Community discussions

MikroTik App

Search found 22453 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 75
by anav
Fri Jan 24, 2025 10:51 pm
Forum: General
Topic: Route List / Table question
Replies: 1
Views: 94

Re: Route List / Table question

Wrong, the order of WAN, primary, secondary, tertiary etc or all equal ( same distance - ECMP load balancing) is admin decision.
Very flexible setup.
by anav
Fri Jan 24, 2025 10:47 pm
Forum: Beginner Basics
Topic: Cannot Port Forward using PCC and VLan
Replies: 4
Views: 475

Re: Cannot Port Forward using PCC and VLan

Do not use VLAN1 if at all possible. Make changes for ether2 and do all config from there. RB4011 has two switch chips so put all your important data vlans on the same switch chip....... ports 6-10. With version 7 firmware you are way better given four ISPs with the same throughput to use ECMP. Keep...
by anav
Fri Jan 24, 2025 6:04 pm
Forum: Forwarding Protocols
Topic: Issue Port Forwarding UDP
Replies: 1
Views: 118

Re: Issue Port Forwarding UDP

/export file=anynameyouwish (minus router serial number, any public WANIP information vpn keys etc.)

using notepad++ to open and edit and post here, and use the code tags above, on the same line as Bold and Underline the black square with white square brackets.
by anav
Fri Jan 24, 2025 6:00 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 48
Views: 102257

Re: Hairpin NAT - the easy way

Is it because in the same LAN scenario, the packet back would be destined directly to the client MAC address as the server has it in its ARP table, and the router would simply switch it back to the client without any processing, Something like that......... the router knows where the originator is ...
by anav
Fri Jan 24, 2025 1:56 pm
Forum: General
Topic: VLAN config RB760iGS??
Replies: 4
Views: 222

Re: VLAN config RB760iGS??

Is that your complete config....... you have not defined vlans etc. nor have any firewall rules.
Are you trying to use this device as a switch>?
by anav
Thu Jan 23, 2025 10:33 pm
Forum: Beginner Basics
Topic: hEX - E50UG - default password does not work
Replies: 4
Views: 237

Re: hEX - E50UG - default password does not work

Its the basic user test, if you cannot get passed the password, you dont quality to use MT products! ;-)
by anav
Thu Jan 23, 2025 9:10 pm
Forum: Beginner Basics
Topic: VLAN and WIREGUARD basic
Replies: 6
Views: 1060

Re: VLAN and WIREGUARD basic

1.Upgrade firmware to 7.12 and then to 7.17 ( also routerboard ) 2. Then using ether2 to config....... RB4011 has two switch chips, thus to keep all ports used on the same bridge moving them to 6-10 So first step is to move ether8 to ether2 !! 3. Added management vlan 4. Single Wireguard interface b...
by anav
Thu Jan 23, 2025 5:59 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 12
Views: 2217

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

I cannot help, I recommended a different solution for IP routes as noted above, You have provided a routing that is already load balanced based on ECMP and thus is nonsensical. Since you didnt except that change, my providing of recursive wont work either as it wont relate to your current settings.
by anav
Thu Jan 23, 2025 5:25 pm
Forum: General
Topic: BTH VPN WIREGUARD in chr
Replies: 1
Views: 108

Re: BTH VPN WIREGUARD in chr

CHR, well if you are using CHR at home and not in a VPS, cannot help you. The idea of CHR is to acquire a public IP address or at least a public WANIP in a specific geographic location. The key being you no longer need BTH because regular wireguard will work just fine. Good point that it should be i...
by anav
Thu Jan 23, 2025 2:26 pm
Forum: General
Topic: REQ: AirVPN / Wireguard fine tune assistance
Replies: 2
Views: 594

Re: REQ: AirVPN / Wireguard fine tune assistance

Sure but how bout first you get rid of all the noise.
Delete all the unused config as it makes it harder to read and diagnose issues.
Once done repost and will have a look.
by anav
Thu Jan 23, 2025 2:23 pm
Forum: Beginner Basics
Topic: Cannot Port Forward using PCC and VLan
Replies: 4
Views: 475

Re: Cannot Port Forward using PCC and VLan

First question I have is, how do you propose to setup PCC when you have already setup the pppoe to make routes automatically? If they all have the same distance, you already have ECMP load balancing in effect ??? Not sure what game you are playing, but your config seems focussed on viruses not neede...
by anav
Thu Jan 23, 2025 2:00 pm
Forum: General
Topic: Wireguard Stopped After Upgrade
Replies: 10
Views: 2353

Re: Wireguard Stopped After Upgrade

Upgrade to 7.17 and see if the behaviour repeats itself. Im pretty sure they are interested in working on bugs based on the latest firmware, as any previous bugs may have been taken care of already.
by anav
Thu Jan 23, 2025 1:56 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

No the address range provided is fixed, the admins smartphone will get 192.168.216.3, the router 192.168.216.1 address and 192.168.213.2 is reserved for the relay peer. You are correct the default rule allows access to the LAN, so it depends how you have defined your LAN interface list. Further rule...
by anav
Thu Jan 23, 2025 2:05 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Decided to try BTH on main router CCR1009 and using 7.17 firmware. All good in terms of using the iphone app on trusted WLAN to create the tunnel. All settings checked on router via winbox 1. Only difference from hapax3 ( acting as a switch ) is that I finally see on the CCR1009 version, the forward...
by anav
Wed Jan 22, 2025 6:32 pm
Forum: Beginner Basics
Topic: Optimizing Server Placement: MikroTik Router vs. Switch
Replies: 12
Views: 582

Re: Optimizing Server Placement: MikroTik Router vs. Switch

Is there an echo in here?? ;-)
by anav
Wed Jan 22, 2025 5:08 pm
Forum: Beginner Basics
Topic: Optimizing Server Placement: MikroTik Router vs. Switch
Replies: 12
Views: 582

Re: Optimizing Server Placement: MikroTik Router vs. Switch

Generally speaking if the traffic to the server is mostly across the switch ( users on ports on the switch need access to the server,) then put it behind the switch.
by anav
Wed Jan 22, 2025 4:19 pm
Forum: General
Topic: ROS-7: /ip/route/check
Replies: 6
Views: 1174

Re: ROS-7: /ip/route/check

IOS-7?
Perhaps its no longer Riga Operating System and Mikrotik is being bought out by Wipro and the new name is Indian Operating System ???
by anav
Wed Jan 22, 2025 2:15 pm
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 11
Views: 645

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

Disagree, both APs should have both the management or trusted vlan being sent to them ( as that is where AP gets its IP address from).
Additionally all other data vlans ( trusted wifi, guest wifi, iot wifi) etc should be passed to the APs as well.
by anav
Wed Jan 22, 2025 2:12 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Same here attempting to do it all from App.
by anav
Wed Jan 22, 2025 4:43 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Did some more testing but still no luck. However I have to admit the hapax3 is not setup as a router but simply an AP switch behind a CCR1009 main router, with one primary WAN. So the management vlan is where the hapax3 gets its IP address. When I use my iphone to start the process, I use a WLAN on ...
by anav
Tue Jan 21, 2025 11:11 pm
Forum: General
Topic: RB5009UG+S+ ip problem
Replies: 16
Views: 1192

Re: RB5009UG+S+ ip problem

I am not a zerotier expert, but assuming stating the zerotier interface on the input chain rule was not enough or accurate, perhaps you need to add actual IP address???
by anav
Tue Jan 21, 2025 11:08 pm
Forum: General
Topic: How to create hairpin rune?
Replies: 2
Views: 251

Re: How to create hairpin rune?

A wider rule, that is often prescribed is dst-address=192.168.12.0/24 src=addres192.168.12.0/24
( intent here is if you have more than one server active in the subnet )
by anav
Tue Jan 21, 2025 11:06 pm
Forum: Scripting
Topic: New command in RouterOs 7
Replies: 37
Views: 13090

Re: New command in RouterOs 7

You guys are amazing, for me its like reading chinese......incomprehensible.
Some day I need to go to California or Italy for a 2 week scripting camp. ( which would barely scratch the surface ).
by anav
Tue Jan 21, 2025 2:51 pm
Forum: Beginner Basics
Topic: How to set up VLAN to pass traffic through a managed switch?
Replies: 12
Views: 1595

Re: How to set up VLAN to pass traffic through a managed switch?

What is the management vlan or trusted vlan, and do the capacs and switch get an IP address from this VLAN?
In other words do not see vlan99 above, and it should be going from rb4011 to both capacs as well.
by anav
Tue Jan 21, 2025 2:35 pm
Forum: General
Topic: Back to home (iOS): Connection refused
Replies: 4
Views: 248

Re: Back to home (iOS): Connection refused

Is the Mikrotik device acting as a router or a switch??
How did you create the BTH VPN in the first place.

Ensure you have access to the input chain for the IP address of your phone when connecting from the trusted WLAN.
by anav
Tue Jan 21, 2025 12:01 am
Forum: Beginner Basics
Topic: VLAN on a single port
Replies: 9
Views: 680

Re: VLAN on a single port

Unfortunately you will have to make an effort fail and try again and learn, there are no shortcuts. Before any advice though one needs a complete set of requirements understood, not just one server. Without the below, you cannot have a realistic plan, and a plan before config is essential. a. identi...
by anav
Mon Jan 20, 2025 8:55 pm
Forum: General
Topic: DMZ Pinhole
Replies: 14
Views: 1004

Re: DMZ Pinhole

Everything was looking normal until you decided to add an undocumented immigrant in your config. Where did vlan16 come from?? Also you stated you want nut client to reach pi...... dmz to lan. however in the diagram it states nut client LISTENing on port 3498, which IMPLIES that the pi is going to co...
by anav
Mon Jan 20, 2025 5:22 pm
Forum: Beginner Basics
Topic: VLAN and WIREGUARD basic
Replies: 6
Views: 1060

Re: VLAN and WIREGUARD basic

If we can be clear on requirements, assistance can be rendered.

a. identify all users/devices, external and internal, and admin
b. identify the traffic the groups above required.
(explain purpose of vlans etc.)
by anav
Mon Jan 20, 2025 4:23 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 911

Re: external dhcp delay on cap ac

So you agree, that if an IT person for a university is going to use MT product, he should
a. actually take some MT courses., or
b. get consulting assistance.
( havent even touched upon security as a component of using MT devices)
by anav
Mon Jan 20, 2025 4:19 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

BTH is supposed to make a dynamic input chain rule for wireguard, completely normal! The forward chain rule you see, I have never seen when making BTH setups, so not sure why you are seeing it. I can only guess is that you didnt select LAN availability for your peers? In any case you can apply firew...
by anav
Mon Jan 20, 2025 5:30 am
Forum: General
Topic: Routing issue VPN>VLAN>CRS328>CRS109>PC
Replies: 3
Views: 491

Re: Routing issue VPN>VLAN>CRS328>CRS109>PC

Not at ALL, conceptually not difficult. assuming you did the opensense properly, you have one trunk port to the 328 and at least one trunk port to the 109. The managment vlan must reach the 109 as all switches get an IP address on that subnet. However not interested in your opinion only on facts and...
by anav
Mon Jan 20, 2025 5:27 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Nichky, the QR code available at the router is ONLY for the first assignment to the admins smartphon........... When you use Manage Shares from that smartphone,, you can create more qrcodes, links BTH app can use, or standard wireguard export files........

