Community discussions

Search found 11 matches

by trykes
Mon Jun 17, 2019 9:33 am
Forum: General
Topic: Strange hiccups in SSH connection [SOLVED]
Replies: 2
Views: 267

Re: Strange hiccups in SSH connection [SOLVED]

Thanks for the explicit answer!
by trykes
Sun Jun 16, 2019 9:42 pm
Forum: General
Topic: Strange hiccups in SSH connection [SOLVED]
Replies: 2
Views: 267

Strange hiccups in SSH connection [SOLVED]

A brief overview of my setup: I have RB2011 UiAS, 2 WANs connected, one for primary use and another for failover. I also force some connections through second ISP with mangle table. One of these forced connections to WAN-2 is SSH to a server, which freezes for short periods of time when I type text ...
by trykes
Wed Mar 27, 2019 9:39 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 446

Re: Firewall rules: dst-limit invert

The only thing I miss now about dst-limit is that it does not allow to match source port (only source address, dst address, dst port). This makes it hard to distinguish between: 1. Browser making multiple connections to a host and 2. Subsequent SYNs of a single connection. What I'm doing is: when an...
by trykes
Wed Mar 27, 2019 7:02 pm
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 446

Re: Firewall rules: dst-limit invert

Follow up by "same" rule minus the limit and desired action. Ex: in-intf=wan & state=new & limit 5/s -> action: accept in-intf=wan & state=new -> action: drop Result: limit number of "new" connection on wan interface to 5/s max. Any additional will be dropped. This works nice, I forgot I could do i...
by trykes
Wed Mar 27, 2019 10:09 am
Forum: General
Topic: Firewall rules: dst-limit invert
Replies: 10
Views: 446

Firewall rules: dst-limit invert

Is it impossible to invert "Dst. Limit" (no exclamation mark there), like we do for "Limit"?

If not, please consider this a feature request.
Screenshot_20190327_110558.png
by trykes
Tue Mar 26, 2019 8:00 pm
Forum: General
Topic: Memory consumption by firewall address list
Replies: 4
Views: 351

Re: Memory consumption by firewall address list

For the record, this is the solution I came up with. 1. With a few firewall mangle rules, I detect when a second TCP SYN is sent for a connection (meaning packets are probably dropped), dst address is added to list with 1 week timeout, for further connections from this list I set a routing mark, wit...
by trykes
Sat Mar 23, 2019 9:56 pm
Forum: General
Topic: Memory consumption by firewall address list
Replies: 4
Views: 351

Re: Memory consumption by firewall address list

No, it's already optimized, the list contains both single IPs and subnets without overlaps.
by trykes
Sat Mar 23, 2019 11:19 am
Forum: General
Topic: Memory consumption by firewall address list
Replies: 4
Views: 351

Memory consumption by firewall address list

Hi, I used to have a big IP address list uploaded to my RB2011 router (128M RAM). This list was used to bypass Russian govermental official IP blacklist filter. Without the list loaded, I have around 100M free. When the list contained about 120'000 entries, I had 40M free memory. Now the list is aro...
by trykes
Tue Apr 03, 2018 9:50 pm
Forum: General
Topic: MikroTik's GPL compliance regarding RouterOS
Replies: 28
Views: 7350

Re: MikroTik's GPL compliance regarding RouterOS

I have checked GPL text and RouterOS license and as an ordinary not juridically educated person I see almost no problems. Quote from GPLv2: 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above ...
by trykes
Tue Apr 03, 2018 11:53 am
Forum: General
Topic: Any plans to make cross-platform WinBox?
Replies: 33
Views: 2828

Re: Any plans to make cross-platform WinBox?

There doesn't have to be 2 separate apps, Mikrotik can abandon WinBox, it's UI looks a little archaic anyway and release a cross-platform Qt app :) Having only a console/terminal interface is less convenient for many people, same as having only GUI app. If it was OpenWrt, I'd go with SSH but RouterO...
by trykes
Thu Mar 22, 2018 10:12 am
Forum: General
Topic: Any plans to make cross-platform WinBox?
Replies: 33
Views: 2828

Any plans to make cross-platform WinBox?

I'd like to see a RouterOS GUI client like WinBox one day which works on Linux and BSD (and Mac maybe).
Do you have plans and manpower to develop it?

We can access our routers with OpenSSH, mactelnet and run WinBox in WINE of course, but native GUI would be better.