Search found 32 matches
- Thu May 11, 2023 1:47 pm
- Forum: General
- Topic: Dual WAN with port forwarding
- Replies: 13
- Views: 1533
Re: Dual WAN with port forwarding
I am far from expert, and thus maybe others will chime in with other potential options, sorry. I spent quite some time experimenting and I managed to get download and upload to use full bandwidth of both connections. You need to use src-address-and-port in PCC rules so that connections from same so...
- Thu May 11, 2023 12:07 am
- Forum: Scripting
- Topic: Update address list with script
- Replies: 6
- Views: 11729
Re: Update address list with script
Sorry for necroing the thread but this script works for me in RouterOS 7.9: :local inetinterface "wan2"; :local addresslist "WAN2_IP"; :global CurrentIP; :if ([/interface get $inetinterface value-name=running]) do={ :local NewIP [/ip address get [find interface="$inetinterfa...
- Wed May 10, 2023 6:42 pm
- Forum: General
- Topic: Dual WAN with port forwarding
- Replies: 13
- Views: 1533
Re: Dual WAN with port forwarding
I am aware that PCC is not bonding. I was hoping that there was a method using PCC to mark connections so that connections that go to same destination address from different source ports (say using src-address-and-port) use different ISPs. As for the torrent part it's not a dedicated box so filterin...
- Wed May 10, 2023 1:57 pm
- Forum: General
- Topic: Dual WAN with port forwarding
- Replies: 13
- Views: 1533
Re: Dual WAN with port forwarding
Oh right, that works for the default route but not for the route with the table we add. Bingo... that's why I said DHCP and PPPoE client should support specifying routing table. I did try using output interface instead of gateway, and I did manage to get some sort of load balancing. However, the ma...
- Tue May 09, 2023 8:33 pm
- Forum: General
- Topic: Dual WAN with port forwarding
- Replies: 13
- Views: 1533
Re: Dual WAN with port forwarding
Ahh okay, sorry. Hmm I have plain ethernet cable on mine, and I just use the current gateway in my rules. When my ISP changes the new gateway auto populates properly with no work from me. However my primary WAN is fiber from bell and that gateway never updates on my routes just IP DHCP client so I ...
- Tue May 09, 2023 6:12 pm
- Forum: General
- Topic: Dual WAN with port forwarding
- Replies: 13
- Views: 1533
Re: Dual WAN with port forwarding
I never said in mangling rules -- I said in routes, and your example shows it as well (unless it is optional).If you dont try, you wont find out. There is no need for Gateway IP in mangling rules.
- Tue May 09, 2023 12:27 pm
- Forum: General
- Topic: Dual WAN with port forwarding
- Replies: 13
- Views: 1533
Re: Dual WAN with port forwarding
The PCC load balancing is straight forward via PCC type rules. You will need mangling to a. prerouting --> mark connections for inbound traffic on wans b. output --> assign routing marks for same traffic returning to originator c. prerouting apply pcc rules and mark connection for LAN traffic headi...
- Mon May 08, 2023 8:18 pm
- Forum: General
- Topic: Dual WAN with port forwarding
- Replies: 13
- Views: 1533
Dual WAN with port forwarding
I have two ISPs at the moment. ISP1 - fiber PPPoE (static IP) ISP2 - cable (dynamic IP) I would like to create a dual WAN configuration with load balancing where I would also perform port forwarding for some services over ISP1 and some over ISP2. I am using RouterOS 7.9. What would be the best way t...
- Tue Dec 14, 2021 6:36 pm
- Forum: Announcements
- Topic: v7.1 is released!
- Replies: 785
- Views: 226682
Re: v7.1 is released!
I have 7.1 release installed on Audience AP and it seems that the Access List feature is either not working or I am not using it correctly. I have whitelisted MAC addresses of devices which I want to allow to connect, but my Apple Watch still connected with random MAC address (the latest iOS update ...
- Fri Nov 26, 2021 7:38 pm
- Forum: RouterOS beta
- Topic: v7.1rc7 [development] is released!
- Replies: 174
- Views: 55303
Re: v7.1rc7 [development] is released!
@sergejs Audience owner here, running RouterOS 7.1rc6. Only packages I have installed are routeros and wifiwave2 on it. After upgrading to 7.1rc7 I have this message in the log right after rebooting and after interfaces are brought up: error while running customized default configuration script: bad...
- Sat May 29, 2021 4:53 pm
- Forum: General
- Topic: DNS in mikrotik and DC on Windows Server
- Replies: 4
- Views: 14828
Re: DNS in mikrotik and DC on Windows Server
Sorry for bringing up an old thread, but I recently wrote an article on how you can run AD DNS on a MikroTik router. Of course, standard disclaimer applies -- you should not be doing it in an environment where: 1. You have more than one domain and/or forest 2. You need dynamic DNS updating to work 3...
