Community discussions

MUM Europe 2020

Search found 29 matches

by nitrohydride
Tue Mar 12, 2019 9:35 pm
Forum: General
Topic: CAP Wifi devices doesn't see each other
Replies: 1
Views: 277

CAP Wifi devices doesn't see each other

Hi, My router is RB 3011. I have few devices connected via ethernet cable, and some of them via Wifi (Mikrotik CAP). ethernet port are in bridge1, CAP interface datapath is associated with bridge1. I noticed that when i use Wifi i can ping every device which is connected via cable. I also can ping e...
by nitrohydride
Fri Jan 18, 2019 9:10 pm
Forum: General
Topic: PPPoE client WAN and VPN connection
Replies: 6
Views: 739

Re: PPPoE client WAN and VPN connection

NAT rules ?
by nitrohydride
Sat Jan 12, 2019 1:46 pm
Forum: General
Topic: IP-sec secret (pre-shared key) is too complex L2TP/IPsec
Replies: 1
Views: 475

IP-sec secret (pre-shared key) is too complex L2TP/IPsec

Hello everyone, I'm using L2TP/IPsec for vpn connection. I noticed, that if i set IPsec secret (Interface >L2TP Sever) too complex i cannot connect. example of too complicated password: !@kryobhuR()67 example of password,which doesn't make troubles: abcd123 Which settings do i have to change to use ...
by nitrohydride
Fri Jan 11, 2019 7:56 pm
Forum: General
Topic: redirect ip pool to specific DNS server [SOLVED]
Replies: 7
Views: 814

Re: redirect ip pool to specific DNS server [SOLVED]

Thank you for comprehensive explanation mkx.
Have done what you adviced me and everything works fine 8)
by nitrohydride
Thu Jan 10, 2019 9:17 pm
Forum: General
Topic: redirect ip pool to specific DNS server [SOLVED]
Replies: 7
Views: 814

Re: redirect ip pool to specific DNS server [SOLVED]

(Just for testing purposes) i managed to create a rule, which redirects DNS queries from my computer to one of free OpenDNS servers. It works fine for OpenDNS server. add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address=192.168.88.2 src-port="" to-addresses=208.67.222.123 I want to d...
by nitrohydride
Thu Jan 10, 2019 4:21 pm
Forum: General
Topic: redirect ip pool to specific DNS server [SOLVED]
Replies: 7
Views: 814

Re: redirect ip pool to specific DNS server [SOLVED]

Thank you mkx, it does exactly what i wanted.

Anyway, is there any way to redirect specific packets (port, protocol) from one ip to another ?
by nitrohydride
Thu Jan 10, 2019 2:51 pm
Forum: General
Topic: redirect ip pool to specific DNS server [SOLVED]
Replies: 7
Views: 814

redirect ip pool to specific DNS server [SOLVED]

Hellom I have two local Networks - for users and guests. Users- 10.2.0.0/24 Guests-192.168.1.0/24 My DNS server on mikrotik router allows remote requests from both networks. 1. In mikrotik i have only one DNS settings menu (IP>DNS). I would like to put different static entries to each of mentioned n...
by nitrohydride
Wed Jan 09, 2019 1:18 pm
Forum: General
Topic: catch-all rule block all the traffic
Replies: 7
Views: 816

Re: catch-all rule block all the traffic

i feel blocked port 53 UDP for LAN users. Do you have external DHCP server in your dhcp settings ? Do you have option "accept remote request" enabled ?
by nitrohydride
Wed Jan 09, 2019 10:50 am
Forum: General
Topic: ethernet - fiber adapter from mikrotik
Replies: 1
Views: 360

ethernet - fiber adapter from mikrotik

Hello everyone,

I'm looking for ethernet - fiber adapter which is compatibile with transreceivers:

https://mikrotik.com/product/S-31DLC20D-181

My connection route would be like:

ethernet cable (no PoE) > adapter >fiber (+transreceiver) >> mikrotik router( +transreceiver)
by nitrohydride
Mon Jan 07, 2019 10:09 pm
Forum: General
Topic: Interface ether accidently removed and I am disconnected.
Replies: 9
Views: 796

Re: Interface ether accidently removed and I am disconnected.

