Community discussions

Search found 155 matches

by dadaniel
Mon Jul 08, 2019 1:32 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 62047

Re: v6.45.1 [stable] is released!

Does someone have a problem with mac telnet login via neighbours?

Won't login with any user and pass or without pass, nor admin..
I have the same problem.
by dadaniel
Mon Jan 21, 2019 3:33 pm
Forum: General
Topic: SXT LTE speed after 6.43.8 update
Replies: 5
Views: 824

Re: SXT LTE speed after 6.43.8 update

As per tests I made at the same spot, where SXT LTE is positioned, with phone and got better download speed.
You will always get a better speed with phone, because Mikrotik is using a very old LTE chipset. Some providers throttle non-phone LTE chip vendors.
by dadaniel
Tue Oct 16, 2018 2:00 pm
Forum: General
Topic: PCP support for CG-NAT on WAN
Replies: 2
Views: 337

Re: PCP support for CG-NAT on WAN

I didn't find any reference which vendor or operating system supports PCP? Could you please share what hardware your ISP provides usually that is capable of PCP?
by dadaniel
Wed Oct 10, 2018 3:53 pm
Forum: General
Topic: Limiting ICMP on input chain
Replies: 3
Views: 897

Re: Limiting ICMP on input chain

I have the same problem, any ideas anyone?
by dadaniel
Tue Sep 25, 2018 12:48 pm
Forum: General
Topic: Disable line-break / word-wrap in export
Replies: 1
Views: 223

Disable line-break / word-wrap in export

Is it possible to disable this nasty line-break / word-wrap in config export?
by dadaniel
Fri Sep 21, 2018 12:28 pm
Forum: Scripting
Topic: get packet-loss value from ping
Replies: 1
Views: 421

get packet-loss value from ping

Is there a script that gets the built-in packet-loss percentage value of mikrotik's ping command and send a mail when a specific threshold is reached? I'm not very good at scripting, could please someone point me in the right direction?
by dadaniel
Fri Sep 21, 2018 10:31 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 37617

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

No, a reboot or upgrade will not brick the router. If your router works with 6.43.1, there is no need to upgrade to 6.43.2.
Ok, so it isn't the bootloader that bricks the devices?
My log says "firmware upgrade successfully, please reboot..." so it hasn't been rebooted since 6.43.1 upgrade.
by dadaniel
Fri Sep 21, 2018 10:08 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 37617

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

It should be fixed in 6.43.2, you will need to netinstall v6.43.2.
Great, I did an upgrade to 6.43.1 on hEX and auto-upgrade of firmware was active. I did not reboot yet, so what to do now? I cannot upgrade to 6.43.2 bootloader before reboot! Will it be bricked afterwards?
by dadaniel
Thu Sep 20, 2018 2:20 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 37617

Re: v6.43.1 [stable] is released!

still cant change any user names.
introduced in 6.43.0
Renaming is not possible anymore due to security changes, please see viewtopic.php?f=2&t=139091#p685742
by dadaniel
Fri Aug 17, 2018 10:44 am
Forum: General
Topic: Forward LACP in bridge?
Replies: 8
Views: 910

Re: Forward LACP in bridge?

It seems that this is still not working after 10 years:
viewtopic.php?t=21913
by dadaniel
Mon Jul 02, 2018 3:25 pm
Forum: General
Topic: Firewall dst-limit possible bug
Replies: 9
Views: 1353

Re: Firewall dst-limit possible bug

Please, do not send tickets to old versions - there is no point and it just waste support time. Staff will either ignore it or respond with "please update to maintained (bugfix or current) version. You cannot possibly think that anyone will investigate or fix bug from 8 years old version. Even lega...
by dadaniel
Mon Jul 02, 2018 1:28 pm
Forum: General
Topic: Firewall dst-limit possible bug
Replies: 9
Views: 1353

Re: Firewall dst-limit possible bug

Is this still not fixed? It's actually listed in the wiki at https://wiki.mikrotik.com/wiki/DDoS_Det ... d_Blocking (Expire' value is 10 times lower than you set; so '10s' is actually 1 second)
by dadaniel
Mon Jul 02, 2018 12:46 pm
Forum: General
Topic: LAN side bridge forward filtering options?
Replies: 4
Views: 463

Re: LAN side bridge forward filtering options?

