Community discussions

MikroTik App

Search found 713 matches

by 2frogs
Tue Jun 27, 2023 3:58 pm
Forum: Beginner Basics
Topic: interface list behaviors
Replies: 12
Views: 2188

Re: interface list behaviors

Actually in a flat bridged network like yours, the interface-list has no barring as you are not using firewall rules. The firewall is being bypassed by the bridge. That is why you prescieve no difference between the two. If you set both up has routers, with all interfaces belonging to the bridge, yo...
by 2frogs
Fri May 19, 2023 11:01 pm
Forum: Wireless Networking
Topic: Guest Network Unable to get out to Internet
Replies: 7
Views: 1601

Re: Guest Network Unable to get out to Internet

Your IP addresses for the router are set incorrectly. Should be:
ip address/ 
add address=10.1.21.1/24 interface=vlan21_guest network=10.1.21.0
add address=192.168.1.1/24 interface=ether1 network=192.168.1.0
by 2frogs
Wed Apr 12, 2023 1:35 am
Forum: General
Topic: new routing mark in v7.x
Replies: 4
Views: 6300

Re: new routing mark in v7.x

You need to add the route tables: /routing table add disabled=no name=Route1Name fib add disabled=no name=Route2Name fib The router will use the main table, by default so you will want set route preference and failover accordingly. corrected! corrected correction! ;) I forgot the FIB was not defaul...
by 2frogs
Tue Apr 11, 2023 9:45 pm
Forum: General
Topic: new routing mark in v7.x
Replies: 4
Views: 6300

Re: new routing mark in v7.x

You need to add the route tables:
/routing table
add name=Route1Name
add name=Route2Name
The router will use the main table, by default so you will want set route preference and failover accordingly.
by 2frogs
Sun Mar 05, 2023 5:56 pm
Forum: General
Topic: Unable to access Mikrotik in bridge mode
Replies: 8
Views: 3397

Re: Unable to access Mikrotik in bridge mode

You have to either disable the drop not from lan firewall rule for input or fix the interface list member for lan to include bridge. The problem is when you use quickset to change to bridge mode, the interface list members get changed from bridge to the individual interfaces. But since the interface...
by 2frogs
Fri Dec 23, 2022 6:25 pm
Forum: General
Topic: Wireguard tunnel to CHR and Public ip port forward
Replies: 26
Views: 3790

Re: Wireguard tunnel to CHR and Public ip port forward

From the third paragraph of original post. my problem is that the port 8080 which runs a web service at my home server, is not accessible through the public ip of CHR. I cannot access the web UI from that public IP. The CHR is the used as Wiregaurd server, the Home Server is acting as Wiregaurd clie...
by 2frogs
Fri Dec 23, 2022 12:26 am
Forum: General
Topic: Wireguard tunnel to CHR and Public ip port forward
Replies: 26
Views: 3790

Re: Wireguard tunnel to CHR and Public ip port forward

The user is trying to reach the server with the Public IP of the CHR through Wiregaurd tunnel. Again, this is the whole purpose of the CHR, to allow remote access using the Public IP of the CHR. I am having to do the same, since only CGNAT services of T-Mobile 5G, T-Mobile LTE and Starlink are avail...
by 2frogs
Thu Dec 22, 2022 7:00 pm
Forum: General
Topic: Wireguard tunnel to CHR and Public ip port forward
Replies: 26
Views: 3790

Re: Wireguard tunnel to CHR and Public ip port forward

The purpose of the CHR is to provide Public IP for the server behind CGNAT by way of a Wiregaurd tunnel. This needs NAT...
by 2frogs
Wed Dec 21, 2022 5:08 pm
Forum: General
Topic: Wireguard tunnel to CHR and Public ip port forward
Replies: 26
Views: 3790

Re: Wireguard tunnel to CHR and Public ip port forward

You need to add your dst-nat rule back for the server/8080 and correct your last filter rule. The comment on it is correct (drop all not dst-nated), but the rule is missing the function.
by 2frogs
Tue Sep 20, 2022 4:46 am
Forum: Beginner Basics
Topic: Simple Starlink setup doesn't work
Replies: 24
Views: 5027

Re: Simple Starlink setup doesn't work

Anav missed that to use IP Firewall on Bridge Ports, you need:
/interface bridge settings set use-ip-firewall=yes
But this comes at a cost, CPU usage.