1.Open winbox and try to connect via MAC adress If you haven't disabled Mac server, router discovery and WINBOX ports, you should be able to log on. If this does not help, reset router config using Pin on LCD display (default one is 1234) then log via Winbox through MAC address and restore the previ...
by nitrohydride
Mon Jan 07, 2019 6:07 pm
Forum: General
Topic: L2tp Ipsec intruders
Replies: 3
Views: 661

Re: L2tp Ipsec intruders

Should i place the rule mentioned by Companion before accepting rules for VPN ? The order would be like : add action=drop chain=input in-interface=ether1 src-address=216.218.206.0/24 add action=accept chain=input comment="allow l2tp/ipsec" dst-port=500 in-interface=ether1 protocol=udp add action=acc...
by nitrohydride
Mon Jan 07, 2019 4:36 pm
Forum: General
Topic: L2tp Ipsec intruders
Replies: 3
Views: 661

Re: L2tp Ipsec intruders

This network doesnt seems to be on Bogons list.

Should i block this Ip on forward or input chain ?
Actually i have the rule "Drop all from wan" on my input chain. Can somone explain this ?
by nitrohydride
Mon Jan 07, 2019 4:09 pm
Forum: General
Topic: L2tp Ipsec intruders
Replies: 3
Views: 661

L2tp Ipsec intruders

Hi,

I use to connect with my network using vpn( l2tp/Ipsec). I noticed connecting attempts from 216.218.206.X network:
vpn1.jpg
vpn3.jpg
vpn2.jpg
That wasn't me for sure.
Could you tell me how can i block whole network (visible on pictures) from attempting to connect with my router ?
by nitrohydride
Sat Jan 05, 2019 12:08 am
Forum: Beginner Basics
Topic: set deafult internet source
Replies: 8
Views: 542

Re: set deafult internet source

Please post your current config: /export hide-sensitive compact terse
Which particular parts do you need ? Whole list would be very long.
by nitrohydride
Fri Jan 04, 2019 10:05 pm
Forum: Beginner Basics
Topic: set deafult internet source
Replies: 8
Views: 542

Re: set deafult internet source

Hey Sebastia , my explanation from first post could be not easy to understand: I would like to have sfp1 as default internet connection for all internal LAN interfaces, and use ether1 only for vpn connections (since it has public address). I meant, that WAN interface is public == it has public IP fr...
by nitrohydride
Fri Jan 04, 2019 12:48 pm
Forum: Beginner Basics
Topic: set deafult internet source
Replies: 8
Views: 542

Re: set deafult internet source

Thank you for answer Sebastia . Actually i've made a mistake, the current order is ether1>sfp1>ether2. We can consider the case ether1>sfp1, (i wont user ether 2 anymore). I tried to change routes order, but it is not possible. I have no idea how to set any rules for my routes. Do you have any relia...
by nitrohydride
Fri Jan 04, 2019 12:26 pm
Forum: Beginner Basics
Topic: ARP vs DHCP| Packs vs RBversion|PPPoE [SOLVED]
Replies: 6
Views: 656

Re: ARP vs DHCP| Packs vs RBversion|PPPoE [SOLVED]

Thank you mkx for good explanation. Jut wanted to find out whether my understanding is proper. Changing Ip and redirectering Client to static pool is much better solution. There is one more thing i am not sure though. If i make client static and set its IP other than in DHCP (outside dhcp pool), the...
by nitrohydride
Fri Jan 04, 2019 11:45 am
Forum: Beginner Basics
Topic: set deafult internet source
Replies: 8
Views: 542

set deafult internet source

Hello, I have 3 different internet connetion on interfaces: ether1 ether2 sfp1 When all of them are connected the default one is ether1>ether2>sfp1. I would like to have sfp1 as default internet connection for all internal LAN interfaces, and use ether1 only for vpn connections (since it has public ...
by nitrohydride
Thu Jan 03, 2019 11:38 pm
Forum: Beginner Basics
Topic: ARP vs DHCP| Packs vs RBversion|PPPoE [SOLVED]
Replies: 6
Views: 656

Re: ARP vs DHCP| Packs vs RBversion|PPPoE [SOLVED]

Thank you for answers guys, it really helped me a lot. Acording to question no 1: Lets consider situation when i have dhcp pool containing only 10 addresses (for example from 10.10.10.50 to 10.10.10.59) and i set all of them static for some computers. After This dhcp server should not have any free ...
by nitrohydride
Thu Jan 03, 2019 10:46 pm
Forum: Scripting
Topic: Best scripts for firewall and router protection [SOLVED]
Replies: 16
Views: 63396

