Community discussions

Search found 2886 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 58
by anav
Sun Aug 18, 2019 2:34 am
Forum: Beginner Basics
Topic: Remote Access from the WAN
Replies: 10
Views: 480

Re: Remote Access from the WAN

Are you connecting via a VPN? If not, I would suggest checking your sanity. ;-)
by anav
Sun Aug 18, 2019 2:32 am
Forum: Beginner Basics
Topic: First Attempt at VLANs; Need Help!
Replies: 10
Views: 659

Re: First Attempt at VLANs; Need Help!

exactly it will be far easier to start from fresh defaults using the linked resource to guide you. First ensure routing and access to ISP is established. Ensure basic internet access working for the basic lan connected PC. Then setup up the vlans and lans etc............ Ensure all APs are working. ...
by anav
Sat Aug 17, 2019 5:18 pm
Forum: Beginner Basics
Topic: Default firewall config query [SOLVED]
Replies: 4
Views: 330

Re: Default firewall config query [SOLVED]

I prefer.
Drop all as a last rule and if I need port forwarding on the LAN side I make a specific rule for that.
much clearer for all.
by anav
Sat Aug 17, 2019 5:14 pm
Forum: Beginner Basics
Topic: First Attempt at VLANs; Need Help!
Replies: 10
Views: 659

Re: First Attempt at VLANs; Need Help!

Suggest clear whatever you have and start fresh from defaults. Then using the below resource (has great examples) you should be good to go! https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 There is one decent Wiki Reference to read.......if not already have... https://wiki.mikrotik.com/wiki/Ma...
by anav
Wed Aug 14, 2019 6:19 pm
Forum: Beginner Basics
Topic: Vlan first setup - help
Replies: 3
Views: 444

Re: Vlan first setup - help

Your best bet is to read this resource, it provides excellent examples and should get you 99.9% of the way.
viewtopic.php?f=13&t=143620
by anav
Wed Aug 14, 2019 5:19 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2596

Re: vlan bridge (new way) HW offload and performance

RB4011 and RB450Gx4 have different switch chips, see here . According to that page, switch chip in your RB450Gx4 does support HW VLANs, while the one in RB4011 doesn't (although that might not be entirely true ). Not quite......... I dont have HW offloading in my setup as the router is incapable of...
by anav
Wed Aug 14, 2019 3:37 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2596

Re: vlan bridge (new way) HW offload and performance

Sindy, is that true for the RB4011 and I think my RB450Gx4? I thought the issue was that Mikrotik has not programmed such capbility into the OS for specific modern routers. The RB450Gx4 has great specs and should be able to do such neat tricks. :-(
by anav
Wed Aug 14, 2019 3:35 am
Forum: General
Topic: RB450G failing need to replace
Replies: 7
Views: 1129

Re: RB450G failing need to replace

Not sure why you wouldn't want to use the RGB450Gx4. A very nice upgrade!
As for the vb script, its obsolete if it means you have to use older firmwares of OS which are vulnerable to exploits.
by anav
Wed Aug 07, 2019 6:52 pm
Forum: Beginner Basics
Topic: Router for 1Gbit Wan from Mikrotik (What model?)
Replies: 4
Views: 604

Re: Router for 1Gbit Wan from Mikrotik (What model?)

I have the RB450Gx4 for my 1gig internet service and use separate APs for wifi.
by anav
Wed Aug 07, 2019 6:34 pm
Forum: Beginner Basics
Topic: connectivity between ports
Replies: 1
Views: 254

Re: connectivity between ports

What version of firmware are you running?
Please post config
/export hide-sensitive file=yourconfig8aug
by anav
Thu Aug 01, 2019 8:02 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1284

Re: Very simple VLAN

The first part of the post is excellent, detailing requirements of what you are trying to accomplish however its still too intertwined with the solution space of the router and configuration. Divorce yourself from both the configuration and the equipment and describe what you wish to accomplish perh...
by anav
Thu Aug 01, 2019 7:55 pm
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 977

Re: No internet on LAN - hex rb750gr3 with E3372

Glad it worked out for you!
by anav
Thu Aug 01, 2019 7:53 pm
Forum: Beginner Basics
Topic: Plex port forwarding
Replies: 7
Views: 2005

Re: Plex port forwarding

Probably because communication is a two way street!!

