Community discussions

MikroTik App

Search found 7777 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 26
by anav
Wed Jul 28, 2021 8:18 pm
Forum: Beginner Basics
Topic: Hap ac2 can't use peer dns from isp
Replies: 9
Views: 219

Re: Hap ac2 can't use peer dns from isp

VMTs for your patience. Many new users have that static setting left over........... what do you use besides winbox LOL, Yes allow remote requests........... okay good I have it on for a reason ;-) peer dns is dns service from ISP, so if that was enabled, then the router would have a source for dns ...
by anav
Wed Jul 28, 2021 7:37 pm
Forum: General
Topic: Auto Failover is not working Properly
Replies: 5
Views: 112

Re: Auto Failover is not working Properly

What part do you have to do manually it is not clear?? if my wan1 is not available the switch to wan2 happens automatically. My issue is that wan1 when it comes back online, if the gateway has changed would not pick up the new gateway and thus not adjust the routing and thus would stay on ISP2. With...
by anav
Wed Jul 28, 2021 6:39 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 196

Re: Is blocking websites by URL really impossible?

Yes, DPG would be more accurate Deep Pocket Gouging...............
PS. Mkx I havent finished with the dns questions... hint!
by anav
Wed Jul 28, 2021 6:35 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 196

Re: Is blocking websites by URL really impossible?

That would take too much work, cutting and pasting is easy for an old fart like me........... If you buy me the largest IPAD, I can do that but from my iphone12 mini, ......................... The fact is, I got tired of selling mumbo jumbo to my customers and not even sure if they worked and I coul...
by anav
Wed Jul 28, 2021 6:31 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 196

Re: Is blocking websites by URL really impossible?

Yes when I had Zyxel routers one could pay through the nose for multiple types of services to block traffic. Anti-malware protection with firewall, anti-virus, antispam, content filtering, IDP, next-generation application intelligence and SSL inspection 1- Anti-Virus Powered by Kaspersky SafeStream ...
by anav
Wed Jul 28, 2021 6:26 pm
Forum: General
Topic: Two providers. Unstable behavior.
Replies: 8
Views: 132

Re: Two providers. Unstable behavior.

1. need network diagram. 2. clearer set of requirements. what do you need users or groups of users to be able to do or not do............ What is the relationship between the ISP connections (assuming from diff providers) (failover, primary, secondary, equally used etc........) What is the relations...
by anav
Wed Jul 28, 2021 6:24 pm
Forum: General
Topic: Is blocking websites by URL really impossible?
Replies: 12
Views: 196

Re: Is blocking websites by URL really impossible?

Yes, need to pay $$$ for IDP and other services.........
Maybe ivp6 solve all issues ... like RoS7 LOL......... ??
by anav
Wed Jul 28, 2021 6:02 pm
Forum: General
Topic: NAT HAIRPIN
Replies: 8
Views: 175

Re: NAT HAIRPIN

hi rextended I hope using your Cray computer you hacked the password and have added in better security for the chap ;-)
by anav
Wed Jul 28, 2021 5:59 pm
Forum: Beginner Basics
Topic: Hap ac2 can't use peer dns from isp
Replies: 9
Views: 219

Re: Hap ac2 can't use peer dns from isp

So in summary. 1. The router will basically automatically provide DNS servers with DHCP leases unless, the admin puts in public DNS servers or something locally like rasperrby pi also behind the router on the DHCP Server Network settings for DNS. 2. Setting Allow remote Servers is not any clearer ot...
by anav
Wed Jul 28, 2021 5:13 pm
Forum: Forwarding Protocols
Topic: No incoming traffic (Game Ports)
Replies: 3
Views: 179

Re: No incoming traffic (Game Ports)

Well it drives me bonkers when people post rules in that format butt ugly and useless, and the proof is JV-Belg you missed that he already has such a rule........ chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN [luck@MikroTik] > To the OP please plea...
by anav
Wed Jul 28, 2021 4:52 pm
Forum: Wireless Networking
Topic: How to make CAPs with 2 SSID in different IP domains
Replies: 3
Views: 1053

Re: How to make CAPs with 2 SSID in different IP domains

I would never use a capac as a router, nor do I use capsman and have replaced all but one capac in my house with EAP 245 and now one EAP 660.
Not going back to MT wifi until after RoS7 comes out and will then see what wifi 6 MT offers.
by anav
Wed Jul 28, 2021 4:40 pm
Forum: General
Topic: NAT HAIRPIN
Replies: 8
Views: 175

Re: NAT HAIRPIN

Since you refuse to post the config, others can help sufficiently. One comes looking for help not knowing what their problem is but arrogantly think they know what they should provide to help. Dont feel bad, seems to be a common problem. I also detest others that attempt to help without the complete...
by anav
Wed Jul 28, 2021 4:38 pm
Forum: Beginner Basics
Topic: Hap ac2 can't use peer dns from isp
Replies: 9
Views: 219

Re: Hap ac2 can't use peer dns from isp

Okay so thats a lot of info and not a clear flow chart picture in the mind. But you havent delineated, WHAT ACTUALLY TELLS the router that we want to use the router for DNS ??? Please correct all my wrong headed thinking! 1. To bypass router DNS usage then put in public DNS servers under DHCP-SERVER...
by anav
Wed Jul 28, 2021 2:04 pm
Forum: General
Topic: NAT HAIRPIN
Replies: 8
Views: 175

Re: NAT HAIRPIN

post your config
/export hide-sensitive file=anynameyouwish
by anav
Wed Jul 28, 2021 2:03 pm
Forum: Beginner Basics
Topic: Dual wan
Replies: 4
Views: 122

Re: Dual wan

haplite is underpowered for vpn work and there is no way to recover packets when you change WANs if one goes down.
by anav
Wed Jul 28, 2021 1:57 pm
Forum: Beginner Basics
Topic: cAP ac setup issues
Replies: 5
Views: 207

Re: cAP ac setup issues

Nope,, On my capac, no firewall rules.
Just ensure its LANIP is on the management or home lan.

ether1 and wlans are on the bridge,
eth2 has its own address not associated with the bridge for emerg access
put in a route manually 0.0.0.0/0 gateway=management or homelan gateway
by anav
Wed Jul 28, 2021 4:04 am
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 27
Views: 533

Re: Wifi net work for home with Iot (50 devices)

Keep the mikrotik for routing excellent device.
The audience mesh setup is apparently very good but ensure you get proof from users here, the rest of MT wifi I would not recommend at this time.
by anav
Wed Jul 28, 2021 4:02 am
Forum: General
Topic: Locked out due to vlan filtering
Replies: 4
Views: 184

Re: Locked out due to vlan filtering

This is also a good link........
https://www.youtube.com/watch?v=Rj9aPoyZOPo
by anav
Wed Jul 28, 2021 1:40 am
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

Yes before my time or probably when I got my first hex and was trying to figure out if was a magic box that put an evil spell on me. I wasnt worrying about vlans and chips.........
by anav
Wed Jul 28, 2021 1:38 am
Forum: Beginner Basics
Topic: IPv6 for home
Replies: 12
Views: 401

Re: IPv6 for home

Thank god I dont need ipv6. Hopefully you will guys will have it sorted out before I do LOL. Lots of turkey squabbling ;-P

Seriously what is planned in RoS 7?
by anav
Tue Jul 27, 2021 9:26 pm
Forum: General
Topic: Multi-ISP WAN Failover
Replies: 3
Views: 282

Re: Multi-ISP WAN Failover

How are the sites connected if you can connect them without internet (same building and by what medium, fiber, ethernet, telephone line)?
by anav
Tue Jul 27, 2021 9:21 pm
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 46
Views: 3828

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

Diagram observations. The RB4011 has not connection back to the same 24 port switch?? I would have expected eth2 from the RB4011 to go to one of the ports on the 24 port switch as a trunk port carrying the necessary vlans for untagged dumb devices and tagged smarrt devices like the TPLINK eap 245 an...
by anav
Tue Jul 27, 2021 6:37 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 413

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

Hairpin NAT is for the unique case of servers and users and is only needed when one hosts a server on the same subnet as the users who want/need to access the server AND.....
the admin is forcing them to use public IP address to reach the server, vice the cleaner LANIP !!
by anav
Tue Jul 27, 2021 6:32 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 21
Views: 1136

Re: hAP ac3 - VLAN & inter-VLAN

No not at all. Are you located by the router (aka office) or are you by a switch ? What I would do is the following create vlan99 for management with you on it and nobody else. Ensure vlan99 has access to all other vlans. Put all smart devices on VLAN99 as their IP address for management purposes. D...
by anav
Tue Jul 27, 2021 4:20 pm
Forum: General
Topic: Local Server Can't be Accessed Because of Port
Replies: 1
Views: 83

Re: Local Server Can't be Accessed Because of Port

1. network diagram please labelled
2. /export hide-sensitive file=anynameyouwish
by anav
Tue Jul 27, 2021 4:18 pm
Forum: Beginner Basics
Topic: cAP ac setup issues
Replies: 5
Views: 207

Re: cAP ac setup issues

Well yes one should configure the capac via laptop first to setup it up for the correct bridge and management setup and lanip address so that it is accessible via winbox on the network. I also like to setup lan2 as a separate LANIP address only so that I can access it separately via laptop in case m...
by anav
Tue Jul 27, 2021 4:15 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

Hi Mkx, thanks for the clear but sickening example. I like things simple and finally felt comfortable with vlan filtering and you just broke an MTUNA certified rule, bridge ports are not vlans. now I know nothing is sacred and my belief system is utterly destroyed LOL. forgive me if I never read thi...
by anav
Tue Jul 27, 2021 4:10 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 310

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

No worries rextended when you know too much you can trip over your own complicated piles of expertise, I know so little so sometimes the path, cluttered with so little, is clearer ;-)
by anav
Tue Jul 27, 2021 4:08 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 310

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

Yes I do it all the time,
Heck I put IP CLOUD names in firewall lists too.

