Community discussions

MikroTik App

Search found 7709 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 26
by anav
Sat Jul 24, 2021 10:22 pm
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 9
Views: 1039

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

I love how the article labels the RoS version 6 kernel as ANCIENT :-))
by anav
Sat Jul 24, 2021 10:19 pm
Forum: Beginner Basics
Topic: Allow WAN IP to LAN Client within LAN
Replies: 8
Views: 142

Re: Allow WAN IP to LAN Client within LAN

Like I said, I dont understand the need for proxies............. or more fundamentally the requirements that you have for your users or devices.
For example why cannot they go out from their PC directly to the internet??
by anav
Sat Jul 24, 2021 10:15 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 226

Re: Which FW rule permits 'services'

A rule without context is not much help. Questions - "Which FW rule permits 'services'" and "Could someone explain to me where is the corresponding INPUT rule for the 'services' to be accepted by the firewall?" Answer - "/ip firewall filter add action=drop chain=input comme...
by anav
Sat Jul 24, 2021 10:01 pm
Forum: Beginner Basics
Topic: Allow WAN IP to LAN Client within LAN
Replies: 8
Views: 142

Re: Allow WAN IP to LAN Client within LAN

I would love to help but have no idea what a proxy is, what it looks like, its purpose, how it attaches to a router or switch or a pc etc..........
by anav
Sat Jul 24, 2021 5:57 pm
Forum: General
Topic: Master's thesis problem?
Replies: 4
Views: 147

Re: Master's thesis problem?

Concur, you probably want to hit IDP and other security technologies or how Barricuda systems prevent spam email.................
by anav
Sat Jul 24, 2021 5:55 pm
Forum: General
Topic: Hosting a Server on Dynamic home IP
Replies: 2
Views: 75

Re: Hosting a Server on Dynamic home IP

Hi there,
I also use the IP CLOUD its very useful in this regard.
Since it a long ass winded name to remember and not nice to give others I also use a free dyndns provider that links to my IP Cloud name.
That way others using whatever server have a friendly url to remember or type in.
by anav
Sat Jul 24, 2021 5:52 pm
Forum: General
Topic: iPhone not resolving static dns entries
Replies: 9
Views: 355

Re: iPhone not resolving static dns entries

I just love a good mystery!
by anav
Sat Jul 24, 2021 5:49 pm
Forum: Beginner Basics
Topic: Port Forwarding from VPN to Client on Ethernet
Replies: 1
Views: 40

Re: Port Forwarding from VPN to Client on Ethernet

Hi Thomas. So you have an MT device acting as a router and behind that router you have client PC. Somewhere else on the internet you have an openvpn server which is where attached to what?? Why would you port forward to a client PC is the question seemingly being posed. One port forwards to a server...
by anav
Sat Jul 24, 2021 5:46 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 226

Re: Which FW rule permits 'services'

/ip firewall filter add action=drop chain=input comment="Input drop all not coming from LAN" in-interface-list=!LAN A rule without context is not much help. For the OP this is the rule that would have been matched. It basically states dop any traffic that is NOT coming from the LAN. In ef...
by anav
Sat Jul 24, 2021 5:37 pm
Forum: Beginner Basics
Topic: firewall rules questions
Replies: 1
Views: 50

Re: firewall rules questions

Hi Gary, The default rules are simplified to ensure a new user can just login in and start working right away. If you want to start configuring the router and the firewall rules, then the link is not bad but needs a bit of work. In general the default rules allow all traffic to pass except stuff it ...
by anav
Sat Jul 24, 2021 5:10 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 226

Re: Which FW rule permits 'services'

in Winbox, you have IP SERVICES. Here you can turn ON or OFF services the router provides and some additional settings. However you still have to use the input chain to allow LAN users access to those services. Under firewall rules you can find Service Ports which you can disable or enable and assig...
by anav
Sat Jul 24, 2021 5:05 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 226

Re: Which FW rule permits 'services'

Hi eryx. Input chain is for traffic TO/FRO the router. This includes all services the router can perform DNS, NTP, etc. Winbox is a router service but does not need to be stated specifically in the input chain rule. Most put something that allows the admin full access to the router on the input chai...
by anav
Fri Jul 23, 2021 10:00 pm
Forum: Beginner Basics
Topic: Accessing router in different ethernet port
Replies: 10
Views: 265

Re: Accessing router in different ethernet port

Hi there thanks for being patient! No you dont have to change any rules I would just disable that particular subnet from the list. I will take a look at the config. (1) I dont know why you have these rules as my arp knowledge and uses is next to nil........ so they clearly serve a purpose but beyond...
by anav
Fri Jul 23, 2021 9:58 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 526

Re: Mikrotik - Early Access beta hardware?

No worries, I was half jesting as its not really a serious topic. You are right he was talking about beta hardware and rextended I think was noting that all hardware can use beta firmware, apples and oranges as you pointed!
by anav
Fri Jul 23, 2021 8:27 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 526

Re: Mikrotik - Early Access beta hardware?

I dont think rawextended was making any comments about MT hardware (other than wifi) in the same way you guys were. In the sense that the latest MT wifi products are ONLY useable with beta firwmare at the moment and/or mt home wifi products are behind any competitors models in wifi5 and do not have ...
by anav
Fri Jul 23, 2021 8:22 pm
Forum: General
Topic: CRS 2XX Management VLAN Question
Replies: 5
Views: 171

Re: CRS 2XX Management VLAN Question

If this is a switch unit the best starting guide for vlans is here........
https://www.youtube.com/watch?v=Rj9aPoyZOPo
by anav
Fri Jul 23, 2021 8:17 pm
Forum: Beginner Basics
Topic: Accessing router in different ethernet port
Replies: 10
Views: 265

Re: Accessing router in different ethernet port

Found something LOL. the dangers of adding extra rules bloatware in firewall rules. check this out. ip address add address=192.168.88.1/24 interface=2local network=192.168.88.0 add address=192.168.8.1/24 interface=3wired network=192.168.8. 0 add address= 192.168.0.1/24 interface=4wireless network=19...
by anav
Fri Jul 23, 2021 8:14 pm
Forum: Beginner Basics
Topic: Accessing router in different ethernet port
Replies: 10
Views: 265

Re: Accessing router in different ethernet port

Thanks for posting the config. (1) Input chain: Only one line to change! /ip firewall filter add action=accept chain=input comment="default configuration - Established, Related" connection-state=established,related add action=drop chain=input comment="\"Drop invalid\"" ...
by anav
Fri Jul 23, 2021 8:02 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 15
Views: 911

Re: VLANS & Management VLAN

Stop making excuses, you simply needed to state that you had missed what the OP wrote period.
Instead of making a million excuses that dont fly.
You invented shit that doesnt exist, so I am simply informing you to stop making problems that are not there.
by anav
Fri Jul 23, 2021 5:53 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 15
Views: 911

Re: VLANS & Management VLAN

Thanks charming mud guy! As for the drive by poster this is not a fear problem its a literacy problem on your part.............. Why you read my post without the OPs post is mind boggling. Switch and Router models ? Also many information around in the Mikrotik wiki... Router - CCR1009-7G-1C-PC Switc...
by anav
Fri Jul 23, 2021 5:48 pm
Forum: Beginner Basics
Topic: Accessing router in different ethernet port
Replies: 10
Views: 265

Re: Accessing router in different ethernet port

In general this should be very easy to do. I would create a firewall address list for the three Access Points. Then I would have a firewall rule allowing your PC (source address) in the forward chain be allowed to reach destination address list ( the list of the 3 access points. That is the general ...
by anav
Fri Jul 23, 2021 3:22 am
Forum: General
Topic: VPN for Mikrotik for game Mobile legend
Replies: 9
Views: 1162

Re: VPN for Mikrotik for game Mobile legend

i already use AWS CHR EC2 but mobile legend is still lagging, does anyone know ho to fix this?l
Move to another location in your country with high speed wired internet.
by anav
Fri Jul 23, 2021 3:19 am
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 15
Views: 911

Re: VLANS & Management VLAN

Why do you waste our time with that post,
a. the 8G must be an old model as its not on the website
b. if you read the posts and specifically post #4 clearly states a 7G model.
by anav
Thu Jul 22, 2021 10:48 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 589

Re: RouterOS Rule tester?

have had rp filter set to loose since day one,
but ip spoof, do you mean lan to wan traffic with dst address of private IPs?
by anav
Thu Jul 22, 2021 10:29 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 589

Re: RouterOS Rule tester?

Well I use bridges and vlans and keep firewall rules to the firewall settings. More specifically, each vlan has its own subnet. Understood, I am just not comfortable enough with my knowledge of raw and connection tracking to know when or not to use RAW. For my basic home setup of two wans, about 15 ...
by anav
Thu Jul 22, 2021 10:22 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 589

Re: RouterOS Rule tester?

One example over all for raw: all incoming IPs presents on blacklist or from DDoS attack. Why bother with those? In case of attack it also consumes less CPU ... No argument, identify in input chain, block in raw makes sense to me....... Just not convinced a. a homeowner is going to get singled out ...
by anav
Thu Jul 22, 2021 10:15 pm
Forum: General
Topic: One wan for Internet and another for vpn [SOLVED]
Replies: 11
Views: 3387

Re: One wan for Internet and another for vpn [SOLVED]

I am not sure I understand the first post you made but basically it seems to boil down to..... 1. Primary WAN distance = 5 my main WAN for all internet and normal LAN traffic. 2. Secondary WAY distance=10 to be used to reply to all incoming VPN client traffic arriving at my server. Clearly the issue...
by anav
Thu Jul 22, 2021 10:02 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 589

Re: RouterOS Rule tester?

Rextended (or should I say rawtended) is this you?? https://www.youtube.com/watch?v=snqs566G_Zg Concur with pe1chl, raw is not to be trifled with...... mind you I dont yet see the need to use jump either on my small config. (would jump chain be a good candidate for knock rules on the input chain?) A...
by anav
Thu Jul 22, 2021 9:54 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 15
Views: 911

Re: VLANS & Management VLAN

For the switch this is a decent guide......
https://www.youtube.com/watch?v=Rj9aPoyZOPo
by anav
Thu Jul 22, 2021 7:50 pm
Forum: General
Topic: help.mikrotik.com's advanced firewall
Replies: 3
Views: 512

Re: help.mikrotik.com's advanced firewall

Some thoughts from left field, (not much experience but read a lot) I would go back to the standard default firewall rules as baseline and change a few minor things, basically an accept all and reject what I think is bad, to a concept of block all and allow only the things I need approach. Then add ...
by anav
Thu Jul 22, 2021 7:38 pm
Forum: Beginner Basics
Topic: Routing different networks unstable
Replies: 2
Views: 145

Re: Routing different networks unstable

Hi there, Your setup is very confusing. Which port on the mikrotik is assigned to the WAN connection to your ISP router. In other words you state your ISP router gives you a private IP of 192.168.2.x as a private WANIP and not a public IP. Hence your ISP probably has a modem/router combo putting you...
by anav
Thu Jul 22, 2021 5:35 pm
Forum: General
Topic: Need to hire consultant, online/remote, to create a configuration asap.
Replies: 7
Views: 275

Re: Need to hire consultant, online/remote, to create a configuration asap.