Re: Best scripts for firewall and router protection [SOLVED]

I do not want o create new topic, so i decided to ask my question here. According to Basic Router protection from Mikrotik Wikia : i have line : add chain=input comment="Accept all connections from local network" in-interface=LAN In my Router i have separate networks for trusted users (10.10.10.0) a...
by nitrohydride
Thu Jan 03, 2019 8:55 pm
Forum: Beginner Basics
Topic: ARP vs DHCP| Packs vs RBversion|PPPoE [SOLVED]
Replies: 6
Views: 656

ARP vs DHCP| Packs vs RBversion|PPPoE [SOLVED]

Hello everyone, To do not spam i decided to create one post with a few questions which really bothers me. I'd be really 1. What is the difference between this two options ? : arpvsdhcp.jpg How to set up dhcp server to always give specific MAC adress always the same IP adress (and never lease it to a...
by nitrohydride
Wed Jan 02, 2019 11:28 pm
Forum: General
Topic: PPPoE, VPN etc.
Replies: 0
Views: 314

PPPoE, VPN etc.

Hello, I am using PPPoE to connect with my ISP device (it works as AP Bridge). I would like do find out a few things. In this case PPPoE is configured on RB2011: 1. It can be a stupid question, but what is my WAN interface in this case ? PPPoE interface ( visible in interfaces) or ether1 interface(w...
by nitrohydride
Fri Nov 23, 2018 12:42 am
Forum: General
Topic: IP Based Bandwidth Priority
Replies: 3
Views: 354

Re: IP Based Bandwidth Priority

viewtopic.php?f=2&t=141783

Maybe this topic will be helpful for you. That is basically the same what you want ;)
by nitrohydride
Tue Nov 20, 2018 10:59 pm
Forum: General
Topic: Qos hints
Replies: 5
Views: 467

Re: Qos hints

Thanks, i realize that, but now i am testing rules for download only. I would like also to find out how efficient is this solution - the main goal is to avoid situations, when someone doesn't have any available bandwidth (it happens without any queue rule) In case when someone downloads and connecti...
by nitrohydride
Tue Nov 20, 2018 10:40 pm
Forum: General
Topic: Qos hints
Replies: 5
Views: 467

Re: Qos hints

Thank you for the answer, but still it didn't help me. I have two groups of users (i shared ip range for 2 parts). I need to know whether 1/2 of banditch will be equally distributed among ip's inside each range. mikrotik3.jpg In example above when i have connected 4 computers ( and everyone is downl...
by nitrohydride
Mon Nov 19, 2018 11:36 pm
Forum: General
Topic: Qos hints
Replies: 5
Views: 467

Qos hints

Hello, 1. I would like to find out whether my attempt to provide some QOS into my network makes any sense: mikrotik.jpg In case when every group download something with maximium available speed: I would like to give admins at least 50 % of bandwidth (during stress moments, pcq) All users should have...
by nitrohydride
Sun Nov 18, 2018 6:51 pm
Forum: General
Topic: IP binding
Replies: 4
Views: 413

Re: IP binding

As i thought the things aren't so simple. Windows UAC prevent my users to change their Ip manually, but still there is some possibility to connect private PC via ethernet cable and set IP manually. My users have definied their IP as static on DHCP server, and noone should impersonate them. Didn't re...
by nitrohydride
Sun Nov 18, 2018 5:18 pm
Forum: General
Topic: IP binding
Replies: 4
Views: 413

IP binding

Hello,

I use ARP to tie MAC's with Ip addresse's. However this addresses still can be accessible by others, when they configure their computers to use static IP.
How to prevent users to set their Ip static ? Only microtic should be able to give user the address.
by nitrohydride
Tue Oct 09, 2018 10:14 am
Forum: General
Topic: Block youtube and not google earth
Replies: 20
Views: 6371

Re: Block youtube and not google earth

Could this not be done with DNS? Simple hosts file or on the DNS server? You can make it, but it will affect every DNS user. Unless Mikrotik can redirect only chosen ones to another dns server (but i guess it is impossible). @vacernik87 I've tested TLS host and Layer 7 solution. It works for me aft...