Take a look at the firewall address list when you do.
You will note that two rules appear, the one you made and then one the router resolved it too.
So yes its kept up to date.
by anav
Tue Jul 27, 2021 4:06 pm
Forum: Beginner Basics
Topic: Hap ac2 can't use peer dns from isp
Replies: 9
Views: 219

Re: Hap ac2 can't use peer dns from isp

Try setting this to NONE, it has been known to cause issues in the past. /interface detect-internet set detect-interface-list=all Then check results! If no improvement then try below. We have these three rules....... /ip dhcp-server network add address=10.10.10.0/24 comment=defconf gateway=10.10.10....
by anav
Tue Jul 27, 2021 3:51 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 310

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

Hi adrian, should be no need for your router to run a script, just get your users to get dyndns names..........
by anav
Tue Jul 27, 2021 3:50 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 310

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

Hi rextended. Dst nat rules for port forwarding purposes take on 3 flavours but will ignore hairpin nat. For dynamic public IPs, add action=dst-nat chain=dstnat in-interface-list=WAN dst-port=xxx protocol=yy to-addresses=ip of server to-ports=bb For static public IPs add action=dst-nat chain=dstnat ...
by anav
Tue Jul 27, 2021 3:42 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 21
Views: 1136

Re: hAP ac3 - VLAN & inter-VLAN

All cases will work. You will still need to setup the dhcp services for all the vlans. However you need to figure our managment vlan. Where is the admin going to access the router for config. What is the purpose of 192.168.2.0? (if not on the bridge good to have a non-bridge emerg backup access to t...
by anav
Tue Jul 27, 2021 3:29 pm
Forum: Beginner Basics
Topic: Blocked IP in firewall filter still shows in log and connections [SOLVED]
Replies: 13
Views: 310

Re: Blocked IP in firewall filter still shows in log and connections [SOLVED]

Okay you have port forwarding setup to a server on your network behind your router. Therefore any public traffic arriving at the router on the port will get passed the forward chain firewall rule. This has nothing to do with traffic to the router which is the input chain, so you need to remove that ...
by anav
Mon Jul 26, 2021 10:54 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

Zach you are blowing my mind LOL.
Please write a user article explaining software vlans!!
by anav
Mon Jul 26, 2021 10:50 pm
Forum: Beginner Basics
Topic: cAP ac setup issues
Replies: 5
Views: 207

Re: cAP ac setup issues

Although the capac can act like a router its really best suited as an AP. If you wanted a combo unit you should have purchased a hapac2 for $69 or a hapac3 for $99 compared to the capac at $69. I too am not convinced that using other vendors POE on the capac will always work. I am using a TPLINKswit...
by anav
Mon Jul 26, 2021 10:33 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 21
Views: 1136

Re: hAP ac3 - VLAN & inter-VLAN

I would do something like bridge=dualhome add vlans with interface being dualhome each vlan gets 4 properties, address, pool, dhcp server, dhcp-server network where DNS address is pi-hole IP address** (except vlan222 which DNS= is either the IP address of the PI server or the external servers that p...
by anav
Mon Jul 26, 2021 9:48 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 21
Views: 1136

Re: hAP ac3 - VLAN & inter-VLAN

Hi Steve, No worries, some small victories would be nice! (1) So you basically get private IP from the ISPs router/modem combo. Assuming if any ports need forwarding you have access to the router side of the ISP device to forward them to 192.168.4.2 (2) Ether2 is dedicated to VLAN10 which is then di...
by anav
Mon Jul 26, 2021 8:10 pm
Forum: General
Topic: Dual wan with Load Balance| Fail over | Merge
Replies: 9
Views: 239

Re: Dual wan with Load Balance| Fail over | Merge

Okay so the part you didnt clearly communicate is that (besides the obvious a. yes you have two PPOE client connections to different ISPs b. as noted by rextended you cannot bond this together but all the bandwidth can be shared by your subnets behind the router. c. you have no firewall rules and sh...
by anav
Mon Jul 26, 2021 8:04 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 507

Re: Drop Invalid vs. Drop "all"

signature if stumped.......
by anav
Mon Jul 26, 2021 7:31 pm
Forum: Wireless Networking
Topic: CAPsMAN Help
Replies: 14
Views: 1008

Re: CAPsMAN Help

https://www.youtube.com/watch?v=taQ70m0DVYA

If its not covered here, then we need more videos!!!
by anav
Mon Jul 26, 2021 7:29 pm
Forum: Wireless Networking
Topic: Can't add the second ap to capsman
Replies: 8
Views: 352

Re: Can't add the second ap to capsman

If you suspect its a bug, no one will notice unless you send a supout report and email to MT....
https://wiki.mikrotik.com/wiki/Manual:S ... utput_File
by anav
Mon Jul 26, 2021 7:24 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 507

Re: Drop Invalid vs. Drop "all"

@rextended, Drop me an email if you get a chance and are inclined to do so.
by anav
Mon Jul 26, 2021 7:12 pm
Forum: General
Topic: Dual wan with Load Balance| Fail over | Merge
Replies: 9
Views: 239

Re: Dual wan with Load Balance| Fail over | Merge

Hi there, These are my observations/questions. 1. Okay standard two different WANs each uses a dynamic IP addresses assigned by PPPOE 2. No need for bridge for wan 3. No need for pool for pppoe, it should all be handled in PPPOE client settings interface (all that is basically required for client su...
by anav
Mon Jul 26, 2021 7:01 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 413

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

Of course WHM NAT, if only that was in the title or first post. ;-)
Zing above my head. Curious though what scenario requires this amount of natting. Is this a WISP or something larger??
by anav
Mon Jul 26, 2021 6:29 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 507

Re: Drop Invalid vs. Drop "all"

Allrighty then we have a debate! Bring it ON. I learn when the masters bring their points forward!!
Okay so I dont have much of a life and this is my excitement of the day, I may learn something.
by anav
Mon Jul 26, 2021 6:24 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 505

Re: Hex vs Hex S [SOLVED]

Tue or not, this does not mean that if you ever need help,
I would not try to give it to you ...
Oh he has problems (and so do I) that could benefit from a Holiday in Tuscany, but they may not be IT related .;-)
by anav
Mon Jul 26, 2021 6:21 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 507

Re: Drop Invalid vs. Drop "all"

Okay Can you provide services that are open on the ROUTER (not the LAN) ??? Other than VPN I cannot think of any I would open? I do have NTP server but points to internet time clock. I do have DNS services but points to internet DNS servers. What does invalid protect if the DROP all rule is in place...
by anav
Mon Jul 26, 2021 6:02 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 505

Re: Hex vs Hex S [SOLVED]

Confirms what I have stated paternot. The hex is not 1gig capable otherwise the speeds showing should be around 940 Mbps. :-)))))
by anav
Mon Jul 26, 2021 5:57 pm
Forum: General
Topic: Dual wan with Load Balance| Fail over | Merge
Replies: 9
Views: 239

Re: Dual wan with Load Balance| Fail over | Merge

To be clear you have
Two Different ISPs, each provides you with a dhcp pppoe client login?

Please post your config
/export hide-sensitive file=anynameyouwish
(and also if any information you dont want divulged is still showing please xxxxx it out).
by anav
Mon Jul 26, 2021 5:49 pm
Forum: General
Topic: NAT Issue with src-nat <> srcnat? [SOLVED]
Replies: 18
Views: 413

Re: NAT Issue with src-nat <> srcnat? [SOLVED]

Without seeing the full config hard to say. Also what you do mean by strict ordering. In general all rules are matched in the order they are put on the router and thus order is important If you mean RP filter, it should be set to loose. Why such a complicated sourcenat rule. Typically one doesnt nee...
by anav
Mon Jul 26, 2021 5:47 pm
Forum: Beginner Basics
Topic: ProtonVPN w/ MacOS Setup on Hex S
Replies: 2
Views: 96

Re: ProtonVPN w/ MacOS Setup on Hex S

This is an automated reply from Google. It has come to our attention that you are using apple products. Please cease and desist otherwise the Google police will visit your home. Google will buy your ISP and then only support Google products including Google modem , Google Router, Google AP, Google t...
by anav
Mon Jul 26, 2021 5:37 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 507

Re: Drop Invalid vs. Drop "all"

Rextended that was a very confusing and thus not useful post. I couldnt really understand the points being made to learn what I need to know which is a tad frustrating because you are trying patiently to educate us non-TCP /IT literate folks and really do appreciate the effort. Suggesting that you w...
by anav
Mon Jul 26, 2021 5:29 pm
Forum: Beginner Basics
Topic: Looking up cloud.mikrotik.com every second
Replies: 23
Views: 8193

Re: Looking up cloud.mikrotik.com every second

On winbox,
Select on the lefthand Main menu - INTERFACES.

On the Interface Menu, ensure the first tab is selected called. INTERFACE.
Below this find the Row that has the plus symbol "+"
To the right of this you will find a box labelled 'Detect Internet'
Click on that!!
by anav
Mon Jul 26, 2021 5:18 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 505

Re: Hex vs Hex S [SOLVED]

Confirmed, any speed test through Italy really slows down my connection!! ;-PP

PS. with 120-200Mbps hex S is a great purchase!!
by anav
Mon Jul 26, 2021 4:55 pm
Forum: Beginner Basics
Topic: simple client setup
Replies: 15
Views: 651

Re: simple client setup

It goes with the name, Pollo, run away when the paella pan gets hot. ;-)

I would like to see a labelled network diagram with sufficient detail to explain the scenario.
Perhaps there is something we are missing because we cannot 'see' it.
by anav
Mon Jul 26, 2021 4:37 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 505

Re: Hex vs Hex S [SOLVED]

Dual WAN and, 1+gig network, etc....... RB4011 much better suited. If the network is less than <1 gig, Hex S should be fine, however if future growth to 1 gig or beyond, the RB4011 is a better long term investment. Not that I dont like the hex, I have two, but relegated to switches with need for mor...
by anav
Mon Jul 26, 2021 2:10 pm
Forum: Beginner Basics
Topic: Drop Invalid vs. Drop "all"
Replies: 16
Views: 507

Re: Drop Invalid vs. Drop "all"

Good question and well explained by mkx! I would add that I keep it in both chains because I dont want invalid packets being compared to any other firewall rules along the line, just want them out of the system at the earliest opportunity. Also probably because I dont know much about packets and net...
by anav
Mon Jul 26, 2021 2:04 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 505

Re: Hex vs Hex S [SOLVED]

1Gig or up RB4011 (up to 4gig) Below 1 gig hex S. Hapac2 and hapac3 are both also capable of handling up to 1.5 gig but dont have SFP ports). The Hex series in practice is more like in the 750-850 range and thus not suitable for a 1gig fiber connection. The RB4011 would be a far better option in thi...
by anav
Sun Jul 25, 2021 11:43 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 776

Re: Input firewall filter prioritization [SOLVED]

I will try and find another resource for you that is not google.
https://www.bing.com/videos/search?q=sn ... &FORM=VIRE
by anav
Sun Jul 25, 2021 9:30 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 21
Views: 1136

Re: hAP ac3 - VLAN & inter-VLAN

Please send the full confing please,
/export hide-sensitive file=anynameyouwish
by anav
Sun Jul 25, 2021 8:04 pm
Forum: General
Topic: Internet connection Keep getting down
Replies: 1
Views: 118

Re: Internet connection Keep getting down

1. Draw a labelled network diagram
2. Post your config
/export hide-sensitive fileanynameyouwish

Tells us more detail on the WAN connections you have.......
by anav
Sun Jul 25, 2021 7:53 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 776

Re: Input firewall filter prioritization [SOLVED]