There is also this thread.........
viewtopic.php?f=13&t=148425
by anav
Thu Aug 01, 2019 7:49 pm
Forum: Beginner Basics
Topic: Anyone for hire?
Replies: 5
Views: 456

Re: Anyone for hire?

I think your thread turned him/her on............ ;-P
Is the request for one night or open ended...... jajajajajaja
https://mikrotik.com/consultants
by anav
Thu Aug 01, 2019 2:16 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1284

Re: Very simple VLAN

Draw diagrams and use this link and examples as a starting point.........
viewtopic.php?t=143620
by anav
Thu Aug 01, 2019 2:15 pm
Forum: General
Topic: DNS setting via DHCP being ingnored on Vlan
Replies: 8
Views: 595

Re: DNS setting via DHCP being ingnored on Vlan

Use vlans for all LANs, assign them to the bridge, attach subnets to vlans, dont use vlan1, thats it in a nutshell.
Apply the logic using the examples in the vlan link provided and you should be off and running.......... to the pub for fish and chips vice monkeying with your MT.........
by anav
Thu Aug 01, 2019 3:17 am
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 977

Re: No internet on LAN - hex rb750gr3 with E3372

Such confidence!
Well mkx and CZFan know far more than most here, thus your level of knowledge must be beyond me then so I am not able to provide any further assistance.....
by anav
Wed Jul 31, 2019 9:48 pm
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 977

Re: No internet on LAN - hex rb750gr3 with E3372

None of your routing information/config is there??
by anav
Wed Jul 31, 2019 6:03 pm
Forum: General
Topic: EOIP and Portforward
Replies: 7
Views: 652

Re: EOIP and Portforward

If wan1 is your uplink, then you don't need to mark stuff there, because everything will go there by default anyway. What you do need to mark is what's coming in via tunnel (connection marks) and then route reponses back (routing marks). So what you have should be correct, only it's on wrong interf...
by anav
Wed Jul 31, 2019 6:01 pm
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 1098

Re: port forwarding Source DDNS [SOLVED]

it's nothing that serious just a bunch of punch in and out logs but I'm looking into VPN That depends...... If the information is valuable in of itself it should be protected. If fingerprints are involved and they were mine I would be really keen on better security. If the logging information was v...
by anav
Wed Jul 31, 2019 5:51 pm
Forum: General
Topic: DNS setting via DHCP being ingnored on Vlan
Replies: 8
Views: 595

Re: DNS setting via DHCP being ingnored on Vlan

your config is confusing and not correct............ suggest drawing a diagram with boxes and where traffic is going and how dhcp is being assigned and dns allotted and i think you will see the errors. Overall I recommend this thread (the examples) for anyone using vlans. Finally suggest put all sub...
by anav
Wed Jul 31, 2019 5:43 pm
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 977

Re: No internet on LAN - hex rb750gr3 with E3372

Ahh so you realized your friend is really your enemy LOL. He gave you a gift that is giving you headaches. Mikrotik is not a plugNplay device for the IT illiterate crowd but does take some work. Stick through the initial tough beginning and you will enjoy working in RouterOS................. Suggest...
by anav
Wed Jul 31, 2019 4:13 am
Forum: General
Topic: EOIP and Portforward
Replies: 7
Views: 652

Re: EOIP and Portforward

I am not sure the configuration mess you have started is necessary.............' In other words I am still stuck at understanding your first post! You have a webservice behind a MT router and it works for Port forwarding. Assuming its on a LAN subnet of 192.168.10.0/24 and lets say its lanip is 192....
by anav
Wed Jul 31, 2019 4:08 am
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 1098

Re: port forwarding Source DDNS [SOLVED]

Nice feature if the source address changes (not static)!
Best to have outside sources vpn in but not always possible.
by anav
Tue Jul 30, 2019 11:11 pm
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 1098

Re: port forwarding Source DDNS [SOLVED]

Hmm, I restrict by IP address, not sure about FQDN?.
I believe exact hostnames are allowed in address lists.
by anav
Tue Jul 30, 2019 7:40 pm
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 1098

Re: port forwarding Source DDNS [SOLVED]

I think its very possible if you use the mikrotik cloud version, not sure how to accomplish via dyndns org or similar???
by anav
Tue Jul 30, 2019 7:37 pm
Forum: General
Topic: PWR-Line AP
Replies: 48
Views: 7856

