Thus is caused by the premature deletion of the connection entry for TCP in Linux. When the router sees a close of the TCP session (FIN/ACK FIN) it immediately deletes the connection entry, instead of setting it to a timeout of say 30 seconds. The result is that when the ACK FIN is not received by ...

I came across the following in Mikrotik log: invalid forward: in:bridge out:ether1, src-mac xx..., proto TCP (RST), 10.0.0.204:57914->23.3.109.12:443, len 40 (iphone to an Akamai) invalid forward: in:bridge out:ether1, src-mac ...., proto TCP (ACK,FIN), 10.0.0.152:60806->54.173.8.102:80, len 52 (ama...

Basically forget about the vlan-header= setting While you can forget about the setting on said switch chips (BTW, I have one of them as well), the correct setting for access port (which should egress only untagged frames) is vlan-header=always-strip none the less. In the switch configuration block:...

Before upgrading the speed of the router, you should check the speed of your internet. Because maybe the reason behind this problem isn’t your router, maybe it’s the internet itself that’s causing the trouble. There are a lot of internet speed test tools but if you want to save your time and want a...

Domain names in the access_list are resolved to IPs, I presume, at which time point does it happen?
Is it re-checked periodically?

... And before I start applying it (the "reset" button is broken... I think I still can press it somehow with a screw driver, so it would be some fun), what about this commment: Note: QCA8337 and Atheros8327 switch chips ignore the vlan-header property and uses the default-vlan-id propert...

Also I tried to UPnP-map a TCP port which is already used. If the port is used by a NATted TCP session from a LAN host, everything works perfectly, mapping is created and connection from WAN is received, the old NATted TCP session doesn't break either. If the port is used by MikroTik itself (e.g. s...

When I want specific port X to be forwarded... I don't think I'd want it to be randomly overridden by <any> device, just because it happens to have access to my LAN. This is, in a way, compatible with UPnP as the same port could be forwarded to only one device at a time, so the only change needed is...

... Wow, so elaborate, thank you so much, I haven't tried yet, but thanks to comments, could follow what most commands do. Regarding "independent-learning" bit, is this useful for anything but "same mac could appear on different ports" scenario? And another, more complex questio...

Black lines on this pic exist, blue is what I'm trying to achieve: https://i.imgur.com/qA3ikoJ.png Mikrotik acts as AP/home router (gets IP from the ISP box, has DHCP server, does NAT etc). I need to build independent connection to the ISP box for PC that would connect to Ethernet 2 port and noteboo...

TCP only sends a certain amount of data until a confirmation from the recipient arrives, so not only the available bandwidth but also the round-trip delay plays a role. If you do the test between two devices on the same LAN, the results will be nearly the same. I'm aware of that, but TCP connection...

Good day, Newbie here. I have the following topology:: Mikrotik1 (951G-2HnD) (192.168.0.2) => ISP Router A (120/6mbit) ------------------ ISP Router B (50/50mbit) <= HAP AC (10.1.0.x) ISP Router A can be configured to forward UDP/TCP ports, no DMZ option. ISP Router B is more advanced, has DMZ, alth...

In case other people run into issue: OVPN was actually working, it was just UI not showing IP addresses assigned to the interface.

Any solution to this problem?
Get exactly the same issue, 5Ghz works, 2.4Ghz "cannot connect".
CAP AC in Dual AP Home mode.

Is there anything in log about it? If there's nothing, then npk file location is probably not right. Nothing in logs. When joining via FTP I see that root folder's path is "/flash". (with no way to get to the / folder) Uploaded file via UI to the actual root folder, and it worked, thanks.

Router FW: 6.46.1 No packages installed manually before, plenty of space. Put multicast-6.46.1-mipsbe.npk over FTP and can see it in the file list. (HAP AC is mipsbe as far as I see on resources tab) Rebooted the router, but nothing happens. The npk file is there and there is no message about it in ...

Greetings, I'm trying to test various VPN solutions supported by mikrotik routers. For each, I create a new pool, profile and secret. Profile is declaring local IP and referencing the pool. Exactly the same thing is done for SSTP, PPTP and OVPN (on a non-standard port that is, however, whitelisted i...

Added rules: 1) chain = forward 2) chain = input src IP = IP of my phone action = drop ip firewall filter print shows: ... 7 chain=input action=drop src-address=192.168.0.138 log=no log-prefix="" 8 chain=forward action=drop src-address=192.168.0.138 log=no log-prefix="" . Any ide...

That is not correct, it is also possible to make dstnat rules in a router that is not doing srcnat.
It should work.

OK, I'll try it later today.

Code: Select all

/ip firewall nat
add action=redirect chain=dstnat dst-port=53 protocol=udp
add action=redirect chain=dstnat dst-port=53 protocol=tcp

No, as I said, there is no NAT, so these rules, while doing no harm, do not do anything.

If you want your cable modem acts like NAT router and Tik is not, then just add these 2 rules, cause Tik not gonna NAT your source address of your LAN, it's NAT dest address which not fail access to Internet with source NAT by cable modem. Why does it have to be a NAT? I don't want Network Address ...

Anyone?

Greetings, I have tried following this guide (correcting IPs, of course): https://wiki.mikrotik.com/wiki/Force_users_to_use_specified_DNS_server But it doesn't seem to work, and the reason, I suspect, is that MK acts as a router, without NAT. Configuration: ISP <= CableModem/Router (NAT + DHCP Serve...