Community discussions

MikroTik App

Search found 24 matches

by Emil66
Mon Feb 15, 2021 9:51 pm
Forum: Scripting
Topic: How can I sum the limits-at of all child queues?
Replies: 6
Views: 423

Re: How can I sum the limits-at of all child queues?

You still need to deal with "numbers" like 768k, 3M or 1G.
by Emil66
Mon Feb 15, 2021 9:50 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 90
Views: 16337

Re: v6.48.1 [stable] is released!

Why do not not see Temperature/Voltage?
I had the same issue. It works again after I clicked "OK" on the empty settings page. (I use the web interface.)
by Emil66
Sat Feb 13, 2021 11:44 am
Forum: Scripting
Topic: Sum values obtained with foreach
Replies: 3
Views: 244

Re: Sum values obtained with foreach

Sums are obtained by adding stuff up. Computers only do what they're told. Try telling the computer to add something.
by Emil66
Fri Feb 12, 2021 8:47 pm
Forum: Scripting
Topic: local dictionary variable persisting between runs [SOLVED]
Replies: 14
Views: 907

Re: local dictionary variable persisting between runs [SOLVED]

is this a feature, a known limitation or a bug It's a choice: https://en.wikipedia.org/wiki/Local_variable#Static_local_variables It's a bit weird that scalar variables are not static and arrays are, but the script language is all sorts of weird anyway. I do understand however that ({}) is not the ...
by Emil66
Fri Feb 12, 2021 2:10 am
Forum: Scripting
Topic: local dictionary variable persisting between runs [SOLVED]
Replies: 14
Views: 907

Re: local dictionary variable persisting between runs [SOLVED]

Mikrotik RouterOS script variables are "static". The value is stored with the function, and as you have seen, this is implemented by rewriting the function whenever the value of a local variable is changed. Assigning an array is done by reference, not by value, which means the variable doe...
by Emil66
Mon Dec 14, 2020 10:47 pm
Forum: Beginner Basics
Topic: How to Stop Brute Force Attacks on HTTP / HTTPS Mikrotik
Replies: 2
Views: 296

Re: How to Stop Brute Force Attacks on HTTP / HTTPS Mikrotik

It seems you only need the port open for yourself or a small number of users (because you mention changing the port number regularly). In that case you could use " port knocking " to hide the open port from scanners. Make sure to use an individual sequence of ports, not the ones in the tut...
by Emil66
Sat Dec 05, 2020 1:47 pm
Forum: General
Topic: Firewall oddity
Replies: 10
Views: 1030

Re: Firewall oddity

If you can sell me a couple public IPv4 addresses for less than the cost of a replacement router which handles IPv6 properly, I'm all ears. As it is, I can only recommend against using Mikrotik gear if IPv6 is a requirement. That said, after some more testing it looks like the router doesn't reassem...
by Emil66
Sat Dec 05, 2020 12:31 am
Forum: General
Topic: Firewall oddity
Replies: 10
Views: 1030

Re: Firewall oddity

I've done that. It just tells me that it's a UDP packet with the right properties to be caught by the second rule. That's why I wrote the second rule as the inverse of the first rule: It really should not be possible for a packet to make it past the first and second rule and still match the third ru...
by Emil66
Fri Dec 04, 2020 11:46 pm
Forum: General
Topic: Firewall oddity
Replies: 10
Views: 1030

Re: Firewall oddity

I think it's a connection tracking / SIP helper problem. I can't reproduce it with just ordinary UDP packets that have no prior relation to some other connection. It reliably occurs if the UDP packet is an RTP packet coming in for a SIP "connection". I don't understand how that could make ...
by Emil66
Fri Dec 04, 2020 10:58 pm
Forum: General
Topic: Firewall oddity
Replies: 10
Views: 1030

Re: Firewall oddity

That's not it. I just used the inversion to make sure I cover all ports with the first two rules. The result is the same if I positively check for 10000-65535 in the second rule. The packet with the high port doesn't match that rule and falls through to the third rule, where it matches. It doesn't e...
by Emil66
Fri Dec 04, 2020 10:34 pm
Forum: General
Topic: Firewall oddity
Replies: 10
Views: 1030

Re: Firewall oddity

The three rules are: add action=drop chain=forward dst-address-list=test dst-port=1-9999 protocol=udp add action=accept chain=forward dst-address-list=test dst-port=!1-9999 protocol=udp add action=accept chain=forward dst-address-list=test protocol=udp The ​address list is a single IPv6 address. It ...
by Emil66
Fri Dec 04, 2020 9:39 pm
Forum: General
Topic: Firewall oddity
Replies: 10
Views: 1030

Firewall oddity

If I have three IPv6 firewall rules, that each accept or drop after checking for UDP dst-port 1-9999, UDP dst-port ! 1-9999 and just UDP, I would expect the last rule to never match, because a port is either in that range or not in that range, so either rule one or two should match and end processin...
by Emil66
Wed Aug 21, 2019 5:03 pm
Forum: General
Topic: Slow Gbit speed with Mikrotik hex S
Replies: 15
Views: 3952

