MikroTik

Martin4

Hi, I've a script that ban IPs after 3 times they try access: the script simply add every single IP in an Address List. Then, i have a this Firewall Raw Rule that simply drop this list: /ip firewall raw add action=drop chain=prerouting comment="DROP - Lista BANNED" src-address-list=BANNED ...

Martin4

Hi, i've some natted ports triggered to the same port of the same address: 20050 -> dst-nat to 192.168.0.10 to port 443 20051 -> dst-nat to 192.168.0.10 to port 443 20052 -> dst-nat to 192.168.0.10 to port 443 ......etc Now, i want to limit bandwidth in different mode to connections of each port. I'...

Martin4

Hi,
i've webdav servive on a pc and i want to access it outside home.
But, i want to create a queue to limit upload.
So, i've already do a nat rule to a specific port, and all works fine... But i'm not able to create the queue.
How can i intercept traffic on this port and limit only this?
Thanks!

Martin4

Thank you very much

Martin4

ok thank you, i'm on linux systems but now i'll search this method.
But, i want know if there is a method to force this from server side.
Or i need to configure all client computers?
thank you very much

Martin4

Hi, i configured an l2tp VPN server, all ok, and connection works fine. I use VPN to access my LAN shared at home. So, when i'm connected to this VPN, all internet traffic of the clients pass through my home adsl connection. I don't want this, i want every client uses its own internet connection to ...

Martin4

Hi, i had read qos, queue and mangle, but i don't understand all rules, marking packets etc... so, can someone show me show me 1 example? I need to manage bandwith of a connection to a specific port. So, i've a port natted (triggered) to an IP in LAN, i need to create a queue to limit all traffic th...

Martin4

Thanks for "answer".
I already use simple queues, but in this case i'm not able to implement its.
I've not an IP, all external IP are dynamics, only i can "use" port triggering or a protocol (davs) to identify a connection... But I don't know how to use it in a rule!

Martin4

Hi, i've a WebDAV server (https), and i connect to it from external ip (other home, work, mobile phones etc). I want to limit bandwidth of any ip that connect to it. In NAT rule there is "connection-limit" option, is this for my problem? How can i do to limit this connections? Obviously, i...

Martin4

OK, Thank you so much!!

One question, could is mayor efficient to put the drop rule in the RAW firewall section?
Obviously only this line:

add chain=forward connection-state=new src-address-list=ddoser dst-address-list=ddosed action=drop

Martin4

Yes, thank you, in fact i try to observe my rules working and seems that the rules that matches almost all during file transfer, was the rules to skip fasttrack to permit queues. These: add action=accept chain=forward comment="skip fasttrack to permit queues" connection-state=established,r...

Martin4

Hi Chupaka, thanks for the solution.
Question...
Where can i put your rules about ddos?
At top?
At bottom?
I've 54 rules now:
- first accept input rules
- then drop input
- forward rules of accept ipsec, port dstnatted, queue etc...
- fasttrack/accept/drop rules
- forward drop rules

Thanks so much!

Martin4

ok, clear. thank you very much! Meanwhile, indeed i try to disable the red line, the general accept that overshades others: add action=accept chain=forward connection-state=established,related,untracked and actually other rules works fine, the rest of LANs works fine! Transfer rate inside LAN ok, vp...

Martin4

Ok, yes, indeed i was studying my rules and in fact i imagined your description. So... how would you sort my rules? My solution is not good? Question, wanting to make FastTrack working, as it is build, what kind of connections it will skip? Is it necessary? Would it be faster than the first rule? Mu...

Martin4

ok, i reordered my firewall rules observing defconf rules, your suggestion and my needed. Now it works almost all. But now, i'm trying to understand, the dynamic rule (passthrough at position 0) created by mikro when you activate fasttrack, not work. 0 bytes! While, before I started tidying up the r...

Martin4

Hi, thanks. I've a 2011UAS-2HnD, Wi-Fi turned off Always. 5 LAN, 1 VPN, 54 firewall rules, 40 lines of address list in 8 lists. Now i solved, i've 1 gigabit rate transfer when copy file between routing. However, i continue to not understand many things... I just bought 2 books on Amazon, when they'l...

Martin4

Thank you!
Samba is not one of the mikrotik but simply share between pc.
I've 5 PC, in 3 different networks, that share some directories.
Unfortunately, i must traverse firewall rules because i can't permit all LAN views all LAN.
So i lock or permit some networks in realtion of others.

Martin4

Thanks to all. I already know what you write me, but i've bit difficult to sort ruler... Oriented to speed of router o for other services. For example: - fasttrack "doesn't permit" queue, so you can add an accept rule before fasttrack rule. - many rules slow down samba transfer rate betwee...