- Wed May 26, 2021 8:45 pm
- Forum: Wireless Networking
- Topic: Audience AP question
- Replies: 6
- Views: 1626
Re: Audience AP question
I would not recommend purchasing audience until a stable firmware is released for it, but thats your choice. I already did, and I installed 7.1beta6 on it along with wifiwave2 package. So far it appears stable and I can get 485Mbps/49Mbps on 5GHz 4 chain radio (my ISP is 500/50Mbps, tested using sp...
- Wed May 26, 2021 2:04 pm
- Forum: Wireless Networking
- Topic: Audience AP question
- Replies: 6
- Views: 1626
Re: Audience AP question
2) two = 2 Yes, I know number to word mapping, thank you. What I was asking is whether you can configure them separately or the system sees them as a single logical device. 4) Really you ask that? Obviously, like all the other mikrotik devices, you can do what you want (if you know how to do that) ...
- Wed May 26, 2021 1:37 pm
- Forum: Wireless Networking
- Topic: Audience AP question
- Replies: 6
- Views: 1626
Audience AP question
I am considering purchasing Audience I have a few questions regarding Audience capabilities. 1. Website shows technical specification, but doesn't show what authentication standards are supported. Is WPA3 supported? 2. Can the two 5ghz radios be configured separately? 3. Website shows AES-256-CBC th...
- Wed May 19, 2021 3:22 pm
- Forum: General
- Topic: Windows DNS client problem
- Replies: 3
- Views: 1059
Re: Windows DNS client problem
If you do not have a real domain (read: domain controller), and your PC is not domain-joined, then Windows (and probably Linux as well) will not append any DNS search suffix to host names when it triies to resolve them on the DNS server. On Windows, you can go to Control Panel > Network Connections ...
- Wed May 19, 2021 2:11 pm
- Forum: General
- Topic: Regular expression too complex
- Replies: 2
- Views: 822
Regular expression too complex
Except it really isn't? I mean, this is pretty basic for a regex: (events|notify|pipe|settings|telemetry|urs|vortex(\-win)?|watson)\..*(live|microsoft|msn|windows) This is in DNS static entries and I am running RouterOS 6.48.2. Wiki page doesn't mention anything about regex complexity, length limits...
- Fri Apr 30, 2021 5:12 pm
- Forum: General
- Topic: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t
- Replies: 8
- Views: 1440
Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t
Are you seriously suggesting to use beta software in production environment?!? o.0Switch to 7.1beta5 and enjoy that 64 bit time.
- Fri Apr 30, 2021 5:11 pm
- Forum: General
- Topic: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t
- Replies: 8
- Views: 1440
Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t
Let me also add that for a certificate created today with 3652 days it is showing Days Valid as 3652 , but it shows Expires After as 3636 days, so there seems to be more wrong than just 32-bit cutoff. I found a discussion about that here and after reading it I still don't understand where this error...
- Fri Apr 30, 2021 4:58 pm
- Forum: General
- Topic: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t
- Replies: 8
- Views: 1440
[BUG] Certificate Days Valid shows wrong value due to 32-bit time_t
The imported certificate's Days Valid field is displaying wrong value -- it is showing 6090 days for a certificate which has 36524 days validity (100 years). The reason for this seems to be the date handling in the OS caused by using 32-bit Unix time_t structure (a.k.a. the Year 2038 Problem ) -- th...
- Fri Apr 30, 2021 4:50 pm
- Forum: Announcements
- Topic: v6.48.2 [stable] is released!
- Replies: 141
- Views: 62336
Re: v6.48.2 [stable] is released!
I think I found a bug. The imported certificate's Days Valid field is displaying wrong value -- it is showing 6090 days for a certificate which has 36524 days validity (100 years). The reason for this seems to be the date handling in the OS caused by using 32-bit Unix time_t structure (a.k.a. the Ye...
- Sun Mar 22, 2020 5:59 pm
- Forum: General
- Topic: Help with Microsoft Teams QoS
- Replies: 5
- Views: 8307
Re: Help with Microsoft Teams QoS
Are you the ISP ? No. Just someone who wants to have undisturbed Teams experience with coworkers when working from home regardless of what other members of the household (or even myself) are doing on the internet. I have Mikrotik hardware good enough to solve that problem. I don't see any real-worl...