The screenshot from my iphone you mean??
by anav
Mon Jan 20, 2025 12:42 am
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 93
Views: 4087

Re: L3 HW Offloading

GLuck, then, as you seem to have all well in hand. Not even sure why you posted.
by anav
Mon Jan 20, 2025 12:24 am
Forum: General
Topic: Adding bridge interface to WAN - is there anything special?
Replies: 2
Views: 232

Re: Adding bridge interface to WAN - is there anything special?

Normally, the WAN need not be part of any bridge.
Depends on the circumstances, and typically in vlan filtering there is only one bridge.
by anav
Mon Jan 20, 2025 12:24 am
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 93
Views: 4087

Re: L3 HW Offloading

To help us, and to help yourself, the clarity starts with you... a. identify all the users/devices (external, internal and including admin) b. identify all the traffic the above groups must accomplish c. detail the WAN ( how many, public, private static, dynamic etc, if more than one, load balance o...
by anav
Mon Jan 20, 2025 12:17 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Well you need to ensure LAN is allowed on bth users ( its the default setting so should be )
You may need to add a forward chain allow rule from BTH to LAN
You may need to add a forward chain rule allow from BTH to WAN
by anav
Sun Jan 19, 2025 10:54 pm
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 93
Views: 4087

Re: L3 HW Offloading

Table refers to Routing Table(s). There is the main table which holds the majority of routes ( associated with IP addresses and subnets ) WAN etc. Special Tables...... not in main, created by admin for the purposes of sending traffic out a different table than the normal routing tables normally used...
by anav
Sun Jan 19, 2025 8:56 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2127

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

As SIndy said, your assuming to much, I have used CHR and have no clue on how to do any such thing on my computer, it was daunting enough to deal with a VPS, which I had no clues on.
As suggested, the recommendation sent --> SUP-176831
by anav
Sun Jan 19, 2025 7:57 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2127

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

When you purchase a CHR, you provide a password which MT then bakes into the image prior to sending you the file.
OR
All CHRs come with a random password, part of the purchase is a separate file containing password.
by anav
Sun Jan 19, 2025 6:30 pm
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 93
Views: 4087

Re: L3 HW Offloading

If you actually want to get some answers, and fix the issue, the best place to start is providing your config.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)

(ps dont see any cheap RB5009s yet on amazon.com)
by anav
Sun Jan 19, 2025 6:25 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 911

Re: external dhcp delay on cap ac

If you are in charge of Univerisity IT, this is not the place to get your paid work done.
a. take the proper MT courses
b. if an emergency --> https://mikrotik.com/consultants
by anav
Sun Jan 19, 2025 6:22 pm
Forum: Announcements
Topic: v7.17 [stable] is released!
Replies: 287
Views: 41904

Re: v7.17 [stable] is released!

Well, we should make some test before upgrading en-masse our devices. I have upgraded only one my personal router that is not critical. The other one in my network are all on the 7.16.2 As a homeowner, I had no issues updating my hapax3, non-critical AP to 7.17. My main router CCR1009 will not get ...
by anav
Sun Jan 19, 2025 5:08 pm
Forum: Beginner Basics
Topic: Setting up DHCP for beginners
Replies: 5
Views: 573

Re: Setting up DHCP for beginners

Beginners dont normally need more than 50 addresses, is this a real question or a hypothetical?
If its real then you need to provide a far more detailed explanation of your network, the users and services being provided.
by anav
Sun Jan 19, 2025 5:06 pm
Forum: Beginner Basics
Topic: How to set up VLAN to pass traffic through a managed switch?
Replies: 12
Views: 1595

Re: How to set up VLAN to pass traffic through a managed switch?

Cannot be that unhappy, you posted on JAN 08, and only getting to it now??? Must have been in the hospital or on vacation.
by anav
Sun Jan 19, 2025 5:02 pm
Forum: Beginner Basics
Topic: Stuck in config: winbox and disconnections [SOLVED]
Replies: 5
Views: 782

Re: Stuck in config: winbox and disconnections [SOLVED]

Last Version ROUTER ( Assuming Office is trusted subnet ) 1. /interface bridge port add bridge=bridge ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged \ interface=ether2 pvid=100 add bridge=bridge ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged \ i...
by anav
Sun Jan 19, 2025 4:31 am
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2127

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

??? You dont deploy it ( connect to ISP ) until its setup.
by anav
Sat Jan 18, 2025 10:41 pm
Forum: General
Topic: RB5009UG+S+ ip problem
Replies: 16
Views: 1192

Re: RB5009UG+S+ ip problem

/ip firewall address-list (using static dhcp leases) add address=192.168.1.X list=Authorized comment="admin desktop" add address=192.168.1.Y list=Authorized comment="admin laptop" add address=192.168.1.Z list=Authorized comment="admin smartphone" /ip firewall filter ad...
by anav
Sat Jan 18, 2025 5:13 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 12
Views: 2217

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

Accurate but avoidable, I missed this when looking at firewall rules. There is a purpose to using no-track in mangling, which is an aide in discriminating which traffic to identity. but also to KEEP fastrack and not cause any slowdown. From: add action=fasttrack-connection chain=forward comment=&quo...
by anav
Sat Jan 18, 2025 5:06 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 12
Views: 2217

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

Support tickets are for bugs in the software mostly, and for suggestions........ It is not designed to help with peoples configs. If we cannot find a source for your issues, after resolving any config issues, then a supout and bug are probably appropriate. This is very simple load balancing so it sh...
by anav
Sat Jan 18, 2025 3:49 am
Forum: General
Topic: Wireguard: Can' access VLANs
Replies: 5
Views: 1327

Re: Wireguard: Can' access VLANs

1. slight mod /interface bridge port add bridge=bridge ingress-filtering=yes frame-type=admit-only-vlan-tagged interface=trunk-switch1-ether1 add bridge=bridge interface=nuc-ether3 pvid=100 comment="hybrid port" add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-unt...
by anav
Fri Jan 17, 2025 11:12 pm
Forum: General
Topic: Merging 2 lines with PCC loadbalancing fails to pick the right gateway [SOLVED]
Replies: 6
Views: 594

Re: Merging 2 lines with PCC loadbalancing fails to pick the right gateway [SOLVED]

I wondered how its been used for many years with such a misconfiguration............
Which leads one to conclude we dont have a complete picture as well.

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Fri Jan 17, 2025 10:42 pm
Forum: Forwarding Protocols
Topic: How to connect WAN directly to some port, bypassing NAT
Replies: 13
Views: 2207

Re: How to connect WAN directly to some port, bypassing NAT

Not a sweet clue of what you are attempting sorry.
by anav
Fri Jan 17, 2025 10:04 pm
Forum: General
Topic: RB5009UG+S+ ip problem
Replies: 16
Views: 1192

Re: RB5009UG+S+ ip problem

I would never rely on NAT and an ISPs modem to provide security. So yes, I think you should add the standard set of firewall rules.
by anav
Fri Jan 17, 2025 6:56 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

@Normis. note: ensured that mac-server win-mac server included Trusted interface note: ensured Trusted interface list included back to home interface. note: ensured input chain rule for BTH subnet allowed ( although have few rules on my hapax3 and no drop all rules) SUPOUT SENT --> SUP-176739 .... I...
by anav
Fri Jan 17, 2025 5:08 pm
Forum: General
Topic: RB5009UG+S+ ip problem
Replies: 16
Views: 1192

Re: RB5009UG+S+ ip problem

One problem is duplication of WAN, either use IP address OR ip dhcp client, NOT both!!! /ip address add address=192.168.1.1/24 interface=lan network=192.168.1.0 add address=192.168.0.200/24 interface=WAN network=192.168.0.0 /ip dhcp-client add interface=WAN Is this device your router? No firewall ru...
by anav
Fri Jan 17, 2025 5:06 pm
Forum: General
Topic: Help needed. Separate internet access per port in the bridge
Replies: 4
Views: 277

Re: Help needed. Separate internet access per port in the bridge

Disagree..... ether1 should NOT be part of the bridge ports or related settings, its WAN and nothing to do with bridge. On the other subject. when you create /interface bridge port for access ports and enter the PVID, the router dynamically includes the required untagging on corresponding /interface...
by anav
Fri Jan 17, 2025 4:48 pm
Forum: Beginner Basics
Topic: Help Wanted: Best practices to protect router and switch management access with bridge-tagged vlans [SOLVED]
Replies: 10
Views: 1458

Re: Help Wanted: Best practices to protect router and switch management access with bridge-tagged vlans [SOLVED]

https://forum.mikrotik.com/viewtopic.php?t=143620 On the router side yes, vlans ( interface bridge vlan ) need to be tagged for bridge and for any trunk ports ( and hybrid ports) When using bridge vlan filtering on switches aka 300 series, only the management vlan needs to be tagged on bridge. NO, r...
by anav
Thu Jan 16, 2025 8:25 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

edit NM. answered a post from page one LOL
by anav
Thu Jan 16, 2025 8:23 pm
Forum: Beginner Basics
Topic: Help Wanted: Best practices to protect router and switch management access with bridge-tagged vlans [SOLVED]
Replies: 10
Views: 1458

Re: Help Wanted: Best practices to protect router and switch management access with bridge-tagged vlans [SOLVED]

Are you familiar with RoS and the use of bridge vlan filtering, as it would be strange to make any assumptions based on limited knowledge?
by anav
Thu Jan 16, 2025 5:26 pm
Forum: General
Topic: PoE hEX RB960PGS as a switch? [SOLVED]
Replies: 9
Views: 691

Re: PoE hEX RB960PGS as a switch? [SOLVED]

There are many examples of such in the forums, and also a ref with examples.
viewtopic.php?t=143620
by anav
Thu Jan 16, 2025 5:24 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Sorry for many questions, but just getting deeper into BTH. Why and what traffic is coming in from the dynamic BTH interface that is added? I created BTH on the phone, all works. Then I switch the phone off and would assume no more traffic is coming in/accepted on the input chain. But not the case ...
by anav
Thu Jan 16, 2025 5:21 pm
Forum: Announcements
Topic: v7.17 [stable] is released!
Replies: 287
Views: 41904

Re: v7.17 [stable] is released!