Enable port-isolation on every switch - only forward packets to upstream Port(or VLAN). Enable wireless isolation, sometimes called client or AP isolation on every accesspoint - only forward packets to upstream Port(or VLAN). So a client could never reach other connected devices (maybe you would hav...
by dadaniel
Fri Jun 29, 2018 12:18 pm
Forum: General
Topic: remove IP on address-list from active connections?
Replies: 7
Views: 818

Re: remove IP on address-list from active connections?

Could you please share the script part that read addresses from that list into an array? This list is rather large, isn't the array size limited? Why it's not possible to use only one address-list?
by dadaniel
Fri Jun 29, 2018 11:29 am
Forum: General
Topic: remove IP on address-list from active connections?
Replies: 7
Views: 818

Re: remove IP on address-list from active connections?

I don't think that with rules to add addresses to address list and then drop the traffic, it will apears in conntracker. I've already placed an additional drop rule right after the "add addresses to address list" rule, but it is never triggered. It seems once the packet is matched by the "add addre...
by dadaniel
Thu Jun 28, 2018 3:04 pm
Forum: General
Topic: remove IP on address-list from active connections?
Replies: 7
Views: 818

Re: remove IP on address-list from active connections?

Yes I also believe the next bruteforce tries get matched by fasttrack established/related, but how to remove the affected IP from conntrack? :(
by dadaniel
Thu Jun 28, 2018 2:06 pm
Forum: General
Topic: remove IP on address-list from active connections?
Replies: 7
Views: 818

remove IP on address-list from active connections?

I have some firewall-rules in place that will add bruteforcing IPs to a blacklist, but I have the problem that these "established" connections won't be terminated. There is a drop rule in Firewall-Raw but the IP still gets matched in the "add to address list" rule. Any ideas?
by dadaniel
Thu Jun 28, 2018 1:48 pm
Forum: General
Topic: special dummy rule is moveable in firewall-raw
Replies: 0
Views: 232

special dummy rule is moveable in firewall-raw

When I try to move any of the special dummy rules in Firewall-Filter or Firewall-Mangle I get an error message, but I'm able to move it in Firewall-Raw. Is this by intention?
by dadaniel
Thu Jun 28, 2018 11:24 am
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 1554

Re: Why am I getting this firewall entry???

Maybe someone from staff has a second fixed IP address set? The source mac is rather strange, as it belongs to ARRIS Group which is a cable modem manufacturer. Maybe they have some auto-aliased internal IP in place.
by dadaniel
Tue Jun 05, 2018 11:51 am
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 44
Views: 13299

Re: MikroTik News June 2018 (Issue #83)

That is beyond the point. Saying "inferior" compared to previous model is simply incorrect.
You are correct, I think he (the user from Brazil) just used the wrong english word.
by dadaniel
Tue Jun 05, 2018 10:26 am
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 44
Views: 13299

Re: MikroTik News June 2018 (Issue #83)

What do you guys mean? It is much better than SXT LTE first generation:
Yes, but today nearly every cheap smartphone supports LTE-A at 1000Mbps/​150Mbps down/up and you are still using old 150/50 modems. What about LTE bridge mode, is it supported now with SXT LTE kit?
by dadaniel
Thu May 17, 2018 5:34 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 102525

Re: Blacklist Filter update script

It is temporary locations to download ... it does not matter where it is ... after importing lists script could be removed form flash, disk etc. But it is imported as static entries because of missing timeout parameter in the script, so they are written to NAND on every change. They should change i...
by dadaniel
Thu May 03, 2018 5:07 pm
Forum: RouterBOARD hardware
Topic: WAP LTE US Kit not seeing SIM
Replies: 6
Views: 1097

Re: WAP LTE US Kit not seeing SIM

Is it standard policy to have the customer pay return shipping on a defective product?
Yes, nearly all vendors handle it that way. For example in the SSD market there is AFAIK only Sandisk that offers pre-paid return stickers.
by dadaniel
Wed Apr 18, 2018 2:35 pm
Forum: General
Topic: Solutions for cable 1.2km
Replies: 14
Views: 1154

Re: Solutions for cable 1.2km

I would go for fiber, I know there are also copper-based solutions like VDSL extenders but then your bandwith is limited and the risk of lightning damage is very high.
by dadaniel
Thu Mar 29, 2018 11:53 am
Forum: General
Topic: Winbox Not Detecting RouterBoard
Replies: 31
Views: 5896

Re: Winbox Not Detecting RouterBoard

Hello jspool! tried to connect from another Windows 7 PC using a switch, but still not detecting at all... :(
It's a winbox bug, please see viewtopic.php?f=21&t=129034&start=450#p650627
by dadaniel
Sat Mar 17, 2018 11:30 am
Forum: General
Topic: extremely ugly network bridging
Replies: 14
Views: 1243