Can I ask you where you live? The Southeast US, but I've only seen these firewalls a couple times. I know Walmarts block L2TP/IPSec and they mess with TLS certificates leading to HSTS errors. However, a port 443 WG VPN works just fine, so it's this one place that blocks almost everything. Cablenut,...
by anav
Sun Jul 25, 2021 7:47 pm
Forum: Beginner Basics
Topic: layer 7 port forwarding
Replies: 15
Views: 414

Re: layer 7 port forwarding

Cablenut you have the worst ISP in history or you are working from the prison library. ;-)
@andriys, you have to understand as in extreme sports, Cablenut is an extreme MT configurator due to necessity!!
If he says it works its because it works! (I think he rewrote the book on port knocking LOL).
by anav
Sun Jul 25, 2021 7:41 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 21
Views: 1136

Re: hAP ac3 - VLAN & inter-VLAN

(1) A detailed network diagram will help. What vlans are going out what ports, not important to us which house simply the vlans and what each network device that is a connecting one is. a. smart switch capable of reading vlans b. smart AP capable of reading vlans c. dumb devices (unmanaged switches,...
by anav
Sun Jul 25, 2021 3:29 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 776

Re: Input firewall filter prioritization [SOLVED]

what are you writing? [...] I try to explain better: is for the "troll part", I want to notice to you I already have write possibly helping solution, not one "troll post". also @msatter say "It is really strange and your ISP is keeping an eye on that port because of DDos at...
by anav
Sat Jul 24, 2021 10:22 pm
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1472

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

I love how the article labels the RoS version 6 kernel as ANCIENT :-))
by anav
Sat Jul 24, 2021 10:19 pm
Forum: Beginner Basics
Topic: Allow WAN IP to LAN Client within LAN
Replies: 8
Views: 252

Re: Allow WAN IP to LAN Client within LAN

Like I said, I dont understand the need for proxies............. or more fundamentally the requirements that you have for your users or devices.
For example why cannot they go out from their PC directly to the internet??
by anav
Sat Jul 24, 2021 10:15 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 375

Re: Which FW rule permits 'services'

A rule without context is not much help. Questions - "Which FW rule permits 'services'" and "Could someone explain to me where is the corresponding INPUT rule for the 'services' to be accepted by the firewall?" Answer - "/ip firewall filter add action=drop chain=input comme...
by anav
Sat Jul 24, 2021 10:01 pm
Forum: Beginner Basics
Topic: Allow WAN IP to LAN Client within LAN
Replies: 8
Views: 252

Re: Allow WAN IP to LAN Client within LAN

I would love to help but have no idea what a proxy is, what it looks like, its purpose, how it attaches to a router or switch or a pc etc..........
by anav
Sat Jul 24, 2021 5:57 pm
Forum: General
Topic: Master's thesis problem?
Replies: 4
Views: 273

Re: Master's thesis problem?

Concur, you probably want to hit IDP and other security technologies or how Barricuda systems prevent spam email.................
by anav
Sat Jul 24, 2021 5:55 pm
Forum: General
Topic: Hosting a Server on Dynamic home IP
Replies: 2
Views: 167

Re: Hosting a Server on Dynamic home IP

Hi there,
I also use the IP CLOUD its very useful in this regard.
Since it a long ass winded name to remember and not nice to give others I also use a free dyndns provider that links to my IP Cloud name.
That way others using whatever server have a friendly url to remember or type in.
by anav
Sat Jul 24, 2021 5:52 pm
Forum: General
Topic: iPhone not resolving static dns entries [SOLVED]
Replies: 10
Views: 553

Re: iPhone not resolving static dns entries [SOLVED]

I just love a good mystery!
by anav
Sat Jul 24, 2021 5:49 pm
Forum: Beginner Basics
Topic: Port Forwarding from VPN to Client on Ethernet [SOLVED]
Replies: 4
Views: 199

Re: Port Forwarding from VPN to Client on Ethernet [SOLVED]

Hi Thomas. So you have an MT device acting as a router and behind that router you have client PC. Somewhere else on the internet you have an openvpn server which is where attached to what?? Why would you port forward to a client PC is the question seemingly being posed. One port forwards to a server...
by anav
Sat Jul 24, 2021 5:46 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 375

Re: Which FW rule permits 'services'

/ip firewall filter add action=drop chain=input comment="Input drop all not coming from LAN" in-interface-list=!LAN A rule without context is not much help. For the OP this is the rule that would have been matched. It basically states dop any traffic that is NOT coming from the LAN. In ef...
by anav
Sat Jul 24, 2021 5:37 pm
Forum: Beginner Basics
Topic: firewall rules questions
Replies: 1
Views: 152

Re: firewall rules questions

Hi Gary, The default rules are simplified to ensure a new user can just login in and start working right away. If you want to start configuring the router and the firewall rules, then the link is not bad but needs a bit of work. In general the default rules allow all traffic to pass except stuff it ...
by anav
Sat Jul 24, 2021 5:10 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 375

Re: Which FW rule permits 'services'

in Winbox, you have IP SERVICES. Here you can turn ON or OFF services the router provides and some additional settings. However you still have to use the input chain to allow LAN users access to those services. Under firewall rules you can find Service Ports which you can disable or enable and assig...
by anav
Sat Jul 24, 2021 5:05 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 375

Re: Which FW rule permits 'services'

Hi eryx. Input chain is for traffic TO/FRO the router. This includes all services the router can perform DNS, NTP, etc. Winbox is a router service but does not need to be stated specifically in the input chain rule. Most put something that allows the admin full access to the router on the input chai...
by anav
Fri Jul 23, 2021 10:00 pm
Forum: Beginner Basics
Topic: Accessing router in different ethernet port
Replies: 10
Views: 367

Re: Accessing router in different ethernet port

Hi there thanks for being patient! No you dont have to change any rules I would just disable that particular subnet from the list. I will take a look at the config. (1) I dont know why you have these rules as my arp knowledge and uses is next to nil........ so they clearly serve a purpose but beyond...
by anav
Fri Jul 23, 2021 9:58 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 677

Re: Mikrotik - Early Access beta hardware?

No worries, I was half jesting as its not really a serious topic. You are right he was talking about beta hardware and rextended I think was noting that all hardware can use beta firmware, apples and oranges as you pointed!
by anav
Fri Jul 23, 2021 8:27 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 677

Re: Mikrotik - Early Access beta hardware?

I dont think rawextended was making any comments about MT hardware (other than wifi) in the same way you guys were. In the sense that the latest MT wifi products are ONLY useable with beta firwmare at the moment and/or mt home wifi products are behind any competitors models in wifi5 and do not have ...
by anav
Fri Jul 23, 2021 8:22 pm
Forum: General
Topic: CRS 2XX Management VLAN Question
Replies: 5
Views: 264

Re: CRS 2XX Management VLAN Question

If this is a switch unit the best starting guide for vlans is here........
https://www.youtube.com/watch?v=Rj9aPoyZOPo
by anav
Fri Jul 23, 2021 8:17 pm
Forum: Beginner Basics
Topic: Accessing router in different ethernet port
Replies: 10
Views: 367

Re: Accessing router in different ethernet port

Found something LOL. the dangers of adding extra rules bloatware in firewall rules. check this out. ip address add address=192.168.88.1/24 interface=2local network=192.168.88.0 add address=192.168.8.1/24 interface=3wired network=192.168.8. 0 add address= 192.168.0.1/24 interface=4wireless network=19...
by anav
Fri Jul 23, 2021 8:14 pm
Forum: Beginner Basics
Topic: Accessing router in different ethernet port
Replies: 10
Views: 367

Re: Accessing router in different ethernet port

Thanks for posting the config. (1) Input chain: Only one line to change! /ip firewall filter add action=accept chain=input comment="default configuration - Established, Related" connection-state=established,related add action=drop chain=input comment="\"Drop invalid\"" ...
by anav
Fri Jul 23, 2021 8:02 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

Stop making excuses, you simply needed to state that you had missed what the OP wrote period.
Instead of making a million excuses that dont fly.
You invented shit that doesnt exist, so I am simply informing you to stop making problems that are not there.
by anav
Fri Jul 23, 2021 5:53 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

Thanks charming mud guy! As for the drive by poster this is not a fear problem its a literacy problem on your part.............. Why you read my post without the OPs post is mind boggling. Switch and Router models ? Also many information around in the Mikrotik wiki... Router - CCR1009-7G-1C-PC Switc...
by anav
Fri Jul 23, 2021 5:48 pm
Forum: Beginner Basics
Topic: Accessing router in different ethernet port
Replies: 10
Views: 367

Re: Accessing router in different ethernet port

In general this should be very easy to do. I would create a firewall address list for the three Access Points. Then I would have a firewall rule allowing your PC (source address) in the forward chain be allowed to reach destination address list ( the list of the 3 access points. That is the general ...
by anav
Fri Jul 23, 2021 3:22 am
Forum: General
Topic: VPN for Mikrotik for game Mobile legend
Replies: 9
Views: 1269

Re: VPN for Mikrotik for game Mobile legend

i already use AWS CHR EC2 but mobile legend is still lagging, does anyone know ho to fix this?l
Move to another location in your country with high speed wired internet.
by anav
Fri Jul 23, 2021 3:19 am
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

Why do you waste our time with that post,
a. the 8G must be an old model as its not on the website
b. if you read the posts and specifically post #4 clearly states a 7G model.
by anav
Thu Jul 22, 2021 10:48 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 744

Re: RouterOS Rule tester?

have had rp filter set to loose since day one,
but ip spoof, do you mean lan to wan traffic with dst address of private IPs?
by anav
Thu Jul 22, 2021 10:29 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 744

Re: RouterOS Rule tester?

Well I use bridges and vlans and keep firewall rules to the firewall settings. More specifically, each vlan has its own subnet. Understood, I am just not comfortable enough with my knowledge of raw and connection tracking to know when or not to use RAW. For my basic home setup of two wans, about 15 ...
by anav
Thu Jul 22, 2021 10:22 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 744

Re: RouterOS Rule tester?

One example over all for raw: all incoming IPs presents on blacklist or from DDoS attack. Why bother with those? In case of attack it also consumes less CPU ... No argument, identify in input chain, block in raw makes sense to me....... Just not convinced a. a homeowner is going to get singled out ...
by anav
Thu Jul 22, 2021 10:15 pm
Forum: General
Topic: One wan for Internet and another for vpn [SOLVED]
Replies: 11
Views: 3555

Re: One wan for Internet and another for vpn [SOLVED]

I was hoping to avoid mangling by using Route Rules instead. However this seems to be one case where mangling is required. The Op wants to use WAN1 for all users internet access, those behind the router AND all clients coming in on WAN2 via VPN. Therefore if one use route rules to direct vpn client ...
by anav
Thu Jul 22, 2021 10:02 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 744

Re: RouterOS Rule tester?