You could try this guy
Perfect, Daryll has experience with routing inter-VLAN for 1000+ users behind 100 PPPoE servers on 100 VLANs so one small group of public IPs should be easy peasy!
by anav
Thu Jul 22, 2021 4:58 pm
Forum: General
Topic: Need to hire consultant, online/remote, to create a configuration asap.
Replies: 7
Views: 275

Re: Need to hire consultant, online/remote, to create a configuration asap.

No worries, but most people (providing advice) dont come here to look for business, tis more of an educational, point you in the right direction approach to help those learn the ROS and how to configure it vice make a polished finished product for payment. If its time sensitive suggest the list, if ...
by anav
Thu Jul 22, 2021 4:54 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1310

Re: CAP AC Reset - How to?

Case in point to add another excellent video in your capsman series to include Bridge/vlans/firewall rules with multiple WLANS ( home, guest, media, iot etc....)
viewtopic.php?f=7&t=176989

Dont make this stuff up it just falls in our laps as a common issue!!!
by anav
Thu Jul 22, 2021 4:48 pm
Forum: Wireless Networking
Topic: WiFi apple problems
Replies: 2
Views: 191

Re: WiFi apple problems

The world refuses to conform to Apple standards LOL........ ( we are owned by Apple or Google LOL, well until amazon decides to take over the internet) Try setting your 5GHz provisioning to the following BAND: 5GHz-n/AC Channel Width: 20/40MHz Ce The other thing to consider would be the dhcp leases ...
by anav
Thu Jul 22, 2021 4:44 pm
Forum: Wireless Networking
Topic: The best simple way for multiSSID (guest) in Capsman
Replies: 3
Views: 155

Re: The best simple way for multiSSID (guest) in Capsman

MKX is bang on (as usual). I use capacs without capsman as setting up bridge/vlans and mutiple WLANS, (home, guest, media, iot) was challenging enough. Each wlan has its own SSID, security profile, and vlan (except for home WLAN because its the same vlan for home wired etc.) This is a video on how t...
by anav
Thu Jul 22, 2021 4:39 pm
Forum: Wireless Networking
Topic: wireless redirection
Replies: 4
Views: 195

Re: wireless redirection

Strange question but okay. If I am in a store and on my iphone want to join a network I go to settings and join. The only time I can be forced anywhere is when I open the browser. So just choosing the wifi network doesnt guarantee anything will be viewed. If you mean when someone opens the browser c...
by anav
Thu Jul 22, 2021 4:28 pm
Forum: Wireless Networking
Topic: CAP AC, HAP AC2, CAPSMAN and channels
Replies: 14
Views: 670

Re: CAP AC, HAP AC2, CAPSMAN and channels

Nice, but I cannot help notice that to achieve success one has to spend time on individual caps. So it would appear that using capsman is less of an efficiency tool than meets the eye. Caveat, I have been too shy/lazy/intimidated to try capsman (and soon no need as replacing capacs with other vendor...
by anav
Thu Jul 22, 2021 3:46 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 642

Re: Can't reach Winbox if Dual WAN in failover mode

Hi Dark Nate, The good thing, is I really dont care about your personal opinions or feelings, the goal here is to help the OP. After reading and talking to some folks it seems that IP filter setting on the mT routers is really not a feature/function designed for the home or soho setting. From what I...
by anav
Thu Jul 22, 2021 3:38 am
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 642

Re: Can't reach Winbox if Dual WAN in failover mode

Jajajaja

There is a sweet spot and then there is being around too long which may indicate a higher propensity for having Alzheimer's. ;-P
by anav
Thu Jul 22, 2021 12:32 am
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 233

Re: Feature Request: Add Port Knocking on MikroTik App and WinBox

Correct in that regard, much rather use an MT app for port knock then some 3rd party stuff.
However, as for the analogy I offer water because the person is an alcoholic. ;-)
by anav
Thu Jul 22, 2021 12:24 am
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 642

Re: Can't reach Winbox if Dual WAN in failover mode

My point is I do not condone connecting to winbox from the outside unless its via VPN or decent quality port knocking setup. Anything else is a. stupid, and b. a security risk and c. will not help someone do it. I open up Winbox to WAN with filter rules accepting only specific src address list, wor...
by anav
Wed Jul 21, 2021 10:08 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 642

Re: Can't reach Winbox if Dual WAN in failover mode

Hi himanshu, using winbox works very well using VPN. For example I have used IKEv2 VPN from my IPhone to establish a secure tunnel to the Router. I then used my MT app on the phone to configure the router which is akin to using winbox, same type of settings etc........ Works well. For example using ...
by anav
Wed Jul 21, 2021 9:00 pm
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 900

Re: Cannot access router over trunk+switch

Just checked my swos switch and all modes are RTSP (first line checked for RSTP and second line mode) From ROUTER (so main trunk port) RSTP: CHECKED Mode: RTSP Role: Designated Root path cost: Type: edge State: forwarding Rest are a mix of point to point and one edge for Type and forwarding or disca...
by anav
Wed Jul 21, 2021 8:34 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 642

Re: Can't reach Winbox if Dual WAN in failover mode

My point is I do not condone connecting to winbox from the outside unless its via VPN or decent quality port knocking setup. Anything else is a. stupid, and b. a security risk and c. will not help someone do it. I open up Winbox to WAN with filter rules accepting only specific src address list, wor...
by anav
Wed Jul 21, 2021 5:29 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 642

Re: Can't reach Winbox if Dual WAN in failover mode

My point is I do not condone connecting to winbox from the outside unless its via VPN or decent quality port knocking setup.
Anything else is a. stupid, and b. a security risk and c. will not help someone do it.
by anav
Wed Jul 21, 2021 2:12 pm
Forum: General
Topic: Port Forwarding done right?
Replies: 20
Views: 11642

Re: Port Forwarding done right?

THe confusion is attempting to use forward chain rules for NAT details. All that is required in the forward chain is a singe rule that says, I will allow port forwarding packets through the firewall. The work is done in the NAT rules where one delineates the port details, protocol, any translation a...
by anav
Wed Jul 21, 2021 2:09 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 642

Re: Can't reach Winbox if Dual WAN in failover mode

I am confused are you trying to use winbox from within the LAN or externally via the WAN?
by anav
Wed Jul 21, 2021 2:28 am
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 900

Re: Cannot access router over trunk+switch

Not sure what else can be done...... i dont use preferred source on my route setting but that shouldnt matter.
It should just work!!
by anav
Wed Jul 21, 2021 12:03 am
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1310

Re: CAP AC Reset - How to?

Who is that good looking guy anyway, bears a striking resemblance to a younger looking avatar I see often (needs updating LOL). Should have named it capswoman, lets face it who controls..................... Very nice, I can see this helping many folks starting out!! Save to favourites..... I still w...
by anav
Tue Jul 20, 2021 11:51 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1310

Re: CAP AC Reset - How to?

I will take a look Normis but the evidence on the forums states otherwise...................
by anav
Tue Jul 20, 2021 11:50 pm
Forum: General
Topic: different gateways for voip and http/other
Replies: 1
Views: 146

Re: different gateways for voip and http/other

Yeah that would appear to be a nightmare. Truth be told I would handle this manually. Each desk has a 5 port managed switch and have people change their ethernet cable based on usage. Video switch to ether 5, Non-video ETHER2 (assuming ether1 is used to main router and carries all the vlans). Thus h...
by anav
Tue Jul 20, 2021 11:06 pm
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 900

Re: Cannot access router over trunk+switch

Okay so If I get this straight, ether1 from the first router is a TRUNK port carrying 10,20.30 and 99 to the first switch. Just for giggles to mirror my Swos settings change SWITCH ONE to the following. VLAN for trunk port (from router and to Swos2) VLAN MODE - ENABLED VLAN RCVE - ANY DEFAULT VLANID...
by anav
Tue Jul 20, 2021 10:33 pm
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 6
Views: 346

Re: Different gateway for two PPPoE server instance

/export hide-sensitive file=anynameyouwish
by anav
Tue Jul 20, 2021 10:28 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

OP, i dont know if you are actually a thinking being or just copying down stuff and hoping for the best, Its time you start understanding the config not just copy & paste incorrectly LOL Here is your input chain .................what is wrong?? /ip firewall filter add action=accept chain=input c...
by anav
Tue Jul 20, 2021 10:18 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

rexentended, the OP uses the MT App sometimes to access the router and thus detect internet is useful I believe......... (they are linked somehow).
by anav
Tue Jul 20, 2021 10:16 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on wAP AC
Replies: 6
Views: 382

Re: Wireguard on wAP AC

Can you confirm what you are actually trying to do?
Draw a network diagram to illustrate.
by anav
Tue Jul 20, 2021 6:40 pm
Forum: General
Topic: Looking for Tunnel Suggestions
Replies: 2
Views: 166

Re: Looking for Tunnel Suggestions

600Mbps encrypted is really good from my 'homeowners' perspective running a wireguard between two 1 Gig connections 15km apart on the same network getting around 300Mbps up and 300Mbps down and your getting double that. Assuming you use internet from ISP1 at the main office and connect to all sites ...
by anav
Tue Jul 20, 2021 6:31 pm
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 900

Re: Cannot access router over trunk+switch

Okay I will look at this sometime today but your network diagram is basically useless as it doesnt indicate the vlans running through the ports........ I gather that each connecting port between devices is a trunk port carrying a number of vlans?? No indication of access ports anywhere but I see pvi...
by anav
Tue Jul 20, 2021 6:26 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

not going to comment until you fix the order of rules.
you have added more lines that are not correct or at least Ive never seen, such as forward chain dst nat rule which I dont understand..........
by anav
Tue Jul 20, 2021 2:18 am
Forum: Wireless Networking
Topic: Netmetal maximum throughput?
Replies: 7
Views: 464

Re: Netmetal maximum throughput?

Im not speculating on physical limitations.
Unless someone has used the netmetal themselves and can provide antenna used and ranges then you can continue to be in the dark.
Gluck!
by anav
Tue Jul 20, 2021 2:11 am
Forum: General
Topic: WireGuard server behind NAT (MikroTik router)
Replies: 2
Views: 244

Re: WireGuard server behind NAT (MikroTik router)

I have always RP-loose not strict but not sure if that makes a difference here. My Wireguard MT Router behind my Main MT Router is similar to your scenario I guess. The other end is an ISP modem router combo in front of an RB4011 acting as a router and the wireguard client part of the connection ( f...
by anav
Tue Jul 20, 2021 1:43 am
Forum: Beginner Basics
Topic: Remote Access via Winbox
Replies: 7
Views: 399

Re: Remote Access via Winbox

I would not consider SSH to be on the same level as VPN, so I would port knock and then SSH in from there as per the fourth link provided. Not sure if this is accurate enough regarding SSH. but 2. Because SSH operates on an application level, only traffic from your applications gets encrypted. This ...
by anav
Mon Jul 19, 2021 9:52 pm
Forum: General
Topic: How to route game to lte
Replies: 5
Views: 233

Re: How to route game to lte

Is there a question? Dont see the route rule either?
by anav
Mon Jul 19, 2021 9:49 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 589

Re: RouterOS Rule tester?

