Community discussions

MikroTik App

Search found 11 matches

by senseivita
Wed Aug 04, 2021 3:06 am
Forum: Beginner Basics
Topic: Why interfaces don't work for firewall rules?
Replies: 2
Views: 101

Re: Why interfaces don't work for firewall rules?

Oh man, I'm sorry, I'm still learning the rules around here. I attached the file now. If it's all scarily open it's because it sits behind other firewalls, IDS/IPS and proxies already. I promise I'm not that reckless. :D This will be the "distribution" firewall, so to speak, it'll filter o...
by senseivita
Mon Aug 02, 2021 12:00 pm
Forum: Beginner Basics
Topic: Why interfaces don't work for firewall rules?
Replies: 2
Views: 101

Why interfaces don't work for firewall rules?

I'm trying to pass all traffic entering an interface (rule #3) but it's catching nothing: Screen Shot 2021-08-02 at 00.58.03.png Instead all traffic is caught by the later rule (rule #6) which just like the intended one, doesn't specify src.addr . Why specifying the interface breaks the otherwise id...
by senseivita
Thu Jul 15, 2021 11:28 pm
Forum: General
Topic: Advice for routing internally with multiple WANs
Replies: 0
Views: 382

Advice for routing internally with multiple WANs

Hey all, :) I'm setting up CHR as the edge device but I need to route traffic in and out to several devices. It was suggested to me that I used VRF but that seems to capture everything (a default route) and I still have to direct X to Y , part of X to Z both internally and over multiple Internet-fac...
by senseivita
Sat Jul 10, 2021 2:39 am
Forum: Beginner Basics
Topic: CHR trial license expired, got new ID. Can I purchase?
Replies: 0
Views: 528

CHR trial license expired, got new ID. Can I purchase?

My [CHR] license expired but it said in the box next renewal was in two days. I went to my account and I had the option (button) to renew but it had a little red flag next to it. I didn't trust the conflicting messages specially since the documentation says that I absolutely need to reinstall — whic...
by senseivita
Tue May 11, 2021 8:03 am
Forum: Beginner Basics
Topic: How to create multiple DHCP servers in the same interface
Replies: 1
Views: 499

Re: How to create multiple DHCP servers in the same interface

I found my answer! :D On article Manual:IP/DHCP Server I had missed: relay (IP; Default: 0.0.0.0) The IP address of the relay this DHCP server should process requests from: 0.0.0.0 - the DHCP server will be used only for direct requests from clients (no DHCP relay allowed) 255.255.255.255 - the DHCP...
by senseivita
Mon May 10, 2021 8:25 pm
Forum: Beginner Basics
Topic: How to create multiple DHCP servers in the same interface
Replies: 1
Views: 499

How to create multiple DHCP servers in the same interface

I failed for the fouth or fifth time to migrate to CHR again, but the good thing is that I just used another firewall at the edge and this I'm I have no firewall rules to recreate. I want to keep the DHCP server though, make it the master, I liked it that like Windows Server's DHCP it can be edited ...
by senseivita
Sun Apr 25, 2021 3:06 am
Forum: Beginner Basics
Topic: Policy Routing/FIB
Replies: 3
Views: 492

Re: Policy Routing/FIB

Thanks for answering, that's such a relief. I already set it up halfway --routes are not enforced yet-- I only need to figure out a way to enforce traffic within the chain if, say, another device that introduces traffic in the middle of the line this traffic continues right on line but this device i...
by senseivita
Sat Apr 24, 2021 7:07 am
Forum: Beginner Basics
Topic: Policy Routing/FIB
Replies: 3
Views: 492

Re: Policy Routing/FIB

I think I can solve it using Mangle rules to mark traffic on an interface and then the rules section in IP/Routes to match the traffic and force it to a gateway. The only problem is that since router has visibility at every point I'm afraid on the way back it might skip the gateways altogether and s...
by senseivita
Wed Apr 21, 2021 11:40 pm
Forum: Beginner Basics
Topic: Policy Routing/FIB
Replies: 3
Views: 492

Policy Routing/FIB

I use several network appliances in the network to do what Mikrotik can't or just is too cumbersome to do, I'm sure it'll get easier with time and some of these will disappear. Meanwhile though, I have this devices chained routing from one to the next and I'd like to reorganize this into a pseudo st...
by senseivita
Tue Apr 13, 2021 10:29 pm
Forum: Beginner Basics
Topic: How do I disable (allow all) the firewall completely?
Replies: 1
Views: 482

How do I disable (allow all) the firewall completely?

I'm setting up CHR but the ruleset plus policy routing (which I don't know how to do), tunneling stuff, IDS/IPS and reverse proxy is so complicated (and basic, i.e; tunneling) that I' used a couple of pfSense instances chained in front of it instead with static rules to avoid NAT. If I delete all th...
by senseivita
Fri Jan 01, 2021 6:03 am
Forum: Beginner Basics
Topic: Switching from pfSense to CHR -- Firewall rules
Replies: 0
Views: 143

Switching from pfSense to CHR -- Firewall rules

I'm attempting to move to CHR from pfSense/OPNsense but I'm having a hard time dealing with firewall rules. In pfSense filtering is only done on the inbound direction of each interface. While filtering can be done on the outbound too it's rarely used, mostly by traffic shaping or a package that can ...