Martin4

Hi, Whenever i move or add a rule in the firewall something broke down! Emule id low, VPN doesn't work etc... Is there a manual that explain method in the firewall to order rules correctly? Then, "defconf" rules must be on top, bottom, mixed to my rules? Now, for example, i noticed a slow ...

Martin4

Hi all, i solved problem of storage position, now correct configuration is "/usb1/" inside tg_config script. But.... When i run tg_getUpdates i receive "no such item" after "/tool fetch..." command. Files in USB are correctly like if you get page directly from browser. ...

Martin4

Thanks, i try many values, i solved with simply "/"
Now it writes files, but again "no such item" after update..

Martin4

Hi, "print" seems not function...
or maybe i'm not able, but i'm still trying...

Martin4

No.... i try :put from command line (ssh session): :put [ :toarray [ /log find where (message~"assigned" || message~"user") ] ] but the result is a series of... i don't know (hex code? other?) Part of the result: ................. ;*7e4;*7e5;*7e6;*7e7;*7e8;*7e9;*7ea;*7eb;*7ec;*7e...

Martin4

Hi, thanks, now i try...
Yes, i only need OR method.
I want only find A or B or C....

I'm not sure to complain :put command.
In the wiki this is not very well explained.

Martin4

Hi, like subject... i've already a running script that works fine! It parse the log to find logged users, but if i add keyword to find "assigned" to, it doesn't find it! My code was: :local currentBuf [ :toarray [ /log find where (message~"logged" || message~"login") ] ...

Martin4

ok, thank you very much!

Martin4

I found! Sorry!!! damn!!! the line offending is: ..... :set messageTime [/log get [ :pick $currentBuf ($currentLineCount - 1) ] time] ; .... if i comment that it works! so, the solution is to add ad this line :totime !!! So, the line, finally, looks like this: :set messageTime [ :totime [/log get [ ...

Martin4

Hi msatter thank you,
actually I can also remove the instruction "log..." or doing nothing, but the problem remains.

Martin4

Hi, i've this script. The script works fine! But..... after :foreach {......} statement it doesn't execute nothing other! For example a /log info "...." doesn't works, or a command, or an IF statement.... Nothing works after } of the :foreach statement. I can't realize what is blocking! I ...

Martin4

ok, all clear, thank you very much solar77.
And thanks to all, .....solved.

Martin4

thank you anav, all clear. Yeas, i readed wiki but I don't understand some points... if you want, can you read in my before post the points 1, 2, 3, and 4 and clear me that dubts? Point 1 you probably already clear, I understand that then only one goes and at the end? Right? Point 4 is most importan...

Martin4

Hi, thank you for the reply. I had already read the wiki but i continue to not understand, so i wrote... So... 1) the drop rule at he end must be 1 and only 1, right? So, if i add in the future some new rules, i must insert before the "drop all" rule that was at the end, right? I'll must m...

Martin4

Hi, i can't understand the use of the rule: add chain=input action=drop In particular, i find many firewall rules on internet and some groups of rules have at the end that rule. So, i can't understand if i must write this rule every time i write rules, or if it's sufficient only once at the end of a...

Martin4

Hi, if i try to run script tg_cmd_xxxx separately they works fine... when i send /message from telegram to bot, run tg_getUpdates in telnet and i receive "no such item" tg: Load config trusted=xxxxxxxx;trusted=yyyyyyyy botID=zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz storage=/disk1/ timeout=1 Reading...

Martin4

Hi to all, first, sorry for my bad english, then... I've 2 users with full permissions on router. I've some scripts and, in some of this, ther are sensitives data like passwords etc... Is there a method to deny 1 user (with full permissions) to read the contents of the scripts? The scripts have thei...

Search found 35 matches

Firewall Raw Rule not drop CIDR 16?

Limit bandwidth natted port

Queue Limit to specific port

[SOLVED] Re: VPN gateway of client

Re: VPN gateway of client

VPN gateway of client

Apply queue to connections on port natted

Re: Bandwidth limit on natted connections

Bandwidth limit on natted connections

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

Re: Firewall rules order

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

Re: Firewall rules order

Re: Firewall rules order

Re: Firewall rules order

Re: Firewall rules order

Re: Firewall rules order

Re: Firewall rules order

Firewall rules order

Re: Mikrotik and Telegram

Re: Mikrotik and Telegram

Re: find in log "assigned" or "deassigned" IP by dhcp

Re: find in log "assigned" or "deassigned" IP by dhcp

Re: find in log "assigned" or "deassigned" IP by dhcp

find in log "assigned" or "deassigned" IP by dhcp

Re: Script doesn't continue after a statement [SOLVED]

Re: Script doesn't continue after a statement

Re: Script doesn't continue after a statement

Script doesn't continue after a statement [SOLVED]

Re: chain -> input action -> drop

Re: chain -> input action -> drop

Re: chain -> input action -> drop

chain -> input action -> drop [SOLVED]

Re: Mikrotik and Telegram

user access script contents