Community discussions

MikroTik App

Search found 33 matches

by webix
Mon Dec 28, 2020 10:12 pm
Forum: Forwarding Protocols
Topic: BGP load balancing on a multi-homed with IXP
Replies: 0
Views: 252

BGP load balancing on a multi-homed with IXP

Hello Folks! I have in this moment several IP ranges that I am announcing via BGP. On my facility, I have a router with 2 upstream providers: - NOS: 10Gbit - Meo: 500Mbit I have also a router connected on a IXP where I peer with many other providers and also Meo. I have set a GRE tunnel between my I...
by webix
Wed Jun 03, 2020 5:53 pm
Forum: General
Topic: Block malformed user-agents
Replies: 0
Views: 499

Block malformed user-agents

Hello folks. Lately, i noticed some Layer7 attacks to FiveM servers. After checking the wireshark logs, most of the requests have malformed user-agent: User-Agent: \r\n User-Agent: k\r\n And some others. I set the following rule to be matched and reject everything else: /ip firewall layer7-protocol ...
by webix
Mon May 11, 2020 10:30 am
Forum: Announcements
Topic: v6.46.6 [stable] is released!
Replies: 68
Views: 34860

Re: v6.46.6 [stable] is released!

I noticed that these problems that were corrected on last version are back again: *) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43); *) system - improved system stability when receiving/sending TCP traffic on multicore devices; If i downgrade...
by webix
Sun May 10, 2020 11:01 pm
Forum: General
Topic: Traffic Shapping Scheduler
Replies: 0
Views: 572

Traffic Shapping Scheduler

Hello folks. I am requesting some help has i am being struggling with this since some weeks now and i am near to loose my mind... So, here's my cenario: - I have a router CS1036-12G-4S with 2 uplinks (500Mbits on ETH2 and 100Mbits on ETH1) to different providers. - I am running BGP to announce my IP...
by webix
Mon Jan 20, 2020 9:43 am
Forum: General
Topic: Different speeds between VLans
Replies: 0
Views: 858

Different speeds between VLans

Hello folks. I have a router with several upstream connections on it and connected to 3 switches. I am running VLANs on my network and i would like a little help to do a simple setup. So, in this moment, i am applying a limitation (simple queues on vlan interfaces) of 100Mbit/s on VLan IDs from 100-...
by webix
Mon Nov 25, 2019 4:25 pm
Forum: Forwarding Protocols
Topic: BGP/Routing question
Replies: 5
Views: 2410

Re: BGP/Routing question

Hello Cha0s. Yes, i understand that. It's the default behavior i used. But this is my problem: I have: - ISP1 - ISP2 - ISP3 - AntiDDoS ISP I want to send all traffic from ISP2 to AntiDDoS ISP. Only that one. If i stop the announcement on ISP2, it goes by default to ISP1, and i don't want that. I tri...
by webix
Mon Nov 25, 2019 12:41 pm
Forum: Forwarding Protocols
Topic: BGP/Routing question
Replies: 5
Views: 2410

BGP/Routing question

Hello Folks. Here's the config i have: - Mikrotik router @ my home with 2 ISPs. - Mikrotik router @ a IX. - MikrotikOS router @ a worldwide ISP. My Home router connects to: - ISP 1 with BGP session. - ISP 2 (no BGP here). - Mikrotik router @ IX by GRE and BGP session. - Mikrotik router @ worldwide I...
by webix
Mon Nov 04, 2019 2:43 pm
Forum: General
Topic: Firewall: Limit PPS on per IP basis
Replies: 6
Views: 1013

Re: Firewall: Limit PPS on per IP basis

Yes, that's exactly what I was talking about. But I don't think you need limit matcher on the first jump rule. The logic is like that: 1) all packets non in your "secured" list enter the chain. 2) some of them a filtered by port numbers and added to "infractor" list. 3) all othe...
by webix
Mon Nov 04, 2019 12:50 pm
Forum: General
Topic: Firewall: Limit PPS on per IP basis
Replies: 6
Views: 1013

Re: Firewall: Limit PPS on per IP basis

You can use Dst-limit matcher. But as it performs desired action when under the limit, then applies passthrough, and that behaviour is not reversible (like with Limit matcher), you will need a custom chain for it. Can you please provide an example? I am using custom chains ;) This is what i have in...
by webix
Mon Nov 04, 2019 11:57 am
Forum: General
Topic: Firewall: Limit PPS on per IP basis
Replies: 6
Views: 1013

Firewall: Limit PPS on per IP basis

Hello Folks. I would like to limit the packets per second from a source IP to a destination IP. I know that this has already been approached, but the solutions given are old and don't work very well. So, i would like to add a source IP to a address list if that IP passes the limit of 100K PPS to a d...
by webix
Thu Jul 18, 2019 9:16 am
Forum: General
Topic: Firewall question
Replies: 6
Views: 904

Re: Firewall question

Yes. I know. But most of the servers I have are unmanaged by us. They are rented to our clients.

