in your own language and then tell me what language it is and I will use google translate.
by anav
Wed Oct 10, 2018 9:27 pm
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

Hi Sob I agree with the hard coded 8.8.8.8 on their part is not smart. Try to explain that to a tech support guy that says, on 'normal' routers it works fine. :-( So other than turning off my redirect dstnat rules, is there anything else I can try to let it work............ at least temporarily to e...
by anav
Wed Oct 10, 2018 9:00 pm
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

Hi Sob, not that I am aware of?
Are you asking am I blocking stuff coming back in, or stuff getting out?? (to the internet).
My FORWARD rules always end with drop all else.

If its established related etc........ its allowed.
by anav
Wed Oct 10, 2018 8:58 pm
Forum: Beginner Basics
Topic: Proper model and settings for small ofice
Replies: 4
Views: 141

Re: Proper model and settings for small ofice

How big is the office space and area that customers will be using WIFI. Will staff be using wifi devices as well for work or personal use, tablets, smart phones etc....... Will there be any other business wifi requirements. As for dual WAN - Depends on requirements, will you be using one WAN and the...
by anav
Wed Oct 10, 2018 8:54 pm
Forum: Beginner Basics
Topic: use second Wan Only to go outside for one ip
Replies: 13
Views: 404

Re: use second Wan Only to go outside for one ip

Hi Olivier, no worries take your time to explain. - Wan 1 - ASDL eth1 - Wan 2 - LTE (cellular) eth3 - ONE network LAN 192.168.2.x Which is true? a. You have one device, a PC 192.168.2.10, that you wish ONLY to have access to Wan2 b. You want all devices to use WAN1 (except the PC in a.) c. You want ...
by anav
Wed Oct 10, 2018 6:15 pm
Forum: Beginner Basics
Topic: Load Balancing
Replies: 3
Views: 155

Re: Load Balancing

Yes, I am here................ but I know very little, except that I can relate to the silent majority LOL. I don't have my MCNE or whatever, not mikrotik certified, although my spouse claims I am certifiable, just so you know the quality of my support is suspect at best, usually wrong, but well int...
by anav
Wed Oct 10, 2018 6:09 pm
Forum: Beginner Basics
Topic: Accedss from LAN to LAN
Replies: 8
Views: 367

Re: Accedss from LAN to LAN

Assuming the two IPs are not on the same bridge or LAN, there is no Layer 2 connectivity between them. Assuming you dont have drop everything else FORWARD CHAIN rule, which I could not find, then the two should be routable at layer 3 via your router. In other words you should be able to reach the we...
by anav
Wed Oct 10, 2018 5:55 pm
Forum: Beginner Basics
Topic: Route specific IP traffic from LAN Subnet to WAN specific IP
Replies: 4
Views: 158

Re: Route specific IP traffic from LAN Subnet to WAN specific IP

Good advice from the usual 'suspects' but I am less knowledgeable and a tad (okay a ton) slower. I prefer to better understand the setup/scenario before ascertaining the requirements. 1. Two WANs 2. What kind of load balancing is used? 3. Do you have one as primary and the other just for failover? 4...
by anav
Wed Oct 10, 2018 5:40 pm
Forum: Beginner Basics
Topic: use second Wan Only to go outside for one ip
Replies: 13
Views: 404

Re: use second Wan Only to go outside for one ip

I have no idea how the responders (must be friggen geniuses and mind readers) to your question actually grasp what is being asked here. There is not enough detail for me to understand your requirements (I must be slow). 1. You have two WANIPs 2. You want all traffic on your network to use WAN1 3. Ex...
by anav
Wed Oct 10, 2018 5:14 pm
Forum: Beginner Basics
Topic: Proper model and settings for small ofice
Replies: 4
Views: 141

Re: Proper model and settings for small ofice

Assuming you need wifi?
Will your company move to fiber or strictly ethernet cabling?
Will the # of devices likely increase, decrease or stay the same?
You didnt mention other devices, printers?
by anav
Wed Oct 10, 2018 1:24 am
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

I tried turning off my dsntnat redirection DNS rules to see if that would facilitate connection but no joy with that attempt. One can see the output of my packet sniffer here. https://www.dslreports.com/speak/slideshow/32147360?c=2369682&ret=64urlL2ZvcnVtL3IzMjE0NjA5My1NaWtyb3Rpay1ETlMtbWFuaXB1bGF0a...
by anav
Tue Oct 09, 2018 7:48 pm
Forum: Beginner Basics
Topic: Suggestions on how to balance (very) unequal WANS
Replies: 1
Views: 131