There are enough tools already to do this work, least of which is putting logging rules before rules to see what packets are hitting the rule in question. As for security holes, plug them for the most part by putting a drop all rule at the end of the forward chain and input chain and thus traffic ge...
by anav
Mon Jul 19, 2021 9:46 pm
Forum: General
Topic: How to connect 2 networks
Replies: 7
Views: 311

Re: How to connect 2 networks

Thanks anav, I need them to communicate two way, so basically all I need to do is add this FW rule? add action=accept chain=forward in-interface=network1 src-address=IPofPC1 out-interface=network2 dst-address=IPofPC2 add action=accept chain=forward in-inteface=network2 src-address=IPofPC2 out-intef...
by anav
Mon Jul 19, 2021 8:46 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

Okay I missed this before....... add action=dst-nat chain=dstnat comment="to see cctv from wireless network" \ dst-port=8000 in-interface=4wireless protocol=tcp to-addresses=\ 192.168.10.254 to-ports=8000 If you want the wifi network to be able to access the CCTV that is a forward firewall...
by anav
Mon Jul 19, 2021 8:35 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

If the youtube rules work for you by all means, I am surprized they do LOL. The problem regarding admin access is that you will need to change the Tools mac winmac server entry for allowed interface from ServicePortOnly to ALL. I recommend you reserve access from ServicePortOnly though.................
by anav
Mon Jul 19, 2021 7:36 pm
Forum: Beginner Basics
Topic: [v6.48 on hap ac^2] Understanding routing-mark
Replies: 5
Views: 460

Re: [v6.48 on hap ac^2] Understanding routing-mark

You added something extra in route rule (get rid of destination bit)
Also get rid of D1 just the source address.
by anav
Mon Jul 19, 2021 7:30 pm
Forum: General
Topic: How to route game to lte
Replies: 5
Views: 233

Re: How to route game to lte

Okay, Lets say your LTE Route currently in place is either created by default or by you and is called LTE Route List ISP1 - PPPOE ISP2 - LTE Then add a third route which copies the existing route and adds a routing mark like below. LTE routing-mark=gameserver Then go to routing rules and add one. De...
by anav
Mon Jul 19, 2021 7:22 pm
Forum: General
Topic: PowerboxPro VLAN switching
Replies: 4
Views: 369

Re: PowerboxPro VLAN switching

Just for my curiosity did you use this kind of setup...............
https://www.youtube.com/watch?v=Rj9aPoyZOPo
by anav
Mon Jul 19, 2021 7:20 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1310

Re: CAP AC Reset - How to?

What I learned about the TP LINK EAP245 makes me hesitating, as they seem to require a cloud or app-based setup or it requires a central control instance. One of the reasons why I after some test setups also refrained from going with Ubiquiti Unifi, who are known for their good APs in the SOHO and ...
by anav
Mon Jul 19, 2021 7:13 pm
Forum: General
Topic: Many dhcp via one port on
Replies: 4
Views: 346

Re: Many dhcp via one port on

Just follow the link provided above it will get you 98% of the way. Once you are done configuring and something isnt working or want to get it checked just post the config /export hide-sensitive file=anynameyouwish PS. Sweet router, if you have an extra one you dont know what to do with send it my w...
by anav
Mon Jul 19, 2021 7:08 pm
Forum: General
Topic: Abuse and Malicious IP List ?
Replies: 1
Views: 202

Re: Abuse and Malicious IP List ?

You can find one here...............
https://itexpertoncall.com/promotional/moab.html#prime
by anav
Mon Jul 19, 2021 7:06 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 709

Re: Dual WAN Failover Script Ping Command [SOLVED]

Okay I will bite, perhaps there is a better way to do what I wish. Here is my dhcp script......... :if ($bound=1) do={ :local iface $interface :local gw [ /ip dhcp-client get [ find interface=$"iface" ] gateway ] /ip route set [ find comment="PrimaryRecursive" gateway!=$gw ] gate...
by anav
Mon Jul 19, 2021 6:57 pm
Forum: General
Topic: How to route game to lte
Replies: 5
Views: 233

Re: How to route game to lte

Do you mean you host a server on that port and wish to have all incoming traffic end up on your game server through the LTE connection. What is the speed of that LTE connection ?? How do you propose stopping getting your game server flooded with bots? Or Do you mean that you want all traffic from a ...
by anav
Mon Jul 19, 2021 6:53 pm
Forum: General
Topic: How to connect 2 networks
Replies: 7
Views: 311

Re: How to connect 2 networks

This is easy peasy via firewall rules. Typically we have a last rule in our firewall forward chain that is a block all else rule. Just before this rule we would make one that basically states. Allow PC1 on network 1 to access PC2 on network 2. What isnt clear to me though is if you want it as a one ...
by anav
Mon Jul 19, 2021 6:45 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

Yes, that is the correct link, but I have to go wash my hands now, as I am an IPHONE user LOL. The bridge removal is fine. When to use bridge, but dont use vlans - when two or more ports are using the same DHCP settings then using the bridge is effective in grouping ports for L2 separation from port...
by anav
Mon Jul 19, 2021 6:41 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 709

Re: Dual WAN Failover Script Ping Command [SOLVED]

No worries, the OP is happy with your solution, albeit the wrong choice, just kidding.
by anav
Mon Jul 19, 2021 6:01 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

Unless you intend on using the MT app with your router, then this setting can be set to NONE. /interface detect-internet set detect-interface-list=all The one thing I would do is remove the bridge as it really serves no purpose here. You have four independent subnets each assigned to a port and thus...
by anav
Mon Jul 19, 2021 5:22 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 709

Re: Dual WAN Failover Script Ping Command [SOLVED]

duplicate post
by anav
Mon Jul 19, 2021 5:21 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 709

Re: Dual WAN Failover Script Ping Command [SOLVED]

Did I miss something? Yes... you run beta 7, the script and route are for 6.46+ version, on beta7 the routing is totally different.... You wrote in beginner basics section ,the question for 7 beta must be go on adequate section... Hi rextended, my ccr1009 is on version 6 LOL. The RB450Gx4 behind my...
by anav
Mon Jul 19, 2021 5:18 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 709

Re: Dual WAN Failover Script Ping Command [SOLVED]

I thought it was self-explanatory LOL. The point was read the link and then be relieved that the example provided is so simple in comparison to the Russian complex methods LOL. Note1: Checkgateway ping has the effect of telling the router to keep checking the connection every 10 seconds or so. If th...
by anav
Mon Jul 19, 2021 5:03 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 709

Re: Dual WAN Failover Script Ping Command [SOLVED]

Sorry the other fella will have to help you there, I only use scripts in DHCP client when necessary. Which is mainly to fetch a new gateway IP to stick in routes rules, when my ISP changes my IP address and or power outage or reboot etc................. Its much easier for me to do routing in the ro...
by anav
Mon Jul 19, 2021 4:50 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 709

Re: Dual WAN Failover Script Ping Command [SOLVED]

As rextended stated, look up recursive routing in search!! https://forum.mikrotik.com/viewtopic.php?f=23&t=157048 is a long winded thread on the topic. Basically one wants to use existing DNS servers to verify not only if the connection to the ISP server is good but that the connection from the ...
by anav
Mon Jul 19, 2021 4:44 pm
Forum: Beginner Basics
Topic: Remote Access via Winbox
Replies: 7
Views: 399

Re: Remote Access via Winbox

Yes, I have done it a. with IKEV2 VPN b. wireguard vpn The only other way one would want to do it, not as secure as proper VPN, is port knocking. https://mum.mikrotik.com/presentations/US10/discher.pdf https://mum.mikrotik.com/presentations/ ... tknock.pdf https://systemzone.net/securing-mikroti ......
by anav
Mon Jul 19, 2021 2:27 am
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 15
Views: 911

Re: VLANS & Management VLAN

But the CCR1009 does so you should use the link provided for that device.
by anav
Mon Jul 19, 2021 2:26 am
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 709

Re: Dual WAN Failover Script Ping Command [SOLVED]

Your problem is you have no clue of the requirement and stuck in another routers method.

Define in terms of functionality without discussing config.
It simply sounds like you want the router to check if the WANS are up or not for example.
by anav
Mon Jul 19, 2021 2:21 am
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

You have no firewall rules so if there isnt any other device inbetween this hex should not be connected to the internet. Also not sure why you have a bridge as its only used for one etherport?? What is the purpose of your bridge?? Interface list is made from the winbox interface List settings, You h...
by anav
Sun Jul 18, 2021 3:53 pm
Forum: General
Topic: Cannot access router over trunk+switch
Replies: 35
Views: 900

Re: Cannot access router over trunk+switch

Clear Network diagram might help and no clue why you have two routers and where is the internet. Also get rid of capsman until you have a working config. Also read this article.... https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 Note, you should realize what the settings that you are usin...
by anav
Sun Jul 18, 2021 3:51 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135348

Re: Using RouterOS to VLAN your network

Interface VLAN simply replaces Interface LAN, he could have kept it at LAN which is usually used to describe all subnets behind the router. I have used VLAN and LAN separately to separate subnets out on a config, similiary I have used VLANW1 and VLANW0 to distinguish subnets with internet access and...
by anav
Sun Jul 18, 2021 3:39 pm
Forum: General
Topic: Port trunking problems [SOLVED]
Replies: 3
Views: 285

Re: Port trunking problems [SOLVED]

The moment you said openwrt, I realized you were not talking about MT switch to MT AP but MT switch to 3rdparty Equipment. It sounds like you have correctly passed both vlans 100 and 300 to the openwrt device as trunk port and the problem is your AP is a. not able to deal with it OR b. expects a hyb...
by anav
Sun Jul 18, 2021 3:36 pm
Forum: Beginner Basics
Topic: RouterOS do not drop unknown vlans?
Replies: 5
Views: 416

Re: RouterOS do not drop unknown vlans?

Setting ingress filtering on individual bridge ports basically is = to stating if the vlan is not defined on this port then discard it from this port
Settng ingress filtering on the bridge itself = to stating if the vlan is not defined anywhere on the bridge then discard it from any port
by anav
Sat Jul 17, 2021 10:03 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 975

Re: stopping login attempt to user admin [SOLVED]

Post your config
/export hide-sensitive file=anynameyouwish if you want the config reviewed for security practices................
by anav
Sat Jul 17, 2021 5:59 pm
Forum: Beginner Basics
Topic: How to make Port knocking working on vpn/pptp connection ?
Replies: 21
Views: 2599

Re: How to make Port knocking working on vpn/pptp connection ?