Re: Slow Gbit speed with Mikrotik hex S

FYI: You're reading the block diagram wrong. The Hex S is capable of routing a full gigabit one way even on ports which use the same path to the CPU. Each of the two gigabit CPU links is 1 Gbps in and 1 Gbps out. You only need to use ports which are on separate links if you want to route a gigabit i...
by Emil66
Tue Jun 18, 2019 12:31 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 7452

Re: single IP constantly trying to log to my Mikrotik

The point was I understand about the order of firewall rules and efficiency of checking packets. What I was questioning and wanted to see a reference about was this line........... " Things like tracked connections (and also address lists) are stored in a clever way so the match can be made mo...
by Emil66
Mon Jun 17, 2019 9:53 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 7452

Re: single IP constantly trying to log to my Mikrotik

@Emil66 It's a forum for technical assistance. Don't be offended when you "waltz in" post "some gut feelings and expectations" without any substations, and someone reacts on that... Your opinions are incorrect. This thread could have been over when vecernik87 correctly informed ...
by Emil66
Sun Jun 16, 2019 8:14 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 7452

Re: single IP constantly trying to log to my Mikrotik

looking for a reference that the router processes filter rules of accepted/related more efficiently than other firewall filter rules in general and specifically better than raw rules. Nobody said anything like that. Each rule that needs to be checked takes some time, When processing a packet that b...
by Emil66
Sat Jun 15, 2019 11:41 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 7452

Re: single IP constantly trying to log to my Mikrotik

I asked for factual info & data, not some gut feelings and expectations! The Linux kernel code is open source. You can look it up yourself. This is the Mikrotik Beginner Basics forum, not a technical debate club. ...to pass many rules before they are accepted, the CPU load will be high... Can y...
by Emil66
Sat Jun 15, 2019 1:29 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 7452

Re: single IP constantly trying to log to my Mikrotik

I wouldn't advise to use raw-prerouting rule. It might have negative impact on speed of all (including fasttracked) connections. ... it will have more negative, than positive consequences because ... This is based on what factual info / data? It a rule base system like any other table (filter,nat,m...
by Emil66
Sat Feb 09, 2019 11:43 pm
Forum: General
Topic: [Feature Request] IPv6 Fasttrack
Replies: 39
Views: 10867

Re: [Feature Request] IPv6 Fasttrack

I was not aware that any Mikrotik Products supported DS-Lite, please explain how you support this. They don't support DS-Lite. But DS-Lite is just native IPv6 with an IPIPv6 tunnel to a CGNAT gateway for IPv4. Mikrotik routers can do the tunneling, but lack the automatic configuration and the neces...
by Emil66
Sun Nov 11, 2018 12:25 pm
Forum: General
Topic: [Feature Request] IPv6 Fasttrack
Replies: 39
Views: 10867

[Feature Request] IPv6 Fasttrack

I was led to believe that the Hex S (RB760IGS) achieves full gigabit throughput. This is not the case with IPv6. Due to the lack of IPv6 fasttrack support, IPv6 throughput maxes out at roughly 500 Mbit/s. That alone is bad enough, but on a DS-Lite connection, IPv4 is tunneled via IPv6, so even IPv4 ...
by Emil66
Fri Nov 02, 2018 12:23 am
Forum: General
Topic: [Feature Request] DHCP(v4/v6) client: Make arbitrary option codes requestable and provide their values to the script
Replies: 4
Views: 2445

[Feature Request] DHCP(v4/v6) client: Make arbitrary option codes requestable and provide their values to the script

Motivation: The DHCP server in Mikrotik routers can be configured to supply arbitrary options to clients, and the DHCP client in Mikrotik routers can be configured to add arbitrary options too, but the DHCP client has no method of requesting arbitrary options from the server and does not make values...
by Emil66
Wed Oct 31, 2018 5:33 pm
Forum: Beginner Basics
Topic: DS-Lite (RFC 6333 + RFC 6334)
Replies: 2
Views: 1840

DS-Lite (RFC 6333 + RFC 6334)

I'm trying to configure a Mikrotik router to use a DS-Lite (dual stack lite) internet connection as defined in RFCs 6333 and 6334 . DS-Lite combines a native IPv6 connection with a IPIPv6 tunnel to a CGNAT gateway called AFTR (Address Family Transition Router). The router learns the remote tunnel en...
by Emil66
Tue Aug 28, 2018 1:17 pm
Forum: Beginner Basics
Topic: Bug in default configuration
Replies: 2
Views: 569

Re: Bug in default configuration

This is already the case in default configuration.. Indeed it is. I dug a little deeper, and while the default configuration has the addresses on the bridge, applying the configuration from the "Quick Set" form moves the addresses over to ether2, even if all I change is the password. So t...
by Emil66
Tue Aug 28, 2018 2:35 am
Forum: Beginner Basics
Topic: Bug in default configuration
Replies: 2
Views: 569

Bug in default configuration

Disclaimer: I am an absolute beginner. Got my first Mikrotik router today. Nevertheless, I think there's a problem in the default configuration, but as I'm new to this, I'm not sure. Please enlighten me if this is my mistake. In the default configuration, ports 2 through 5 and the SFP slot are in a ...