Re: Suggestions on how to balance (very) unequal WANS

Excellent question and one I looked at awhile ago and gave up but am willing to revisit and perhaps attempt on mine (which is basically failover based only at the moment). Perhaps this presentation may give you some ideas. https://mum.mikrotik.com/presentations/US12/tomas.pdf Also the presentation h...
by anav
Tue Oct 09, 2018 5:08 pm
Forum: Beginner Basics
Topic: need help with simple failover
Replies: 6
Views: 272

Re: need help with simple failover

The nice part is the router will continue to check the main WAN (eth1), while using the LTE connection, and if and when it becomes available will automatically shift back to it.
by anav
Tue Oct 09, 2018 4:39 pm
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

And what's the problem? Device wants to ask 8.8.8.8, you redirect requests to your router, it answers instead and device will never know the difference. Good question? You will note the continued attempts to reach HYWell servers, port 3000, 3001, 3002 and so on to hwyell ntp.org pools 0, then 1, th...
by anav
Tue Oct 09, 2018 4:36 pm
Forum: Announcements
Topic: URGENT security reminder
Replies: 32
Views: 4316

Re: URGENT security reminder

Thanks for keeping us informed.
by anav
Tue Oct 09, 2018 2:44 pm
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

Re: "Smart Device" Initial Connection Woes

Well whatever its looking for it never finds, as you can see it starts polling all the groups of honeywell servers......


Concur W, intend to put it on a VLAN with access to the internet only.
However, if I cant get it to connect to honeywell its a useless hunk of plastic. :-(
by anav
Tue Oct 09, 2018 3:03 am
Forum: Beginner Basics
Topic: "Smart Device" Initial Connection Woes
Replies: 19
Views: 537

"Smart Device" Initial Connection Woes

Good day, I am attempting to connect a Honeywell lyric leak detector via their smartphone App. It appears the device (knowing its IP) is trying to connect to honeywell NTP.orgs as each seems to have a number of WANIps associated. However the device goes out on 8.8.8.8 to do so......... (image attach...
by anav
Mon Oct 08, 2018 10:18 pm
Forum: Beginner Basics
Topic: Firewall filter/nat best practices
Replies: 3
Views: 259

Re: Firewall filter/nat best practices

This is a very reasonable question coming from many other routers to the mikrotik router. The long and short of it is that mikrotik provides much more fidelity than your normal consumer router and many soho routers. To answer your question, note that the NAT menu item is under the FIREWALL menu, not...
by anav
Mon Oct 08, 2018 10:10 pm
Forum: Beginner Basics
Topic: Not allowing one certain IP address to see the rest of the network
Replies: 14
Views: 440

Re: Not allowing one certain IP address to see the rest of the network

THe information provided is to sparse for me to understand. Trying to keep it basic: If the laptop is part of the same lan network 192.168.0.0 then no firewall rules will have any effect as there is direct L2 connectivity. If the laptop is on a different LAN, then unless the LANs are bridged there s...
by anav
Thu Oct 04, 2018 7:25 pm
Forum: Beginner Basics
Topic: How to Monitor specific Ip
Replies: 5
Views: 299

Re: How to Monitor specific Ip

This is a good question, in that the OP is not attempting to block anything but just to be aware of all traffic coming from one particular IP on the network. a. all protocols not encrypted b. all web traffic unencrypted. What about when c. user is using a browser based VPN (that changes IP address o...
by anav
Thu Oct 04, 2018 7:13 pm
Forum: Beginner Basics
Topic: hAP ac2 no files, but almost no free space available
Replies: 5
Views: 366

Re: hAP ac2 no files, but almost no free space available

Hi mkx, no need to complain, just take out your wallet and invest in the 4011 ;-P
Problem solved, I take donations!
by anav
Thu Sep 20, 2018 2:21 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 180
Views: 22768

Re: v6.43.1 [stable] is released!

Yesterday upgraded two CCRs from 6.41.3 to 6.43.1 in the hotel I had vacation in Greece :) At least, now it's not vulnerable to WinBox user database reading xD Unfortunately, WinBox access is still allowed for every Free WiFi user in the hotel :( Chupaka you seem tired. I would be more than happy t...
by anav
Sun Sep 16, 2018 2:22 am
Forum: Wireless Networking
Topic: new CAPAC Owner
Replies: 3
Views: 325

Re: new CAPAC Owner

Well just curious as down the line I will probably use a wifi link to a future shed/boathouse and was going to try a wired scenario but now with the 60 products and throughputs, it may not be necessary. Can one do TMDA over such links and is the throughput better then??? As for the capAC, if I am ju...
by anav
Thu Sep 13, 2018 7:02 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 39
Views: 6509