Edit: Should have mentioned that I have no issues with my HexS connecting to my Starlink 2nd Gen ethernet adapter.
by 2frogs
Thu Sep 08, 2022 5:05 am
Forum: Wireless Networking
Topic: netPower 16P - power source
Replies: 5
Views: 739

Re: netPower 16P - power source

Install a plug or hardwire to A/C power and 12/2 dc wire for the amperage and distance.
by 2frogs
Wed Sep 07, 2022 3:37 pm
Forum: Beginner Basics
Topic: hEX PoE RB960PGS as switch
Replies: 6
Views: 1611

Re: hEX PoE RB960PGS as switch

You need to set admin-mac for the bridge. The default setting of auto-mac=yes, will set the mac-address of the bridge to the mac-address of a bridge port interface first to populate after reboot. This makes the bridge mac-address some what random. Setting the admin-mac makes it's mac-address static.
by 2frogs
Wed Jul 13, 2022 9:56 pm
Forum: Beginner Basics
Topic: Wireless Bridge Design Assistance
Replies: 6
Views: 797

Re: Wireless Bridge Design Assistance

https://mikrotik.com/product/wireless_wire_dish These come pre-paired from the factor with a unique SSID and password. There is an included label with each device that notes it's role of Master or Slave and the password. The individual devices are the same LHG-60G that you can purchase individually ...
by 2frogs
Fri Jul 08, 2022 5:50 pm
Forum: Scripting
Topic: need help with script syntax
Replies: 5
Views: 710

Re: need help with script syntax

From the Wiki:

get <id> <param>=<value>
Would translate to:
get number=0 value-name=dns-server
by 2frogs
Thu Jun 30, 2022 1:41 pm
Forum: Beginner Basics
Topic: Add a simple Firewall for routed clients
Replies: 12
Views: 787

Re: Add a simple Firewall for routed clients

From your provided R1 export: /interface bridge port add bridge=bridge1 interface=ether1 add bridge=bridge1 interface=wlan1 Add an IP address for ether1 from the 192.168.1.0/24 of your other Router and remove ether1 bridge port entry. You will also need a route on your other Router for 192.168.119.0...
by 2frogs
Wed Jun 29, 2022 4:18 pm
Forum: Beginner Basics
Topic: Add a simple Firewall for routed clients
Replies: 12
Views: 787

Re: Add a simple Firewall for routed clients

You have R1 setup as a bridge. Your clients behind R2 are getting DHCP from R1 by chance. And with gateway of other Router, your clients are going out it directly.
by 2frogs
Fri Jun 10, 2022 1:35 am
Forum: Wireless Networking
Topic: Wireles-WIre + one
Replies: 6
Views: 771

Re: Wireles-WIre + one

No, order one wAP 60G AP (this will be your Main AP in your attached pic.) Order one Wireless Wire kits to reconfigure as your two clients. Or, in place of the Wireless Wire kit, you can order two wAP 60G . The wAP 60G is the same devices as is in the Wireless Wire kit, but just one. I include this ...
by 2frogs
Thu Jun 09, 2022 3:29 pm
Forum: Wireless Networking
Topic: Wireles-WIre + one
Replies: 6
Views: 771

Re: Wireles-WIre + one

You can use the ones from the kit or non-AP versions (as stations) to connect to the AP version. No need to spend extra on those.
by 2frogs
Thu Jun 09, 2022 3:02 am
Forum: Wireless Networking
Topic: Wireles-WIre + one
Replies: 6
Views: 771

Re: Wireles-WIre + one

You will need to purchase the AP version.
https://mikrotik.com/product/wap_60g_ap

The kits only have a level 3 license that only allow for them to be stations or an AP for a single station. The AP versions have a level 4 license.
https://wiki.mikrotik.com/wiki/Manual:License
by 2frogs
Mon May 23, 2022 2:44 pm
Forum: Beginner Basics
Topic: Bridged hAP-AC2, can only connect via MAC
Replies: 10
Views: 1567

Re: Bridged hAP-AC2, can only connect via MAC

Quickset Bridge Mode is broken. It removes Bridge from inteface-list=LAN and adds each of the individual Interfaces to this list. That is an incorrect configuration because the individual Interfaces are slaved to the Bridge in Bridge Mode.

