NAT doesn't have priority over firewalling. Read the wiki manual on packet flow. Destination NAT happens first, then the firewall chains fire like they usually would but they will see the packet with the new destination IP address. Then source NAT changes the source IP address of the packet if warr...
Hello, I have upgraded RB150 minirouter to ver 4.17. I tried to get the (higher version 5.17 - mipsle version), however upon the reboot, it didn`t boot up. I have turn of the power and after turning it on it was corrupted in nvram. I have done netinstall 4.17 and was capable to bring it back among t...
Hello to everyone I have implemented the rules based on the following wiki setup guide. My configuration is exactly as it is given in the enclosure of the setup guide, i got my mangle counters working on. However after adding the queue tree according to the guide i get only remaining traffic queue w...
Thanks Normis, i have done it and it works, except i got one more problem. After i uploaded Dude package and started to create my network. After i finished i wanted to export my backup to my computer, i have started the procedure and after it finished , suddenly my dude client lost connection and re...
Hello, I have installed dude package 3.6 on IDE flash 256Mb, i couldn`t install version 4.2 beta because after installation i get "disk is too small" note in log. Since my Mikrotik is 5.05rc and is legal (i have payed for it :)) i am having storage problem :(....my dude backup is quite to ...
I have RB 433 with OS 3.13 few minutes ago i had upgraded software to 3.30 it was necessary. Anyway after booting procedure i get the following message: "You have 23h18m to configure the router to be remotely accessible, and to enter the key by pasting it in a Telnet window or in Winbox. See ww...
Well, i did as you said Chupaka, but since i have removed src-address i can`t see which IP/user is making given amount
of connections ? Based on removed things for almost 1 day i had no problems, except i can`t see who is making them
Ok my rules are, chain=forward action=add-src-to-address-list tcp-flags=syn address-list=80 konekcija address-list-timeout=10m protocol=tcp connection-limit=80,32 chain=forward action=drop src-address=62.x.x.x/24 src-address-list=80 konekcija protocol=tcp connection-limit=80,32 In the address list s...
I saw something very interesting!! In the "address list" section where it tracks and shows all the clients that had reached "80 connections" instead of only 192.168.1.0/24 (ip range given to track as source address) there are also a lot of other addresses, addresses like x.x.x.x/...
Thans again for your reply Sergejs . Unfortunetely i am having the same problems. I had tried everything. I`ve checked connection tracking after a phone call from one client complaining that he cannot open any page, i have checked connection tracking he had only 5 connections! :( again my rules are ...
I am still having the same problems. I thought that problem was because of OS 3.13! But since derr12 has upgraded and still has issues, i am without a clue. After a while people are calling me complaining that they can ping google, but when they open browser, it won`t load a page! As soon as i chang...
Firstly, thank you sergejs for your post! Second, Are you recommending me to upgrade to OS 3.23 ? I have 3.13 on x86 platform. So according to my chain rules above your reply, everything is ok? Since i am using 32bit netmask it applies to single IP user not the whole IP range for pppoe-users?! But s...
Is there any solution, i have the same problem! I have created two filter rules in chain: chain=forward action=add-src-to-address-list tcp-flags=syn address-list=80 konekcija address-list-timeout=10m protocol=tcp connection-limit=80,32 chain=forward action=drop src-address=192.168.1.0/24 src-address...