Community discussions

Search found 16 matches

by vklpt
Mon Aug 19, 2019 10:18 pm
Forum: Scripting
Topic: Scheduler with API support
Replies: 1
Views: 494

Re: Scheduler with API support

New function - routeros_find_send to simplify editing of existing settings. Remove static items from address-list: routeros_find_send( cmd_find=[ '/ip/firewall/address-list/print' , '?list=MY_LIST' , '?dynamic=false' ] , cmd_send=['/ip/firewall/address-list/remove'] , device_ip='192.168.88.1' , devi...
by vklpt
Sun Jul 14, 2019 2:06 pm
Forum: Scripting
Topic: Scheduler with API support
Replies: 1
Views: 494

Scheduler with API support

https://github.com/vikilpet/Taskopy Open source Python scheduler for Windows with RouterOS API support. Example — add IP from clipboard to address-list "my_list": def add_ip_to_list(hotkey='alt+ctrl+i'): routeros_send( [ '/ip/firewall/address-list/add' , '=list=my_list' , '=address=' + clip_get() ] ...
by vklpt
Wed Mar 06, 2019 8:53 pm
Forum: General
Topic: Port knocking alternative
Replies: 4
Views: 543

Re: Port knocking alternative

Besides being less practical than nping You did not get the idea. I suspected the executable might be malicious. VT Detection ratio: 11 / 70 Check VirusTotal: https://www.virustotal.com/en/file/d81c4fc522dad30fc355e92d53799542552fb7bf31f4597a9ee065156a70d40d/analysis/ If you believe in power of heu...
by vklpt
Tue Mar 05, 2019 7:31 pm
Forum: General
Topic: Port knocking alternative
Replies: 4
Views: 543

Re: Port knocking alternative

Update:
• New ini parameter: url_prefix
by vklpt
Tue Feb 19, 2019 7:29 pm
Forum: General
Topic: QUEUE only for one TCP port
Replies: 4
Views: 322

Re: QUEUE only for one TCP port

packet-mark and routing-mark are different things. You should use mark-packet action in mangle
by vklpt
Tue Feb 19, 2019 2:12 pm
Forum: General
Topic: QUEUE only for one TCP port
Replies: 4
Views: 322

Re: QUEUE only for one TCP port

May be you messed up with source/destination port or source/destination queuing. You better show your rules.
by vklpt
Tue Feb 19, 2019 10:33 am
Forum: General
Topic: redirect subdomain(NAT)
Replies: 11
Views: 1104

Re: redirect subdomain(NAT)

@sob: good point. I automatically expected he talks about HTTP because the domain is completely irrelevant in ICMP and most other protocols. @vklpt: Nope. Layer7 communication starts AFTER the L4 is established. And NAT has to occur on first packet of connection. Even the definition of L7 matcher d...
by vklpt
Tue Feb 19, 2019 10:25 am
Forum: General
Topic: Voice Quality Issue
Replies: 2
Views: 425

Re: Voice Quality Issue

It sounds like link congestion issue. You should monitor traffic load of your interfaces and CPU load of your router.
by vklpt
Tue Feb 19, 2019 10:22 am
Forum: General
Topic: Routing SIP to specific WAN
Replies: 2
Views: 474

Re: Routing SIP to specific WAN

Many SIP devices have RTP port range in settings, so you can set that range and match RTP packets by range.
Other way there may be setting in SIP devices to mark packets with DSCP so you can use those markings in mangle.
by vklpt
Tue Feb 19, 2019 10:15 am
Forum: General
Topic: redirect subdomain(NAT)
Replies: 11
Views: 1104

Re: redirect subdomain(NAT)

You should try to use content or Layer7 matcher to distinguish those packets in NAT rules.
by vklpt
Mon Feb 18, 2019 7:14 pm
Forum: General
Topic: Public IP Address Blacklisted
Replies: 4
Views: 492

Re: Public IP Address Blacklisted

Check if your IP's listed in spam databases, for example here
https://2ip.ru/spam/
by vklpt
Mon Feb 18, 2019 7:08 pm
Forum: General
Topic: Office 365 traffic shaping and priority on RouterOS
Replies: 3
Views: 511

Re: Office 365 traffic shaping and priority on RouterOS

Add this servers to address-list: https://docs.microsoft.com/ru-ru/office365/enterprise/urls-and-ip-address-ranges then mark traffic from and to this address-list with some marks. Also you need mark all other traffic with another marks. Then make a queue tree: https://wiki.mikrotik.com/wiki/Manual:Q...
by vklpt
Mon Feb 18, 2019 6:50 pm
Forum: General
Topic: publishing solar winds orion on internet
Replies: 1
Views: 259

Re: publishing solar winds orion on internet

Why not just google "mikrotik port forwarding"?
https://wiki.mikrotik.com/wiki/Manual:I ... FTP_server
by vklpt
Mon Feb 18, 2019 6:48 pm
Forum: General
Topic: Load balancing and failover, EoIP, Bond.
Replies: 4
Views: 641

Re: Load balancing and failover, EoIP, Bond.

/interface eoip add loop-protect=off mac-address=02:20:98:72:C9:A2 name=eoip-tunnel1 remote-address=11.11.11.10 tunnel-id=500 add loop-protect=off mac-address=02:20:98:72:C9:A2 name=eoip-tunnel2 remote-address=22.22.22.10 tunnel-id=501 /interface eoip add loop-protect=off mac-address=02:26:13:F5:00...
by vklpt
Mon Feb 18, 2019 4:14 pm
Forum: General
Topic: Port knocking alternative
Replies: 4
Views: 543

Port knocking alternative

2019-02-18_17-59-19.png Let's call it «Web Knocking». Idea is simple: open ports with just hitting a link. Web server sits behind router and listening for HTTP requests. IP address of good and verified request he sends to router's white list and all other requests to black list. To knock just open ...