I have reported this behavior to support to no avail.
by 2frogs
Mon Mar 14, 2022 5:38 pm
Forum: General
Topic: Port forwarding working partially
Replies: 18
Views: 1184

Re: Port forwarding working partially

FTP requires 2 ports. The command ports which is usually ports 21 and a data port. For active mode, the data port is usually port 20. For passive mode, the port is a random port (you can usually set a range inverter settings.) You will need to also forward the data port(s) depending on mode type used.
by 2frogs
Wed Mar 09, 2022 3:33 pm
Forum: General
Topic: Auto Discover Device + Update
Replies: 15
Views: 1177

Re: Auto Discover Device + Update

Do you know about the auto import feature?
https://wiki.mikrotik.com/wiki/Manual:C ... tic_Import
by 2frogs
Mon Feb 21, 2022 4:55 am
Forum: Beginner Basics
Topic: remove all static DHCP leases?
Replies: 4
Views: 5346

Re: remove all static DHCP leases?

/ip dhcp-server lease remove [find where dynamic=no]
You can both print and export to file.
/ip dhcp-server lease export file=dhcp-static
by 2frogs
Sat Jan 29, 2022 6:36 pm
Forum: Beginner Basics
Topic: Unable to auto update or ping update server from Router
Replies: 2
Views: 920

Re: Unable to auto update or ping update server from Router

You need a route to your ISP(s) without routing marks. You can use distance to make one primary and other backup. Something like:
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.2.1
by 2frogs
Fri Jan 28, 2022 12:16 am
Forum: Forwarding Protocols
Topic: Forwarding ports for multiple Polycom IP phones
Replies: 6
Views: 2025

Re: Forwarding ports for multiple Polycom IP phones

If you are using the default firewall configuration, that should be all you need. Just be sure to disable the SIP helper. You can find it under IP>Firewall>Service Ports.
by 2frogs
Wed Jan 26, 2022 3:50 am
Forum: Forwarding Protocols
Topic: Forwarding ports for multiple Polycom IP phones
Replies: 6
Views: 2025

Re: Forwarding ports for multiple Polycom IP phones

You can't forward the same port to multiple IPs. I believe you are mistaken on the requirements. You should only need outgoing connections to those ports for the phones to establish a connection to hosted service. Only an self-hosted pbx would require forwarded ports.
by 2frogs
Wed Jan 26, 2022 3:45 am
Forum: Beginner Basics
Topic: Qnap TS-328 unreachable in LAN but accessible via web
Replies: 23
Views: 4573

Re: Qnap TS-328 unreachable in LAN but accessible via web

I would suggest looking on the QNAP/ Control Panel -> Security and be sure your local IP is not being blocked.
by 2frogs
Sat Jan 15, 2022 1:11 am
Forum: Beginner Basics
Topic: Port forward on ZeroTier [SOLVED]
Replies: 3
Views: 3108

Re: Port forward on ZeroTier [SOLVED]

You are missing a src-nat for the ZeroTier network. It should look like your first rule with the src-address=192.168.193.0/24 and to-address=192.168.0.2. Or you can put a route to 192.168.193.0/24 on the remote Mikrotik pointing to 192.168.0.2.
by 2frogs
Wed Dec 29, 2021 4:03 pm
Forum: RouterOS beta
Topic: Import script stops after tool fetch
Replies: 1
Views: 2154

Re: Import script stops after tool fetch

You need to add a delay after fetch so the file can be written.

:delay 60s
by 2frogs
Fri Dec 24, 2021 8:20 pm
Forum: Beginner Basics
Topic: Port Forwarding impossible
Replies: 12
Views: 2860

Re: Port Forwarding impossible

/system note set note="I closed the vulnerability with a firewall. Please update RouterOS. \ You can say thanks on the WebMoney Z399578297824 or BTC 14qiYkk3nUgsdqQawi\ MLC1bUGDZWHowix1" You should consider your device compromised and use netinstall to reset config and update to the lates...
by 2frogs
Fri Dec 10, 2021 5:28 pm
Forum: Beginner Basics
Topic: Help with Local DNS forwarding
Replies: 3
Views: 1069

Re: Help with Local DNS forwarding

/ip dns static add address=192.168.88.200 regexp=".*\\.router\\.test\$"
This works for me.
by 2frogs
Tue Dec 07, 2021 7:56 pm
Forum: General
Topic: Public Hotspot Configuration
Replies: 5
Views: 1062

Re: Public Hotspot Configuration

<html> <head> <meta http-equiv="refresh" content="0; url=http://"YOUR_ROUTER_IP/DNS"/login?username=T-$(mac-esc)&dst=http://www.google.com" /> </head> </html> Put this in your login.html, change the 0 after content to whatever seconds and update the YOUR_ROUTER_IP/...
by 2frogs
Fri Nov 19, 2021 6:15 pm
Forum: Beginner Basics
Topic: No Winbox access [SOLVED]
Replies: 4
Views: 1915