Rextended (or should I say rawtended) is this you?? https://www.youtube.com/watch?v=snqs566G_Zg Concur with pe1chl, raw is not to be trifled with...... mind you I dont yet see the need to use jump either on my small config. (would jump chain be a good candidate for knock rules on the input chain?) A...
by anav
Thu Jul 22, 2021 9:54 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

For the switch this is a decent guide......
https://www.youtube.com/watch?v=Rj9aPoyZOPo
by anav
Thu Jul 22, 2021 7:50 pm
Forum: General
Topic: help.mikrotik.com's advanced firewall
Replies: 3
Views: 623

Re: help.mikrotik.com's advanced firewall

Some thoughts from left field, (not much experience but read a lot) I would go back to the standard default firewall rules as baseline and change a few minor things, basically an accept all and reject what I think is bad, to a concept of block all and allow only the things I need approach. Then add ...
by anav
Thu Jul 22, 2021 7:38 pm
Forum: Beginner Basics
Topic: Routing different networks unstable
Replies: 4
Views: 336

Re: Routing different networks unstable

Hi there, Your setup is very confusing. Which port on the mikrotik is assigned to the WAN connection to your ISP router. In other words you state your ISP router gives you a private IP of 192.168.2.x as a private WANIP and not a public IP. Hence your ISP probably has a modem/router combo putting you...
by anav
Thu Jul 22, 2021 5:35 pm
Forum: General
Topic: Need to hire consultant, online/remote, to create a configuration asap.
Replies: 7
Views: 368

Re: Need to hire consultant, online/remote, to create a configuration asap.

You could try this guy
Perfect, Daryll has experience with routing inter-VLAN for 1000+ users behind 100 PPPoE servers on 100 VLANs so one small group of public IPs should be easy peasy!
by anav
Thu Jul 22, 2021 4:58 pm
Forum: General
Topic: Need to hire consultant, online/remote, to create a configuration asap.
Replies: 7
Views: 368

Re: Need to hire consultant, online/remote, to create a configuration asap.

No worries, but most people (providing advice) dont come here to look for business, tis more of an educational, point you in the right direction approach to help those learn the ROS and how to configure it vice make a polished finished product for payment. If its time sensitive suggest the list, if ...
by anav
Thu Jul 22, 2021 4:54 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1453

Re: CAP AC Reset - How to?

Case in point to add another excellent video in your capsman series to include Bridge/vlans/firewall rules with multiple WLANS ( home, guest, media, iot etc....)
viewtopic.php?f=7&t=176989

Dont make this stuff up it just falls in our laps as a common issue!!!
by anav
Thu Jul 22, 2021 4:48 pm
Forum: Wireless Networking
Topic: WiFi apple problems
Replies: 2
Views: 320

Re: WiFi apple problems

The world refuses to conform to Apple standards LOL........ ( we are owned by Apple or Google LOL, well until amazon decides to take over the internet) Try setting your 5GHz provisioning to the following BAND: 5GHz-n/AC Channel Width: 20/40MHz Ce The other thing to consider would be the dhcp leases ...
by anav
Thu Jul 22, 2021 4:44 pm
Forum: Wireless Networking
Topic: The best simple way for multiSSID (guest) in Capsman
Replies: 3
Views: 276

Re: The best simple way for multiSSID (guest) in Capsman

MKX is bang on (as usual). I use capacs without capsman as setting up bridge/vlans and mutiple WLANS, (home, guest, media, iot) was challenging enough. Each wlan has its own SSID, security profile, and vlan (except for home WLAN because its the same vlan for home wired etc.) This is a video on how t...
by anav
Thu Jul 22, 2021 4:39 pm
Forum: Wireless Networking
Topic: wireless redirection
Replies: 4
Views: 321

Re: wireless redirection

Strange question but okay. If I am in a store and on my iphone want to join a network I go to settings and join. The only time I can be forced anywhere is when I open the browser. So just choosing the wifi network doesnt guarantee anything will be viewed. If you mean when someone opens the browser c...
by anav
Thu Jul 22, 2021 4:28 pm
Forum: Wireless Networking
Topic: CAP AC, HAP AC2, CAPSMAN and channels
Replies: 14
Views: 800

Re: CAP AC, HAP AC2, CAPSMAN and channels

Nice, but I cannot help notice that to achieve success one has to spend time on individual caps. So it would appear that using capsman is less of an efficiency tool than meets the eye. Caveat, I have been too shy/lazy/intimidated to try capsman (and soon no need as replacing capacs with other vendor...
by anav
Thu Jul 22, 2021 3:46 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 788

Re: Can't reach Winbox if Dual WAN in failover mode

Hi Dark Nate, The good thing, is I really dont care about your personal opinions or feelings, the goal here is to help the OP. After reading and talking to some folks it seems that IP filter setting on the mT routers is really not a feature/function designed for the home or soho setting. From what I...
by anav
Thu Jul 22, 2021 3:38 am
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 788

Re: Can't reach Winbox if Dual WAN in failover mode

Jajajaja

There is a sweet spot and then there is being around too long which may indicate a higher propensity for having Alzheimer's. ;-P
by anav
Thu Jul 22, 2021 12:32 am
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 333

Re: Feature Request: Add Port Knocking on MikroTik App and WinBox

Correct in that regard, much rather use an MT app for port knock then some 3rd party stuff.
However, as for the analogy I offer water because the person is an alcoholic. ;-)
by anav
Thu Jul 22, 2021 12:24 am
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 788

Re: Can't reach Winbox if Dual WAN in failover mode

My point is I do not condone connecting to winbox from the outside unless its via VPN or decent quality port knocking setup. Anything else is a. stupid, and b. a security risk and c. will not help someone do it. I open up Winbox to WAN with filter rules accepting only specific src address list, wor...
by anav
Wed Jul 21, 2021 10:08 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 788

Re: Can't reach Winbox if Dual WAN in failover mode

Hi himanshu, using winbox works very well using VPN. For example I have used IKEv2 VPN from my IPhone to establish a secure tunnel to the Router. I then used my MT app on the phone to configure the router which is akin to using winbox, same type of settings etc........ Works well. For example using ...
by anav
Wed Jul 21, 2021 9:00 pm
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 1011

Re: Cannot access router over trunk+switch

Just checked my swos switch and all modes are RTSP (first line checked for RSTP and second line mode) From ROUTER (so main trunk port) RSTP: CHECKED Mode: RTSP Role: Designated Root path cost: Type: edge State: forwarding Rest are a mix of point to point and one edge for Type and forwarding or disca...
by anav
Wed Jul 21, 2021 8:34 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 788

Re: Can't reach Winbox if Dual WAN in failover mode

My point is I do not condone connecting to winbox from the outside unless its via VPN or decent quality port knocking setup. Anything else is a. stupid, and b. a security risk and c. will not help someone do it. I open up Winbox to WAN with filter rules accepting only specific src address list, wor...
by anav
Wed Jul 21, 2021 5:29 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 788

Re: Can't reach Winbox if Dual WAN in failover mode

My point is I do not condone connecting to winbox from the outside unless its via VPN or decent quality port knocking setup.
Anything else is a. stupid, and b. a security risk and c. will not help someone do it.
by anav
Wed Jul 21, 2021 2:12 pm
Forum: General
Topic: Port Forwarding done right?
Replies: 20
Views: 11721

Re: Port Forwarding done right?

THe confusion is attempting to use forward chain rules for NAT details. All that is required in the forward chain is a singe rule that says, I will allow port forwarding packets through the firewall. The work is done in the NAT rules where one delineates the port details, protocol, any translation a...
by anav
Wed Jul 21, 2021 2:09 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 788

Re: Can't reach Winbox if Dual WAN in failover mode

I am confused are you trying to use winbox from within the LAN or externally via the WAN?
by anav
Wed Jul 21, 2021 2:28 am
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 1011

Re: Cannot access router over trunk+switch

Not sure what else can be done...... i dont use preferred source on my route setting but that shouldnt matter.
It should just work!!
by anav
Wed Jul 21, 2021 12:03 am
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1453

Re: CAP AC Reset - How to?

Who is that good looking guy anyway, bears a striking resemblance to a younger looking avatar I see often (needs updating LOL). Should have named it capswoman, lets face it who controls..................... Very nice, I can see this helping many folks starting out!! Save to favourites..... I still w...
by anav
Tue Jul 20, 2021 11:51 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1453

Re: CAP AC Reset - How to?

I will take a look Normis but the evidence on the forums states otherwise...................
by anav
Tue Jul 20, 2021 11:50 pm
Forum: General
Topic: different gateways for voip and http/other
Replies: 1
Views: 227

Re: different gateways for voip and http/other

Yeah that would appear to be a nightmare. Truth be told I would handle this manually. Each desk has a 5 port managed switch and have people change their ethernet cable based on usage. Video switch to ether 5, Non-video ETHER2 (assuming ether1 is used to main router and carries all the vlans). Thus h...
by anav
Tue Jul 20, 2021 11:06 pm
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 1011

Re: Cannot access router over trunk+switch

Okay so If I get this straight, ether1 from the first router is a TRUNK port carrying 10,20.30 and 99 to the first switch. Just for giggles to mirror my Swos settings change SWITCH ONE to the following. VLAN for trunk port (from router and to Swos2) VLAN MODE - ENABLED VLAN RCVE - ANY DEFAULT VLANID...
by anav
Tue Jul 20, 2021 10:33 pm
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 12
Views: 636

Re: Different gateway for two PPPoE server instance

/export hide-sensitive file=anynameyouwish
by anav
Tue Jul 20, 2021 10:28 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

OP, i dont know if you are actually a thinking being or just copying down stuff and hoping for the best, Its time you start understanding the config not just copy & paste incorrectly LOL Here is your input chain .................what is wrong?? /ip firewall filter add action=accept chain=input c...
by anav
Tue Jul 20, 2021 10:18 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

rexentended, the OP uses the MT App sometimes to access the router and thus detect internet is useful I believe......... (they are linked somehow).
by anav
Tue Jul 20, 2021 10:16 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on wAP AC
Replies: 6
Views: 544

Re: Wireguard on wAP AC

Can you confirm what you are actually trying to do?
Draw a network diagram to illustrate.
by anav
Tue Jul 20, 2021 6:40 pm
Forum: General
Topic: Looking for Tunnel Suggestions
Replies: 2
Views: 253

Re: Looking for Tunnel Suggestions

600Mbps encrypted is really good from my 'homeowners' perspective running a wireguard between two 1 Gig connections 15km apart on the same network getting around 300Mbps up and 300Mbps down and your getting double that. Assuming you use internet from ISP1 at the main office and connect to all sites ...
by anav
Tue Jul 20, 2021 6:31 pm
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 1011

Re: Cannot access router over trunk+switch

Okay I will look at this sometime today but your network diagram is basically useless as it doesnt indicate the vlans running through the ports........ I gather that each connecting port between devices is a trunk port carrying a number of vlans?? No indication of access ports anywhere but I see pvi...
by anav
Tue Jul 20, 2021 6:26 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

not going to comment until you fix the order of rules.
you have added more lines that are not correct or at least Ive never seen, such as forward chain dst nat rule which I dont understand..........
by anav
Tue Jul 20, 2021 2:18 am
Forum: Wireless Networking
Topic: Netmetal maximum throughput?
Replies: 7
Views: 534

Re: Netmetal maximum throughput?