Add a hex to your network as a second router but only to use with Beta firmware and wireguard.
Done, it two shakes of a lambs tale, secure method to access the HEX and the main router via your smartphone MT app.
by anav
Sat Jul 17, 2021 3:29 am
Forum: Beginner Basics
Topic: manage config with subversion
Replies: 8
Views: 450

Re: manage config with subversion

Yeah, thats Beginner Basics for sure! ;-PP
by anav
Fri Jul 16, 2021 7:07 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 85
Views: 65340

Re: New User Manager in RouterOS v7

Luv it!
by anav
Fri Jul 16, 2021 5:54 pm
Forum: Wireless Networking
Topic: Purpose of using Bridge for CAP
Replies: 3
Views: 352

Re: Purpose of using Bridge for CAP

I use capac without capsman, far easier to configure and works well. I use ether1 as the incoming trunk port for my vlans ( guest wifi, home wifi, iot, wifi and media wifi). Works great (note the capac gets an IP address on the home/trusted LAN since I dont use a management vlan) I also setup eth2 a...
by anav
Fri Jul 16, 2021 5:51 pm
Forum: Wireless Networking
Topic: Netmetal maximum throughput?
Replies: 7
Views: 464

Re: Netmetal maximum throughput?

There is one netmetal the triple model (5HSP) which should yield in the 430-450 range and extra would be bonus. However that unit does not appear to have antennas and one would have to add them?? So the answer may be dependent upon the antennas purchased?? Not having any experience with these units ...
by anav
Fri Jul 16, 2021 5:36 pm
Forum: General
Topic: CAPS Man & different WIFI channel config
Replies: 22
Views: 977

Re: CAPS Man & different WIFI channel config

With my 5Ghz capacs, I use the following settings. 5GHz-N/AC 20/40MHz Ce Explanation of Channels in 5Ghz. The full 5 GHz range spans frequencies from 5.15 GHz to 5.85 GHz. 5GHz wireless communication takes place over a large spectrum with a number of non-overlapping channels of sizable bandwidth. Th...
by anav
Fri Jul 16, 2021 5:29 pm
Forum: Beginner Basics
Topic: multipe network
Replies: 1
Views: 288

Re: multipe network

Network diagram would help as the description you gave doesnt state what kind of WAn, how many wans, type or make of router etc..............
by anav
Fri Jul 16, 2021 5:24 pm
Forum: Beginner Basics
Topic: manage config with subversion
Replies: 8
Views: 450

Re: manage config with subversion

It is not clear what your problem is??
by anav
Fri Jul 16, 2021 5:23 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 85
Views: 65340

Re: New User Manager in RouterOS v7

Wow hard to believe BPWL that MT is too cheap to send you samples of new MT equipment to test for WIFI. You are truly an outstanding contributor to these forums!
by anav
Fri Jul 16, 2021 5:17 pm
Forum: Beginner Basics
Topic: Remote Access via Winbox
Replies: 7
Views: 399

Re: Remote Access via Winbox

Not a safe or advised practice. It would be like giving all your bank information to hackers and letting them play with password crackers to eventually get into your system. The way to access your router remotely via winbox is to a. preferably use IPSEC VPN or IKEv2 VPN b. from a PC or your smart ph...
by anav
Fri Jul 16, 2021 5:03 pm
Forum: General
Topic: Many dhcp via one port on
Replies: 4
Views: 346

Re: Many dhcp via one port on

Just to be clear the switch will be responsible for all DHCP or a router............
If you get a switch to do routing functions then only a few switches are capable of doing both.
by anav
Thu Jul 15, 2021 11:11 pm
Forum: Beginner Basics
Topic: Help checking Firewall
Replies: 5
Views: 639

Re: Help checking Firewall

I am a minimalist. I consider most of what you have bloated crap and not necessary except for rare cases. KISS principle This is all you need. from your list with some modifications. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" c...
by anav
Thu Jul 15, 2021 8:34 pm
Forum: Beginner Basics
Topic: RB1100AH - Blocked ports [SOLVED]
Replies: 5
Views: 526

Re: RB1100AH - Blocked ports [SOLVED]

Better security can be afforded by a better understanding. (1) Therefore, via winbox, go to IP Menu Item and select IP SERVICES. Here you can disable all the services the router provides users or access to the router for api, api-ssi, ftp,ssh,telnet,www, www-ssl. THE ONLY ONE YOU SHOULD KEEP ACTIVE ...
by anav
Wed Jul 14, 2021 9:57 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 58
Views: 94182

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

I guess Latvian women are state of art hardware running complex code and Latvian men like to deal with them ;-) They have women in Latvia?, I thought they did it all through test tubes............................... ( brings up a curious question of how many women actually work in MT, is it a pater...
by anav
Wed Jul 14, 2021 6:53 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 768

Re: Firewall drop all !LAN is not the same as drop all WAN

Pelchi I see your point but once you understand how FW rules work, the interface list usage is quite versatile and I encourage its use not discourage it.
by anav
Wed Jul 14, 2021 6:51 pm
Forum: Beginner Basics
Topic: Problem to see source address - port forward
Replies: 3
Views: 236

Re: Problem to see source address - port forward

Sourcenat is a funny being. The typical source nat rule is add action=masquerade chain=srcnat comment="SCR_NAT FOR LAN USERS" \ ipsec-policy=out,none out-interface-list=WAN Which basically applies WANIP to all outgoing traffic from the LAN I have two WAN interfaces and chose to handle each...
by anav
Wed Jul 14, 2021 6:38 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 58
Views: 94182

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

Latvians prefer only dealing with code and hardware, they are not social animals..........
I am still wondering how they procreate virtually.........
by anav
Wed Jul 14, 2021 2:38 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 768

Re: Firewall drop all !LAN is not the same as drop all WAN

The key is to go from an allow all concept for both chains (and thus have to know what to block and thus do it with weird commands) to a concept of block all and thus ensure you allow needed traffic. Much clearer and simpler.
by anav
Wed Jul 14, 2021 2:36 pm
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 15
Views: 911

Re: VLANS & Management VLAN

Suggest you read through this link and revise your setup. Not much is done correctly

viewtopic.php?f=23&t=143620
by anav
Tue Jul 13, 2021 6:00 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 768

Re: Firewall drop all !LAN is not the same as drop all WAN

The default setup is ONLY for the basic home user that doesnt yet have a clue about MT configs. Its set up that the basic user simply needs to plug ether1 into the ISP modem and connect on ether2 for example. The firewall rules are setup such that only lan users can access the router for security re...
by anav
Tue Jul 13, 2021 5:52 pm
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 935

Re: Block internet from all but one user

Configuring firewall rules without seeing the complete config is a waste of my time........later.
by anav
Mon Jul 12, 2021 11:44 pm
Forum: Beginner Basics
Topic: IP cam reverse NAT
Replies: 8
Views: 353

Re: IP cam reverse NAT

Yes draw a diagram I got lost after the second sentence.
by anav
Mon Jul 12, 2021 11:41 pm
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 935

Re: Block internet from all but one user

Before you monkey with (leapord with) just fw rules, its best to see the entire config as many items have relationships.
/export hide-sensitive file=anynameyouwish.
by anav
Mon Jul 12, 2021 4:46 pm
Forum: General
Topic: Find hostname between vlan
Replies: 9
Views: 578

Re: Find hostname between vlan

<------ what he said, more succinctly than I did :-)
by anav
Mon Jul 12, 2021 4:42 pm
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 935

Re: Block internet from all but one user

Opinions are free and the OP can discard or utilize whatever information/advice is provided. I respect your willingness to go to the ends of the earth regarding technical advice and to remain neutral and avoid the non-technical - ( aka you have better self-control than myself :-) )
by anav
Mon Jul 12, 2021 4:38 pm
Forum: General
Topic: PCQ on VLANS
Replies: 2
Views: 313

Re: PCQ on VLANS

by anav
Mon Jul 12, 2021 2:32 pm
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 935

Re: Block internet from all but one user

rextended is right in that MT is not a parent and should not be a substitute for parenting. Kid control =lazy parenting. The op for a self-admitted adult addiction needs counselling and the kids need discipline. :-) As noted, these are personal items brought up by the OP and the responses are out of...
by anav
Sun Jul 11, 2021 4:05 pm
Forum: General
Topic: ASK[CAPsMAN]
Replies: 13
Views: 738

Re: ASK[CAPsMAN]

You mean how you can automate the creation of the interface names? Exactly, I wouldnt bother assisting such an obtuse fellow probably doing something illegal because he refuses to provide the clear requirements (use cases what users should or should not be able to do and without any mention of conf...
by anav
Sun Jul 11, 2021 3:59 pm
Forum: Beginner Basics
Topic: [v6.48 on hap ac^2] Understanding routing-mark
Replies: 5
Views: 460

Re: [v6.48 on hap ac^2] Understanding routing-mark

Not sure if it will work in your case but in general sometimes routing can be done without mangling!! a. create all required routes on the main table. standard route for internet route for tv1 route for tv2 route for tv3 Now if you need special control of which subnets use the routes (and quite fran...
by anav
Sun Jul 11, 2021 3:51 pm
Forum: Beginner Basics
Topic: Route lan and wlan traffic on Router/Modem to Routerboard and back to WAN
Replies: 11
Views: 573

Re: Route lan and wlan traffic on Router/Modem to Routerboard and back to WAN

Not many SOHO routers can be configured the way you are describing ... MT is a rare exception because even entry-level routers run full-featured ROS (which means that it comes with associated configuration complexity which puzzles most newbies). Which means that most probably D-link doesn't allow t...
by anav
Sat Jul 10, 2021 11:33 pm
Forum: General
Topic: Ask help for iOS app "Mikrotik" about *import devices*
Replies: 6
Views: 433

Re: Ask help for iOS app "Mikrotik" about *import devices*

That is the correct path, MT has to enable efficient management of multiple devices on the APP.
by anav
Sat Jul 10, 2021 7:43 pm
Forum: Beginner Basics
Topic: Route lan and wlan traffic on Router/Modem to Routerboard and back to WAN
Replies: 11
Views: 573

Re: Route lan and wlan traffic on Router/Modem to Routerboard and back to WAN

Yes, sure, dont have a clue about the USB question. As to the reply, let me quote you "I was wondering if I could create static routes for all the ethernet and wlan traffic on the DSL-2888 " Cannot help you there as I stated this is not a D-link forum, in terms of the MT device you can app...
by anav
Sat Jul 10, 2021 7:37 pm
Forum: General
Topic: Help MT constantly sending request to Google
Replies: 22
Views: 859

Re: Help MT constantly sending request to Google

In terms of the firewall the changes to the default recommended, after you have it working of course. Is to change both input and forward chains from allow all and magically know which things one should block, TO allow nothing except what the admin specifically allows. Better security approach. With...
by anav
Sat Jul 10, 2021 7:21 pm
Forum: General
Topic: Help MT constantly sending request to Google
Replies: 22
Views: 859

Re: Help MT constantly sending request to Google

(1)So all the ethernet ports on the router go to PCs? (2) why is your IP pool so small?? (3) ether1 doesnt show on your /interface ethernet list?? (4) Assuming you have two wan connections? on etherports 12 & 13? (5) YOu are missing two important items. a. /interface list b. /interface list memb...
by anav
Sat Jul 10, 2021 5:50 pm
Forum: General
Topic: Find hostname between vlan
Replies: 9
Views: 578

Re: Find hostname between vlan

Concur but I like to see the whole config as it shows where the OPs lack of knowledge is located and any obvious errors etc. Also drop the idea of using capsman as that is an added layer of complexity for an advanced user and not just doing your first major config. Once you have mastered the basic c...
by anav
Sat Jul 10, 2021 5:47 pm
Forum: General
Topic: Help MT constantly sending request to Google
Replies: 22
Views: 859

Re: Help MT constantly sending request to Google

/export hide-sensitive file=anynameyouwish

plus provide a network diagram.
by anav
Sat Jul 10, 2021 5:45 pm
Forum: Beginner Basics
Topic: Parsec Port Forwarding
Replies: 4
Views: 357

Re: Parsec Port Forwarding

Not my issue,
Need two things.
config of OP and port requiring forwarding and to which IP address.