@ Edpa 1. *) bridge - added interface-list support for VLANs; Does this mean we can now list the bridge as an interface list member and this will include all vlans attached to the bridge? 2. *) bridge - enable faster HW offloading when detect-internet is disabled; Will faster HW offloading also occu...
by anav
Wed Jan 15, 2025 8:04 pm
Forum: General
Topic: DMZ Pinhole
Replies: 14
Views: 1004

Re: DMZ Pinhole

Understood, no worries. Most are not picky like me. :-)
by anav
Wed Jan 15, 2025 7:23 pm
Forum: General
Topic: DMZ Pinhole
Replies: 14
Views: 1004

Re: DMZ Pinhole

When you are willing to change your config to the optimal one bridge approach - all vlans associated with bridge, will be happy to assist.
viewtopic.php?t=143620
by anav
Wed Jan 15, 2025 6:21 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 277
Views: 157673

Re: Advanced Routing Failover without Scripting

Do you use netwatch?
by anav
Wed Jan 15, 2025 6:17 pm
Forum: General
Topic: DMZ Pinhole
Replies: 14
Views: 1004

Re: DMZ Pinhole

So you have servers on one subnet. a. are users coming to the servers from external? b. are users coming from same subnet as servers? c. are users coming from the other subnet (where pi is located) So no traffic ORIGINATED at severs, only responses to incoming requests?? ( except for NUT client orig...
by anav
Wed Jan 15, 2025 6:01 pm
Forum: General
Topic: asymmetric routing
Replies: 12
Views: 815

Re: asymmetric routing

@OP: Still waiting for requirements because I have no clue as to what you mean. As for no-mark, not sure what you mean TDW but that is a separate discussion..........
by anav
Wed Jan 15, 2025 5:58 pm
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

I dont bother looking at snippets....
by anav
Wed Jan 15, 2025 4:54 pm
Forum: Beginner Basics
Topic: VLAN and WIREGUARD basic
Replies: 6
Views: 1060

Re: VLAN and WIREGUARD basic

Hi Davide, excellent start. A good article to read on setting up single bridge vlan filtering is ( the rb4011 is old and if you are spending money the RB5009 is much better investment ). https://forum.mikrotik.com/viewtopic.php?t=143620 I recommend taking one port not used off the bridge, giving it ...
by anav
Wed Jan 15, 2025 4:47 pm
Forum: General
Topic: Roast My Firewall
Replies: 3
Views: 417

Re: Roast My Firewall

cannot comment as I dont know what the rest of your config looks like. As a new person be aware that the config is interrelated and parsing out bits is not exactly useful.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys, long dhcp lease lists)
by anav
Wed Jan 15, 2025 4:44 pm
Forum: General
Topic: Routing a group of internal IPs through specific ISP
Replies: 2
Views: 271

Re: Routing a group of internal IPs through specific ISP

Define a few devices... a. 5 or less, 5-10, more than 10 ?? b. a whole subnet?? Normally a source address list with mangles is the way to proceed. It may be more optimal to use routing rules depending additionally I don't work from snippets /export file=anynameyouwish ( minus router serial number, a...
by anav
Wed Jan 15, 2025 4:40 pm
Forum: General
Topic: DMZ Pinhole
Replies: 14
Views: 1004

Re: DMZ Pinhole

Detailed network diagram would help understand.
by anav
Wed Jan 15, 2025 4:38 pm
Forum: General
Topic: Mikrotik and APs VLAN
Replies: 26
Views: 2461

Re: Mikrotik and APs VLAN

MT users are not ordinary people. :-)
by anav
Wed Jan 15, 2025 4:37 pm
Forum: General
Topic: asymmetric routing
Replies: 12
Views: 815

Re: asymmetric routing

I do not understand what you mean by avoiding assymetric routing, that is not a requirement that is anxiety and fear configurating. So . a. identify users/devices, external - internal including admin b. identify traffic they require to accomplish In terms of WAN, public/private IP, dynamic/static IP...
by anav
Wed Jan 15, 2025 4:19 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Okay when I get home but here is the simple explanation. No BTH on hapax3. Go to IPHONE ensure I am on trusted WLAN that can access router. Open BTH, create new VPN I have to login to do so, and successful login completed and I add name of the tunnel. I close the APP for now. I go to the router and ...
by anav
Tue Jan 14, 2025 4:50 am
Forum: Forwarding Protocols
Topic: Port/Filter rules help. No packets making it back to the Internet clents. MTU issue?
Replies: 4
Views: 956

Re: Port/Filter rules help. No packets making it back to the Internet clents. MTU issue?

Only implement what you understand, feel free to ask questions.........
by anav
Tue Jan 14, 2025 4:49 am
Forum: Forwarding Protocols
Topic: How to connect WAN directly to some port, bypassing NAT
Replies: 13
Views: 2207

Re: How to connect WAN directly to some port, bypassing NAT

A diagram would be helpful but basically, a big I THINK............ a. the mikrotik has a public IP and internet b. an openwrt router gets a private IP on its WAN side from a LAN on the MT. (ETHER1 on OPENWRT, ETHER2 on MT) c. the openwrt connects to a third party provider VPN (could be multiple sit...
by anav
Tue Jan 14, 2025 4:39 am
Forum: General
Topic: Any downside of using new-mss=clamp-to-ptmu globally (without qualifier)?
Replies: 3
Views: 691

Re: Any downside of using new-mss=clamp-to-ptmu globally (without qualifier)?

My recommendation is that the WG connections at both ends have the same MTU. Then the client peer device (if a router) aka NOT the server peer for handshake, should set the rule you stated. There are two variations to try.. ..... add action=change-mss chain=forward comment="Clamp MSS to PMTU fo...
by anav
Tue Jan 14, 2025 4:30 am
Forum: General
Topic: RDP HELP!
Replies: 31
Views: 4268

Re: RDP HELP!

I know nothing about multiple WANIPs coming in a single port, but think using srcnat to direct where the servers are sending traffic to is the wrong approach?? Or did I just misunderstand the intent of sourcenat for this niche case??? As i want to also want to have traffic that's leaving that server...
by anav
Tue Jan 14, 2025 12:06 am
Forum: Forwarding Protocols
Topic: Port/Filter rules help. No packets making it back to the Internet clents. MTU issue?
Replies: 4
Views: 956

Re: Port/Filter rules help. No packets making it back to the Internet clents. MTU issue?

Looks good so far.............. 1. ADDITION /interface list add name=TRUSTED /interface list member add interface=LAN list=TRUSTED add interface=wireguard list=TRUSTED 2. firewall rules: Think about these three rules, the first two are rendered useless by the last rule. add action=accept chain=input...
by anav
Mon Jan 13, 2025 11:42 pm
Forum: Beginner Basics
Topic: 2x MikroTik U009 and WG VPN
Replies: 1
Views: 428

Re: 2x MikroTik U009 and WG VPN

I am confused. It would appear tthat the two L009 devices are physically connected already?? There is no requirement I can see for them to see each other over wireguard??? Your explanation is weak. Of course you have a public IP, there is no way to reach VPS without one!!! THe public IP may only be ...
by anav
Mon Jan 13, 2025 11:33 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 922

Re: Automation Gateway With Mikrotik [SOLVED]

Now --> purchase CHR license and rent cloud server ( using wireguard and will allow multiple connections from field devices and you ) Cost of CHR license one time, recurring $7 per month Now --> purchase ARM hex refresh and start accessing devices remotely using the built-in BTH wireguard VPN. $69 o...
by anav
Mon Jan 13, 2025 11:27 pm
Forum: General
Topic: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.
Replies: 17
Views: 951

Re: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.

No worries,,,,,,,,,, THe only thing I do not understand is the weird networking schema. /ip address add address=192.168.47. 194/27 interface=vlan475 network=192.168.47. 192 comment="trusted vlan" I cannot netmask myself out of a paper bag and if it doesnt look like this, i get easily conf...
by anav
Mon Jan 13, 2025 11:22 pm
Forum: General
Topic: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.
Replies: 17
Views: 951

Re: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.

The setup I gave you is gold and will work 100%,
Just work from an OffBridgePort to complete the configuration.
by anav
Mon Jan 13, 2025 11:20 pm
Forum: General
Topic: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.
Replies: 17
Views: 951

Re: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.

I just helped a chap setup his 326 and it works like butta.
Chechito needs stop eating some many chitos LOL, they are preventing synapses from firing.
by anav
Mon Jan 13, 2025 11:19 pm
Forum: General
Topic: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.
Replies: 17
Views: 951

Re: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.

actually the switch setting is NOT needed, hw offloading happens automagically on the 326 when setting up bridge vlan filtering
by anav
Mon Jan 13, 2025 8:34 pm
Forum: General
Topic: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.
Replies: 17
Views: 951

Re: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.

maybe in your switch the config end up doing L3 forwarding, if you need that you must configure L3 Hardware Offloading

L3 Hardware Offloading
https://help.mikrotik.com/docs/spaces/R ... Offloading
for a 300 series switch??? What L3............... its all layer 2
by anav
Mon Jan 13, 2025 8:31 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 922

Re: Automation Gateway With Mikrotik [SOLVED]

The reason I recommend the CHR approach, or BTH VPN for that matter is for privacy. Zerotier is still traffic going through their servers and some companies may be leery of someone tapping into their networks without complete assurances of privacy Disagree with AMMO, CHR is easy peasy and works well...
by anav
Mon Jan 13, 2025 8:23 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 922

Re: Automation Gateway With Mikrotik [SOLVED]

You will not be able to use wireguard since you dont have a public IP. BTH wireguard a viable solution normally, but wont work either because you need an ARM or tile device. Your best bet and would support ALL the devices you need to monitor is to one time buy a CHR license and then put that on a re...
by anav
Mon Jan 13, 2025 8:16 pm
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1657

Re: Mgmt vlan not available (Crs 328 24p 4s)

Sorry not much more I can do until you make changes .......
If you need live assistance contact me on discord
by anav
Mon Jan 13, 2025 8:05 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

I have a very basic almost nothing firewall on the HapAx3 so shouldnt be an issue, no drop rules etc..
I will entertain a reboot, but not a reset, dont want to monkey with other config settings .................
by anav
Mon Jan 13, 2025 8:03 pm
Forum: General
Topic: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.
Replies: 17
Views: 951

Re: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.