Im not speculating on physical limitations.
Unless someone has used the netmetal themselves and can provide antenna used and ranges then you can continue to be in the dark.
Gluck!
by anav
Tue Jul 20, 2021 2:11 am
Forum: General
Topic: WireGuard server behind NAT (MikroTik router)
Replies: 2
Views: 314

Re: WireGuard server behind NAT (MikroTik router)

I have always RP-loose not strict but not sure if that makes a difference here. My Wireguard MT Router behind my Main MT Router is similar to your scenario I guess. The other end is an ISP modem router combo in front of an RB4011 acting as a router and the wireguard client part of the connection ( f...
by anav
Tue Jul 20, 2021 1:43 am
Forum: Beginner Basics
Topic: Remote Access via Winbox
Replies: 7
Views: 490

Re: Remote Access via Winbox

I would not consider SSH to be on the same level as VPN, so I would port knock and then SSH in from there as per the fourth link provided. Not sure if this is accurate enough regarding SSH. but 2. Because SSH operates on an application level, only traffic from your applications gets encrypted. This ...
by anav
Mon Jul 19, 2021 9:52 pm
Forum: General
Topic: How to route game to lte
Replies: 5
Views: 297

Re: How to route game to lte

Is there a question? Dont see the route rule either?
by anav
Mon Jul 19, 2021 9:49 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 744

Re: RouterOS Rule tester?

There are enough tools already to do this work, least of which is putting logging rules before rules to see what packets are hitting the rule in question. As for security holes, plug them for the most part by putting a drop all rule at the end of the forward chain and input chain and thus traffic ge...
by anav
Mon Jul 19, 2021 9:46 pm
Forum: General
Topic: How to connect 2 networks
Replies: 7
Views: 400

Re: How to connect 2 networks

Thanks anav, I need them to communicate two way, so basically all I need to do is add this FW rule? add action=accept chain=forward in-interface=network1 src-address=IPofPC1 out-interface=network2 dst-address=IPofPC2 add action=accept chain=forward in-inteface=network2 src-address=IPofPC2 out-intef...
by anav
Mon Jul 19, 2021 8:46 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

Okay I missed this before....... add action=dst-nat chain=dstnat comment="to see cctv from wireless network" \ dst-port=8000 in-interface=4wireless protocol=tcp to-addresses=\ 192.168.10.254 to-ports=8000 If you want the wifi network to be able to access the CCTV that is a forward firewall...
by anav
Mon Jul 19, 2021 8:35 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

If the youtube rules work for you by all means, I am surprized they do LOL. The problem regarding admin access is that you will need to change the Tools mac winmac server entry for allowed interface from ServicePortOnly to ALL. I recommend you reserve access from ServicePortOnly though.................
by anav
Mon Jul 19, 2021 7:36 pm
Forum: Beginner Basics
Topic: [v6.48 on hap ac^2] Understanding routing-mark
Replies: 5
Views: 533

Re: [v6.48 on hap ac^2] Understanding routing-mark

You added something extra in route rule (get rid of destination bit)
Also get rid of D1 just the source address.
by anav
Mon Jul 19, 2021 7:30 pm
Forum: General
Topic: How to route game to lte
Replies: 5
Views: 297

Re: How to route game to lte

Okay, Lets say your LTE Route currently in place is either created by default or by you and is called LTE Route List ISP1 - PPPOE ISP2 - LTE Then add a third route which copies the existing route and adds a routing mark like below. LTE routing-mark=gameserver Then go to routing rules and add one. De...
by anav
Mon Jul 19, 2021 7:22 pm
Forum: General
Topic: PowerboxPro VLAN switching
Replies: 4
Views: 463

Re: PowerboxPro VLAN switching

Just for my curiosity did you use this kind of setup...............
https://www.youtube.com/watch?v=Rj9aPoyZOPo
by anav
Mon Jul 19, 2021 7:20 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1453

Re: CAP AC Reset - How to?

What I learned about the TP LINK EAP245 makes me hesitating, as they seem to require a cloud or app-based setup or it requires a central control instance. One of the reasons why I after some test setups also refrained from going with Ubiquiti Unifi, who are known for their good APs in the SOHO and ...
by anav
Mon Jul 19, 2021 7:13 pm
Forum: General
Topic: Many dhcp via one port on
Replies: 4
Views: 404

Re: Many dhcp via one port on

Just follow the link provided above it will get you 98% of the way. Once you are done configuring and something isnt working or want to get it checked just post the config /export hide-sensitive file=anynameyouwish PS. Sweet router, if you have an extra one you dont know what to do with send it my w...
by anav
Mon Jul 19, 2021 7:08 pm
Forum: General
Topic: Abuse and Malicious IP List ?
Replies: 1
Views: 254

Re: Abuse and Malicious IP List ?

You can find one here...............
https://itexpertoncall.com/promotional/moab.html#prime
by anav
Mon Jul 19, 2021 7:06 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 907

Re: Dual WAN Failover Script Ping Command [SOLVED]

Okay I will bite, perhaps there is a better way to do what I wish. Here is my dhcp script......... :if ($bound=1) do={ :local iface $interface :local gw [ /ip dhcp-client get [ find interface=$"iface" ] gateway ] /ip route set [ find comment="PrimaryRecursive" gateway!=$gw ] gate...
by anav
Mon Jul 19, 2021 6:57 pm
Forum: General
Topic: How to route game to lte
Replies: 5
Views: 297

Re: How to route game to lte

Do you mean you host a server on that port and wish to have all incoming traffic end up on your game server through the LTE connection. What is the speed of that LTE connection ?? How do you propose stopping getting your game server flooded with bots? Or Do you mean that you want all traffic from a ...
by anav
Mon Jul 19, 2021 6:53 pm
Forum: General
Topic: How to connect 2 networks
Replies: 7
Views: 400

Re: How to connect 2 networks

This is easy peasy via firewall rules. Typically we have a last rule in our firewall forward chain that is a block all else rule. Just before this rule we would make one that basically states. Allow PC1 on network 1 to access PC2 on network 2. What isnt clear to me though is if you want it as a one ...
by anav
Mon Jul 19, 2021 6:45 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

Yes, that is the correct link, but I have to go wash my hands now, as I am an IPHONE user LOL. The bridge removal is fine. When to use bridge, but dont use vlans - when two or more ports are using the same DHCP settings then using the bridge is effective in grouping ports for L2 separation from port...
by anav
Mon Jul 19, 2021 6:41 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 907

Re: Dual WAN Failover Script Ping Command [SOLVED]

No worries, the OP is happy with your solution, albeit the wrong choice, just kidding.
by anav
Mon Jul 19, 2021 6:01 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

Unless you intend on using the MT app with your router, then this setting can be set to NONE. /interface detect-internet set detect-interface-list=all The one thing I would do is remove the bridge as it really serves no purpose here. You have four independent subnets each assigned to a port and thus...
by anav
Mon Jul 19, 2021 5:22 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 907

Re: Dual WAN Failover Script Ping Command [SOLVED]

duplicate post
by anav
Mon Jul 19, 2021 5:21 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 907

Re: Dual WAN Failover Script Ping Command [SOLVED]

Did I miss something? Yes... you run beta 7, the script and route are for 6.46+ version, on beta7 the routing is totally different.... You wrote in beginner basics section ,the question for 7 beta must be go on adequate section... Hi rextended, my ccr1009 is on version 6 LOL. The RB450Gx4 behind my...
by anav
Mon Jul 19, 2021 5:18 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 907

Re: Dual WAN Failover Script Ping Command [SOLVED]

I thought it was self-explanatory LOL. The point was read the link and then be relieved that the example provided is so simple in comparison to the Russian complex methods LOL. Note1: Checkgateway ping has the effect of telling the router to keep checking the connection every 10 seconds or so. If th...
by anav
Mon Jul 19, 2021 5:03 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 907

Re: Dual WAN Failover Script Ping Command [SOLVED]

Sorry the other fella will have to help you there, I only use scripts in DHCP client when necessary. Which is mainly to fetch a new gateway IP to stick in routes rules, when my ISP changes my IP address and or power outage or reboot etc................. Its much easier for me to do routing in the ro...
by anav
Mon Jul 19, 2021 4:50 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 907

Re: Dual WAN Failover Script Ping Command [SOLVED]

As rextended stated, look up recursive routing in search!! https://forum.mikrotik.com/viewtopic.php?f=23&t=157048 is a long winded thread on the topic. Basically one wants to use existing DNS servers to verify not only if the connection to the ISP server is good but that the connection from the ...
by anav
Mon Jul 19, 2021 4:44 pm
Forum: Beginner Basics
Topic: Remote Access via Winbox
Replies: 7
Views: 490

Re: Remote Access via Winbox

Yes, I have done it a. with IKEV2 VPN b. wireguard vpn The only other way one would want to do it, not as secure as proper VPN, is port knocking. https://mum.mikrotik.com/presentations/US10/discher.pdf https://mum.mikrotik.com/presentations/ ... tknock.pdf https://systemzone.net/securing-mikroti ......
by anav
Mon Jul 19, 2021 2:27 am
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

But the CCR1009 does so you should use the link provided for that device.
by anav
Mon Jul 19, 2021 2:26 am
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 907

Re: Dual WAN Failover Script Ping Command [SOLVED]

Your problem is you have no clue of the requirement and stuck in another routers method.