So, I have 2 solutions:
  • Configure firewall rules to limit the SMTP connections.
  • Redirect SMTP ports on router to a transparent SMTP filtering.
Any idea on how to do this out on the router?
by webix
Thu Jul 18, 2019 12:55 am
Forum: General
Topic: Firewall question
Replies: 6
Views: 904

Re: Firewall question

So... what do you suggest?
I don't have mail clients inside my network. Only mail servers.

Regards
by webix
Wed Jul 17, 2019 11:51 pm
Forum: General
Topic: Firewall question
Replies: 6
Views: 904

Re: Firewall question

Hello sindy. Thank you for informing that. If i am not mistaken, "connection-state=new" means that take into account only the new connections, not the related or established connections. Right? The "connection-limit=50,32" means that is a limit of 49 connections from same IP, no?...
by webix
Wed Jul 17, 2019 5:53 pm
Forum: General
Topic: Firewall question
Replies: 6
Views: 904

Firewall question

Hello folks. In this moment, i have the following firewall rules: chain=forward action=add-src-to-address-list connection-state=new connection-limit=5000,32 protocol=tcp address-list=3rdAlertSPAM address-list-timeout=none-static out-interface=ETH1 dst-port=25,587 limit=5k/12h,0:packet log=no log-pre...
by webix
Sat Mar 09, 2019 8:00 pm
Forum: Beginner Basics
Topic: Firewall: How-to match if connection reaches X Mbit/s?
Replies: 0
Views: 474

Firewall: How-to match if connection reaches X Mbit/s?

Hello folks. I wanted to know if there is a way to setup a firewall rule to add a destination ip address to a list if he is receiving more than 20 Mbit/s on TCP. I tested this rule, but i can't get it working: add action=add-dst-to-address-list address-list=HighTrafficIP address-list-timeout=10m cha...
by webix
Tue Feb 19, 2019 4:55 pm
Forum: Forwarding Protocols
Topic: How to make use of /32 ips?
Replies: 5
Views: 2089

Re: How to make use of /32 ips?

Ok. I've tested like you said, to put the IP address instead of the interface... It doesn't work. I loose full connection if i put the ip instead of the interface. Also... what IP should i put? If i put the interface IP, MK tells me that the subnet is unreachable. If i put the server IP, MK tells me...
by webix
Tue Feb 19, 2019 12:40 pm
Forum: Forwarding Protocols
Topic: How to make use of /32 ips?
Replies: 5
Views: 2089

Re: How to make use of /32 ips?

I got it working. The problem was in my firewall rules. For your info: gateway=SRV01 is not a valid configuration on broadcast network. This configuration works perfectly well because SRV01 is the interface. MK already configure SRV01 has gateway when i add the ip address to that interface. You can ...
by webix
Tue Feb 19, 2019 12:16 pm
Forum: Forwarding Protocols
Topic: How to make use of /32 ips?
Replies: 5
Views: 2089

Re: How to make use of /32 ips?

That gateway is the vlan interface.
I should put the vlan router ip?
by webix
Tue Feb 19, 2019 11:59 am
Forum: Forwarding Protocols
Topic: How to make use of /32 ips?
Replies: 5
Views: 2089

How to make use of /32 ips?

Hello Folks. I have a MK with a /22 subnet announced. Bellow that MK, i have several servers, each one on his own vlan. Each vlan have a /30 configured has follows (This is a example, my IPs are all public): - 10.0.0.0: Subnet - 10.0.0.1: Router IP - 10.0.0.2: Server IP - 10.0.0.3: Broadcast IP. Eve...
by webix
Tue Dec 18, 2018 7:36 pm
Forum: Beginner Basics
Topic: Winbox stuck logging in
Replies: 9
Views: 8281

Re: Winbox stuck logging in

I have that problem too when the default route is not configured and i am accessing from outside.
Check the routes.
by webix
Thu Dec 06, 2018 2:47 pm
Forum: General
Topic: Active BGP Routes not working
Replies: 0
Views: 496

Active BGP Routes not working

Hello Folks. I recently installed a Mikrotik router on a IX (Identified by MK_IX) to do traffic interchange with my router on my facility (Identified by MK_local). - I have configured the BGP sessions on the MK_IX like the IX provided me and the sessions are up and running. I receive ~200 routes. - ...
by webix
Mon Oct 08, 2018 3:19 pm
Forum: Beginner Basics
Topic: Configure queue types with different upstreams
Replies: 0
Views: 440

Configure queue types with different upstreams

Hello Folks. For info, i have read and tested this setup before i ask here my question: https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples This is how i have my network (note that i work with public ips only, so the ips shown here are representative only): ETH1: Connected to UpStream Provid...
by webix
Sat Aug 25, 2018 11:03 pm
Forum: Beginner Basics
Topic: how-to update a BGP filter?
Replies: 4
Views: 693

Re: how-to update a BGP filter?