-Why do you not show spf-sfpplus4 connection on diagram??? -Added ingress filtering to /interface bridge port settings -you have the wrong vlan tagged with the bridge, if 475 is your trusted vlan, then only it needs to have bridge tagged in /interface bridge vlan -not absolutely necessary but add sf...
by anav
Mon Jan 13, 2025 7:44 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

@NORMIS, what is the trick of connecting to the router itself to create shares?? I can connect via VPN but after hitting manage shares, the login I provide (triple checked) and same one used to create the tunnel in the first place on the phone) is REJECTED ????????
by anav
Mon Jan 13, 2025 7:42 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

I am trying to follow the MT documents. The method that MT recommends is using the smartphone to generate other remote user accounts and to then pass them the link/url/qrcode via the phone. Trying to do it manually via creating the tunnel on the MT by enabling etc...... defeats the purpose of my tes...
by anav
Mon Jan 13, 2025 7:29 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

I just deleted and recreated from scratch the tunnel via my iphone. Dynamically created a. the iphone as peer .3 and with ALLOW to LAN yes. b. dynamic sourcnat rule for the tunnel c. dynamic input chain rule for the handshake. d. NO forward chain rule e. NO firewall address list f. dynamic ip addres...
by anav
Mon Jan 13, 2025 6:57 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Okay got it. On the person I was assisting the dynamic block rule exists, but we couldnt get rid of it, (not able to delete rule) very weird. I didnt look at the firewall list itself, ran out of time, but I imagine invoking allow LAN or not allow LAN should modify that list ( add or remove peers). I...
by anav
Mon Jan 13, 2025 5:38 pm
Forum: Beginner Basics
Topic: From Quick Setup Bridge Mode to simple Firewall Rule
Replies: 26
Views: 4173

Re: From Quick Setup Bridge Mode to simple Firewall Rule

The better approach is to allow the MAIN router do its thing a. provide dhcp to all vlans b. provide firewall rules determining which vlans/devices get access to internet and other users/devices c. use the MT device as a switch - gets its IP address from the management vlan - simply passes through t...
by anav
Mon Jan 13, 2025 5:32 pm
Forum: General
Topic: WireGuard AzireVPN - misbehavior
Replies: 41
Views: 4674

Re: WireGuard AzireVPN - misbehavior

If you have the right router arm/tile etc you can use BTHVPN to connect to your network remotely from your smartphone or laptop etc... Looking at your diagram you should replace both switches with manageable switches, and then you can apply vlans throughout your network and isolate all the users/dev...
by anav
Mon Jan 13, 2025 5:30 pm
Forum: Beginner Basics
Topic: Looking for VPN provider suggestion - with PortFWD
Replies: 8
Views: 1065

Re: Looking for VPN provider suggestion - with PortFWD

Someone else will have to answer your zerotier questions as I have little experience.

Looking at your diagram from the other thread, it would appear you are stuck with switches that dont provide guaranteed vlan performance.
Suggest a pair of hex refreshes are decent cheap managed switches............
by anav
Mon Jan 13, 2025 5:16 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

1. Do I need to keep the IPV6 addresses, even though I am strictly using IPV4, in other words does MT relay server require that for all devices?? 2. The dynamic firewall rules are flaky. If I, after creating the user, change the LAN allow in IP Cloud settings to NO, it is too late. No firewall rule ...
by anav
Mon Jan 13, 2025 4:14 pm
Forum: Beginner Basics
Topic: Direct connection from LAN to router on the WAN side
Replies: 3
Views: 516

Re: Direct connection from LAN to router on the WAN side

Just to confirm, can you add vlans to the ISP home router? Brand and model of router??
by anav
Mon Jan 13, 2025 4:10 pm
Forum: Beginner Basics
Topic: Separate LANS using Wireless Wire Cube, Non VLAN Router
Replies: 7
Views: 617

Re: Separate LANS using Wireless Wire Cube, Non VLAN Router

Proper gaming sites will work just fine such as Steam. If you were running your own gaming site, then yes it would be problematic, but doing so is foolish as it just invites hacking and eventually getting shut down by your ISP. There is a reason why such gaming sites are mainstream and large entitit...
by anav
Mon Jan 13, 2025 4:07 pm
Forum: Beginner Basics
Topic: Looking for VPN provider suggestion - with PortFWD
Replies: 8
Views: 1065

Re: Looking for VPN provider suggestion - with PortFWD

I would look at a. zerotier as its available in RoS for any networking things you want to do........... ( basically puts all joined entities into a layer2 construct together ) b. BTH VPN this would be used for you to remotely configure the router from any device externally ( smartphone, laptop etc.....
by anav
Mon Jan 13, 2025 4:01 pm
Forum: Beginner Basics
Topic: From Quick Setup Bridge Mode to simple Firewall Rule
Replies: 26
Views: 4173

Re: From Quick Setup Bridge Mode to simple Firewall Rule

The config is what I call in-between. Not properly setup as a router ( missing address for WAN address OR setting for dhcp client, OR pppoe setting ( one of the three required ). No routing either for router setup. No dhcp server for any LAN traffic either. Not properly setup as a switch There is no...
by anav
Mon Jan 13, 2025 3:53 pm
Forum: General
Topic: Mikrotik and APs VLAN
Replies: 26
Views: 2461

Re: Mikrotik and APs VLAN

Which is your management vlan. I see you have data vlans 401,402 and 403 on the unifi and then vlan1. Since unifi expects the management vlan untagged, simply do the following. Lets assume on the MIKROK TIK you have a management vlan99. We simply untag this vlan to the unifi on a hybrid port with vl...
by anav
Mon Jan 13, 2025 5:29 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

The dynamic firewall rules are annoying, They cannot be moved. Also the block list forward chain rule should only show if the ALLOW LAN has not been selected.
Still working my way through this functionality..........
by anav
Mon Jan 13, 2025 4:56 am
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1657

Re: Mgmt vlan not available (Crs 328 24p 4s)

I am still on winbox3, winbox4 is not ready enough for me to use. 1. Only one interface list name is used (TRUSTED) remove /interface list add name=WAN add name=LAN Similarly the interface list members should be modified too ( why are you not implementing changes? ) /interface list member add commen...
by anav
Mon Jan 13, 2025 4:30 am
Forum: Beginner Basics
Topic: Looking for VPN provider suggestion - with PortFWD
Replies: 8
Views: 1065

Re: Looking for VPN provider suggestion - with PortFWD

Purpose: If its to use internet from a different location there are many that offer wireguard. Purpose: If its for external users to reach your router by using public IP address of a router in a different location, not aware of any............ ( did you consider zerotier ??) (you could rent your own...
by anav
Mon Jan 13, 2025 4:25 am
Forum: General
Topic: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.
Replies: 17
Views: 951

Re: Problem with (supposedly) simple VLAN setup and CRS326-24S+2Q+. Tagging and CPU usage.

No network diagram?
Which vlan is the management or trusted vlan
by anav
Sun Jan 12, 2025 5:49 pm
Forum: General
Topic: Mikrotik DDNS not working
Replies: 5
Views: 519

Re: Mikrotik DDNS not working

Well I had no issues starting up IP cloud on my hapax3 and then creating a BTH tunnel so the service seems to be working.
by anav
Sun Jan 12, 2025 3:57 pm
Forum: Beginner Basics
Topic: Direct connection from LAN to router on the WAN side
Replies: 3
Views: 516

Re: Direct connection from LAN to router on the WAN side

Draw a network diagram, its difficult to understand what you wish to achieve. Based on the linked diagram, it would appear you have a mikrotik behind an ISP router. The Mikrotik gets a private IP as its WAN port is connected to one of the LANs of the ISP router. In other words you want the MT acting...
by anav
Sun Jan 12, 2025 3:56 pm
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1657

Re: Mgmt vlan not available (Crs 328 24p 4s)

How to add them?? In winbox on the LHMenu select Interfaces Then in the popup menu select Interface list This is the location to add interfaces to existing interface lists with the PLUS + symbol. Before one can do that one has to add the lists. On the same line as the plus on the far right select th...
by anav
Sat Jan 11, 2025 10:22 pm
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 1576

Re: Printer on different VLAN

What makes sense is specific to your location. How is the printer connected to the router, via ethernet jack at specific location, are there managed switches in between etc etc...... Clearly if all users are in vlan10, why put it on its own vlan. If untrusted users are allowed to use the printer, no...
by anav
Sat Jan 11, 2025 9:42 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 37748

Re: wAP ax?

Washingstate, Maine, Oregon etc. are more than welcome to Join Canada.
Was going to included California, but its dealing with real issues.

I am likely to replace my TPLink products with this.
https://www.tp-link.com/us/business-net ... da-eap770/
by anav
Sat Jan 11, 2025 9:34 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 942

Re: Is there a simple way to hang a virtual "Out of order" sign?

All employees have a cell phone......
Send mass text message - internet out restoration time est XX:XX Hrs.
by anav
Sat Jan 11, 2025 8:45 pm
Forum: Beginner Basics
Topic: Separate LANS using Wireless Wire Cube, Non VLAN Router
Replies: 7
Views: 617

Re: Separate LANS using Wireless Wire Cube, Non VLAN Router

You can put another router like hex refresh between ISP router and first 60HZ device.
by anav
Sat Jan 11, 2025 6:49 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 462
Views: 412881

Re: NEW FEATURE: Back to Home VPN

Fresh Questions: Observation: One only needs the APP to create the first user ( the smartphone itself ). It automatically turns on BTH VPN, and creates the first two entries! I had thought one needed to manually turn on BTH VPN in ip cloud first. 1. When creating the the tunnel from the phone it wou...
by anav
Sat Jan 11, 2025 4:29 pm
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1657

Re: Mgmt vlan not available (Crs 328 24p 4s)

the idea is that 192.168.77.1/30 means only two usable IP addresses 192.168.77.1 and 192.167.77.2 hence plug in your laptop to ether24 and ensure 192.168.77.2 is set manually on the laptops IPV4 settings. This creates a safe spot to do vlan configs on any mikrotik device. You can disable the port af...
by anav
Sat Jan 11, 2025 1:01 am
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1657

Re: Mgmt vlan not available (Crs 328 24p 4s)

Only management vlan has bridge tagged in /interface bridge vlan. .... model = CRS328-24P-4S+ # serial number = /interface bridge add ingress-filtering=no name=Bridge vlan-filtering=yes /interface ethernet set [ find default-name=ether24 ] name=OffBridge24 /interface vlan add comment="\"MG...
by anav
Fri Jan 10, 2025 10:41 pm
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 1040

Re: Wireguard config help

# model = RB952Ui-5ac2nD # serial number = /interface bridge add name=bridge1 /interface list add name=WAN add name=LAN /interface list member add interface=ether1 list=WAN add interface=wg1 list=WAN add interface=bridge1 list=LAN /ip pool add name=bridge-pool ranges=192.168.88.2-192.168.88.254 /ip ...
by anav
Fri Jan 10, 2025 10:27 pm
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1657

Re: Mgmt vlan not available (Crs 328 24p 4s)

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Fri Jan 10, 2025 10:18 pm
Forum: General
Topic: Failover
Replies: 3
Views: 469

Re: Failover

If WAN1 is primary,,,,, /routing table add fib name=via-WAN2 /ip firewall mangle add chain=input action=mark-connection connection-mark=no-mark in-interface=WAN2 \ new-connection-mark=incoming-wan2 passthrough=yes add chain=output action=mark-routing connection-mark=incoming-wan2 \ new-routing-mark=...
by anav
Fri Jan 10, 2025 9:56 pm
Forum: General
Topic: Issue migrating from RB750Gr3 to rb5009ug_s_in, LAN can't access internet
Replies: 3
Views: 570

Re: Issue migrating from RB750Gr3 to rb5009ug_s_in, LAN can't access internet

You cannot successfully take one configuration from one model and import it into another. The best case is copying bits of the config at a time from the /export file and pasting into the new router. Your subnet is all over the map 192.168.88 or 192.168.3 or 192.168.2 LOL Enable your fricken firewall...
by anav
Fri Jan 10, 2025 9:54 pm
Forum: General
Topic: Wireguard peer sets a default ListeningPort=51820
Replies: 6
Views: 1115