Define in terms of functionality without discussing config.
It simply sounds like you want the router to check if the WANS are up or not for example.
by anav
Mon Jul 19, 2021 2:21 am
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

You have no firewall rules so if there isnt any other device inbetween this hex should not be connected to the internet. Also not sure why you have a bridge as its only used for one etherport?? What is the purpose of your bridge?? Interface list is made from the winbox interface List settings, You h...
by anav
Sun Jul 18, 2021 3:53 pm
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 1011

Re: Cannot access router over trunk+switch

Clear Network diagram might help and no clue why you have two routers and where is the internet. Also get rid of capsman until you have a working config. Also read this article.... https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 Note, you should realize what the settings that you are usin...
by anav
Sun Jul 18, 2021 3:51 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135960

Re: Using RouterOS to VLAN your network

Interface VLAN simply replaces Interface LAN, he could have kept it at LAN which is usually used to describe all subnets behind the router. I have used VLAN and LAN separately to separate subnets out on a config, similiary I have used VLANW1 and VLANW0 to distinguish subnets with internet access and...
by anav
Sun Jul 18, 2021 3:39 pm
Forum: General
Topic: Port trunking problems [SOLVED]
Replies: 3
Views: 364

Re: Port trunking problems [SOLVED]

The moment you said openwrt, I realized you were not talking about MT switch to MT AP but MT switch to 3rdparty Equipment. It sounds like you have correctly passed both vlans 100 and 300 to the openwrt device as trunk port and the problem is your AP is a. not able to deal with it OR b. expects a hyb...
by anav
Sun Jul 18, 2021 3:36 pm
Forum: Beginner Basics
Topic: RouterOS do not drop unknown vlans?
Replies: 5
Views: 513

Re: RouterOS do not drop unknown vlans?

Setting ingress filtering on individual bridge ports basically is = to stating if the vlan is not defined on this port then discard it from this port
Settng ingress filtering on the bridge itself = to stating if the vlan is not defined anywhere on the bridge then discard it from any port
by anav
Sat Jul 17, 2021 10:03 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1155

Re: stopping login attempt to user admin [SOLVED]

Post your config
/export hide-sensitive file=anynameyouwish if you want the config reviewed for security practices................
by anav
Sat Jul 17, 2021 5:59 pm
Forum: Beginner Basics
Topic: How to make Port knocking working on vpn/pptp connection ?
Replies: 21
Views: 2662

Re: How to make Port knocking working on vpn/pptp connection ?

Add a hex to your network as a second router but only to use with Beta firmware and wireguard.
Done, it two shakes of a lambs tale, secure method to access the HEX and the main router via your smartphone MT app.
by anav
Sat Jul 17, 2021 3:29 am
Forum: Beginner Basics
Topic: manage config with subversion
Replies: 8
Views: 488

Re: manage config with subversion

Yeah, thats Beginner Basics for sure! ;-PP
by anav
Fri Jul 16, 2021 7:07 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 85
Views: 65605

Re: New User Manager in RouterOS v7

Luv it!
by anav
Fri Jul 16, 2021 5:54 pm
Forum: Wireless Networking
Topic: Purpose of using Bridge for CAP
Replies: 3
Views: 395

Re: Purpose of using Bridge for CAP

I use capac without capsman, far easier to configure and works well. I use ether1 as the incoming trunk port for my vlans ( guest wifi, home wifi, iot, wifi and media wifi). Works great (note the capac gets an IP address on the home/trusted LAN since I dont use a management vlan) I also setup eth2 a...
by anav
Fri Jul 16, 2021 5:51 pm
Forum: Wireless Networking
Topic: Netmetal maximum throughput?
Replies: 7
Views: 534

Re: Netmetal maximum throughput?

There is one netmetal the triple model (5HSP) which should yield in the 430-450 range and extra would be bonus. However that unit does not appear to have antennas and one would have to add them?? So the answer may be dependent upon the antennas purchased?? Not having any experience with these units ...
by anav
Fri Jul 16, 2021 5:36 pm
Forum: General
Topic: CAPS Man & different WIFI channel config
Replies: 22
Views: 1053

Re: CAPS Man & different WIFI channel config

With my 5Ghz capacs, I use the following settings. 5GHz-N/AC 20/40MHz Ce Explanation of Channels in 5Ghz. The full 5 GHz range spans frequencies from 5.15 GHz to 5.85 GHz. 5GHz wireless communication takes place over a large spectrum with a number of non-overlapping channels of sizable bandwidth. Th...
by anav
Fri Jul 16, 2021 5:29 pm
Forum: Beginner Basics
Topic: multipe network
Replies: 1
Views: 338

Re: multipe network

Network diagram would help as the description you gave doesnt state what kind of WAn, how many wans, type or make of router etc..............
by anav
Fri Jul 16, 2021 5:24 pm
Forum: Beginner Basics
Topic: manage config with subversion
Replies: 8
Views: 488

Re: manage config with subversion

It is not clear what your problem is??
by anav
Fri Jul 16, 2021 5:23 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 85
Views: 65605

Re: New User Manager in RouterOS v7

Wow hard to believe BPWL that MT is too cheap to send you samples of new MT equipment to test for WIFI. You are truly an outstanding contributor to these forums!
by anav
Fri Jul 16, 2021 5:17 pm
Forum: Beginner Basics
Topic: Remote Access via Winbox
Replies: 7
Views: 490

Re: Remote Access via Winbox

Not a safe or advised practice. It would be like giving all your bank information to hackers and letting them play with password crackers to eventually get into your system. The way to access your router remotely via winbox is to a. preferably use IPSEC VPN or IKEv2 VPN b. from a PC or your smart ph...
by anav
Fri Jul 16, 2021 5:03 pm
Forum: General
Topic: Many dhcp via one port on
Replies: 4
Views: 404

Re: Many dhcp via one port on

Just to be clear the switch will be responsible for all DHCP or a router............
If you get a switch to do routing functions then only a few switches are capable of doing both.
by anav
Thu Jul 15, 2021 11:11 pm
Forum: Beginner Basics
Topic: Help checking Firewall
Replies: 5
Views: 689

Re: Help checking Firewall

I am a minimalist. I consider most of what you have bloated crap and not necessary except for rare cases. KISS principle This is all you need. from your list with some modifications. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" c...
by anav
Thu Jul 15, 2021 8:34 pm
Forum: Beginner Basics
Topic: RB1100AH - Blocked ports [SOLVED]
Replies: 5
Views: 589

Re: RB1100AH - Blocked ports [SOLVED]

Better security can be afforded by a better understanding. (1) Therefore, via winbox, go to IP Menu Item and select IP SERVICES. Here you can disable all the services the router provides users or access to the router for api, api-ssi, ftp,ssh,telnet,www, www-ssl. THE ONLY ONE YOU SHOULD KEEP ACTIVE ...
by anav
Wed Jul 14, 2021 9:57 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 58
Views: 94694

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

I guess Latvian women are state of art hardware running complex code and Latvian men like to deal with them ;-) They have women in Latvia?, I thought they did it all through test tubes............................... ( brings up a curious question of how many women actually work in MT, is it a pater...
by anav
Wed Jul 14, 2021 6:53 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 824

Re: Firewall drop all !LAN is not the same as drop all WAN

Pelchi I see your point but once you understand how FW rules work, the interface list usage is quite versatile and I encourage its use not discourage it.
by anav
Wed Jul 14, 2021 6:51 pm
Forum: Beginner Basics
Topic: Problem to see source address - port forward
Replies: 3
Views: 277

Re: Problem to see source address - port forward

Sourcenat is a funny being. The typical source nat rule is add action=masquerade chain=srcnat comment="SCR_NAT FOR LAN USERS" \ ipsec-policy=out,none out-interface-list=WAN Which basically applies WANIP to all outgoing traffic from the LAN I have two WAN interfaces and chose to handle each...
by anav
Wed Jul 14, 2021 6:38 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 58
Views: 94694

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

Latvians prefer only dealing with code and hardware, they are not social animals..........
I am still wondering how they procreate virtually.........
by anav
Wed Jul 14, 2021 2:38 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 824

Re: Firewall drop all !LAN is not the same as drop all WAN

The key is to go from an allow all concept for both chains (and thus have to know what to block and thus do it with weird commands) to a concept of block all and thus ensure you allow needed traffic. Much clearer and simpler.
by anav
Wed Jul 14, 2021 2:36 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 26
Views: 1350

Re: VLANS & Management VLAN

Suggest you read through this link and revise your setup. Not much is done correctly

viewtopic.php?f=23&t=143620
by anav
Tue Jul 13, 2021 6:00 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 824

Re: Firewall drop all !LAN is not the same as drop all WAN

The default setup is ONLY for the basic home user that doesnt yet have a clue about MT configs. Its set up that the basic user simply needs to plug ether1 into the ISP modem and connect on ether2 for example. The firewall rules are setup such that only lan users can access the router for security re...
by anav
Tue Jul 13, 2021 5:52 pm
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 991

Re: Block internet from all but one user

Configuring firewall rules without seeing the complete config is a waste of my time........later.
by anav
Mon Jul 12, 2021 11:44 pm
Forum: Beginner Basics
Topic: IP cam reverse NAT
Replies: 8
Views: 394

Re: IP cam reverse NAT

Yes draw a diagram I got lost after the second sentence.
by anav
Mon Jul 12, 2021 11:41 pm
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 991

Re: Block internet from all but one user

Before you monkey with (leapord with) just fw rules, its best to see the entire config as many items have relationships.
/export hide-sensitive file=anynameyouwish.
by anav
Mon Jul 12, 2021 4:46 pm
Forum: General
Topic: Find hostname between vlan
Replies: 12
Views: 669

Re: Find hostname between vlan

<------ what he said, more succinctly than I did :-)
by anav
Mon Jul 12, 2021 4:42 pm
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 991

Re: Block internet from all but one user

Opinions are free and the OP can discard or utilize whatever information/advice is provided. I respect your willingness to go to the ends of the earth regarding technical advice and to remain neutral and avoid the non-technical - ( aka you have better self-control than myself :-) )
by anav
Mon Jul 12, 2021 4:38 pm
Forum: General
Topic: PCQ on VLANS
Replies: 2
Views: 335

Re: PCQ on VLANS

by anav
Mon Jul 12, 2021 2:32 pm
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 991

Re: Block internet from all but one user

rextended is right in that MT is not a parent and should not be a substitute for parenting. Kid control =lazy parenting. The op for a self-admitted adult addiction needs counselling and the kids need discipline. :-) As noted, these are personal items brought up by the OP and the responses are out of...
by anav
Sun Jul 11, 2021 4:05 pm
Forum: General
Topic: ASK[CAPsMAN]
Replies: 13
Views: 772

Re: ASK[CAPsMAN]

You mean how you can automate the creation of the interface names? Exactly, I wouldnt bother assisting such an obtuse fellow probably doing something illegal because he refuses to provide the clear requirements (use cases what users should or should not be able to do and without any mention of conf...
by anav
Sun Jul 11, 2021 3:59 pm
Forum: Beginner Basics
Topic: [v6.48 on hap ac^2] Understanding routing-mark
Replies: 5
Views: 533

Re: [v6.48 on hap ac^2] Understanding routing-mark

Not sure if it will work in your case but in general sometimes routing can be done without mangling!! a. create all required routes on the main table. standard route for internet route for tv1 route for tv2 route for tv3 Now if you need special control of which subnets use the routes (and quite fran...
by anav
Sun Jul 11, 2021 3:51 pm
Forum: Beginner Basics
Topic: Route lan and wlan traffic on Router/Modem to Routerboard and back to WAN
Replies: 11
Views: 615