The no-export seems cannot be set on update. At least mikrotik doesn't assume it. The alternative I found was to set it with the 32bit version of no-export: /routing filter set [find chain="BGP-IPv4-Out"] bgp-communities=65535:65281 I don't know if this is a bug or not, but the mikrotik te...
by webix
Sat Aug 25, 2018 5:39 pm
Forum: Beginner Basics
Topic: how-to update a BGP filter?
Replies: 4
Views: 693

Re: how-to update a BGP filter?

Doesn't work.
by webix
Thu Aug 23, 2018 3:20 pm
Forum: Beginner Basics
Topic: how-to update a BGP filter?
Replies: 4
Views: 693

how-to update a BGP filter?

Hello. I have the following BGP filter: chain=BGP-IPv4-Out prefix=xxx.xxx.xxx.xxx/xx prefix-length=xx-xx bgp-communities="" invert-match=no action=accept set-bgp-prepend-path="" append-bgp-communities="" How do i update it to add no-export? : set-bgp-communities=no-expo...
by webix
Tue Aug 21, 2018 10:22 am
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 191
Views: 40937

Re: Blacklist Filter (Development Topic)

ok... when i run the script, i get this: /system script> /tool fetch mode=https url="https://bl.mikrotikfilters.com/secureFetch.php\?priority=$priority" http-met hod=post http-data="$sn" dst-path="$destPath" output=file; /import file-name=$destPath; /file remove $destPa...
by webix
Tue Aug 21, 2018 12:36 am
Forum: Scripting
Topic: BGP Detection script
Replies: 0
Views: 519

BGP Detection script

Hello Folks. I am not a script coder and it's why i am asking here for some help on my request. So... I have this: GRE Tunnel to a provider A. ETH Connection to a provider B. BGP Session with provider A. BGP Session with provider B with "Set BGP Communities" to "no advertise". I ...
by webix
Sun Jun 17, 2018 4:31 pm
Forum: General
Topic: HTTPS Download stuck after connected on lan side [SOLVED]
Replies: 1
Views: 496

HTTPS Download stuck after connected on lan side [SOLVED]

Hello everyone. I've been making a lot of searches on internet and here on forum and i can't find a solution or a reason for my problem. This is my setup: Mikrotik Router CCR1036-12G-4S with the latest RouterOS version installed. 2 BGP sessions to 2 providers (one is ethernet with VLan and the other...
by webix
Sun Jun 17, 2018 4:20 pm
Forum: Scripting
Topic: How to hide output of "once"
Replies: 3
Views: 908

Re: How to hide output of "once"

That worked out perfectly.

Thank you very much!
by webix
Thu Jun 14, 2018 1:22 pm
Forum: Scripting
Topic: How to hide output of "once"
Replies: 3
Views: 908

How to hide output of "once"

Hello all I have the following set of commands inside a script: :global counter /interface monitor-traffic ether1 once do={:set $counter (rx-packets-per-second)} :put $counter However, when i run the script, instead of getting only the $counter variable i get the full echo of the once command. How c...
by webix
Tue May 15, 2018 10:59 pm
Forum: Forwarding Protocols
Topic: Creating Communities to apply to BGP
Replies: 5
Views: 1211

Re: Creating Communities to apply to BGP

Hey. Ddos protection topic is more complicated than bgp communities. And i dont think, that you can solve it buy splitting traffic on national for unfiltered and international filtered. More to say, this ddos international traffic can be originated in your country but with spoofed sources. Do you u...
by webix
Tue May 08, 2018 3:22 pm
Forum: Forwarding Protocols
Topic: Creating Communities to apply to BGP
Replies: 5
Views: 1211

Re: Creating Communities to apply to BGP

Splitting traffic on national and international does not make sense for me, cos your national networks coud come to your network from international sources. Using gre for border routing does not make sense for me too. There are some specific cases, when you have to do so, but should not be used on ...
by webix
Fri May 04, 2018 4:44 pm
Forum: Forwarding Protocols
Topic: Creating Communities to apply to BGP
Replies: 5
Views: 1211

Creating Communities to apply to BGP

Hello all. Before i start describing my problem, i will try to explain the better i can the configuration i have (picture bellow for a better view). - I have my own range of IP addresses that i am announcing with my own ASN. - I have only one internet provider wich i connect to directly. - The above...