That will work, whether or not the program will work as intended with Ops setup is not my concern.
by anav
Sat Jul 10, 2021 4:06 pm
Forum: General
Topic: Find hostname between vlan
Replies: 9
Views: 578

Re: Find hostname between vlan

Use this to configure.
viewtopic.php?f=23&t=143620
by anav
Sat Jul 10, 2021 3:58 pm
Forum: Beginner Basics
Topic: Parsec Port Forwarding
Replies: 4
Views: 357

Re: Parsec Port Forwarding

What is parsec? Describe it
by anav
Sat Jul 10, 2021 3:56 pm
Forum: Beginner Basics
Topic: RB750GR3 support this kind of connection ?
Replies: 3
Views: 461

Re: RB750GR3 support this kind of connection ?

As long as you use all wifi routers ONLY as accesspoint/switches, the Hex can provide DHCP services for all users. As noted, its important to know if the wifi devices are vlan capable otherwise there is no way to use them for more than one subnet and one SSID, unless each is attached to a different ...
by anav
Sat Jul 10, 2021 3:52 pm
Forum: Beginner Basics
Topic: Initial setup, ping works, but clients can not reach Internet
Replies: 5
Views: 395

Re: Initial setup, ping works, but clients can not reach Internet

Assuming you are using vlans, The best guide for this at least for the router part of the setup you should use...... https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 Default rules you should have...... /ip firewall filter add action=accept chain=input comment="defconf: accept establis...
by anav
Sat Jul 10, 2021 4:06 am
Forum: General
Topic: Port Forwarding of a Moxa NPort 5150A Not Working
Replies: 17
Views: 702

Re: Port Forwarding of a Moxa NPort 5150A Not Working

Cannot make heads or tails on your WAN side, it seems you have 1-5 and 10 associated with a WAN bridge (for what reason is not clear) and then etth10 is a wan but not on the bridge....... all VERY confusing. Then you make both the bridge and eth10 as wan clients......????????? Finally your input rul...
by anav
Sat Jul 10, 2021 3:20 am
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 43
Views: 3645

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

Okay a diagram to detail what is connected to each port on the RB4011 and
a. what vlans are running through the ports.
b. where do you expect bridge traffic that has its own dhcp and pool etc to go and why? who and what is the bridge serving........??
by anav
Sat Jul 10, 2021 3:12 am
Forum: General
Topic: Port Forwarding of a Moxa NPort 5150A Not Working
Replies: 17
Views: 702

Re: Port Forwarding of a Moxa NPort 5150A Not Working

Without seeing the complete config, hard to help.
What is the purpose of the source address list (external allowed) public IPs?
by anav
Sat Jul 10, 2021 3:10 am
Forum: Beginner Basics
Topic: Simple wAP ac setup - beginners help [SOLVED]
Replies: 13
Views: 772

Re: Simple wAP ac setup - beginners help [SOLVED]

Yup doing well. If you manage decent stability as well then you should be happy.
by anav
Fri Jul 09, 2021 10:50 pm
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 43
Views: 3645

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

(1) what is the relationship between the interface ovpn-cybuzz and VLAN10? (2) Still waiting for network diagram ;-) otherwise your bridge port settings or lack of any detail on them is confusing. (3) Interface list members seems incomplete and why are some disabled? For example, all your VLANs shou...
by anav
Fri Jul 09, 2021 10:30 pm
Forum: General
Topic: Strange issue with port forwarding even if traffic seems on counters
Replies: 9
Views: 513

Re: Strange issue with port forwarding even if traffic seems on counters

(1) In terms of forward firewall chain you only need one rule. Get rid of the other rule you made. keep this one! add action=accept chain=forward comment="Allow Port Forwarding" \ connection-nat-state=dstnat connection-state=new in-interface-list=WAN ** ensure that ppoe-out3 is listed on y...
by anav
Fri Jul 09, 2021 7:38 pm
Forum: Beginner Basics
Topic: Simple wAP ac setup - beginners help [SOLVED]
Replies: 13
Views: 772

Re: Simple wAP ac setup - beginners help [SOLVED]

Frozsu, no one gets 1300Mbps wireless, what planet are you on?? Also, can you read? What wireless specification???????? RBwAPG-5HacD2HnD - specifications state 1200 speed (867+300=1167 rounded up). You have also been fooled by marketing speak. First all companies state the total up and down theoreti...
by anav
Fri Jul 09, 2021 7:27 pm
Forum: RouterOS v7 BETA
Topic: L3HW User Manual Updated
Replies: 16
Views: 1803

Re: L3HW User Manual Updated

Just to be clear this aberration, anomaly is only for a very specific or rare scenario because its seem counter intuitive to what we have been exposed to up to this point in time. In other words, can you better describe the use case/requirement that would lead to such a bizarre setup and is this lim...
by anav
Thu Jul 08, 2021 10:49 pm
Forum: Wireless Networking
Topic: Dual radio, same ssid , preferred 5GHz band
Replies: 17
Views: 1423

Re: Dual radio, same ssid , preferred 5GHz band

or Fortran ;-)
by anav
Thu Jul 08, 2021 10:47 pm
Forum: General
Topic: Policy based routing using two uplinks
Replies: 11
Views: 18269

Re: Policy based routing using two uplinks

Mangle is very powerful but also a nightmare to config for many.
Keep in mind you can also identify or target PC by the entire subnet if required 192.168.0.0/24 for example.
Also one can use an interface as the input source be it an etherport, wlan, vlan or any interface created.
by anav
Thu Jul 08, 2021 10:42 pm
Forum: Beginner Basics
Topic: How do I start troubleshooting an "I - invalid" configuration?
Replies: 8
Views: 540

Re: How do I start troubleshooting an "I - invalid" configuration?

Are those YouTube links examples of credible sources or bad sources?
Better than most LOL.
There isnt enough space to list all the bad ones ...............
by anav
Thu Jul 08, 2021 10:37 pm
Forum: RouterOS v7 BETA
Topic: MT Router as Wireguard Client & Benchmarks
Replies: 10
Views: 3902

Re: MT Router as Wireguard Client & Benchmarks

When the MTU was set to 1420 on both Wireguard interfaces (the MTU setting on the Wireguard MENU), the client computer started an application that brings up a program that allows access to websites etc, but first takes the user to a verification website. The process was not completed so we started m...
by anav
Thu Jul 08, 2021 6:00 pm
Forum: Beginner Basics
Topic: One VLAN not working in a sub-switch
Replies: 10
Views: 744

Re: One VLAN not working in a sub-switch

The only note to the linked article is that a Management VLAN is not totally necessary if you trust your HOME VLAN for the most part. One still uses a BASE or MNGT interface listing to separate the trusted LAN from the rest of the VLANs on the LAN interface. Further in input chain rules one can limi...
by anav
Thu Jul 08, 2021 3:35 pm
Forum: General
Topic: Policy based routing using two uplinks
Replies: 11
Views: 18269

Re: Policy based routing using two uplinks

Actually the response to the original OP has an alternative solution that is simpler and does not involve mangling and thus one doesnt lose fastrack etc.... 0.0.0.0/0 gateway of ISP1 check-gateway=ping distance=5 0.0.0.0/0 gateway of ISP2 distance=10 So the two routes, ISP1 will always be chosen in ...
by anav
Thu Jul 08, 2021 3:22 pm
Forum: Beginner Basics
Topic: Standlone(no switch attached) RB4011 VLAN config help [SOLVED]
Replies: 2
Views: 434

Re: Standlone(no switch attached) RB4011 VLAN config help [SOLVED]

(1) First read this reference https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 (2) Provide a network diagram showing (3) State a complete set of requirements in terms of what you want users/devices to be able to do or NOT do, without any mention of config or solutions. Do you have both ipv...
by anav
Thu Jul 08, 2021 2:49 pm
Forum: Beginner Basics
Topic: One VLAN not working in a sub-switch
Replies: 10
Views: 744

Re: One VLAN not working in a sub-switch

I would not use capsman at first and get the config cleanly setup without it.
If happy no need to add it. If you think you still need it then modify.
Use the link reference provided.
by anav
Thu Jul 08, 2021 2:43 pm
Forum: Beginner Basics
Topic: How do I start troubleshooting an "I - invalid" configuration?
Replies: 8
Views: 540

Re: How do I start troubleshooting an "I - invalid" configuration?

https://help.mikrotik.com/docs/display/ROS/Getting+started is a starting point but there are things stated that I dont particularly advise but its overall pretty good. ROS = stick with defaults for beginner ROS= dont experiment if you dont have a clue ROS= use safe mode to make changes ROS= get some...
by anav
Wed Jul 07, 2021 10:14 pm
Forum: RouterOS v7 BETA
Topic: MT Router as Wireguard Client & Benchmarks
Replies: 10
Views: 3902

Re: MT Router as Wireguard Client & Benchmarks

With two MT routers (one as client the other as server) one behind another MT and the other behind an ISP modem/router (both on same gig fiber network approx 15km apart) getting 300Mbps up and down. Very stable, had to play with MTU go enable some specific internet sites. Mangling is not required to...
by anav
Wed Jul 07, 2021 6:41 pm
Forum: General
Topic: DHCP server Over VLAN and making two ports as access and trunk
Replies: 3
Views: 314

Re: DHCP server Over VLAN and making two ports as access and trunk

slightly confused config...... but
Does your ISP provider give you a pppoe connection on the specific vlan 127?
BUT I see ether1 is your wan,
What I dont understand clearly is your ether2??
by anav
Wed Jul 07, 2021 6:38 pm
Forum: Beginner Basics
Topic: One VLAN not working in a sub-switch
Replies: 10
Views: 744

Re: One VLAN not working in a sub-switch

I cannot help with main router or caps for anything capsman related, dont use it, dont need, causes nothing but headaches for people. I like simple life.
For example you only need one bridge...........
by anav
Wed Jul 07, 2021 6:34 pm
Forum: Beginner Basics
Topic: AC2 VLANs - no DHCP address
Replies: 5
Views: 392

Re: AC2 VLANs - no DHCP address

As for the vlan settings......... just remove the vlan 99 entry I dont see any bridge vlan filtering settings, however they will all be dynamically created but erlinden may be onto something here so see the modifications........... /interface bridge port add bridge=BR1 frame-types=admit-only-untagge...
by anav
Wed Jul 07, 2021 6:28 pm
Forum: Beginner Basics
Topic: AC2 VLANs - no DHCP address
Replies: 5
Views: 392

Re: AC2 VLANs - no DHCP address

Where is V99 elsewhere in your configuration? In this case since you don't have a separate management vlan where for example the admins computer would reside, then simply drop the vlan99 WLAN altogether. NOT NEEDED. Simply use you existing trusted home vlan as the management interface. What do I mea...
by anav
Wed Jul 07, 2021 12:38 am
Forum: Beginner Basics
Topic: Two gateways...How to?
Replies: 3
Views: 350

Re: Two gateways...How to?