- Thu Mar 19, 2020 2:44 pm
- Forum: General
- Topic: Help with Microsoft Teams QoS
- Replies: 5
- Views: 8307
Help with Microsoft Teams QoS
Hello, I would like to implement QoS for Microsoft Teams. As per Microsoft's documentation, the following address ranges should be optimized for Teams: 13.107.64.0/18 52.112.0.0/14 Docs are here: https://docs.microsoft.com/en-us/microsoftteams/prepare-network And here: https://docs.microsoft.com/en-...
- Wed Jun 12, 2019 12:00 pm
- Forum: General
- Topic: Not all RDP traffic seems to be marked in firewall mangle
- Replies: 3
- Views: 1454
Re: Not all RDP traffic seems to be marked in firewall mangle
Is there a way to still mark / count this traffic or is the only way for proper bandwidth management to have fasttracking disabled?You've answered yourself. Fasttracking means bypass of all firewall rules, fasttracked packets only pass through the connection-tracking part of the firewall.
- Wed May 29, 2019 3:03 pm
- Forum: General
- Topic: Not all RDP traffic seems to be marked in firewall mangle
- Replies: 3
- Views: 1454
Not all RDP traffic seems to be marked in firewall mangle
I have a RDP server on LAN which is forwarded to WAN: add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS" new-connection-mark=rdp-connection-mark passthrough=yes port=3389 protocol=tcp add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS&quo...
- Wed May 29, 2019 2:58 pm
- Forum: General
- Topic: Not all RDP traffic seems to be marked in firewall mangle
- Replies: 0
- Views: 747
Not all RDP traffic seems to be marked in firewall mangle
I have a RDP server on LAN which is forwarded to WAN: add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS" new-connection-mark=rdp-connection-mark passthrough=yes port=3389 protocol=tcp add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS&quo...
- Sat Jun 23, 2018 2:11 am
- Forum: Beginner Basics
- Topic: Firewall Filter Rule before NAT rule
- Replies: 14
- Views: 22597
Re: Firewall Filter Rule before NAT rule
Sorry for necroing an old thread, but it might be useful to mention that it is possible to drop packets before dstnat by using Raw rules in prerouting chain. An example: /ip firewall raw add action=drop chain=prerouting dst-port=3389 in-interface=your_wan_interface protocol=tcp src-address-list=\ !T...
- Sat Jun 23, 2018 12:22 am
- Forum: General
- Topic: [FR] A way to reference IP address on any interface in NAT
- Replies: 1
- Views: 1256
[FR] A way to reference IP address on any interface in NAT
It would be nice if MikroTik would add a variable that could be used in place of src-address, dst-address, or to-addresses in NAT commands. Vyatta has this option where you can reference for example ADDRv4_eth2 to get current eth2 IP address anywhere in NAT rule and it is replaced and maintained tra...
- Thu May 24, 2018 10:41 am
- Forum: Announcements
- Topic: VPNfilter official statement
- Replies: 190
- Views: 146258
Re: VPNfilter official statement
Hopefully my comment won't come through as rude, but to me it seems a bit irresponsible (or at least over-confident) to say "we are highly certain" without having an actual sample of the malware to analyze and confirm that it was exploiting the old vulnerability and not some new one you m...
- Thu May 24, 2018 10:32 am
- Forum: Announcements
- Topic: VPNfilter official statement
- Replies: 190
- Views: 146258
Re: VPNfilter official statement
Hopefully my comment won't come through as rude, but to me it seems a bit irresponsible (or at least over-confident) to say "we are highly certain" without having an actual sample of the malware to analyze and confirm that it was exploiting the old vulnerability and not some new one you mi...
- Tue May 01, 2018 11:56 am
- Forum: General
- Topic: RouterOS v7.0 beta1 - when?
- Replies: 613
- Views: 257303
Re: RouterOS v7.0 beta1 - when?
MikroTik (just like Ubiquiti and many others for that matter) are depending on the hardware (CPU/chipset) manufacturer for major upgrades. Those manufacturers are the ones who provide SDK and drivers (the latter usually in binary form only due to patents), and those drivers cannot be loaded on newer...
- Tue May 01, 2018 11:33 am
- Forum: General
- Topic: CloudFlare DNS over TLS
- Replies: 41
- Views: 45587
Re: CloudFlare DNS over TLS
Cloudflared (daemon for cloudflare services including DNS over HTTPS) is open-source and written in Go language, you can find it on GitHub and port to MikroTik.
- Mon Apr 30, 2018 12:30 pm
- Forum: General
- Topic: CloudFlare DNS over TLS
- Replies: 41
- Views: 45587
Re: CloudFlare DNS over TLS
Hello, new MikroTik owner here. I'd also like to see DNS over HTTPS support. I am not sure if the forum will let me post a link but I will try anyway. This is the source code of cloudflared (daemon) which can act as DNS over HTTPS proxy. It is written in Go language, it should be straightforward to ...