Re: Route lan and wlan traffic on Router/Modem to Routerboard and back to WAN

Not many SOHO routers can be configured the way you are describing ... MT is a rare exception because even entry-level routers run full-featured ROS (which means that it comes with associated configuration complexity which puzzles most newbies). Which means that most probably D-link doesn't allow t...
by anav
Sat Jul 10, 2021 11:33 pm
Forum: General
Topic: Ask help for iOS app "Mikrotik" about *import devices*
Replies: 6
Views: 443

Re: Ask help for iOS app "Mikrotik" about *import devices*

That is the correct path, MT has to enable efficient management of multiple devices on the APP.
by anav
Sat Jul 10, 2021 7:43 pm
Forum: Beginner Basics
Topic: Route lan and wlan traffic on Router/Modem to Routerboard and back to WAN
Replies: 11
Views: 615

Re: Route lan and wlan traffic on Router/Modem to Routerboard and back to WAN

Yes, sure, dont have a clue about the USB question. As to the reply, let me quote you "I was wondering if I could create static routes for all the ethernet and wlan traffic on the DSL-2888 " Cannot help you there as I stated this is not a D-link forum, in terms of the MT device you can app...
by anav
Sat Jul 10, 2021 7:37 pm
Forum: General
Topic: Help MT constantly sending request to Google
Replies: 22
Views: 874

Re: Help MT constantly sending request to Google

In terms of the firewall the changes to the default recommended, after you have it working of course. Is to change both input and forward chains from allow all and magically know which things one should block, TO allow nothing except what the admin specifically allows. Better security approach. With...
by anav
Sat Jul 10, 2021 7:21 pm
Forum: General
Topic: Help MT constantly sending request to Google
Replies: 22
Views: 874

Re: Help MT constantly sending request to Google

(1)So all the ethernet ports on the router go to PCs? (2) why is your IP pool so small?? (3) ether1 doesnt show on your /interface ethernet list?? (4) Assuming you have two wan connections? on etherports 12 & 13? (5) YOu are missing two important items. a. /interface list b. /interface list memb...
by anav
Sat Jul 10, 2021 5:50 pm
Forum: General
Topic: Find hostname between vlan
Replies: 12
Views: 669

Re: Find hostname between vlan

Concur but I like to see the whole config as it shows where the OPs lack of knowledge is located and any obvious errors etc. Also drop the idea of using capsman as that is an added layer of complexity for an advanced user and not just doing your first major config. Once you have mastered the basic c...
by anav
Sat Jul 10, 2021 5:47 pm
Forum: General
Topic: Help MT constantly sending request to Google
Replies: 22
Views: 874

Re: Help MT constantly sending request to Google

/export hide-sensitive file=anynameyouwish

plus provide a network diagram.
by anav
Sat Jul 10, 2021 5:45 pm
Forum: Beginner Basics
Topic: Parsec Port Forwarding
Replies: 4
Views: 403

Re: Parsec Port Forwarding

Not my issue,
Need two things.
config of OP and port requiring forwarding and to which IP address.

That will work, whether or not the program will work as intended with Ops setup is not my concern.
by anav
Sat Jul 10, 2021 4:06 pm
Forum: General
Topic: Find hostname between vlan
Replies: 12
Views: 669

Re: Find hostname between vlan

Use this to configure.
viewtopic.php?f=23&t=143620
by anav
Sat Jul 10, 2021 3:58 pm
Forum: Beginner Basics
Topic: Parsec Port Forwarding
Replies: 4
Views: 403

Re: Parsec Port Forwarding

What is parsec? Describe it
by anav
Sat Jul 10, 2021 3:56 pm
Forum: Beginner Basics
Topic: RB750GR3 support this kind of connection ?
Replies: 3
Views: 496

Re: RB750GR3 support this kind of connection ?

As long as you use all wifi routers ONLY as accesspoint/switches, the Hex can provide DHCP services for all users. As noted, its important to know if the wifi devices are vlan capable otherwise there is no way to use them for more than one subnet and one SSID, unless each is attached to a different ...
by anav
Sat Jul 10, 2021 3:52 pm
Forum: Beginner Basics
Topic: Initial setup, ping works, but clients can not reach Internet
Replies: 5
Views: 432

Re: Initial setup, ping works, but clients can not reach Internet

Assuming you are using vlans, The best guide for this at least for the router part of the setup you should use...... https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 Default rules you should have...... /ip firewall filter add action=accept chain=input comment="defconf: accept establis...
by anav
Sat Jul 10, 2021 4:06 am
Forum: General
Topic: Port Forwarding of a Moxa NPort 5150A Not Working
Replies: 17
Views: 715

Re: Port Forwarding of a Moxa NPort 5150A Not Working

Cannot make heads or tails on your WAN side, it seems you have 1-5 and 10 associated with a WAN bridge (for what reason is not clear) and then etth10 is a wan but not on the bridge....... all VERY confusing. Then you make both the bridge and eth10 as wan clients......????????? Finally your input rul...
by anav
Sat Jul 10, 2021 3:20 am
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 46
Views: 3828

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

Okay a diagram to detail what is connected to each port on the RB4011 and
a. what vlans are running through the ports.
b. where do you expect bridge traffic that has its own dhcp and pool etc to go and why? who and what is the bridge serving........??
by anav
Sat Jul 10, 2021 3:12 am
Forum: General
Topic: Port Forwarding of a Moxa NPort 5150A Not Working
Replies: 17
Views: 715

Re: Port Forwarding of a Moxa NPort 5150A Not Working

Without seeing the complete config, hard to help.
What is the purpose of the source address list (external allowed) public IPs?
by anav
Sat Jul 10, 2021 3:10 am
Forum: Beginner Basics
Topic: Simple wAP ac setup - beginners help [SOLVED]
Replies: 13
Views: 839

Re: Simple wAP ac setup - beginners help [SOLVED]

Yup doing well. If you manage decent stability as well then you should be happy.
by anav
Fri Jul 09, 2021 10:50 pm
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 46
Views: 3828

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

(1) what is the relationship between the interface ovpn-cybuzz and VLAN10? (2) Still waiting for network diagram ;-) otherwise your bridge port settings or lack of any detail on them is confusing. (3) Interface list members seems incomplete and why are some disabled? For example, all your VLANs shou...
by anav
Fri Jul 09, 2021 10:30 pm
Forum: General
Topic: Strange issue with port forwarding even if traffic seems on counters
Replies: 9
Views: 522

Re: Strange issue with port forwarding even if traffic seems on counters

(1) In terms of forward firewall chain you only need one rule. Get rid of the other rule you made. keep this one! add action=accept chain=forward comment="Allow Port Forwarding" \ connection-nat-state=dstnat connection-state=new in-interface-list=WAN ** ensure that ppoe-out3 is listed on y...
by anav
Fri Jul 09, 2021 7:38 pm
Forum: Beginner Basics
Topic: Simple wAP ac setup - beginners help [SOLVED]
Replies: 13
Views: 839

Re: Simple wAP ac setup - beginners help [SOLVED]

Frozsu, no one gets 1300Mbps wireless, what planet are you on?? Also, can you read? What wireless specification???????? RBwAPG-5HacD2HnD - specifications state 1200 speed (867+300=1167 rounded up). You have also been fooled by marketing speak. First all companies state the total up and down theoreti...
by anav
Fri Jul 09, 2021 7:27 pm
Forum: RouterOS v7 BETA
Topic: L3HW User Manual Updated
Replies: 16
Views: 1911

Re: L3HW User Manual Updated

Just to be clear this aberration, anomaly is only for a very specific or rare scenario because its seem counter intuitive to what we have been exposed to up to this point in time. In other words, can you better describe the use case/requirement that would lead to such a bizarre setup and is this lim...
by anav
Thu Jul 08, 2021 10:49 pm
Forum: Wireless Networking
Topic: Dual radio, same ssid , preferred 5GHz band
Replies: 17
Views: 1507

Re: Dual radio, same ssid , preferred 5GHz band

or Fortran ;-)
by anav
Thu Jul 08, 2021 10:47 pm
Forum: General
Topic: Policy based routing using two uplinks
Replies: 11
Views: 18336

Re: Policy based routing using two uplinks

Mangle is very powerful but also a nightmare to config for many.
Keep in mind you can also identify or target PC by the entire subnet if required 192.168.0.0/24 for example.
Also one can use an interface as the input source be it an etherport, wlan, vlan or any interface created.
by anav
Thu Jul 08, 2021 10:42 pm
Forum: Beginner Basics
Topic: How do I start troubleshooting an "I - invalid" configuration?
Replies: 8
Views: 594

Re: How do I start troubleshooting an "I - invalid" configuration?

Are those YouTube links examples of credible sources or bad sources?
Better than most LOL.
There isnt enough space to list all the bad ones ...............
by anav
Thu Jul 08, 2021 10:37 pm
Forum: RouterOS v7 BETA
Topic: MT Router as Wireguard Client & Benchmarks
Replies: 10
Views: 3985

Re: MT Router as Wireguard Client & Benchmarks

When the MTU was set to 1420 on both Wireguard interfaces (the MTU setting on the Wireguard MENU), the client computer started an application that brings up a program that allows access to websites etc, but first takes the user to a verification website. The process was not completed so we started m...
by anav
Thu Jul 08, 2021 6:00 pm
Forum: Beginner Basics
Topic: One VLAN not working in a sub-switch
Replies: 10
Views: 793

Re: One VLAN not working in a sub-switch

The only note to the linked article is that a Management VLAN is not totally necessary if you trust your HOME VLAN for the most part. One still uses a BASE or MNGT interface listing to separate the trusted LAN from the rest of the VLANs on the LAN interface. Further in input chain rules one can limi...
by anav
Thu Jul 08, 2021 3:35 pm
Forum: General
Topic: Policy based routing using two uplinks
Replies: 11
Views: 18336

Re: Policy based routing using two uplinks

Actually the response to the original OP has an alternative solution that is simpler and does not involve mangling and thus one doesnt lose fastrack etc.... 0.0.0.0/0 gateway of ISP1 check-gateway=ping distance=5 0.0.0.0/0 gateway of ISP2 distance=10 So the two routes, ISP1 will always be chosen in ...
by anav
Thu Jul 08, 2021 3:22 pm
Forum: Beginner Basics
Topic: Standlone(no switch attached) RB4011 VLAN config help [SOLVED]
Replies: 2
Views: 496

Re: Standlone(no switch attached) RB4011 VLAN config help [SOLVED]

(1) First read this reference https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 (2) Provide a network diagram showing (3) State a complete set of requirements in terms of what you want users/devices to be able to do or NOT do, without any mention of config or solutions. Do you have both ipv...
by anav
Thu Jul 08, 2021 2:49 pm
Forum: Beginner Basics
Topic: One VLAN not working in a sub-switch
Replies: 10
Views: 793