Routes where?? (which devices)?
by anav
Tue Jul 06, 2021 9:55 pm
Forum: Wireless Networking
Topic: WPA3 in September?
Replies: 8
Views: 812

Re: WPA3 in September?

What MT device do you have??
by anav
Tue Jul 06, 2021 4:31 pm
Forum: General
Topic: Public IP not access from local ip
Replies: 6
Views: 357

Re: Public IP not access from local ip

So you have this configuration. Your House: Combined ISP Modem/Router Device [ ( ISP MODEM SIDE -----> PUBLIC IP (only your house gets this)-------> ISP ROUTER-SIDE------>STATIC PRIVATE IP ] then by ethernet cable to your MT router. So the question becomes, can you configure at all the ISP Router po...
by anav
Tue Jul 06, 2021 4:18 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1310

Re: CAP AC Reset - How to?

if you feel inclined to purchase check out the TP LINK EAP245, cheap prices these days and it handles vlan tags etc. Does everything the Capac does with better and more stable wifi throughput. On the downside its not a winbox config which I am rather fond of now. The reset is straightforward and you...
by anav
Tue Jul 06, 2021 4:15 pm
Forum: General
Topic: Setup Mikrotik router this Security Defense than Juniper Router??
Replies: 7
Views: 677

Re: Setup Mikrotik router this Security Defense than Juniper Router??

Assuming you want to replace an edge router for a large business?
My recommendation is to keep the juniper and use the MT for the internal router.
by anav
Tue Jul 06, 2021 4:14 pm
Forum: General
Topic: Public IP not access from local ip
Replies: 6
Views: 357

Re: Public IP not access from local ip

I have no idea what you are asking? Did you want to setup a server on your network?? The direction is port forward from WAN to LAN, not the other way round as well. Finally your ISP has not given you a public IP it has given you a private IP. YOu can find the public IP by using IP cloud and enabling...
by anav
Tue Jul 06, 2021 4:10 pm
Forum: Beginner Basics
Topic: Two gateways...How to?
Replies: 3
Views: 350

Re: Two gateways...How to?

Configured as switches I dont believe MT devices can do what you want.
YOu need the Main Routers to be MT, or the switches configured as Router & Switch and in this case you will have a double NAT scenario to work through as well.
If so, I have done so with wireguard on the beta firmware.
by anav
Tue Jul 06, 2021 4:06 pm
Forum: Beginner Basics
Topic: One VLAN not working in a sub-switch
Replies: 10
Views: 744

Re: One VLAN not working in a sub-switch

I run both capacs, hexes and 260s behind my MT router without issue.
This is the best reference to use. viewtopic.php?f=23&t=143620

In the meantime please post your config
/export hide-sensitive file=anynameyouwish
by anav
Tue Jul 06, 2021 4:02 pm
Forum: Beginner Basics
Topic: hostname to ip:port
Replies: 3
Views: 376

Re: hostname to ip:port

This is easily accomplished using dstnat. (your basic forwarding using the dst nat chain in ip filter firewall rules). Assuming your users will be accessing your server via the domain name. hello.website.com:XXXXX Where XXXXX is the port number you want them to reach your router with. Basically you ...
by anav
Mon Jul 05, 2021 9:26 pm
Forum: Wireless Networking
Topic: Single router wifi coverage ac2 vs ac3 vs Audience
Replies: 5
Views: 898

Re: Single router wifi coverage ac2 vs ac3 vs Audience

Anyone that says a single consumer AP is adequate for a multilevel HOME is on serious hallucinogens!
By that I mean to differentiate as the OP seems to want a single consumer WIFI router to be cover off a multi-story home.
At least with an AP, the likelihood of optimal placement is higher.
by anav
Mon Jul 05, 2021 9:23 pm
Forum: Beginner Basics
Topic: i'm new user
Replies: 4
Views: 457

Re: i'm new user

Welcome to the forums, sorry this is mostly English and not aware of any Hindu like forums.
Use google translate which should suffice as config is config, aka Mikrotik Language.
by anav
Mon Jul 05, 2021 9:22 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 696

Re: Basic configuration - non MT Wifi AP

From my last year post (08 Jun 2020, 17:00) https://forum.mikrotik.com/viewtopic.php?f=3&t=128762&p=798899#p798899 and first post this year (19 Apr 2021, 09:47) https://forum.mikrotik.com/viewtopic.php?f=21&t=174403&p=853769#p853769 they have just passed near 11 months Yes, but I al...
by anav
Mon Jul 05, 2021 9:13 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 696

Re: Basic configuration - non MT Wifi AP

No, that is the point, a regular poster and crickets since then. :-((
Can I imagine rextended not to get in my face on a daily basis, heck no, imagine a week, or month, 5 months is un-imaginable!!
by anav
Mon Jul 05, 2021 9:08 pm
Forum: General
Topic: CAP AC Reset - How to?
Replies: 22
Views: 1310

Re: CAP AC Reset - How to?

I can fix your problem for $69 :-) Reset button is depressed prior to applying the power chord and kept depressed until the lights blink or not. It can be tricky and obviously MT didnt think about people with only one arm/hand............ not that user friendly (unless one is an arachnid or octopus)
by anav
Mon Jul 05, 2021 9:02 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 696

Re: Basic configuration - non MT Wifi AP

Yes I noted that after reading your post, but one can get caught by making such assumptions.
Reasonable guess though!
For example take my signa, I have not heard or seen Sob for a long time and am worried a tad and
would feel like bad karma to remove the name. :-(
by anav
Mon Jul 05, 2021 9:01 pm
Forum: Beginner Basics
Topic: AP config with guest network to existing VLAN
Replies: 5
Views: 377

Re: AP config with guest network to existing VLAN

There is your mistake, not using MT as your router LOL.

My advice is then not to bother with capsman and further just ensure the capac IP address is on the LAN that is trusted.
This article has a section dealing with just Access Point setup.
viewtopic.php?f=23&t=143620
by anav
Mon Jul 05, 2021 8:59 pm
Forum: Beginner Basics
Topic: Can't SSH into Mikrotik network
Replies: 6
Views: 512

Re: Can't SSH into Mikrotik network

Hi Tangent, My thinking was that route on the primary router was not necessary because the Traffic was coming from the same LAN subnet. If I enter in an IP to get to, that is on the same subnet, I shouldnt need a route. The problem here is that the LANIP I am reaching is actually the WANIP of the se...
by anav
Mon Jul 05, 2021 8:56 pm
Forum: Beginner Basics
Topic: Home LAN/WiFi/Guest WiFi/IoT devices advice needed
Replies: 13
Views: 797

Re: Home LAN/WiFi/Guest WiFi/IoT devices advice needed

From a bit of reading, you need to turn network Off, which means it becomes a switch and DHCP client I believe the setting selection is (Off) Bridge Mode. Then you can use all ports as switch ports. Not sure about wireless settings nor if the time capsule is capable of reading vlan tags........... N...
by anav
Mon Jul 05, 2021 8:22 pm
Forum: RouterOS v7 BETA
Topic: [Feature Request] Limit the possibility of upgrading a device with the image for the wrong architecture
Replies: 3
Views: 492

Re: [Feature Request] Limit the possibility of upgrading a device with the image for the wrong architecture

Robustness, the ability to be sent wrong data and not crash. The bane of lazy programmers and testers, or on a really tight budget.
Pretty fundamental in production environments so dont think this would be a problem for MT OS, as noted by others.
Beta not being production may be a different story.
by anav
Mon Jul 05, 2021 8:19 pm
Forum: RouterOS v7 BETA
Topic: Wireguard and Mullvad VPN
Replies: 11
Views: 3062

Re: Wireguard and Mullvad VPN

Assuming wireguard is already a layer 3 activity then Concur, dont see the need to add vrf??
by anav
Mon Jul 05, 2021 3:23 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 696

Re: Basic configuration - non MT Wifi AP

Thanks Normis, that too, I assumed the OP has an MT with wifi radio on board, otherwise the question becomes moot.
by anav
Mon Jul 05, 2021 3:15 pm
Forum: Beginner Basics
Topic: RB750 Switch plus VLAN functionality [SOLVED]
Replies: 15
Views: 842

Re: RB750 Switch plus VLAN functionality [SOLVED]

Yes but at the bottom of your schematic you show four or five devices that are not on VLAN ???? With 5 Ports, 1 from Main router, and four others I assume going to managed switches (since you show multiple devices on every port), leaves ZERO PORTS for the non vlan devices. Your math does not add up?...
by anav
Mon Jul 05, 2021 2:58 pm
Forum: Beginner Basics
Topic: RB750 Switch plus VLAN functionality [SOLVED]
Replies: 15
Views: 842

Re: RB750 Switch plus VLAN functionality [SOLVED]

How many wired connections from main router to MK?
Assuming non vlan traffic is one wire connection from MK to an unmanaged switch?
by anav
Mon Jul 05, 2021 1:27 pm
Forum: Beginner Basics
Topic: AP config with guest network to existing VLAN
Replies: 5
Views: 377

Re: AP config with guest network to existing VLAN

There may be nothing wrong with using VLAN1 if one is a masochist, but seriously its not recommended by anyone I know................
by anav
Mon Jul 05, 2021 12:39 pm
Forum: General
Topic: ASK [ PVLAN]
Replies: 6
Views: 463

Re: ASK [ PVLAN]

Concur PVLAN=?? Port Vlan?? in which case tags dont come into play??
by anav
Mon Jul 05, 2021 12:37 pm
Forum: Beginner Basics
Topic: Separating an AP from the LAN
Replies: 2
Views: 309

Re: Separating an AP from the LAN

Please
/export hide-sensitive file=anynameyouwish

to see what is going on.
by anav
Mon Jul 05, 2021 12:35 pm
Forum: Beginner Basics
Topic: AP config with guest network to existing VLAN
Replies: 5
Views: 377

Re: AP config with guest network to existing VLAN

YOur best bet is read through this post..........
viewtopic.php?f=23&t=143620

For ex, dont use vlan1 and you only need one bridge in most instances.
by anav
Mon Jul 05, 2021 3:58 am
Forum: Beginner Basics
Topic: Can't SSH into Mikrotik network
Replies: 6
Views: 512

