This issue persist and now appears also on another RB. I have 20 RBs working as expected with the same configuration but two of them are behaving like this. Does anyone have any ideas please? Or how to debug this? Thank you...
I tested latest stable release and I had brutal latency on the router and this problem too. So I downgraded ROS to this release which I have on other RBs and everything works as expected there. I'll upgrade all RBs most likely to LTS version of ROS soon. Yes, this router is connecting to the Office....
Hi, I would like to ask you for a help. I'm using RB 750Gr3 (v6.47.4) as a gateway in many locations and I'm always creating IPsec tunnel into office (fw: Kerio Control). I have many of these RBs which are working very well, but now I have one in a new location and it behaves differently. Same devic...
I made few test today and though nothing had changed, both devices are running fast on band 3. I don't know what it was. I hope it will be ok now. Anyway, thank you SiB!
Hi, could you give me an advice please? I have two similar devices with the same LTE miniPCI-e card: RBwAPR-2nD&R11e-LTE RB912R-2nD-LTm&R11e-LTE These devices have the same R11e-LTE card but when I turn them on, RB912R-2nD automatically chooses band 3, 20Mhz bandwidth and it's much more fast...
mkx: Yes, you're right. Sorry for wasting your time. There was another typo. I can't even rewrite few lines without mistakes. I don't even know why I'm doing it. Readability is not better, but worse... Sorry for that. /interface bridge add name=LANbridge /interface bridge port add bridge=LANbridge i...
Hello, I have a problem. I have VLANs on my RB (RB3011UiAS). There is a working trunk port ether2 but I can't configure ether3 as an access port. There is a computer connected to that port unaware of VLANs and I need to have that computer in VLAN 30. According to Wiki https://wiki.mikrotik.com/wiki/...
NetWorker: No, I don't miss them. It's done with recursive routing and it works this way. But thank you very much for the link and tips! I really appreciate it! sindy: I see :) Thanks! Combined connection-marks? Mmm nice! I'm already scared! :D Btw... That connection-mark related post is really grea...
Thank you guys! So that example here https://awarmanf.wordpress.com/2010/01/06/mikrotikpolicyrouting/ is wrong? There are route rules combined with mangle.. Failover decisions based on pinging gateway does not seems to me like a great idea. There is usualy working gateway and problem is "furthe...
OK, thank you! :) So, this could be a working configuration? I have to be sure, because I have to configure this in remote location so I can't test it properly :( WAN interface ISP1 - 10.0.1.1 WAN interface ISP2 - 10.0.2.1 WAN interface ISP3 - 10.0.3.1 LAN subnets: 192.168.1.0/24 192.168.2.0/24 192....
Hi guys, I'm trying to setup my router and I don't know which way I should go. I have 3 different ISP connected, I want to have 1 ISP as a default one, one subnet should use another ISP and next subnet should use the last IPS. In case of outage on some ISP link, there should be working automatic fai...
Hello, I'm a little bit lost. I have to configure RB3011UiAS running ROS 6.44. I'm trying to configure it with a switch and use hardware offloading. I need to configure: ether1 - gateway (internet) ether5 - hybrid port - tagged VLAN 20,30 + untagged VLAN 1 ether6 - untagged VLAN 1 ether7 - untagged ...
2 Samot: I know, that there are some changes now. I wanted to know if it's possible now. 2 solar77: Thank you! :) I have to reconfigure this device which is already running somewhere and there is some weird configuration already. There is a bridge and there are 2 switches configured. I assume, that ...
Hello, is it possible to configure hybrid port with untagged VLAN 1? I need to configure one port with one or more VLANs (tagged) and leave there untagged VLAN 1 because of Ubiuqiti Unifi AP. There is not possible to configure management VLAN in Ubiquiti and it has to be untagged VLAN 1 :-/ I have R...
I think, this is it (or at least I hope so :)). /interface bridge filter add chain=forward in-interface=ether1 mac-protocol=arp comment="allow ARP" action=accept add chain=forward in-interface=ether1 packet-type=broadcast comment="drop broadcasts" action=drop add chain=forward in...
Hello, I have a problem. I have a machine connected to the network with approx. 100 IPs in my main subnet. But this machine most likely can't handle multicast and brodcast traffic on the network. I can't readdress it and put it behind the router. So I'm thinking about blocking unnecessary multicast ...
2 mkx: ok, thank you! :) 2 anav: Yes, you're right. I should tighten those WinBox rules. There should be no guests on LAN, but I could limit access to RB on one IP address for example. In case of WAN interface, this should be only temporary solution. Buť it's true, it doesn't take so long to configu...
Thank you guys for clarification! The second approach looks better even from future config modification point of view. I'll use that one. So I think this would be my configuration: /ip firewall nat add chain=srcnat action=masquerade ipsec-policy=out,none out-interface-list=WAN comment="masquera...
2 anav: Thank you! I have one question. Isn't better to use this single rule: add action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1 Insted of these 3 rules when I need to forward ports frow WAN to LAN? a...
A default drop is generally much better than adding lots of other rules for port scans, address filters, weird TCP flags etc. On embedded devices like routerboards you have limited CPU time, having lots of filter rules running on each packet opens you up to a resource exhaustion DoS. Ok, I get it. ...
Hmmm .. which ROS version? Recent ROS versions operate with interface lists, so firewall rules would refer to in-interface-list=WAN instead of in-interface=ether1.
Yes, you're right. I forgot to update new RB before exporting configuration.
Thank you for explanation.
Forward from WAN to LAN. Because of the access to the NVR. This is default firewall configuration: /ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment="defconf: accept established,related" connection...
I want to use these RBs in small corporate branches as gateways. There are not so many employees, but the network should be well protected. I only need to allow and forward few ports on RB because of NVR and electronic security system. Beside this, there would be only DHCP server and few DNS static ...
I have few RB750Gr3 RBs with the latest fw (6.43.8). I would like to use them as gateways. Sources: https://wiki.mikrotik.com/wiki/NetworkPro_on_firewalling (not available anymore, but it's available here: http://mikrotik.net.pl/wiki/NetworkPro_w_firewallu) https://wiki.mikrotik.com/wiki/Dmitry_on_f...
Hello, I'm still learning and I'm not sure if I'm configuring firewall on RB correctly. I was reading the manual, forum and examples on the web. I used one configuration I found on the web as a template. I made some changes and implemented few suggestions. I want to use this configuration in RB whic...