Community discussions

Search found 38 matches

by anavds
Thu Apr 26, 2018 10:45 pm
Forum: Beginner Basics
Topic: Mikrotik trunk to cisco switch + 2 ISP pcc o NTH
Replies: 4
Views: 527

Re: Mikrotik trunk to cisco switch + 2 ISP pcc o NTH

azoo explain your requirement without using any technical jargon and half attempts at describing the solution. Example. Requirement(s): I have an FTP server program that I want to share music and photos with family. Assets: I have a hex router a single dynamic public IP address and a dyndns service ...
by anavds
Thu Apr 26, 2018 10:33 pm
Forum: Beginner Basics
Topic: Need to get outgoing IP addresses to match [SOLVED]
Replies: 7
Views: 605

Re: Need to get outgoing IP addresses to match [SOLVED]

Okay its sinking in LOL. But this does not absolve the admin from ensuring proper routing out of the router. (tells the packets where to go when forwarded by the user). The srcnat rules simply ensure return traffic is allowed in and will go back to the originator. (tells the packets that they will b...
by anavds
Thu Apr 26, 2018 10:03 pm
Forum: Beginner Basics
Topic: Double NAT port forwarding
Replies: 4
Views: 4184

Re: Double NAT port forwarding

Hi neu what is the difference in terms of naming your WANIP in your first example, vice simply stating as you did in the second rule in-interface ether1? Both are specific (not the generic in-interface list WAN). The only reason I can think of is that its a dynamically changing public IP address and...
by anavds
Thu Apr 26, 2018 9:58 pm
Forum: Beginner Basics
Topic: traffic in one port forced out specific port
Replies: 4
Views: 482

Re: traffic in one port forced out specific port

@anavds: It sounds like different kind of ports.
Ahh yes silly me he is talking about physical ports and possibly vlans...............
by anavds
Thu Apr 26, 2018 9:16 pm
Forum: Beginner Basics
Topic: traffic in one port forced out specific port
Replies: 4
Views: 482

Re: traffic in one port forced out specific port

Poorly worded requirement which supposed a routing solution vice explaining the functionality desired. Why do you need to frig with ports and why. For example. I wish to provide my server for friends which hosts on port 666 but my ISP blocks 666. I cannot change the host port (fixed port) of my sata...
by anavds
Thu Apr 26, 2018 8:58 pm
Forum: Beginner Basics
Topic: 2 WANs divided between clients over 1 LAN
Replies: 3
Views: 334

Re: 2 WANs divided between clients over 1 LAN

I liked your first idea better LOL. VLANS? How the heck would you assign them to each VLAN. For example lets say we have users now 192.168.0.2 - .20. and .2, .5, .8-.12, .16-.19 should go to WAN1 and the rest to WAN2. Have fun doing that via VLAN. However, an easy doable case for mangle and address ...
by anavds
Thu Apr 26, 2018 8:44 pm
Forum: Beginner Basics
Topic: Double NAT port forwarding
Replies: 4
Views: 4184

Re: Double NAT port forwarding

Double NAT as I know it is a case of where one has a router and cannot avoid having a secondary router between the internet and the server. Double NAT also assumes you have the ability to program both routers. Basically in the first router, you port forward the traffic such that the destination addr...
by anavds
Thu Apr 26, 2018 7:21 pm
Forum: Beginner Basics
Topic: Equal Bandwidth PCQ per IP
Replies: 2
Views: 474

Re: Equal Bandwidth PCQ per IP

Neu I was reading the link posters code and was confused by.......... DSL MODEM IP’S DSL MODEM 1 = 192.168.1.1 DSL MODEM 2 = 192.168.2.1 /ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 ...
by anavds
Thu Apr 26, 2018 7:09 pm
Forum: Beginner Basics
Topic: prerouting mangle vs static route
Replies: 10
Views: 1808

Re: prerouting mangle vs static route

Just to be clear. 1. static_IP is an address list comprised of the specific private LANIPs that are servers? 2. You have TWO ISPs and only want to use the secondary ISP (static) for your servers. I would expect you have two routes setup for this..... 0.0.0.0/0 gateway IP of Primary ISP (not WANIP), ...
by anavds
Thu Apr 26, 2018 5:59 pm
Forum: Beginner Basics
Topic: Allow trafic betwen different subnets.
Replies: 26
Views: 2004

Re: Allow trafic betwen different subnets.