Re: Can't SSH into Mikrotik network

(1) Config looks okay, Would add dns-server here though ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 dns-server=192.168.88.1 (2) add action=accept chain=input src-address=192.168.0.0/24 The rule should be removed as it does not have purpose ++++++++++++++++...
by anav
Sun Jul 04, 2021 10:58 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 696

Re: Basic configuration - non MT Wifi AP

Oh okay so you dont have a guest wifi etc......
No the wifi settings on the MT have nothing to do with the AP.
The only relationship would be which frequencies are used so as not to conflict
by anav
Sun Jul 04, 2021 10:57 pm
Forum: Beginner Basics
Topic: Can't SSH into Mikrotik network
Replies: 6
Views: 512

Re: Can't SSH into Mikrotik network

/export hide-sensitive file=anynameyouwish
by anav
Sun Jul 04, 2021 10:55 pm
Forum: RouterOS v7 BETA
Topic: NTP Client is borked
Replies: 6
Views: 610

Re: NTP Client is borked

Without seeing your config hard to say.
by anav
Sun Jul 04, 2021 7:43 pm
Forum: Beginner Basics
Topic: Basic configuration - non MT Wifi AP
Replies: 12
Views: 696

Re: Basic configuration - non MT Wifi AP

Is the AP you have able to read and use vlan tags??
by anav
Sun Jul 04, 2021 3:58 am
Forum: Beginner Basics
Topic: Tunneling VLAN traffic over Wireguard
Replies: 18
Views: 1126

Re: Tunneling VLAN traffic over Wireguard

You need to provide a route from the vlan to the wireguard interface
use a routing table entry and a route rule reference the table, lookup only in, and the source address(es) that are appropriate
by anav
Sun Jul 04, 2021 12:46 am
Forum: General
Topic: WAN failover
Replies: 2
Views: 344

Re: WAN failover

Rarely have I seen anyone use the output chain. Standard practice is to use the input chain (traffic to and from the router itself) and the forward chain (traffic through the Router WAN to LAN, LAN to WAN, LAN to LAN) Failover is a very basic premise, basically you set one IP route with a lower dist...
by anav
Sun Jul 04, 2021 12:41 am
Forum: General
Topic: balancing and sum of different ISP lines
Replies: 3
Views: 473

Re: balancing and sum of different ISP lines

If not a bot, please provide a network diagram..........
by anav
Sun Jul 04, 2021 12:39 am
Forum: Beginner Basics
Topic: Home LAN/WiFi/Guest WiFi/IoT devices advice needed
Replies: 13
Views: 797

Re: Home LAN/WiFi/Guest WiFi/IoT devices advice needed

Just to add what was very well stated. The second wifi router should probably be set as a switch/Ap and not a router. Very important Q, was the L2 switches, are they vlan capable (tag and untag frames)? As for the management VLAN its not 100% necessary as you may use a trusted home vlan as well for ...
by anav
Fri Jul 02, 2021 6:51 pm
Forum: Beginner Basics
Topic: How to secure my router
Replies: 12
Views: 948

Re: How to secure my router

Thanks Normis, Understood, using the router to cache DNS may be considered 'not beginner' and the default of using the router ISP DNS or directly entered DNS, (in dhcp-network-server) is not a bad thing and further changing the settings to IP DNS Remote to "allow" should be made when has a...
by anav
Fri Jul 02, 2021 6:45 pm
Forum: Beginner Basics
Topic: Tunneling VLAN traffic over Wireguard
Replies: 18
Views: 1126

Re: Tunneling VLAN traffic over Wireguard

HI pcunite, I too contemplated using the raspberri pi for WG but I think your throughput will suffer if using that device??
by anav
Fri Jul 02, 2021 2:46 pm
Forum: Beginner Basics
Topic: How to secure my router
Replies: 12
Views: 948

Re: How to secure my router

Hey max, if you have any doubts at all on your current config recommend starting fresh with netinstall and change userid, password, winbox port etc,
by anav
Fri Jul 02, 2021 4:55 am
Forum: Beginner Basics
Topic: Tunneling VLAN traffic over Wireguard
Replies: 18
Views: 1126

Re: Tunneling VLAN traffic over Wireguard

Should have raised the topic in the beta forum if using beta firmware.
by anav
Thu Jul 01, 2021 11:17 pm
Forum: Beginner Basics
Topic: Very begin problem, separation, RB951
Replies: 1
Views: 406

Re: Very begin problem, separation, RB951

ether2 192.168.2.1/24 ether3 192.168.3.1/24 ether4 192.168.4.1/24 ether5 192.168.4/24 So each gets ip address, ip pool, dhcp-server and dhcp-server-network Inteface Members ether2 list=LAN ether3 list=LAN ether4 list=LAN ether5 list=Printer Firewall Rules forward chain besides most of the forward ch...
by anav
Thu Jul 01, 2021 6:14 pm
Forum: General
Topic: help to setup firewall
Replies: 11
Views: 702

Re: help to setup firewall

Disagree, Some of the rules in the intro are not practical or normal from my limited experience setting mac winbox Server interface list to NONE???? Turnine IP DNS allow remote request to NO??? On the building a firewall page - the extra noise and garbage of ICMP jumping!!! yuck In the advance page ...
by anav
Thu Jul 01, 2021 6:08 pm
Forum: Beginner Basics
Topic: How to secure my router
Replies: 12
Views: 948

Re: How to secure my router

Hi Normis I dont necessarily agree with some of the advice there.....

Specifically these two.................
/tool mac-server mac-winbox set allowed-interface-list=none
/ip dns set allow-remote-requests=no
by anav
Thu Jul 01, 2021 1:15 pm
Forum: Beginner Basics
Topic: No internet access when I don't use a switch
Replies: 1
Views: 341

Re: No internet access when I don't use a switch

Talk to the apartment IT staff/owner its a building issue.
by anav
Thu Jul 01, 2021 12:36 am
Forum: General
Topic: HEX IPSec Connection Mark
Replies: 1
Views: 299

Re: HEX IPSec Connection Mark

Did you search the forum for the same issue using the search feature??
Did you need advice on how to submit a bug?
by anav
Thu Jul 01, 2021 12:33 am
Forum: Beginner Basics
Topic: How to secure my router
Replies: 12
Views: 948

Re: How to secure my router

To the last question, yes that helps as well as good firewall rules. By setting interface to LAN, only those on the LAN interface or associated with it can access winbox functionality. In addition the firewall rules only allow those on the LAN to access the router (to and from router firewall contro...
by anav
Wed Jun 30, 2021 8:05 pm
Forum: Beginner Basics
Topic: How to secure my router
Replies: 12
Views: 948

Re: How to secure my router

The default configuration firewall rules are safe and good to go. If you start changing them or the config all bets are off. What can be said is a. dont use default user ID "Admin", add your own with full permissions and then remove the admin one but write all info down in a safe place. b....
by anav
Wed Jun 30, 2021 7:58 pm
Forum: Beginner Basics
Topic: WAN1 and WAN2 loadbalancing - want to add WAN3 with seperate wifi
Replies: 5
Views: 523

Re: WAN1 and WAN2 loadbalancing - want to add WAN3 with seperate wifi

As stated create a vlan and attach to whatever wlanX you want to use for WAN3 ensure a. you remove wlanX from the bridge if its currently attached, if wlanX is a new wlan no worries b. define vlan10 with interface wlanX c. give vlan10 an IP address, ip pool, dhcp server, dhcp server-network d. remov...
by anav
Wed Jun 30, 2021 6:23 pm
Forum: General
Topic: MIkrotik Syslog New Format
Replies: 23
Views: 1105

Re: MIkrotik Syslog New Format

Well that may be, obviously they are not getting up in the morning and having a proper cup of Italian cafe. On the other hand, the TELECOM portion of the company should state what the requirement is in clear terms that tney require information and for what purposes. One cannot change router software...
by anav
Wed Jun 30, 2021 5:38 pm
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6238

Re: MikroTik Wireguard server with Road Warrior clients

mducharme covered the salient points.
Cannot help further without seeing both configs........
/export hide-sensitive file=anynameyouwish
by anav
Wed Jun 30, 2021 5:35 pm
Forum: Wireless Networking
Topic: Guest AP routing headache [SOLVED]
Replies: 3
Views: 557

Re: Guest AP routing headache [SOLVED]

Suggest reading this link. I am not conversant in a config using bridge filters
Also not seeing all the subnets defined for the users, and where is wlan1 and wlan2 etc...
Seems to be much missing?

viewtopic.php?f=23&t=143620
by anav
Wed Jun 30, 2021 5:29 pm
Forum: Beginner Basics
Topic: connect vpn using a vlan
Replies: 1
Views: 350

Re: connect vpn using a vlan

Which version of firmware using?
by anav
Wed Jun 30, 2021 5:25 pm
Forum: General
Topic: Netinstall not working
Replies: 9
Views: 533

Re: Netinstall not working

Sorry.
a. only done netinstall with windows PC
b. unsure of affects of installing other firwmare?
by anav
Wed Jun 30, 2021 5:24 pm
Forum: General
Topic: Stuck IP problem or something
Replies: 5
Views: 366

Re: Stuck IP problem or something

Suggest perhaps its time for a consult....................
https://mikrotik.com/consultants
by anav
Wed Jun 30, 2021 5:22 pm
Forum: General
Topic: Firewall Input rules apperaring port 5678 tcp. Hacked.
Replies: 12
Views: 880

Re: Firewall Input rules apperaring port 5678 tcp. Hacked.

Well done, most people take a few times to get the hang of netinstall, seems like it worked well for you first go!
by anav
Wed Jun 30, 2021 5:20 pm
Forum: General
Topic: Router RB4011
Replies: 15
Views: 881

Re: Router RB4011

Thanks Normis, I am trying to help a chap by configuring the MT router via his smart phone (team viewer in, and using the APP), with only texting as the communication vehicle, voice not an option. So its challenging and looking for shortcuts. We attempted to use the normal "pro app" but fo...
by anav
Wed Jun 30, 2021 5:12 pm
Forum: General
Topic: help to setup firewall
Replies: 11
Views: 702

Re: help to setup firewall

Hi Josey, the more coherent the explanation provided the quicker and more accurate our assistance can be. So please provide. a. a network diagram (your explanation is confusing) and the more labelling the better. b. a copy of your current config /export hide-sensitive file=anynameyouwish c. any requ...
by anav
Wed Jun 30, 2021 5:09 pm
Forum: Beginner Basics
Topic: Firewall DNS instead of IP address
Replies: 14
Views: 829

Re: Firewall DNS instead of IP address

Hi rextended not quite understanding your explanation. In fact its confusing. To the OP, dont recommend non-vpn access to the router Especially being a WORK place router, just a bad idea all the way round. If you want to be able to admin to the router, it should ONLY be one person not all persons wi...
by anav
Wed Jun 30, 2021 5:02 pm
Forum: Beginner Basics
Topic: WAN1 and WAN2 loadbalancing - want to add WAN3 with seperate wifi
Replies: 5
Views: 523