Re: Wireguard peer sets a default ListeningPort=51820

Can you post a link to wireguard peer generator. I was unaware that MT had such a tool??
OR
Are you talking about BTH WG vpn??
by anav
Fri Jan 10, 2025 5:51 pm
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1657

Re: Mgmt vlan not available (Crs 328 24p 4s)

Without seeing any config, no facts, no evidence, impossible to advise further.
by anav
Fri Jan 10, 2025 5:48 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 2466

Re: Simple Bridge with Firewall rules for Ether1 (internet))

add a firewall address list
add src-address-list=Name of firewall list above to the dsntnat rul
by anav
Fri Jan 10, 2025 5:08 pm
Forum: General
Topic: Failover
Replies: 3
Views: 469

Re: Failover

In the case of Primary WAN1 and Secondary or Backup WAN2: In this case all traffic exits the router via WAN1 and one thinks primarily of LAN traffic. However, any external originated traffic arriving at the router will go in the appropriate WAN ( by IP address or dyndns url) but will exit WAN1. To e...
by anav
Fri Jan 10, 2025 3:05 am
Forum: General
Topic: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]
Replies: 10
Views: 1846

Re: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]

I dont understand the need for step 6. Router B in both BTH and normal wireguard is the client for handshake never the server ????
by anav
Fri Jan 10, 2025 3:04 am
Forum: General
Topic: SMB access while on WireGuard
Replies: 3
Views: 660

Re: SMB access while on WireGuard

Okay, repost config if any issues, bound to be few as changes often take few iterations, ops normal.
by anav
Fri Jan 10, 2025 3:01 am
Forum: General
Topic: Routing issue
Replies: 3
Views: 640

Re: Routing issue

Config of both required if not resolved ( model of switch )

/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)
by anav
Fri Jan 10, 2025 12:40 am
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1657

Re: Mgmt vlan not available (Crs 328 24p 4s)

Find the appropriate switch example: viewtopic.php?t=143620
Decent video: https://www.youtube.com/watch?v=YLtGQAQ8iS0
by anav
Fri Jan 10, 2025 12:04 am
Forum: General
Topic: Mikrotik and APs VLAN
Replies: 26
Views: 2461

Re: Mikrotik and APs VLAN

Why vlan1 on the unifi? Unifi typically accepts whatever traffic is coming to it untagged as the trusted or management vlan and the tagged vlans as data vlans. Therefore on the MT suggest you use three vlans and forget about using vlan1 for anything ( it works in the background ) vlan10 - home ( wir...
by anav
Thu Jan 09, 2025 11:15 pm
Forum: General
Topic: Quick Set Bug v7.16.2
Replies: 3
Views: 699

Re: Quick Set Bug v7.16.2

IMHO quickset should be removed until its actually stable, intuitive and useful.
by anav
Thu Jan 09, 2025 11:13 pm
Forum: General
Topic: Mikrotik and APs VLAN
Replies: 26
Views: 2461

Re: Mikrotik and APs VLAN

Brand/Model of Access point?
Config of MT router ( and ap if mt)
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Thu Jan 09, 2025 11:10 pm
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 1040

Re: Wireguard config help

I suspect you may need the MT to act as a router vice switch/bridge?
by anav
Thu Jan 09, 2025 11:08 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2223

Re: NORMUNDS FOR PRIME MINISTER

Attempt5: " Damn, I forgot the keys in the car! "
Attempt6: " I wonder if these glasses make me look smarter? "
by anav
Thu Jan 09, 2025 11:04 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 12
Views: 2217

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

Concur with jaclaz, its a waste of time for us to chase what ifs. Post your latest config that is not working, then we will provide suggestions. If that doesnt work, post that config with the latest config and we will work from that. We can best work from accurate facts presented....... and after re...
by anav
Thu Jan 09, 2025 10:57 pm
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 1576

Re: Printer on different VLAN

Hi Whussup..... I review the config from top to bottom and thus its what I noticed first off. Concur it doesnt effect any of the wifi settings. However since you do have those port in /interface bridge ports, it still appears to the reader/reviewer to be in error for them to be disabled! I know for ...
by anav
Thu Jan 09, 2025 1:33 pm
Forum: General
Topic: Quick Set Bug v7.16.2
Replies: 3
Views: 699

Re: Quick Set Bug v7.16.2

Rule of Thumb: Use quickset at your own peril.
by anav
Thu Jan 09, 2025 1:31 pm
Forum: General
Topic: Will MikroTik firewall appliances...
Replies: 4
Views: 880

Re: Will MikroTik firewall appliances...

Yeah nervous that some giant Chinese company will buy MT out and start adding all those nifty features you desire, and of course a hidden back door to the red army.
by anav
Thu Jan 09, 2025 1:25 pm
Forum: Beginner Basics
Topic: Remote Access VPN
Replies: 4
Views: 905

Re: Remote Access VPN

Mikrotik does not block any outgoing LAN to WAN traffic by default, so why are you assuming the MT is the problem? Further how is one supposed to provide any advice on your configuration if its not provided. /export file=anynameyouwish (minus router serial number, any public WANIP information, passw...
by anav
Thu Jan 09, 2025 1:22 pm
Forum: Beginner Basics
Topic: Hotspot on Bridge VLAN
Replies: 12
Views: 1515

Re: Hotspot on Bridge VLAN

I am confident you will find the problem then. GLuck.
by anav
Thu Jan 09, 2025 2:32 am
Forum: General
Topic: SMB access while on WireGuard
Replies: 3
Views: 660

Re: SMB access while on WireGuard

1. Wouldnt call my Bridge "LAN" as LAN is already used on the router for standard nomenclature. Personal choice but at least make it bridge-LAN etc. 2. Why do you have two IP pools but only one subnet ( aka the one you attach to the bridge-LAN )? 3. Highly recommend you set this to NONE< a...
by anav
Thu Jan 09, 2025 1:56 am
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 1576

Re: Printer on different VLAN

/interface ethernet set [ find default-name=ether1 ] name=ether1-WAN set [ find default-name=ether2 ] disabled= yes name=ether2-LAN set [ find default-name=ether3 ] disabled= yes name=ether3-LAN set [ find default-name=ether4 ] disabled= yes name=ether4-LAN set [ find default-name=ether5 ] disabled...
by anav
Wed Jan 08, 2025 11:11 pm
Forum: Beginner Basics
Topic: Hotspot on Bridge VLAN
Replies: 12
Views: 1515

Re: Hotspot on Bridge VLAN

Where is the full config, firewall rules etc............ Your diagram is confusing is this all on one device the router, or do you show it being attached to a switch (you state uplink and bonding but to what etc...) If connecting to a switch is it an MT switch? Normally one uses a single trunk port ...
by anav
Wed Jan 08, 2025 11:09 pm
Forum: Beginner Basics
Topic: How to set up VLAN to pass traffic through a managed switch?
Replies: 12
Views: 1595

Re: How to set up VLAN to pass traffic through a managed switch?

I was referring ONLY to the display vlan1, where you only change the port from U to Nothing (no affiliation) for any ports that are untagged (access ports for other vlans). In addition you would need to change the pvid of that port from1 to the untagged port vlan id. For review post pages for each v...
by anav
Wed Jan 08, 2025 10:59 pm
Forum: General
Topic: Automatically updating DST NAT when IP changes
Replies: 8
Views: 901

Re: Automatically updating DST NAT when IP changes

Yes. /ip firewall address-list add address=DYNDNSURL (like mynetname.net) list= MyWAN /ip firewall nat add chain=dstnat action=dst-nat dst-address-list=MyWAN \ dst-port=xxxxx protocol=abc to-address=ServerIP Check for yourself, in the IP firewall address list. you will see it automatically creates a...
by anav
Wed Jan 08, 2025 9:13 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2223

Re: NORMUNDS FOR PRIME MINISTER

MKX you need to watch the psychedelic videos from Viktors!!
by anav
Wed Jan 08, 2025 9:10 pm
Forum: General
Topic: Curious ssh errors
Replies: 2
Views: 1239

Re: Curious ssh errors

What ranges are you getting and speeds, and how does it hold up with heavy rain or snow??
Is the 5ghz backup good, what range??
by anav
Wed Jan 08, 2025 9:07 pm
Forum: Beginner Basics
Topic: Long Distance Wifi
Replies: 2
Views: 590

Re: Long Distance Wifi

Do not have or endorse this product but looking at the product page it may be the quick and easy solution. https://mikrotik.com/product/wireless_wire_cube_pro Powering it at the far side will be the challenge but you seem to have some ideas. What I dont like is that within the same website they prov...
by anav
Wed Jan 08, 2025 8:30 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 37748

Re: wAP ax?

But I had 0 problems with new wAP ax so far. They are rock solid :D
Just to be clear, you are not using them as paperweights?
by anav
Wed Jan 08, 2025 7:31 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2223

Re: NORMUNDS FOR PRIME MINISTER

I am more curious as to what Normands is thinking.....

Attempt1: I forgot my schnapps in the car.........
Attempt2: I always have my hand in my pocket to protect my manhood.....
Attempt3: Where is the bathroom?
Attempt4: Why did I volunteer to attend this event for Viktors......
by anav
Wed Jan 08, 2025 7:28 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2223

Re: NORMUNDS FOR PRIME MINISTER

Why would you want to hinder progress on cloudflare ????
by anav
Wed Jan 08, 2025 6:04 pm
Forum: General
Topic: Wireguard peer sets a default ListeningPort=51820
Replies: 6
Views: 1115

Re: Wireguard peer sets a default ListeningPort=51820

Ahh that makes sense! Understand good plan still to netinstall fresh firmware 7.16.2 prior to do anything else. Then install a basic firewall setup. Then connect to the internet. On the router, in the wireguard setting, establish a listening port ( this is an accurate word in the case of the device ...
by anav
Wed Jan 08, 2025 5:57 pm
Forum: General
Topic: VLAN Trunk port config
Replies: 11
Views: 1821

Re: VLAN Trunk port config

The only times that one needs to use a hybrid port is if the offending attached device a. accepts ONLY the untagged data for the main connection and a tagged connection for other connections. ( an internet phone where the untagged data is for the phone and the tagged data is for a connected PC ) b. ...
by anav
Wed Jan 08, 2025 5:50 pm
Forum: General
Topic: The Road Warrior 4G/Wifi Companion
Replies: 2
Views: 680

Re: The Road Warrior 4G/Wifi Companion

To be picky its the hap ax lite LTE6

What do you have at home? MT router? Public IP, or ISP router that can forward port to MT router??
by anav
Wed Jan 08, 2025 5:48 pm
Forum: General
Topic: RoS 7.16 RC4 mDNS
Replies: 37
Views: 10566

Re: RoS 7.16 RC4 mDNS

Wireguard does not support multicast, and mDNS needs multicast... so not possible. The mDNS support in 7.16 is just an "mDNS repeater", so the resulting "repeated" multicast can not be forwarded over WG. And why I've long argued that /ip/dns should act as mDNS/DNS-SD "Disco...
by anav
Wed Jan 08, 2025 5:39 pm
Forum: Beginner Basics
Topic: Hotspot on Bridge VLAN
Replies: 12
Views: 1515

Re: Hotspot on Bridge VLAN

One bridge,
identify all the data vlans required and one management vlan ( unless you intend to use one of the data vlans as a trusted vlan)

viewtopic.php?t=143620
by anav
Wed Jan 08, 2025 5:36 pm
Forum: Beginner Basics
Topic: Remote Access VPN
Replies: 4
Views: 905

Re: Remote Access VPN

Corporate IT should be able to assist.
by anav
Wed Jan 08, 2025 5:30 pm
Forum: Beginner Basics
Topic: How to set up VLAN to pass traffic through a managed switch?
Replies: 12
Views: 1595

Re: How to set up VLAN to pass traffic through a managed switch?