Re: One VLAN not working in a sub-switch

I would not use capsman at first and get the config cleanly setup without it.
If happy no need to add it. If you think you still need it then modify.
Use the link reference provided.
by anav
Thu Jul 08, 2021 2:43 pm
Forum: Beginner Basics
Topic: How do I start troubleshooting an "I - invalid" configuration?
Replies: 8
Views: 594

Re: How do I start troubleshooting an "I - invalid" configuration?

https://help.mikrotik.com/docs/display/ROS/Getting+started is a starting point but there are things stated that I dont particularly advise but its overall pretty good. ROS = stick with defaults for beginner ROS= dont experiment if you dont have a clue ROS= use safe mode to make changes ROS= get some...
by anav
Wed Jul 07, 2021 10:14 pm
Forum: RouterOS v7 BETA
Topic: MT Router as Wireguard Client & Benchmarks
Replies: 10
Views: 3985

Re: MT Router as Wireguard Client & Benchmarks

With two MT routers (one as client the other as server) one behind another MT and the other behind an ISP modem/router (both on same gig fiber network approx 15km apart) getting 300Mbps up and down. Very stable, had to play with MTU go enable some specific internet sites. Mangling is not required to...
by anav
Wed Jul 07, 2021 6:41 pm
Forum: General
Topic: DHCP server Over VLAN and making two ports as access and trunk
Replies: 3
Views: 321

Re: DHCP server Over VLAN and making two ports as access and trunk

slightly confused config...... but
Does your ISP provider give you a pppoe connection on the specific vlan 127?
BUT I see ether1 is your wan,
What I dont understand clearly is your ether2??
by anav
Wed Jul 07, 2021 6:38 pm
Forum: Beginner Basics
Topic: One VLAN not working in a sub-switch
Replies: 10
Views: 793

Re: One VLAN not working in a sub-switch

I cannot help with main router or caps for anything capsman related, dont use it, dont need, causes nothing but headaches for people. I like simple life.
For example you only need one bridge...........
by anav
Wed Jul 07, 2021 6:34 pm
Forum: Beginner Basics
Topic: AC2 VLANs - no DHCP address
Replies: 5
Views: 432

Re: AC2 VLANs - no DHCP address

As for the vlan settings......... just remove the vlan 99 entry I dont see any bridge vlan filtering settings, however they will all be dynamically created but erlinden may be onto something here so see the modifications........... /interface bridge port add bridge=BR1 frame-types=admit-only-untagge...
by anav
Wed Jul 07, 2021 6:28 pm
Forum: Beginner Basics
Topic: AC2 VLANs - no DHCP address
Replies: 5
Views: 432

Re: AC2 VLANs - no DHCP address

Where is V99 elsewhere in your configuration? In this case since you don't have a separate management vlan where for example the admins computer would reside, then simply drop the vlan99 WLAN altogether. NOT NEEDED. Simply use you existing trusted home vlan as the management interface. What do I mea...
by anav
Wed Jul 07, 2021 12:38 am
Forum: Beginner Basics
Topic: Two gateways...How to?
Replies: 3
Views: 391

Re: Two gateways...How to?

Routes where?? (which devices)?
by anav
Tue Jul 06, 2021 9:55 pm
Forum: Wireless Networking
Topic: WPA3 in September?
Replies: 8
Views: 877

Re: WPA3 in September?

What MT device do you have??
by anav
Tue Jul 06, 2021 4:31 pm
Forum: General
Topic: Public IP not access from local ip
Replies: 6
Views: 365

Re: Public IP not access from local ip

So you have this configuration. Your House: Combined ISP Modem/Router Device [ ( ISP MODEM SIDE -----> PUBLIC IP (only your house gets this)-------> ISP ROUTER-SIDE------>STATIC PRIVATE IP ] then by ethernet cable to your MT router. So the question becomes, can you configure at all the ISP Router po...
by anav
Tue Jul 06, 2021 4:18 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1453

Re: CAP AC Reset - How to?

if you feel inclined to purchase check out the TP LINK EAP245, cheap prices these days and it handles vlan tags etc. Does everything the Capac does with better and more stable wifi throughput. On the downside its not a winbox config which I am rather fond of now. The reset is straightforward and you...
by anav
Tue Jul 06, 2021 4:15 pm
Forum: General
Topic: Setup Mikrotik router this Security Defense than Juniper Router??
Replies: 7
Views: 698

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Assuming you want to replace an edge router for a large business?
My recommendation is to keep the juniper and use the MT for the internal router.
by anav
Tue Jul 06, 2021 4:14 pm
Forum: General
Topic: Public IP not access from local ip
Replies: 6
Views: 365

Re: Public IP not access from local ip

I have no idea what you are asking? Did you want to setup a server on your network?? The direction is port forward from WAN to LAN, not the other way round as well. Finally your ISP has not given you a public IP it has given you a private IP. YOu can find the public IP by using IP cloud and enabling...
by anav
Tue Jul 06, 2021 4:10 pm
Forum: Beginner Basics
Topic: Two gateways...How to?
Replies: 3
Views: 391

Re: Two gateways...How to?

Configured as switches I dont believe MT devices can do what you want.
YOu need the Main Routers to be MT, or the switches configured as Router & Switch and in this case you will have a double NAT scenario to work through as well.
If so, I have done so with wireguard on the beta firmware.
by anav
Tue Jul 06, 2021 4:06 pm
Forum: Beginner Basics
Topic: One VLAN not working in a sub-switch
Replies: 10
Views: 793

Re: One VLAN not working in a sub-switch

I run both capacs, hexes and 260s behind my MT router without issue.
This is the best reference to use. viewtopic.php?f=23&t=143620

In the meantime please post your config
/export hide-sensitive file=anynameyouwish
by anav
Tue Jul 06, 2021 4:02 pm
Forum: Beginner Basics
Topic: hostname to ip:port
Replies: 3
Views: 406

Re: hostname to ip:port

This is easily accomplished using dstnat. (your basic forwarding using the dst nat chain in ip filter firewall rules). Assuming your users will be accessing your server via the domain name. hello.website.com:XXXXX Where XXXXX is the port number you want them to reach your router with. Basically you ...
by anav
Mon Jul 05, 2021 9:26 pm
Forum: Wireless Networking
Topic: Single router wifi coverage ac2 vs ac3 vs Audience
Replies: 5
Views: 963

Re: Single router wifi coverage ac2 vs ac3 vs Audience

Anyone that says a single consumer AP is adequate for a multilevel HOME is on serious hallucinogens!
By that I mean to differentiate as the OP seems to want a single consumer WIFI router to be cover off a multi-story home.
At least with an AP, the likelihood of optimal placement is higher.
by anav
Mon Jul 05, 2021 9:23 pm
Forum: Beginner Basics
Topic: i'm new user
Replies: 4
Views: 485

Re: i'm new user

Welcome to the forums, sorry this is mostly English and not aware of any Hindu like forums.
Use google translate which should suffice as config is config, aka Mikrotik Language.
by anav
Mon Jul 05, 2021 9:22 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 731

Re: Basic configuration - non MT Wifi AP

From my last year post (08 Jun 2020, 17:00) https://forum.mikrotik.com/viewtopic.php?f=3&t=128762&p=798899#p798899 and first post this year (19 Apr 2021, 09:47) https://forum.mikrotik.com/viewtopic.php?f=21&t=174403&p=853769#p853769 they have just passed near 11 months Yes, but I al...
by anav
Mon Jul 05, 2021 9:13 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 731

Re: Basic configuration - non MT Wifi AP

No, that is the point, a regular poster and crickets since then. :-((
Can I imagine rextended not to get in my face on a daily basis, heck no, imagine a week, or month, 5 months is un-imaginable!!
by anav
Mon Jul 05, 2021 9:08 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1453

Re: CAP AC Reset - How to?

I can fix your problem for $69 :-) Reset button is depressed prior to applying the power chord and kept depressed until the lights blink or not. It can be tricky and obviously MT didnt think about people with only one arm/hand............ not that user friendly (unless one is an arachnid or octopus)
by anav
Mon Jul 05, 2021 9:02 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 731

Re: Basic configuration - non MT Wifi AP

Yes I noted that after reading your post, but one can get caught by making such assumptions.
Reasonable guess though!
For example take my signa, I have not heard or seen Sob for a long time and am worried a tad and
would feel like bad karma to remove the name. :-(
by anav
Mon Jul 05, 2021 9:01 pm
Forum: Beginner Basics
Topic: AP config with guest network to existing VLAN
Replies: 5
Views: 402

Re: AP config with guest network to existing VLAN

There is your mistake, not using MT as your router LOL.

My advice is then not to bother with capsman and further just ensure the capac IP address is on the LAN that is trusted.
This article has a section dealing with just Access Point setup.
viewtopic.php?f=23&t=143620
by anav
Mon Jul 05, 2021 8:59 pm
Forum: Beginner Basics
Topic: Can't SSH into Mikrotik network
Replies: 6
Views: 540

Re: Can't SSH into Mikrotik network

Hi Tangent, My thinking was that route on the primary router was not necessary because the Traffic was coming from the same LAN subnet. If I enter in an IP to get to, that is on the same subnet, I shouldnt need a route. The problem here is that the LANIP I am reaching is actually the WANIP of the se...
by anav
Mon Jul 05, 2021 8:56 pm
Forum: Beginner Basics
Topic: Home LAN/WiFi/Guest WiFi/IoT devices advice needed
Replies: 13
Views: 848

Re: Home LAN/WiFi/Guest WiFi/IoT devices advice needed

From a bit of reading, you need to turn network Off, which means it becomes a switch and DHCP client I believe the setting selection is (Off) Bridge Mode. Then you can use all ports as switch ports. Not sure about wireless settings nor if the time capsule is capable of reading vlan tags........... N...
by anav
Mon Jul 05, 2021 8:22 pm
Forum: RouterOS v7 BETA
Topic: [Feature Request] Limit the possibility of upgrading a device with the image for the wrong architecture
Replies: 3
Views: 529

Re: [Feature Request] Limit the possibility of upgrading a device with the image for the wrong architecture

Robustness, the ability to be sent wrong data and not crash. The bane of lazy programmers and testers, or on a really tight budget.
Pretty fundamental in production environments so dont think this would be a problem for MT OS, as noted by others.
Beta not being production may be a different story.
by anav
Mon Jul 05, 2021 8:19 pm
Forum: RouterOS v7 BETA
Topic: Wireguard and Mullvad VPN
Replies: 11
Views: 3228

Re: Wireguard and Mullvad VPN

Assuming wireguard is already a layer 3 activity then Concur, dont see the need to add vrf??
  • 1
  • 2
  • 3
  • 4
  • 5
  • 26