Re: Newsletter #84

Having just bought the RB450Gx4 board (with an enclosure), I am curious as to comparisons with the RB4011 without wifi. They seem to have similar RAM/nand but the RB4011 processor has a higher freq and A15 (vice A9) so it appears to have much more oomph?? Perhaps I should have waited LOL. Any specs ...
by anav
Wed Sep 12, 2018 4:03 pm
Forum: Wireless Networking
Topic: new CAPAC Owner
Replies: 3
Views: 325

Re: new CAPAC Owner

I found some useful resources here https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless and here to explain NV2 (although who the heck has TDMA client devices???) https://wiki.mikrotik.com/wiki/Manual:Nv2 https://wiki.mikrotik.com/wiki/Wireless_Setups https://wiki.mikrotik.com/wiki/Manual:Wirele...
by anav
Wed Sep 12, 2018 1:08 am
Forum: General
Topic: WPA3 on existing Mikrotik routers/APs [SOLVED]
Replies: 10
Views: 4546

Re: WPA3 on existing Mikrotik routers/APs [SOLVED]

Widely adopted features eventually do get integrated, if market demands it. We will see how it goes. Your new device has free upgrades for life. I would think that Security demands it, to a certain degree. If SAE removes vulnerabilities in WPA2, then it should be a no-brainer. I would be rather sad...
by anav
Sun Sep 09, 2018 1:49 am
Forum: Wireless Networking
Topic: new CAPAC Owner
Replies: 3
Views: 325

new CAPAC Owner

Good day, in over my head as usual, and after I get this working the rb450gx4 awaits its hex replacement fun. :-) Scenario, main router is hex (later will be rb450gx4). I will have two capACs in the house (one for now). THey will only act as Access Points. A. Should I configure them directly or shou...
by anav
Thu Aug 23, 2018 11:27 pm
Forum: RouterBOARD hardware
Topic: hAP ac² Amazon USA Price
Replies: 13
Views: 996

Re: hAP ac² Amazon USA Price

Perhaps the short supply is due to the recent and in my view suspicious fire at a Mikrotik Warehouse. Fires just don't start at 3:48am by themselves. My condolences to the company and staff as something like this can be very unsettling. https://eng.lsm.lv/article/economy/economy/big-fire-at-mikrotik...
by anav
Wed Aug 22, 2018 10:17 pm
Forum: RouterBOARD hardware
Topic: hAP ac² Amazon USA Price
Replies: 13
Views: 996

Re: hAP ac² Amazon USA Price

I dont live in the US but if I did I would look at ISP supplies as a potential source of MK gear. https://www.ispsupplies.com/brands/mikrotik/all-mikrotik https://www.ispsupplies.com/MikroTik-RouterBOARD-RBD52G-5HacD2HnD-TC-US https://www.streakwave.com/itemdesc.asp?ic=hAP_ac2-US https://www.linktec...
by anav
Wed Aug 22, 2018 7:30 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 20687

Re: v6.42.7 [current] is released!

Anav, welcome back, been a while since I last saw a post from you. FYI, my nick name is based on a well known product from Czech Republic Well after realizing I was more dangerous then helpful I decided to lay low for awhile. Now I will post if I have some certainty and quality of input (thus crick...
by anav
Tue Aug 21, 2018 9:56 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 20687

Re: v6.42.7 [current] is released!

upgraded almost 300MK devices today and so far without problem
...

Wow, you are brave :-)
The irony!!
I just want to point that you have now truly earned your nick as CZFAN. ;-)
(seeing as rushlife is from CZech land).
by anav
Sat Aug 11, 2018 3:30 pm
Forum: General
Topic: Security breached devices - Port TCP 4145
Replies: 11
Views: 1243

Re: Security breached devices - Port TCP 4145

Hi Cableguy, you lost me when you said you didnt have control of individually managed routers. So how did you manage to change their FW rules and see their traffic??
by anav
Sat Aug 11, 2018 3:27 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 63
Views: 15540

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

We have the same problem, i noticed the problem is in versions before 6.37, i was able to resolve this problem upgrading the RouterOS to 6.42.1 and upgrading the firmware. No need to fresh install anything just upgrade to the last version and the problem is fixe. There's a worm infecting RouterOS a...
by anav
Fri Aug 10, 2018 6:59 pm
Forum: Beginner Basics
Topic: Block youtube on specific physical port
Replies: 2
Views: 135

Re: Block youtube on specific physical port

I believe you need to conduct layer 7 programming. TLS-HOST programming is also a new tool that may help curb https access to such sites. http://www.mikrotik.co.id/artikel_lihat.php?id=282 (need to translate) Best to research this and then come back with specific questions. Did you simply want to de...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 16