Re: PWR-Line AP

Okay, can I first say, - this angry bloated bird thing is OUTTA control!! :-) Yes, thanks finally joining this decade on power line LOL. Now just mate it with decent wifi and routerOS and you will find the promised land! I BELIEVE................ I like what Devolo (a german company) is doing on the...
by anav
Tue Jul 30, 2019 7:29 pm
Forum: General
Topic: Link 2 different lan
Replies: 2
Views: 320

Re: Link 2 different lan

So you are attempting to do double nat. The first router from the ISP, is connected directly to the internet and modem and gives out lan addresses of 192.168.1.XX You then connect the mikrotik router to one of the LAN ports on the ISP router and it receives a LANIP of 192.168.1.55 (for example). 192...
by anav
Tue Jul 30, 2019 7:11 pm
Forum: General
Topic: Group Create for user
Replies: 2
Views: 322

Re: Group Create for user

There are at least three things I can think of but not sure what you are asking!! 1. There are winbox settings where you allow only certain **IP addresses to access winbox. 2. In the firewall filter rules on the input chain, one can only allow **certain IP addresses access to the router itself (inpu...
by anav
Mon Jul 29, 2019 5:10 pm
Forum: General
Topic: PWR-Line AP
Replies: 48
Views: 7856

Re: PWR-Line AP

What I don't understand is why they didn't update the powerline chipset from circa 2012 to at least circa 2015 as already noted by several 10/100/1000. Adding a more recent av2 standard or H.gn standard with the wifi on many mikrotik units the QCA9533 chip and ROUTEROS, would result in a much more a...
by anav
Mon Jul 29, 2019 4:23 pm
Forum: Beginner Basics
Topic: Vlan config and bridging
Replies: 3
Views: 478

Re: Vlan config and bridging

Step one: Read this informative and excellent post on the topic of Vlans https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Step two: Draw a diagram of your network Step three: Post your config: /export hide-sensitive file=yourconfig29Jul If you don't want to post a config then your simply wasti...
by anav
Thu Jul 25, 2019 7:18 pm
Forum: General
Topic: Firewall filter when port forwarded
Replies: 4
Views: 398

Re: Firewall filter when port forwarded

I prefer to use NEW because its an accurate reflection of what is intended. As stated by K6ccc, only the first packet is handled by the "generic dst nat forward filter rule" and the rest of the packets are handled by the established rule. The new distinguishes this, as leaving out the NEW will not h...
by anav
Thu Jul 25, 2019 1:50 pm
Forum: Beginner Basics
Topic: How to configure Vlan and switch
Replies: 1
Views: 237

Re: How to configure Vlan and switch

Suggest you read this reference first.......................
viewtopic.php?t=143620
by anav
Thu Jul 25, 2019 4:45 am
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 8
Views: 575

Re: Q: src.port <> dst.port

Thanks thats very useful info!
by anav
Wed Jul 24, 2019 10:38 pm
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 8
Views: 575

Re: Q: src.port <> dst.port

Lots of options, but prefer to only allow dstnat from wan interface if no intentions to nat internally. In fact due to my limited experience I cannot even contemplate a nat scenario within ones network?? I thought internally one would simply use routing rules if there was some complex scenario.
by anav
Wed Jul 24, 2019 5:26 pm
Forum: General
Topic: Getting a configuration suggestion
Replies: 5
Views: 276

Re: Getting a configuration suggestion

If the internet service is for a hotel, why would you even consider allowing one guest to hog all the bandwidth MKX. There are times to get off your neutral fence and admit the obvious. The more relevant question is if the router is also supplying internet for staff or VIPs where you might want to g...
by anav
Wed Jul 24, 2019 5:19 pm
Forum: General
Topic: RB4011, Ubiquiti devices, VLANs and IPSEC
Replies: 4
Views: 272

Re: RB4011, Ubiquiti devices, VLANs and IPSEC

I have a similar home setup in that I have two wifi devices and managed switches and have -main network, wired and wireless -special computer wired (wanted it separated from all else) -streaming devices -smart devices. -external access to home services (septic and solar panel) Devices: RB450Gx4, two...
by anav
Wed Jul 24, 2019 5:05 pm
Forum: General
Topic: Port 80 redirect [SOLVED]
Replies: 14
Views: 579