Export the config file via the terminal....
/export hide-sensitive

The file will show up in the file directory location and then you have to download it to your computer. (notepad ++ is your friend to read it).
by anavds
Thu Apr 26, 2018 5:14 pm
Forum: Beginner Basics
Topic: Need to get outgoing IP addresses to match [SOLVED]
Replies: 7
Views: 605

Re: Need to get outgoing IP addresses to match [SOLVED]

Hi Solar, Hmmmmmmmmm SourceNAT ensuring LAN traffic is tagged when leaving the WAN so its recognized and allowed back in through same WAN and to the source LAn DestinationNAT ensured unsolicited traffic with pre-identified ports and a private LANIP destination (both identified in rule) and even bett...
by anavds
Thu Apr 26, 2018 4:55 pm
Forum: Beginner Basics
Topic: Port forwarding - please help !
Replies: 29
Views: 2103

Re: Port forwarding - please help !

Yes, I am easily confused but only due to my lack of knowledge. Okay, what I dont get is why for the external group allowed WANIPs to access server, you identified them as source and also used in-interface WAN. BUT you dropped the in-interface WAN for the two cases where the rule is to allow only ON...
by anavds
Thu Apr 26, 2018 4:23 pm
Forum: Beginner Basics
Topic: Allow trafic betwen different subnets.
Replies: 26
Views: 2004

Re: Allow trafic betwen different subnets.

Nice diagram by the way! What I don't see is the tie-in between the VLAN networks and the LAN network 10.0.0.0 ? Where, how do you tell the VLAN to piggyback/ride symbiotically live off the HOST LAN? I'm assuming the VLAN networks are specifically used for WIFI and the rest of the network is normal ...
by anavds
Thu Apr 26, 2018 4:15 pm
Forum: Beginner Basics
Topic: Need to get outgoing IP addresses to match [SOLVED]
Replies: 7
Views: 605

Re: Need to get outgoing IP addresses to match [SOLVED]

you need src NAT: /ip firewall nat add chain=srcnat action=src-nat to-addresses=currect_Public_IP src-address=IP_of_email_server place this above you masquerade rule in NAT Hi Solar, I am still reading the other post, but I see a similar item that is nagging me and specifically the use of to-addres...
by anavds
Thu Apr 26, 2018 4:11 pm
Forum: Beginner Basics
Topic: 2 WAN failover stuck
Replies: 3
Views: 1463

Re: 2 WAN failover stuck

That's very kind neu, but the OP stated he wants to get failover working. Lets work on that and when he/she wants to get load balancing working we can deal with it then!. To finish off the method previously described........ One needs two basic Route Rules (similar to the out of the box default rule...
by anavds
Wed Apr 25, 2018 11:30 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2410

Re: Getting Plex to play nice with firewall rules

Hi hobbies, its a dilemma I don't understand as I come from another routing experience which separates out virtual servers and FW rules...........learning as I go.
by anavds
Wed Apr 25, 2018 11:28 pm
Forum: Beginner Basics
Topic: Load balancing with fail over (again)
Replies: 12
Views: 990

Re: Load balancing with fail over (again)

You mean the observation I made is CORRECT not NOPE- in that I don't need the second ping gateway. BUT if the NOPE was for my use of the word IMPLIED, then Yes, when I said IMPLIED, I should have clearly stated what I meant by implied in that the function of distance ensures that when the primary ro...
by anavds
Wed Apr 25, 2018 11:22 pm
Forum: Beginner Basics
Topic: Port forwarding - please help !
Replies: 29
Views: 2103

Re: Port forwarding - please help !