Re: extremely ugly network bridging

@dadaniel can i have your topology? I don't have a suitable network diagram ready, but you could ask me any question about topology that you don't find in first post. Both LANs use 10.0.0.x/24, both Internet Gateways have the same address 10.0.0.138 and DHCP server active. The solution from Sob wor...
by dadaniel
Fri Mar 16, 2018 11:42 pm
Forum: General
Topic: extremely ugly network bridging
Replies: 14
Views: 1243

Re: extremely ugly network bridging

Thank you very much, it works perfectly!
Is it possible to allow NAS access for more than one camera? Do I just have to add an additional ip address and arp entry for another camera IP? (keeping the router IP unchanged, so have multiple entrys of it with only the network IP changed?)
by dadaniel
Thu Mar 15, 2018 5:55 pm
Forum: General
Topic: extremely ugly network bridging
Replies: 14
Views: 1243

Re: extremely ugly network bridging

That's seems to be a very easy and clean solution. I'll try it this weekend and report back, thank you very much!!
by dadaniel
Thu Mar 15, 2018 4:06 pm
Forum: General
Topic: extremely ugly network bridging
Replies: 14
Views: 1243

Re: extremely ugly network bridging

@Sob:

Do I need static routes on NAS or camera in this case? Do I have to enable (local)proxy-arp in interface settings?

I cannot make this router the default gateway for any device on both LANs!
by dadaniel
Wed Mar 14, 2018 7:38 am
Forum: General
Topic: extremely ugly network bridging
Replies: 14
Views: 1243

Re: extremely ugly network bridging

VPN can work, but might be slow due to VPN technology and will also eat into your internet bandwidth. Then all you do is route from building a to building b subnet and vica versa. And use a default route to Internet gateway for other traffic on both side Yes, VPN is not an option because the intern...
by dadaniel
Wed Mar 14, 2018 1:08 am
Forum: General
Topic: extremely ugly network bridging
Replies: 14
Views: 1243

extremely ugly network bridging

Please help me with the following situation: I have two buildings: A has one internet gateway and one IP camera(AC:CC:8E). B has one internet gateway and a NAS(00:11:32). It is possible to connect both buildings using ethernet wire. Both internet gateways have the same non-changeable IP address, the...
by dadaniel
Tue Mar 13, 2018 5:10 pm
Forum: General
Topic: layer 7 protocols exception [SOLVED]
Replies: 4
Views: 1234

Re: layer 7 protocols exception [SOLVED]

You can only do exceptions for IP address, see viewtopic.php?t=120819
by dadaniel
Tue Mar 13, 2018 2:52 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 30223

Re: v6.41.3 [current]

Is it now really necessary to update routerboard firmware everytime we update ROS since the version numbering now follows ROS version number? I cannot believe there are changes everytime and it is quite annoying to have to reboot twice.
I also have the SIM menu on RB951G-2HnD now.
by dadaniel
Tue Mar 06, 2018 12:13 pm
Forum: General
Topic: After upgrade firmware 6.40.5, Can't change admin's group to full
Replies: 43
Views: 4390

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Can anyone comment on what this script is doing beside of changing credentials?
by dadaniel
Fri Mar 02, 2018 10:48 am
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 84
Views: 18465

Re: Future of LTE products, user feedback requested

Please ensure that Passthrough mode is supported in your future LTE products! Why does this work only with those crappy usb sticks and not with your own LTE hardware?
by dadaniel
Wed Jan 31, 2018 12:28 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 16562

Re: MikroTik News February 2018 (Issue #80)

* Match websites in firewall
What about matching non-secure traffic with wildcards directly in firewall? Still not possible?
by dadaniel
Thu Sep 28, 2017 10:50 am
Forum: General
Topic: Super strange issue with 0.0.0.0
Replies: 5
Views: 777

Re: Super strange issue with 0.0.0.0

That's an old bug in Webfig that is still not fixed. Hit Stop button and Start button and it will show correct values.
by dadaniel
Thu Sep 21, 2017 6:20 pm
Forum: General
Topic: RB750Gr3 IPsec VPN to Cisco ASA does not work [SOLVED]
Replies: 16
Views: 3468

Re: RB750Gr3 IPsec VPN to Cisco ASA does not work [SOLVED]

Can you please report this to support@mikrotik.com ? They often don't notice bug reports in the forums.
by dadaniel
Wed Jul 19, 2017 3:38 pm
Forum: General
Topic: Whatsapp voice call not working
Replies: 3
Views: 2074