To setup vlan filtering on both RB4011 and CAP products use this guide: --> https://forum.mikrotik.com/viewtopic.php?t=143620 Recommend for each MT device you do the config from a safe location, namely an off bridge port. So in case of Caps, use ether2 off bridge, on RB4011 use ether8 and remove fro...
by anav
Mon Jan 06, 2025 9:12 pm
Forum: Beginner Basics
Topic: Issues using VLAN SSIDs on Access Point on a MikroTik device acting as a managed switch
Replies: 15
Views: 2737

Re: Issues using VLAN SSIDs on Access Point on a MikroTik device acting as a managed switch

Read the reference again and watch the video again.......
viewtopic.php?t=143620
https://www.youtube.com/watch?v=YLtGQAQ8iS0

Devices (switches APs) should only get IP addresses from the trusted vlan ( for their own IP )
by anav
Mon Jan 06, 2025 9:10 pm
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

Maybe there are two admins??? So you have an unknown VPN on your router??
I would disconnect from the internet and netinstall the latest firmware to be on the safe side.
by anav
Mon Jan 06, 2025 9:07 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1212

Re: Problem with ping using interfaces

In plain english, the recursive checks if you can actually reach the WWW.
We have to go through the closest hop as that is what we know. what in between is immaterial.
The key is can the route reach the www, if not switch to WAN2 etc....
by anav
Mon Jan 06, 2025 5:03 pm
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

Seems okay on a quick look. what is not currently working???
by anav
Mon Jan 06, 2025 4:58 pm
Forum: General
Topic: How can Mikrotik/RouterOS send emails using Gmail?
Replies: 15
Views: 8779

Re: How can Mikrotik/RouterOS send emails using Gmail?

Well if you ever need me to ping your router and let you know its not available let me know LOL
Just make sure to give me a non-MT dyndns URL LOL, seems like the MT ecosystem is vulnerable to shenanigans.
by anav
Mon Jan 06, 2025 4:32 pm
Forum: General
Topic: Feature Request: Wireguard over VRF
Replies: 12
Views: 4521

Re: Feature Request: Wireguard over VRF

Tongue in cheek Chaos, of course you guys (real IT and not homeowners) are stuck with dealing with such stupid setups such as below: A use-case for such functionality would be for example when having two uplinks (eg DSL modem/routers) with conflicting IPs, that you cannot control/change their subnet...
by anav
Mon Jan 06, 2025 4:28 pm
Forum: General
Topic: Wireguard - access from VRF [SOLVED]
Replies: 13
Views: 5668

Re: Wireguard - access from VRF [SOLVED]

Was just poking you in the eye LOL.
by anav
Mon Jan 06, 2025 4:25 pm
Forum: General
Topic: Wireguard confusion (still)
Replies: 8
Views: 1089

Re: Wireguard confusion (still)

Hi Mozerd, I believe that is what the OP has done in fact. Each pair of routers A,B A,C A,D A,E and A,F have their own wireguard connection but are able to initiate a connection in both directions so each has endpoint address, endpoint port and keep alive set. I would assume each of the interfaces h...
by anav
Mon Jan 06, 2025 4:14 pm
Forum: General
Topic: Wireguard peer sets a default ListeningPort=51820
Replies: 6
Views: 1115

Re: Wireguard peer sets a default ListeningPort=51820

Well the default setup out of the box is secure so, its not a matter of not locking it down you undid something that caused the router then become open. I hope you used netinstall to put 7.16.2 on the router, and if not, not interested in assisting until a clean version of firmware is installed in t...
by anav
Mon Jan 06, 2025 4:10 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 1140

Re: Home networking suggestions

I would ditch Bruno and simply use Wireguard on the MT device. Its adding a layer of complication for no reason.
by anav
Mon Jan 06, 2025 4:09 pm
Forum: General
Topic: How can Mikrotik/RouterOS send emails using Gmail?
Replies: 15
Views: 8779

Re: How can Mikrotik/RouterOS send emails using Gmail?

Okay AMMO how does your router send you an email when your WAN goes down ;-PP
by anav
Mon Jan 06, 2025 4:06 pm
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

masquerade rule already exists above with out-interface-list=WAN. You do not need another masquerade rule is the point, unless you have a specific VPN outgoing that needs to be masqueraded. ONLY the to-port can be removed if same as dst-port. ( the dst-port is mandatory LOL, the router reads the dst...
by anav
Mon Jan 06, 2025 3:59 pm
Forum: General
Topic: Wireguard confusion (still)
Replies: 8
Views: 1089

Re: Wireguard confusion (still)

BTW: No one is more astounded, perplexed, and disoriented by the persistence of NYC's desireability than me (lifelong, multi-generational NYC'er). That's my soap-box response to your coffee comment. That is to say, coffee (and everything) is much better elsewhere. Nonetheless, anytime you're in the...
by anav
Mon Jan 06, 2025 3:12 am
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1212

Re: Problem with ping using interfaces

What type of ISP connection is the primary......... Recursive allows one to verify www connectivity General format: /ip route add checkgateway=ping distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-table=main scope=10 target-scope=12 add checkgateway=ping distance=2 dst-address=0.0.0.0/0 gate...
by anav
Mon Jan 06, 2025 2:38 am
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

Hosting your own mail server is a very bad idea......I suspect that may the cause of people getting shut down by their ISPs abuse on port 25. Port 25 is often used to spam email and ISPs shut it down. Work arounds, dont attempt to be everything. Have your mail server set to something else..............
by anav
Mon Jan 06, 2025 2:34 am
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

So brand up wifi AP up top ( is it smart or dumb, brand/model )
Switch to far right ( managed??? brand/model )
wifi bridge device bottom (brand/model)
wifi APs very bottome smart or dumb (brand/model)
by anav
Mon Jan 06, 2025 2:31 am
Forum: Beginner Basics
Topic: Wireguard + Hairpin NAT issue
Replies: 15
Views: 1293

Re: Wireguard + Hairpin NAT issue

Note: Routing rules works well for a small group of IPs........... or entire subnets,
however if the number grows to big, then mangling will be used to replace routing rules.
by anav
Mon Jan 06, 2025 2:27 am
Forum: General
Topic: Wireguard confusion (still)
Replies: 8
Views: 1089

Re: Wireguard confusion (still)

Sure thats very logical. THe problem is how to do that depends on the current setup. If it was connect to router A via wireguard and then over existing tunnels go to any other device or any other LAN on any device is TOO easy. This assumes device A is the server for handshake, and device B,C,D,E,F a...
by anav
Mon Jan 06, 2025 1:06 am
Forum: General
Topic: Wireguard confusion (still)
Replies: 8
Views: 1089

Re: Wireguard confusion (still)

Well it all depends doesnt it. Do you wish to be able to reach all devices by accessing one MT device in particular, or do you want to be able to reach all the configs when connecting to any device. The hub and spoke method you didnt use, makes connecting to all device stupid simple as one connects ...
by anav
Mon Jan 06, 2025 12:44 am
Forum: Beginner Basics
Topic: Wireguard + Hairpin NAT issue
Replies: 15
Views: 1293

Re: Wireguard + Hairpin NAT issue

Thx for the clarification. By the way, could you find a smart way to add rules such add chain=dstnat action=dstnat src-address=192.168.88.5 dst-port=53 protocol=udp to-address=198.18.0.1 add chain=dstnat action=dstnat src-address=192.168.88.5 dst-port=53 protocol=tcp to-address=198.18.0.1 But inste...
by anav
Mon Jan 06, 2025 12:42 am
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

Other routers?? Can you provide a network diagram to see what is in play!
by anav
Sun Jan 05, 2025 11:43 pm
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

post the latest config, so that one can investigate.
by anav
Sun Jan 05, 2025 11:40 pm
Forum: Beginner Basics
Topic: Wireguard + Hairpin NAT issue
Replies: 15
Views: 1293

Re: Wireguard + Hairpin NAT issue

Because its a function of ensuring the path through the 3rdparty provider from the single PC to the Www is working properly MTU wise. Nothing to do with bridge. Also note an improvement on the schema already provided:\ /ip nat add chain=dstnat action=dstnat src-address=192.168.88.5 dst-port=53 proto...
by anav
Sun Jan 05, 2025 11:38 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 1140

Re: Home networking suggestions

Can you forward a port from the ISP router to the mikrotik.
by anav
Sun Jan 05, 2025 11:31 pm
Forum: General
Topic: Multi WAN routing problem with CHR. Help please
Replies: 8
Views: 1019

Re: Multi WAN routing problem with CHR. Help please

Your answer is too vague to be of any use.

Describe the traffic,
USER A,USER B, USERC< from external wants to do what!!
Identify users and describe traffic needed.

