Community discussions

Search found 10 matches

by levicki
Wed Jun 12, 2019 12:00 pm
Forum: General
Topic: Not all RDP traffic seems to be marked in firewall mangle
Replies: 3
Views: 300

Re: Not all RDP traffic seems to be marked in firewall mangle

You've answered yourself. Fasttracking means bypass of all firewall rules, fasttracked packets only pass through the connection-tracking part of the firewall.
Is there a way to still mark / count this traffic or is the only way for proper bandwidth management to have fasttracking disabled?
by levicki
Wed May 29, 2019 3:03 pm
Forum: General
Topic: Not all RDP traffic seems to be marked in firewall mangle
Replies: 3
Views: 300

Not all RDP traffic seems to be marked in firewall mangle

I have a RDP server on LAN which is forwarded to WAN: add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS" new-connection-mark=rdp-connection-mark passthrough=yes port=3389 protocol=tcp add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS" new-connection-ma...
by levicki
Wed May 29, 2019 2:58 pm
Forum: General
Topic: Not all RDP traffic seems to be marked in firewall mangle
Replies: 0
Views: 173

Not all RDP traffic seems to be marked in firewall mangle

I have a RDP server on LAN which is forwarded to WAN: add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS" new-connection-mark=rdp-connection-mark passthrough=yes port=3389 protocol=tcp add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS" new-connection-ma...
by levicki
Sat Jun 23, 2018 2:11 am
Forum: Beginner Basics
Topic: Firewall Filter Rule before NAT rule
Replies: 12
Views: 14724

Re: Firewall Filter Rule before NAT rule

Sorry for necroing an old thread, but it might be useful to mention that it is possible to drop packets before dstnat by using Raw rules in prerouting chain. An example: /ip firewall raw add action=drop chain=prerouting dst-port=3389 in-interface=your_wan_interface protocol=tcp src-address-list=\ !T...
by levicki
Sat Jun 23, 2018 12:22 am
Forum: General
Topic: [FR] A way to reference IP address on any interface in NAT
Replies: 1
Views: 460

[FR] A way to reference IP address on any interface in NAT

It would be nice if MikroTik would add a variable that could be used in place of src-address, dst-address, or to-addresses in NAT commands. Vyatta has this option where you can reference for example ADDRv4_eth2 to get current eth2 IP address anywhere in NAT rule and it is replaced and maintained tra...
by levicki
Thu May 24, 2018 10:41 am
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 77702

Re: VPNfilter official statement

Hopefully my comment won't come through as rude, but to me it seems a bit irresponsible (or at least over-confident) to say "we are highly certain" without having an actual sample of the malware to analyze and confirm that it was exploiting the old vulnerability and not some new one you might not y...
by levicki
Thu May 24, 2018 10:32 am
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 77702

Re: VPNfilter official statement

Hopefully my comment won't come through as rude, but to me it seems a bit irresponsible (or at least over-confident) to say "we are highly certain" without having an actual sample of the malware to analyze and confirm that it was exploiting the old vulnerability and not some new one you might not ye...
by levicki
Tue May 01, 2018 11:56 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154910

Re: RouterOS v7.0 beta1 - when?

MikroTik (just like Ubiquiti and many others for that matter) are depending on the hardware (CPU/chipset) manufacturer for major upgrades. Those manufacturers are the ones who provide SDK and drivers (the latter usually in binary form only due to patents), and those drivers cannot be loaded on newer...
by levicki
Tue May 01, 2018 11:33 am
Forum: General
Topic: CloudFlare DNS over TLS
Replies: 41
Views: 18319

Re: CloudFlare DNS over TLS

Cloudflared (daemon for cloudflare services including DNS over HTTPS) is open-source and written in Go language, you can find it on GitHub and port to MikroTik.
by levicki
Mon Apr 30, 2018 12:30 pm
Forum: General
Topic: CloudFlare DNS over TLS
Replies: 41
Views: 18319

Re: CloudFlare DNS over TLS

Hello, new MikroTik owner here. I'd also like to see DNS over HTTPS support. I am not sure if the forum will let me post a link but I will try anyway. This is the source code of cloudflared (daemon) which can act as DNS over HTTPS proxy. It is written in Go language, it should be straightforward to ...