Hi Sob, thanks for your patience on this one. Multiple ports is only an issue due to not being able to place them on an address list like IP addresses. A. I should be able to easily port forward to a single, or any combination of groups of services. B. I should be able to filter external access by o...
by anavds
Wed Apr 25, 2018 10:52 pm
Forum: Beginner Basics
Topic: Allow only one specified port to a LAN host
Replies: 8
Views: 703

Re: Allow only one specified port to a LAN host

Argggg you are correct!!
My logic is flawed. I must keep in mind that when a rule is matched, game over!!
Frogs legs for supper! ;-)
by anavds
Wed Apr 25, 2018 10:02 pm
Forum: Beginner Basics
Topic: Load balancing with fail over (again)
Replies: 12
Views: 990

Re: Load balancing with fail over (again)

LAN1 Destination 0.0.0.0 Gateway (IP address WAN1) CheckGateway: Ping, Distance = 1 Routing Mark - LAN1_Traffic Destination 0.0.0.0 Gateway (IP address WAN2) CheckGateway: Ping, Distance = 2 Routing Mark - LAN1_Traffic LAN2 Destination 0.0.0.0 Gateway (IP address WAN2) CheckGateway: Ping, Distance ...
by anavds
Wed Apr 25, 2018 9:54 pm
Forum: Beginner Basics
Topic: force some client to wan2
Replies: 5
Views: 755

Re: force some client to wan2

I prefer using address lists to identify GROUP OBJECTS, be they users, IP addresses, services etc......... That way I am monkeying LESS with actual rules OF ANY SORT, when soley having to change objects!! In other words, I only have to modify objects in many instances and not rules. In reviewing thi...
by anavds
Wed Apr 25, 2018 6:55 pm
Forum: Beginner Basics
Topic: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD
Replies: 17
Views: 1525

Re: Need help setting simple port forwarding to a server behind CRS-125-24G-1S-2HnD

@anav, it is the default drop rule in input chain, i.e. The last rule for packets that dit not match previous rules ends there and get dropped I figured as much but it doesnt look like what is standard.......... add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid ...
by anavds
Wed Apr 25, 2018 6:52 pm
Forum: Beginner Basics
Topic: How to use 2 Wan load bal/ppc over 1 lan
Replies: 1
Views: 221

Re: How to use 2 Wan load bal/ppc over 1 lan

How do you want to load balance?? three main methods Round Robin - means taking turns for next session by the two WAN Least Load - router assesses load and pushed next session to least loaded interface (not sure if hex looks at up down or both)? Fail-over (not really load balance but simply use WAN2...
by anavds
Wed Apr 25, 2018 6:46 pm
Forum: Beginner Basics
Topic: 2 WAN failover stuck
Replies: 3
Views: 1463

Re: 2 WAN failover stuck

I would say the problem is both in mangle and routing rules. keep it simple!!! There should be two plain routing rules without any mangling involved. (These are similar to the functionality of the out of the box default route created by router) IP route destination 0.0.0.0/0 gateway IP of ISP primar...
by anavds
Wed Apr 25, 2018 6:27 pm
Forum: Beginner Basics
Topic: Allow only one specified port to a LAN host
Replies: 8
Views: 703

Re: Allow only one specified port to a LAN host

/ip firewall filter add chain=forward src-address=192.168.88.100 out-interface=WAN protocol=tcp port=!5900 action=drop add chain=forward src-address=192.168.88.100 out-interface=WAN protocol=udp port=!5900 action=drop [/quote] Can this be simplified by only using two rules?? If so, is it fair to sa...
by anavds
Wed Apr 25, 2018 6:20 pm
Forum: Beginner Basics
Topic: force some client to wan2
Replies: 5
Views: 755

Re: force some client to wan2

I do this now for email traffic. I use IP Mangle rule to mark route for all traffic coming from LAN (in interface) on port 25 I create a routing rule that sends this traffic (marked by the mangle rule) to the mail server IP of the ISP if traffic, plus enter in the gateway IP. Same concept can be use...
by anavds
Wed Apr 25, 2018 6:11 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2410

Re: Getting Plex to play nice with firewall rules

The I diagram starts with prerouting. Looking at prerouting, we can see that is where dst-nat is done. When we leave the I diagram, the next step is to go to the forward chain since the dst-nat changed it to go to an internal machine. Thus, the packet never hits the input chain and no firewall rules...
by anavds
Wed Apr 25, 2018 5:55 pm
Forum: Beginner Basics
Topic: Trunking bridged VLANS
Replies: 9
Views: 860

Re: Trunking bridged VLANS

I am thinking of using VLANS as well but my prior knowledge is not helping. I always understood that VLANS are not an entity to itself. One cannot just create VLANs. Virtual means its actually using a host somewhere of some sort. In this case AN EXISTING LAN is being used or being piggybacked by a V...
by anavds
Wed Apr 25, 2018 5:43 pm
Forum: Beginner Basics
Topic: Port forwarding - please help !
Replies: 29
Views: 2103

Re: Port forwarding - please help !