- config 750
- config RB5009
- reach servers on LAN of 750
- reach servers on LAN of RB5009
by anav
Sun Jan 05, 2025 11:22 pm
Forum: Beginner Basics
Topic: Wireguard + Hairpin NAT issue
Replies: 15
Views: 1293

Re: Wireguard + Hairpin NAT issue

To prevent leaking is difficult as the rest of the router goes out the normal local WAN. To accomplish no leaking try this.......... Option1: If 3rd party provided a DNS address to use........ /ip nat add chain=dstnat action=dstnat src-address=192.168.88.5 dst-port=53 protocol=udp to-address=198.18....
by anav
Sun Jan 05, 2025 10:51 pm
Forum: Beginner Basics
Topic: Wireguard + Hairpin NAT issue
Replies: 15
Views: 1293

Re: Wireguard + Hairpin NAT issue

Can you confirm what the 3rd party provider gave you for information Apparently besides endpoint address and endpoint port and private key to use ( so same public key is generated for their end etc...) Specifically ip address of 100.96.1.09 was given, DID they provide anything else? I see you have n...
by anav
Sun Jan 05, 2025 10:45 pm
Forum: General
Topic: Multi WAN routing problem with CHR. Help please
Replies: 8
Views: 1019

Re: Multi WAN routing problem with CHR. Help please

What is the purpose of the LAN on the CHR?? Are you using the CHR as WAN2 for the RB750 ??? Are you port forwarding to servers on the RB via the CHR connection ( through the wireguard tunnel between the two devices ) Are you using the wireguard tunnel to remotely connect to both RB750 and RB5009 for...
by anav
Sun Jan 05, 2025 10:26 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1817

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

Concur jac, that learning is important. If the OP takes the time to understand each line of the completed config and what it does, the learning will come. 1. In terms of the config the offbridge settings are in three places ( plus remove from bridge ) a. name the ethernet port ( OffBridge4 ) b. add ...
by anav
Sun Jan 05, 2025 10:10 pm
Forum: Beginner Basics
Topic: Wireguard + Hairpin NAT issue
Replies: 15
Views: 1293

Re: Wireguard + Hairpin NAT issue

As per my recent post above, cat, was working on it this morning and got caught up doing other things... I am avoiding using the prefix thing for several reasons. a. there is a bug when you do modifications after the fact to the prefix rules that do not actually stick on the router ( what is shown i...
by anav
Sun Jan 05, 2025 8:12 pm
Forum: Beginner Basics
Topic: Wireguard + Hairpin NAT issue
Replies: 15
Views: 1293

Re: Wireguard + Hairpin NAT issue

What is the purpose of Wireguard? Is it for your remote devices to access the router and LAN while away or are you connecting to some third party vpn to access internet somewhere else.?? Will assume the latter case!! Fixes: 1. EDIT, nm this is okay 2. These rules make no sense the first rule says --...
by anav
Sun Jan 05, 2025 8:11 pm
Forum: Beginner Basics
Topic: Router on a stick struggles
Replies: 6
Views: 1225

Re: Router on a stick struggles

This is basic vlan filtering........ Read the bible (has examples for both switch and router) --> https://forum.mikrotik.com/viewtopic.php?t=143620 A decent video for switch -- > https://www.youtube.com/watch?v=YLtGQAQ8iS0 I will hold you responsible for reading and applying the above knowledge. :-)...
by anav
Sun Jan 05, 2025 7:58 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 1140

Re: Home networking suggestions

Can you forward ports from ISP modem/router to the mikrotik??
What is at the other end of the VPN connection? You have some unknown local brun device whatever it is handling some sort of VPN behind the MT.
Is it a router, or what? what kind of VPN does it have.
by anav
Sun Jan 05, 2025 7:55 pm
Forum: General
Topic: Can i change Zerotier port number?
Replies: 5
Views: 833

Re: Can i change Zerotier port number?

It would appear the zerotier network assumes default port number which does not appear changeable as that may be set on zerotier servers?? However they also communicate on two other ports, a random high number port based somewhat on zerotier address and also another high random port number if you pe...
by anav
Sun Jan 05, 2025 4:41 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1817

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

1. Establish basic requirements a. one subnet for HOME b. one subnet for HOME wifi c. one subnet for IOT (such devices should be separate from home users ) d. one subnet for guest wifi (obviously should be isolated from rest )' It would appear that you need three vlans ( as home wired and home wifi ...
by anav
Sun Jan 05, 2025 3:58 pm
Forum: Beginner Basics
Topic: Rate my config
Replies: 20
Views: 2093

Re: Rate my config

Hi Cat, Sort of, note that one should be accurate when possible and for example for traffic to the router we dont even use prerouting --> input chain and output chain PCC traffic is coming from the LAN marking connections (forward chain) THe mark routing is YES, prerouting chain Similar to traffic t...
by anav
Sun Jan 05, 2025 3:52 pm
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

Fixed thanks! ALso this: I only want to access those ports from lan, not for internet where I didn't make an entry, for example samba share. You still need the same structure as the rest of the dstnat rules! If you want to limit to LAN only, then add a qualifier. add chain=dstnat action=dst-nat dst-...
by anav
Sun Jan 05, 2025 4:01 am
Forum: Beginner Basics
Topic: Configuring a network with tagged/untagged VLANs separation and rules for interconnection
Replies: 3
Views: 1223

Re: Configuring a network with tagged/untagged VLANs separation and rules for interconnection

post your config if you want it reviewed/improved /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. ) The reference is good follow it for success. One other thing I do for configuring vlans and bridge is to take a port off bridge lets say ether8 /inter...
by anav
Sun Jan 05, 2025 3:59 am
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

Well I took a look at the config and your dstnat rules are all over the place. If you are using a DYNDNS name to describe your WANIP, why not use mynetname from IP cloud. In any case if using a DYNDNS name one does NOT also use in-interface-list=WAN ( one or the other ) a. in much of the dstnat rule...
by anav
Sun Jan 05, 2025 3:40 am
Forum: Beginner Basics
Topic: Rate my config
Replies: 20
Views: 2093

Re: Rate my config

Note the config added in post #10. Look at the entire config first, then go line by line and write down any questions you have for posting. I am not 100% sure of the syntax for the IP static DNS... The idea being that anyone putting www.schoolweb.com in their browser would get directed to the server...
by anav
Sun Jan 05, 2025 2:03 am
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3356

Re: Did the Mikrotik firewall block the open ports?

That is how MT works.
Any port forwarding will show up on scans but will have status as closed. ( NORMAL! )
Any port forwarding with also a source address or source address limitation on the dstnat config will be invisible on scans.
by anav
Sun Jan 05, 2025 2:01 am
Forum: General
Topic: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]
Replies: 10
Views: 1846

Re: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]

Hmmm,,,,,,,, I suppose as long as the config contains the endpoint address and endpoint port for the Cloud relay. Manual in any case.
by anav
Sat Jan 04, 2025 11:53 pm
Forum: General
Topic: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]
Replies: 10
Views: 1846

Re: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]

You cannot. The BTH feature is for individual devices only ( smartphones, ipads, laptops, PCs ) If you have two wireguard devices that you wish to connect together, then, a. change one of the ISPs so that you can get a public IP either on the MT itself or at least on the ISP modem/router where it ca...
by anav
Sat Jan 04, 2025 10:52 pm
Forum: Beginner Basics
Topic: Issues using VLAN SSIDs on Access Point on a MikroTik device acting as a managed switch
Replies: 15
Views: 2737

Re: Issues using VLAN SSIDs on Access Point on a MikroTik device acting as a managed switch

MikroTik is just acting as a switch between router and the AP. No wifi on the MikroTik itself. I tried to follow the configuration in the reference post and it just turns off internet access on all the ports so that's why my configuration is the way it is now. Just that the access point is only abl...
by anav
Sat Jan 04, 2025 10:48 pm
Forum: General
Topic: VLAN Trunk port config
Replies: 11
Views: 1821

Re: VLAN Trunk port config

Remove router serial number and switch serial number from posts made of configs. SWITCH model = CRS328-24P-4S+ # serial number = DNACHSOS4 /interface bridge add admin-mac=08:55:31:20:4A:06 auto-mac=no comment=defconf \ ingress-filtering=yes name=bridge vlan-filtering=yes /interface vlan add interfac...
by anav
Sat Jan 04, 2025 10:25 pm
Forum: General
Topic: VLAN Trunk port config
Replies: 11
Views: 1821

Re: VLAN Trunk port config

ROUTER: model = RB4011iGS+ In summary sort out why the subnets you use in various places dont match the address subnets ???] Not sure why you show ether2 being tagged for both vlans, You never noted what is connected to ether2 ???? I will asssume for now its some other kind of smart device and not a...
by anav
Sat Jan 04, 2025 9:40 pm
Forum: Beginner Basics
Topic: Router on a stick struggles
Replies: 6
Views: 1225

Re: Router on a stick struggles

The switch should tag the traffic coming from comcast on a single vlan and carry it through to the trunk port to the router. The router simply needs to terminate this vlan on the WAN settings be it DHCP server, or pppoe etc.... On the trunk port between them are also a. the management or trusted sub...
by anav
Sat Jan 04, 2025 9:37 pm
Forum: Beginner Basics
Topic: Rate my config
Replies: 20
Views: 2093

Re: Rate my config

What do you mean ether4 is connected to LAN, one port serves the whole school, every cable spliced off a single cable???
Or is LAN a brand name for a managed switch??
by anav
Sat Jan 04, 2025 9:05 pm
Forum: Beginner Basics
Topic: Issues using VLAN SSIDs on Access Point on a MikroTik device acting as a managed switch
Replies: 15
Views: 2737

Re: Issues using VLAN SSIDs on Access Point on a MikroTik device acting as a managed switch

Due to the lack of network diagram and overall clarity. Is the mikrotik device simply between the main router and the AP. ( a switch only, no WIFI) So the mikrotik gets a trunk port on the router with lets say 3 vlans, managment, homewifi guest wifi etc... Or is it doing wifi as well. THere should b...
by anav
Sat Jan 04, 2025 7:07 pm
Forum: Beginner Basics
Topic: Rate my config
Replies: 20
Views: 2093

Re: Rate my config

Really for proper security they can OPT IN, and in a few easy steps compared to all other methods have access to the internal school info while at home or NOT and have to go to school to access. WHat router is it that you will have for real ( model, firmware )............ how many ports? What is eth...
by anav
Sat Jan 04, 2025 7:05 pm
Forum: Beginner Basics
Topic: Rate my config
Replies: 20
Views: 2093

Re: Rate my config

Well from a security perspective http is a very bad idea. In that at some point you have to login...... then you probably have a simple username and password login which in 2025 is not the way to go. So it depends if you have third party authentication etc........... How that is done, is the key. ??...
by anav
Sat Jan 04, 2025 4:06 pm
Forum: Beginner Basics
Topic: Rate my config
Replies: 20
Views: 2093

Re: Rate my config

Some clarification required. f. Is it one office PC that needs to be static or one printer that needs to be static. And the reason give doesnt make sense, 'due to scanning of printer' Do you mean the printer is also a scanner? Do you meant the printer initiates a search?? Do you mean the printer nee...
by anav
Sat Jan 04, 2025 3:37 pm
Forum: Beginner Basics
Topic: Issues using VLAN SSIDs on Access Point on a MikroTik device acting as a managed switch
Replies: 15
Views: 2737

Re: Issues using VLAN SSIDs on Access Point on a MikroTik device acting as a managed switch

As noted, if its a switch why are you configuring it like a router ( no pools required )
The only vlan that needs to be defined is the management or trusted vlan where the mT gets its IP address from.
Find the appropriate example here --> viewtopic.php?t=143620
by anav
Sat Jan 04, 2025 3:35 pm
Forum: General
Topic: VLAN Trunk port config
Replies: 11
Views: 1821

Re: VLAN Trunk port config

Its not a matter of like or dislike, its a matter of meeting requirements.
by anav
Sat Jan 04, 2025 5:06 am
Forum: General
Topic: VLAN Trunk port config
Replies: 11
Views: 1821

Re: VLAN Trunk port config

There is no need to use hybrid ports unless dealing with ubiquiti etc.. Classic error, once you go vlans, DONT mix bridge with DHCP. Whatever subnet you have there just assign it as a vlan and then complete the config. Ingress filtering should be yes on every port and frame types be either vlan tagg...
by anav
Sat Jan 04, 2025 12:09 am
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 2466

Re: Simple Bridge with Firewall rules for Ether1 (internet))