Re: WAN1 and WAN2 loadbalancing - want to add WAN3 with seperate wifi

For IP Routes, to ensure WLAN1 uses WAN3 is easy. create a standard routing (main table entry for WAN3) then create a second entry a copy of the first one but with the entry of Routing Mark: wan3wifi Then go to Routing Rules and you can input source address 192.168.3.0/24 (whatever the subnet is for...
by anav
Wed Jun 30, 2021 4:48 pm
Forum: Beginner Basics
Topic: WAN1 and WAN2 loadbalancing - want to add WAN3 with seperate wifi
Replies: 5
Views: 523

Re: WAN1 and WAN2 loadbalancing - want to add WAN3 with seperate wifi

It would help what you mean by management. Adding a third WAN is easy, only allowing WLAN1 to access WAN3 is easy. Its the unclear messaging on management that is messy. Does the WAN ISP come in on a vlan tag? If not then dont assign vlan to the WAN traffic, add the vlan tag to the WLAN traffic. You...
by anav
Wed Jun 30, 2021 2:52 pm
Forum: Beginner Basics
Topic: How to configure LAN IP Pool
Replies: 5
Views: 494

Re: How to configure LAN IP Pool

I have no idea what you mean.]
Do you mean they gave you 6 WANIPs, 5 WANIPs, One main WANIP and 5 more WANIPs....
There is no such thing as LAN IPs from the ISP!
by anav
Wed Jun 30, 2021 2:50 pm
Forum: Beginner Basics
Topic: Change WAN from ether1
Replies: 8
Views: 598

Re: Change WAN from ether1

Just to be sure please post your config
/export hide-sensitive file=anynameyouwish
by anav
Wed Jun 30, 2021 3:15 am
Forum: General
Topic: Router RB4011
Replies: 15
Views: 881

Re: Router RB4011

Same evil eye as always? But yes I like the RoS signa, but do you mean the holy grail RoS 7 ??
by anav
Wed Jun 30, 2021 3:13 am
Forum: General
Topic: PCC with different send and return interfaces
Replies: 7
Views: 434

Re: PCC with different send and return interfaces

Knock Knock .......... who's there, not Bump bump :-)
(Bump bump is drunk Santa Claus as its obviously not Christmas and he is flopping around on the roof)
by anav
Wed Jun 30, 2021 3:09 am
Forum: General
Topic: Weird warning with bridge config regarding VLANs [SOLVED]
Replies: 9
Views: 811

Re: Weird warning with bridge config regarding VLANs [SOLVED]

Well, not surprized as you have an overly complex non-standard vlan bridge configuration. Read through this link to fix............ https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 For starters the only thing that needs to be done for the bridge itself is enable it, keep default pvid=1 and...
by anav
Tue Jun 29, 2021 10:17 pm
Forum: General
Topic: Router RB4011
Replies: 15
Views: 881

Re: Router RB4011

The app, for me, do not add or remove firewall rules, leave the default rule if presents, but do a mess with other settings... I am not sure if the RB4011 comes with any default firewalls and is why I asked. To see if the home app installed them. That is a more accurate rendition of my question. Ho...
by anav
Tue Jun 29, 2021 7:15 pm
Forum: General
Topic: Router RB4011
Replies: 15
Views: 881

Re: Router RB4011

Hi Normis, does the basic home APP setup the default firewall rules automatically?
by anav
Tue Jun 29, 2021 7:14 pm
Forum: General
Topic: Missing Firewall ACTION at Logs
Replies: 9
Views: 458

Re: Missing Firewall ACTION at Logs

If traffic is being directed as required, I see very little need of logging. Mostly for troubleshooting and this plus sniff tool usually gets me to where I need to go. Sometimes logging is used just prior to a rule (no action but only logging) to see what traffic is hitting a rule for whatever reaso...
by anav
Tue Jun 29, 2021 7:10 pm
Forum: General
Topic: Firewall Input rules apperaring port 5678 tcp. Hacked.
Replies: 12
Views: 880

Re: Firewall Input rules apperaring port 5678 tcp. Hacked.

As the rextended stated, the only safe course of action is to a neintsall and put back the old confg exported back in bits, without the offending bits and especially any scripts (even if you made them they may have been modified!) Do not use the same userID (edit: and password thank rextended) and u...
by anav
Tue Jun 29, 2021 1:58 am
Forum: Beginner Basics
Topic: Prioritize Vlan
Replies: 1
Views: 379

Re: Prioritize Vlan

Very good question. The assigning of the vlan is the easy part assigning the priority bit is what I couldnt do on a zyxel router many moons ago (as I needed a priority bit set on the initial handshake for IPTV). In IP firewall rules advanced settings I see there are three related potential settings,...
by anav
Mon Jun 28, 2021 9:37 pm
Forum: General
Topic: dual wan
Replies: 2
Views: 295

Re: dual wan

by anav
Mon Jun 28, 2021 8:17 pm
Forum: Beginner Basics
Topic: How do I assign a static IP address to a device?
Replies: 3
Views: 452

Re: How do I assign a static IP address to a device?

There are two ways,
a. let DHCP assign the IP address and then in the dhcp server settings under leases make it a fixed static lease.
b. manually set the IP address on the device itself.
by anav
Mon Jun 28, 2021 1:23 pm
Forum: General
Topic: firewall rules rules
Replies: 1
Views: 281

Re: firewall rules rules

Everyone's situation is unique, there is no one size fits all.
The default rules are safe out of the box and one should only modify these when one understands how the rules work and how packet flow works on the router.
Finally, one should avoid 90% of the garbage on youtube.
by anav
Sun Jun 27, 2021 7:53 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 41
Views: 24828

Re: Securing your device is important

Ahh okay,
Recommend that when users first join, that becomes part of the instruction set !
by anav
Sun Jun 27, 2021 7:24 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 41
Views: 24828

Re: Securing your device is important

Why do you keep spamming every post with your quote spam. People will quote how they want to quote and if you dont like it remove the quote feature.
I am now going to report every single time you fill a thread with your quote spam.
by anav
Sun Jun 27, 2021 7:03 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 15
Views: 1337

Re: trying to isolate ether5 from bridge on ether2-4

Almost there....... (1) This rule can be dropped as its not bad in of itself but it kinda defeats other rules that follow it. (its now extra). add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN Which basically tells the router any packet comi...
by anav
Sun Jun 27, 2021 6:52 pm
Forum: Beginner Basics
Topic: zoom firewall settings
Replies: 5
Views: 607

Re: zoom firewall settings

Keeping with the topic!
@own3r1138... Zoom the phuck out of this thread please.

@gmeden, please post your config so we can see what the issue may be.
/export hide-sensitive file=anynameyouwish
by anav
Sun Jun 27, 2021 6:45 pm
Forum: General
Topic: Double VLAN Trunk to two Switches from Router
Replies: 12
Views: 809

Re: Double VLAN Trunk to two Switches from Router

Lets try another network diagram to see what you really want to do and put in all devices, vlans and wlans etc that you want to have.
The approach so far is taking too long and is too confused and please read carefully the link provided.
by anav
Sun Jun 27, 2021 6:44 pm
Forum: General
Topic: Double VLAN Trunk to two Switches from Router
Replies: 12
Views: 809

Re: Double VLAN Trunk to two Switches from Router

Config comments.... Did you read this reference aka the bible?? https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 (1) Bridge settings change pvid back from 11 to 1, remove ingress filtering and admit only vlan tagged. The only thing that needs to be done on the main bridge setting is the ch...
by anav
Sat Jun 26, 2021 10:13 pm
Forum: Beginner Basics
Topic: zoom firewall settings
Replies: 5
Views: 607

Re: zoom firewall settings

NO requirement to set any special firewall rules for zoom or for any program not hosted on a compute on your network.
Default firewall rules work fine. If you block all outgoing browsing and internet traffic that is a different story.
by anav
Sat Jun 26, 2021 3:52 pm
Forum: RouterOS v7 BETA
Topic: Adding 3rd party packages
Replies: 5
Views: 844

Re: Adding 3rd party packages

I would really like to see SwOS as an available package for ROS. Where all Ethernet switch functions are handled by a SwOS package in ROS. Where you can Winbox/mac-winbox ( or telnet, mac-telnet, ssh or HTTP ) to ROS , then navigate to SwOS. And , have the default un-configured SwOS switch all port...
by anav
Sat Jun 26, 2021 3:46 pm
Forum: General
Topic: Open hosted webiste on LAN to Internet
Replies: 10
Views: 590

Re: Open hosted webiste on LAN to Internet

Yes, the trickiest part about lists is creating new ones as the router provides by default WAN and LAN. You need to make the Manage list first before you assign it to different sections! (1) GO TO INTERFACE MENU SELECTION (2) SELECT INTERFACE LIST MENU SELECTION (3) Select the Lists Box and then use...
by anav
Fri Jun 25, 2021 9:59 pm
Forum: General
Topic: Under flood attack, how resolve this ? [SOLVED]
Replies: 107
Views: 4295

Re: Under flood attack, how resolve this ? [SOLVED]

Why are you still posting, give either of the two services (MOAB or AXIOM) with a free trial a go and then let us know if either of them stop the attacks.
by anav
Fri Jun 25, 2021 9:52 pm
Forum: General
Topic: Open hosted webiste on LAN to Internet
Replies: 10
Views: 590

Re: Open hosted webiste on LAN to Internet

Issues to discuss (1) The IP POOL, IP address, DHCP server and DCHP server network should all line-up. Clearly your IP POOL is not correct (too many entries) suggest it should be shortened .......... /ip pool add name=dhcp ranges=10.0.1.10-10.0.1.254 add name=dhcp_pool11 ranges=10.0.20.2-10.0.20.254...
by anav
Fri Jun 25, 2021 8:42 pm
Forum: General
Topic: Open hosted webiste on LAN to Internet
Replies: 10
Views: 590

Re: Open hosted webiste on LAN to Internet

post your current config.

/export hide-sensitive file=anynameyouwish
by anav
Fri Jun 25, 2021 7:44 pm
Forum: General
Topic: Under flood attack, how resolve this ? [SOLVED]
Replies: 107
Views: 4295

Re: Under flood attack, how resolve this ? [SOLVED]

@BartoszP: I hadn't thought of some points. Thank you. *** ALL: Try leaving port UDP 53 of DNS open for two minutes... and your connection won't work for days (even if you closed port 53), if you don't change IP. Now you are being excessively kind (we call it kissing ass), due to the reality they a...
by anav
Fri Jun 25, 2021 7:40 pm
Forum: RouterOS v7 BETA
Topic: Any release date for 7.x expectation?
Replies: 18
Views: 3394

Re: Any release date for 7.x expectation?

Id be happy with Wireguard in the next 6.5 release LOL, nothing else I need ;-PP
by anav
Fri Jun 25, 2021 6:24 pm
Forum: General
Topic: Under flood attack, how resolve this ? [SOLVED]
Replies: 107
Views: 4295

Re: Under flood attack, how resolve this ? [SOLVED]

Exactly so instead of endlessly playing with his config and chasing everyone's favourite piece of script, I am begging the op, DONT WASTE YOUR TIME, try one of the free trials by a service that does all the legwork for you (keeps it up to date from multiple sources). This will demonstrate to you whe...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 26