Re: Port 80 redirect [SOLVED]

@mkx: Or you can use ... I know there are plenty of ways to "skin the sheep" ... I was just pointing out potential side effect if OP followed advice by @sindy as it was originally written. After one is aware of the problem, it's quite easy to find the way around ... I think the quote is "skin the c...
by anav
Wed Jul 24, 2019 5:01 pm
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 8
Views: 575

Re: Q: src.port <> dst.port

Hi Sob I find !rules (negative based rules) to be very tricky and often affect traffic not necessarily intended or understood (probably my lack of acumen). So I prefer a clear rule just for dstnat alone and in general clearly delineate what is allowed traffic. As you know I follow my forward filter ...
by anav
Tue Jul 23, 2019 6:12 pm
Forum: Wireless Networking
Topic: Wifi equipment for 70m distance behind windows
Replies: 14
Views: 1007

Re: Wifi equipment for 70m distance behind windows

I would look at their 60G product line. This would be the lowest cost option and it can be a window to window solution however, they do provide the following caution: "This device penetrates some windows depending on material." https://mikrotik.com/product/wap_60g They come as a pre-setup connected ...
by anav
Tue Jul 23, 2019 6:00 pm
Forum: General
Topic: Why Mikrotik ???
Replies: 32
Views: 5651

Re: Why Mikrotik ???

Latvia sure does seem to be progressive!! https://eng.lsm.lv/article/features/features/breaking-stereotypes-record-number-of-women-in-latvias-13th-saeima.a299351/ After doing some more poking around......... I wonder if there are any rowing or biking tours........... https://www.travelsewhere.net/vi...
by anav
Tue Jul 23, 2019 5:52 pm
Forum: General
Topic: How to allow an URL for a specific port
Replies: 7
Views: 402

Re: How to allow an URL for a specific port

Not quite sure what you mean. A diagram would help.
Did you want to port forward to a specific LANIP?

More info is required.
by anav
Tue Jul 23, 2019 5:49 pm
Forum: Beginner Basics
Topic: New filter rules ?
Replies: 6
Views: 603

Re: New filter rules ?

Seeing your comment in 6.45.2 thread, I'm not sure if your devices should be more affraid of buggy RouterOS or you. Or maybe I'm misinterpreting a totally innocent comment. ;) Oh no doubt, when MT products see me coming they shiver and not in a happy excited way. Bull in a china shop comes to mind....
by anav
Tue Jul 23, 2019 5:46 pm
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 8
Views: 575

Re: Q: src.port <> dst.port

A bit more info. In the dst nat rules is where you can also add source address list, to specify or limit which external WANIPs are allowed to access the server. When one attaches an address source list the outcome is that the ports appear NOT visible from an external port scan. Without an address li...
by anav
Tue Jul 23, 2019 12:10 am
Forum: Beginner Basics
Topic: New filter rules ?
Replies: 6
Views: 603

Re: New filter rules ?

You know what CAPsMAN is and that client devices need to connect to controller. But what if both are same device? Previous firewall for input chain dropped packets from WAN, but current drops packets from "not LAN". CAPsMAN connection in above case comes from loopback interface, but you can't add i...
by anav
Tue Jul 23, 2019 12:07 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4078

Re: 1wan + 2 lan isolated from each other

I stepped back a long time ago on this thread MKX because you are more patient and more thorough and there was no point in confusing the OP with my fixation on vlans............
Don't let humour get in the way of a solution LoL.
by anav
Mon Jul 22, 2019 9:48 pm
Forum: Beginner Basics
Topic: New filter rules ?
Replies: 6
Views: 603

Re: New filter rules ?

Concur, #4 is a new default rule, the rest have, as has been stated, been around for a while. What would the effect of rule 4 be mkx. An obvious question not answered ......................... An environmentally friendly post would have included the obvious negating the need for a question and the s...
by anav
Mon Jul 22, 2019 9:46 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4078

Re: 1wan + 2 lan isolated from each other

Ahhh, Luka you have discovered what I like to call the mkx infinite loop. Its a phenomena that often occurs. The Op slowly goes mad and ends up throwing his device against the wall at high velocity. It doesn't fix the configuration at all but it feels really really good at the time.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 58