If one rule is enough, why add more. This last part is about making FTP server on router accessible from anywhere. So you need exactly one rule to allow connections to main control port. Connections to data ports can be allowed automatically using conntrack and related state. For ports forwarded in...
by anavds
Wed Apr 25, 2018 5:38 pm
Forum: Beginner Basics
Topic: WiFi comparison between hAP ac2 and hAP ac
Replies: 12
Views: 12891

Re: WiFi comparison between hAP ac2 and hAP ac

Not fair, I started laughing and thus sprayed coffee all over my papers reading the Wired performance is Outstanding! :-)
by anavds
Wed Apr 25, 2018 5:30 pm
Forum: Beginner Basics
Topic: 8 apartments, separate SSID's for security?
Replies: 14
Views: 1086

Re: 8 apartments, separate SSID's for security?

Solar......... Using Bridges on LANS blocks at layer 2 (via mac addresses and tables) correct? VLANS block at layer 2/3? (by inserted headers in packet flow) correct? FW rules block at layer 3 (IP routing) correct? How does hotspot block??? a. devices on the same account from seeing each other? i. w...
by anavds
Wed Apr 25, 2018 5:25 pm
Forum: Beginner Basics
Topic: Block crypto currency mining
Replies: 3
Views: 2560

Re: Block crypto currency mining

Good question as I have asked this question myself silently. A start is to ensure one has an AV that looks at this type of malware. Another layer is to add extensions to browsers such as NOCOIN etc....... Finally what can be done at the HEX level? Reading this article it appears some DPI programming...
by anavds
Wed Apr 04, 2018 9:00 pm
Forum: Beginner Basics
Topic: Moving to a new switch
Replies: 4
Views: 531

Re: Moving to a new switch

Well this is close.............. https://www.netwire.ca/6-switches they have the 326, and claim to have the 328 but nothing up on their store. https://www.balticnetworks.com/mikrotik-24-gigabit-ethernet-ports-4sfp-port-802-3af-at-switch.html maybe these guys........ https://www.streakwave.com/itemde...
by anavds
Wed Apr 04, 2018 8:13 pm
Forum: Beginner Basics
Topic: Moving to a new switch
Replies: 4
Views: 531

Re: Moving to a new switch

Do you still need the old switch LOL. I am on the hunt for a sweet deal........
by anavds
Wed Apr 04, 2018 6:59 pm
Forum: Beginner Basics
Topic: Beginner have any questions
Replies: 3
Views: 405

Re: Beginner have any questions

To add what SOLAR stated, one has to be able to block HTTPS sites as well and I believe the Mikrotiks have a way of doing that. "Since most of the internet now uses https, it has become much harder to filter specific web content. For this reason, RouterOS 6.41 introduces a new firewall matcher which...
by anavds
Wed Apr 04, 2018 6:55 pm
Forum: Beginner Basics
Topic: BLock IP camera output connection
Replies: 10
Views: 1408

Re: BLock IP camera output connection

... And exactly this is the thing to be blocked. Camera should not be allowed to actively connect anywhere. Jarda, that is only a valid comment if the OP has no intention of accessing the video camera through the phone app and ONLY through the house LAN. Personally, I think it makes far more sense ...
by anavds
Wed Apr 04, 2018 3:16 pm
Forum: Beginner Basics
Topic: Queue tree beginner's question
Replies: 7
Views: 666

Re: Queue tree beginner's question

Hi StevO Can you explain the logic of the setup.......... Line1: The max-limit of 8K is the highest throughput the rule will apply (manages up to 8K speed) Q, What happens to capacity above 8K? Line1: 8K speed is available to the units identified in the queue tree. Line1: This queue manages outgoing...
by anavds
Wed Apr 04, 2018 2:49 pm
Forum: General
Topic: CloudFlare DNS over TLS
Replies: 41
Views: 19659

Re: CloudFlare DNS over TLS

+1, I'm not paranoid but I'm sure SOB is tracking my DNS! ;-)