Re: Whatsapp voice call not working

First match at google shows that the following ports have to be allowed:

TCP: 4244,5222,5223,5228,5242
TCP/UDP: 59234, 50318
UDP: 3478,45395

It seems you don't have proper firewall rules, because your NAT does not seem to work properly or is blocking ports.
by dadaniel
Fri Jun 30, 2017 1:28 pm
Forum: Wireless Networking
Topic: Capsman and 802.11w
Replies: 3
Views: 783

Re: Capsman and 802.11w

So how to protect against these Deauthers you can get for $6 at Amazon or even preflashed?!

https://github.com/spacehuhn/esp8266_deauther
https://www.tindie.com/products/lspoplo ... ent-board/
by dadaniel
Tue Jun 13, 2017 9:54 am
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 34098

Re: v6.39.2 [current]

The device is seen in netinstall, when press the install button it last 12 seconds and then go back ready with no actual install.
Close netinstall, open it again and press install a second time. This time it will work.
by dadaniel
Tue Apr 18, 2017 2:40 pm
Forum: Scripting
Topic: Command Needed for Hard Reboot of Router OS
Replies: 6
Views: 1796

Re: Command Needed for Hard Reboot of Router OS

How is this different? What would you like to do instead?
I think he means such a kernel thing:

echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger
by dadaniel
Fri Feb 03, 2017 10:05 am
Forum: General
Topic: Do any queue types respect Priority markings?
Replies: 26
Views: 2764

Re: Do any queue types respect Priority markings?

Notes: I mark the MSDO packets with ToS-Bulk...
Oh, you've already found a way how to identify MSDO traffic. Do you mind sharing how it's done?
a two seconds search in RavenWing71 posts would have told you that: http://forum.mikrotik.com/viewtopic.php ... 64#p577464
by dadaniel
Fri Jan 13, 2017 9:00 am
Forum: General
Topic: Mark MS services, updates?
Replies: 3
Views: 1032

Re: Mark MS services, updates?

Cool find Ravenwing :)

Please also see http://forum.mikrotik.com/viewtopic.php?f=2&t=51802
by dadaniel
Wed Dec 21, 2016 4:31 pm
Forum: General
Topic: Throttle Windows Updates
Replies: 32
Views: 15449

Re: Throttle Windows Updates

Is there any reason for you doing this in forward chain instead of mangle-prerouting? Is there any downside in marking connections using layer7 directly instead of adding it to an address list? /ip firewall mangle add action=mark-connection chain=prerouting comment=MicrosoftUpdates layer7-protocol=M...
by dadaniel
Wed Nov 23, 2016 11:29 am
Forum: Announcements
Topic: v6.37.2 [current] is released!
Replies: 50
Views: 13330

Re: v6.37.2 [current] is released!

I have a problem with Mikrotik caching DNS Server. I have no IPv6 connectivity nor IPv6 packages installed, but caching DNS Server sometimes gets only IPv6 Adresses and those are not reachable. Please see the following example for forum.mikrotik.com:

Image
by dadaniel
Mon Nov 21, 2016 4:24 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 102525

Re: Blacklist Filter update script

That means that the ip/ subnet is or has been serving malware for at least 12 hours. The list is automated and will remove the address once it has been clean for 24 hours. I will not manually remove addresses. bit.ly is a referer-website (like shorturl), it never serves anything from its own IP add...
by dadaniel
Fri Nov 18, 2016 4:33 pm
Forum: General
Topic: Throttle Windows Updates
Replies: 32
Views: 15449

Re: Throttle Windows Updates

REMEMBER to disable the defconf:fasttrack in the firewall, else the queue will not work
Is there a way to bypass fasttrack for this, so still beeing able to use it on all other connections?
by dadaniel
Wed Nov 16, 2016 12:50 pm
Forum: General
Topic: Why source-based blackhole instead of firewall drop
Replies: 49
Views: 12200

Re: Why source-based blackhole instead of firewall drop

Source address can be an individual ip or a network range.
Oh, so is there an easy way to do this for all IPs in a address-list without using mangle/filter/etc before?
by dadaniel
Wed Nov 16, 2016 11:28 am
Forum: General
Topic: Why source-based blackhole instead of firewall drop
Replies: 49
Views: 12200

Re: Why source-based blackhole instead of firewall drop

Can you please share the code for this source based blackhole? From above I can see that I have to packet mark so filter is still involved?!