You need to disconnect from the internet and implement at least the default firewall ASAP because now you're an open door to the world. After that we can talk about port forwarding (allowing access to internal service through public IP) That is the intent of CO-PILOT, to CO-OPT every mikrotik new u...
by anav
Sat Jan 04, 2025 12:06 am
Forum: Beginner Basics
Topic: two isp active at the same time
Replies: 2
Views: 848

Re: two isp active at the same time

Very doable we help users all the time achieve success, As noted, please post config for starters. /export file=anynameyouwish ( minus router serial number, any public WANIP information, keys, long assed dchp lease lists etc.) I would not comment further also without knowing the requirements in more...
by anav
Sat Jan 04, 2025 12:03 am
Forum: Beginner Basics
Topic: HAP ax3 Wi:Fi working but no internet via LAN ports
Replies: 5
Views: 1434

Re: HAP ax3 Wi:Fi working but no internet via LAN ports

Three other considerations. Do you want the guest users on 2.4 to see other guest users on 2.4 Do you want the guest users on 5ghz to see other guest users on 5 ghz Do you wan the guest users on 2.4 to see guest users on 5ghz. IF NO. a. on wifi create datapath1 and check client isolation. then on wi...
by anav
Fri Jan 03, 2025 11:31 pm
Forum: Beginner Basics
Topic: HAP ax3 Wi:Fi working but no internet via LAN ports
Replies: 5
Views: 1434

Re: HAP ax3 Wi:Fi working but no internet via LAN ports

Changes to your config. 1. You have guest wifi but no subnet for the guest network so that has been added. 2. Recommend to not use bridge filters to control traffic, use standard ip firewall filter rules (bridge filters are for advanced users for niche cases). 3. So the solution is one of two choice...
by anav
Fri Jan 03, 2025 10:43 pm
Forum: Beginner Basics
Topic: Rate my config
Replies: 20
Views: 2093

Re: Rate my config

I would not comment on a config without knowing the requirements a. identify all the devices/users, groups of users, external and internal users including the admin b. identify the traffic they all require c. be sure to cover any port forwarding or VPN traffic. d. detail WAN setup, how many type ( s...
by anav
Fri Jan 03, 2025 10:34 pm
Forum: General
Topic: Trunking a vlan
Replies: 16
Views: 1355

Re: Trunking a vlan

You can also ask Admiral for support they are supposed to be expert at applying their platform on mikrotik appliances.
by anav
Fri Jan 03, 2025 10:31 pm
Forum: General
Topic: Hap ax3
Replies: 3
Views: 873

Re: Hap ax3

No there is a little pull out tab on the ax3 if I recall correctly.
by anav
Fri Jan 03, 2025 10:28 pm
Forum: General
Topic: MT Firewall & DST NAT question [SOLVED]
Replies: 10
Views: 2047

Re: MT Firewall & DST NAT question [SOLVED]

This --> You can even combine the approaches, where rules in raw drop packets whose source address matches an address list, and rules in other tables populate that address list Speaks to creating lists of addresses to block. I prefer knowing the incoming source address but you did give me additional...
by anav
Fri Jan 03, 2025 6:33 pm
Forum: General
Topic: NTP Synchronization Issue with HMI in a Router-Switch Setup
Replies: 6
Views: 1581

Re: NTP Synchronization Issue with HMI in a Router-Switch Setup

I think you are confused...... Either the item is a switch or a router MAKE UP YOUR MIND. If its a switch the only thing the device can do is point to the gateway of the trusted vlan to get NTP itself, the MT device. Getting Time to devices on vlans is the responsibility of the main router. Do you h...
by anav
Fri Jan 03, 2025 6:28 pm
Forum: General
Topic: Trunking a vlan
Replies: 16
Views: 1355

Re: Trunking a vlan

,,,,,,,,,,,,,,
Screenshot 2025-01-03 122746.jpg
by anav
Fri Jan 03, 2025 6:22 pm
Forum: General
Topic: Configuring VLAN tagged/untagged
Replies: 11
Views: 1557

Re: Configuring VLAN tagged/untagged

What do you mean exactly?? ETher1 is simply capturing the internet traffic stuffing the untagged traffic into vlan187 through the hex and bringing it to your router to be terminated as vlan187 traffic. VLAN 18 is your managment subnet and also your main subnet. The hex gets its address from here. Yo...
by anav
Fri Jan 03, 2025 6:14 pm
Forum: General
Topic: Feature Request: Wireguard over VRF
Replies: 12
Views: 4521

Re: Feature Request: Wireguard over VRF

Why, network better -- dont create overlapping subnets............
Wireguard works just fine, if done properly.
(caveat home user, dont support real work)
by anav
Fri Jan 03, 2025 6:13 pm
Forum: General
Topic: Wireguard - access from VRF [SOLVED]
Replies: 13
Views: 5668

Re: Wireguard - access from VRF [SOLVED]

I agree nichky, seems like people just dont know how to use wireguard properly ;-)
Truth be told I havent used VRF but I think thats a BGP issue. Attempting to use BGP and wireguard VPN .........

As to my first statement, dont use overlapping subnets ;-PPP
by anav
Fri Jan 03, 2025 6:04 pm
Forum: General
Topic: Trunking a vlan
Replies: 16
Views: 1355

Re: Trunking a vlan

Draw a diagram of what you wish to achieve! There are so many what ifs in your description, its hard to pick out facts from fiction.
by anav
Fri Jan 03, 2025 3:51 am
Forum: General
Topic: Wireguard VPN on dual WAN [SOLVED]
Replies: 37
Views: 4862

Re: Wireguard VPN on dual WAN [SOLVED]

If you can point out where the mistakes were or where the corrections were made it will help others.
by anav
Thu Jan 02, 2025 11:51 pm
Forum: Beginner Basics
Topic: upgrading from 6.49.17 to 7.12.1
Replies: 4
Views: 1193

Re: upgrading from 6.49.17 to 7.12.1

sure if you do it thru the router, will take you to 7.12 first, if you do it manually go to 7.12 first, then 7.16.2.
by anav
Thu Jan 02, 2025 7:47 pm
Forum: General
Topic: Configuring VLAN tagged/untagged
Replies: 11
Views: 1557

Re: Configuring VLAN tagged/untagged

I only know so much, more to learn.
by anav
Thu Jan 02, 2025 6:32 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 2466

Re: Simple Bridge with Firewall rules for Ether1 (internet))

cat12 are you better than AI>>> COpilot copying does not equal learning!!
by anav
Thu Jan 02, 2025 6:30 pm
Forum: General
Topic: MT Firewall & DST NAT question [SOLVED]
Replies: 10
Views: 2047

Re: MT Firewall & DST NAT question [SOLVED]

We cannot change how RoS works..... As for filtering the forward chain typically should have a rule like. add chain=forward action=accept comment="port forwarding" connection-nat-state=dstnat There is no security settings done typically in dstnat rules. However, if you wish to limit extern...
by anav
Thu Jan 02, 2025 6:13 pm
Forum: General
Topic: Configuring VLAN tagged/untagged
Replies: 11
Views: 1557

Re: Configuring VLAN tagged/untagged

Remove serial number from your posted config!! Ether3 has to be a trunk port carrying all vlans between hex switch and Router. Ether1 and Ether5 are access ports, untagged as required when leaving the port. I dont understand this nomenclature add address=10.87.2.28 /28 interface=MGMT_VLAN network=10...
by anav
Thu Jan 02, 2025 4:36 pm
Forum: General
Topic: Wireguard VPN on dual WAN [SOLVED]
Replies: 37
Views: 4862

Re: Wireguard VPN on dual WAN [SOLVED]

You have yet to respond??? As this made no sense to me I had to assume some NAT on the fortigate and thus the config of the two mikrotiks will link the two fortigates as you requested. Its simply a matter of proper configuration of the two Fortigates to ensure the traffic arriving at the Fortigates ...
by anav
Thu Jan 02, 2025 4:22 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 2466

Re: Simple Bridge with Firewall rules for Ether1 (internet))

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )
by anav
Thu Jan 02, 2025 4:20 pm
Forum: Beginner Basics
Topic: No connection with winbox
Replies: 4
Views: 1323

Re: No connection with winbox

Sure, get the AX3 router and use the hex as a switch, or if just looking for an AP only choose between capax (indoor) and wapax (indoor or outdoor).
If you want wifi7, keep the hex and look at tplink wifi7 products.
by anav
Thu Jan 02, 2025 4:17 pm
Forum: Beginner Basics
Topic: inter connect two subnets
Replies: 2
Views: 1056

Re: inter connect two subnets

Clearly the OP wants some degree of separation between the subnets and a way of accessing the APs from a management perspective.
I am of course leaning towards vlans to do so.

Before going down any path, are these smart or dumb APs.......... ( brand and model )
by anav
Thu Jan 02, 2025 4:12 pm
Forum: Beginner Basics
Topic: upgrading from 6.49.17 to 7.12.1
Replies: 4
Views: 1193

Re: upgrading from 6.49.17 to 7.12.1

Yup there are going to be some hicckups along the way for sure.........
Now time to go to 7.16.2 LOL
by anav
Thu Jan 02, 2025 4:03 pm
Forum: General
Topic: Configuring VLAN tagged/untagged
Replies: 11
Views: 1557

Re: Configuring VLAN tagged/untagged

Before fixing the config, Is the ISP giving you two WANIPs ??? WHY the second router doing pppoe. ( why do you need it, all could be done via hex for example ) Is the hex acting as a switch or router? I am thinking without a proper understanding of the setup and your intent, this could be a chasing ...
by anav
Thu Jan 02, 2025 4:00 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 126
Views: 14442

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

At least they had the decency of NOT calling it "Mikrotik 365" :wink: . Luv it! If I was a betting man, I would say its been orchestrated by Cloudflare, for what purpose I do not know, but I swear I did not bribe them to do so, in order to get MT to capitulate and put zerotrust cloudflare...
by anav
Thu Jan 02, 2025 3:58 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 126
Views: 14442

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

It’s a lucky dip if it’s online when I come on here. Brings a bit of excitement and variation to my day.
Did you buy a boat yet............ I hear all the excitement one needs is the free water Brits are getting.
by anav
Thu Jan 02, 2025 3:55 pm
Forum: General
Topic: NAT challenge
Replies: 6
Views: 1085

Re: NAT challenge

Actually mostly asking cause it pains me to see Sindy guessing. ;-) @sjoram has been around for a while, so I figure he enjoys the journey as much as the goal, so I play along. Yes, thats why I thought a round of jousting would be entertaining. But not around for that long, the lad looks to be abou...
by anav
Thu Jan 02, 2025 3:53 pm
Forum: General
Topic: MT Firewall & DST NAT question [SOLVED]
Replies: 10
Views: 2047

Re: MT Firewall & DST NAT question [SOLVED]

It was asked nicely to see the full config to make a proper assessment using facts and evidence. Like it or not, MT config elements are interrelated. No one is asking to see anything revealing. /export file=anynameyouwish (minus router serial number, any public WANIP information, keys, long assed dh...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 75