Re: No Winbox access [SOLVED]

You shouldn't disable that rule, when disabled it allows access from internet. You should add the vpn to LAN list or add an accept rule for the vpn.
by 2frogs
Wed Nov 17, 2021 4:06 pm
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 7605

Re: Working around NAT hairpin [SOLVED]

You have used the incorrect dst-nat for local access. You have used in-interface-list=wan and local traffic does not reach the wan interface. You options to fix it by adding a static dns entry pointing towards your server, but this only works if you are using a local dns. If you have a static public...
by 2frogs
Mon Nov 15, 2021 6:16 pm
Forum: Beginner Basics
Topic: No Winbox access [SOLVED]
Replies: 4
Views: 1915

Re: No Winbox access [SOLVED]

This is most likely the issue.
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
You need to add your vpn to the LAN interface list or add an accept rule above it for for vpn.
by 2frogs
Thu Nov 11, 2021 2:51 pm
Forum: Wireless Networking
Topic: What AP for wall mounting inside the office? [SOLVED]
Replies: 14
Views: 5848

Re: What AP for wall mounting inside the office? [SOLVED]

The wAP AC doesn't look bad when wall mounted and provides excellent coverage. With brick walls, I would plan on 3 per floor just to insure 5ghz coverage.

https://mikrotik.com/product/RBwAPG-5HacT2HnD
by 2frogs
Wed Oct 27, 2021 4:16 pm
Forum: Beginner Basics
Topic: [SOLVED] How to reach wAP ac behind the router and switch?
Replies: 4
Views: 1367

Re: How to reach wAP ac behind the router and switch?

You can configure CAPsMAN on your router and set each wAP in CAPsMAN mode using the reset button. https://wiki.mikrotik.com/wiki/Manual:Reset Or use NetInstall to install a new default configuration. https://wiki.mikrotik.com/wiki/Manual:Netinstall Otherwise, you will have to connect to the wifi of ...
by 2frogs
Fri Oct 22, 2021 1:18 pm
Forum: Beginner Basics
Topic: Trouble logging into MikroTik hAP ac² (that has been reset to factory defaults)
Replies: 2
Views: 1014

Re: Trouble logging into MikroTik hAP ac² (that has been reset to factory defaults)

Use netinstall to upload a current ROS Version and check the option to "Apply default config". If purchased from Amazon there is a chance that this device has had a alternate default config installed. This is best practice when not purchasing from a unreputable supplier. https://wiki.mikro...
by 2frogs
Tue Oct 19, 2021 12:58 am
Forum: General
Topic: DHCP Network always 0.0.0.0/24 by Quick Set
Replies: 9
Views: 2199

Re: DHCP Network always 0.0.0.0/24 by Quick Set

NetInstall 6.49 with "Apply default config" checked. For some time now, the default bridge name has been name=bridge and yours is name=bridge1. I believe the default config has been altered and is causing the Quickset scripts to error and stop.
by 2frogs
Sun Oct 17, 2021 3:11 pm
Forum: General
Topic: WAN Port Flapping? (w/Starlink)
Replies: 8
Views: 2230

Re: WAN Port Flapping? (w/Starlink)

Have you tried moving the WAN to a different ethernet port? I moved a port flapping gaming console to a different LAN port and it stopped flapping.
by 2frogs
Thu Oct 14, 2021 4:47 am
Forum: General
Topic: Special Character Support
Replies: 4
Views: 2351

Re: Special Character Support

You have to put password="1234/$", needs the "".
by 2frogs
Tue Oct 12, 2021 1:39 pm
Forum: General
Topic: DHCP Network always 0.0.0.0/24 by Quick Set
Replies: 9
Views: 2199

Re: DHCP Network always 0.0.0.0/24 by Quick Set

Quickset should only be used with a device in it's original state or to make additional changes as long as only Quickset was used. It relies on a simple set of scripts to make changes to the original configuration and adding any settings outside of Quickset will have unexpected results. This would i...
by 2frogs
Wed Sep 15, 2021 4:21 pm
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 2481

Re: Block internet traffic except some URLs

How is it useless? I provided an alternate firewall rule that blocks all forwarded from a single IP that is not in the the address list. This would include any forwarded DNS requests.

So folks just live to be arrogant and rude I suppose...
by 2frogs
Wed Sep 15, 2021 3:46 pm
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 2481

Re: Block internet traffic except some URLs

/ip firewall address-list add address=www.islonline.es list=WebsPermitidas /ip firewall filter add action=drop chain=forward comment="Bloqueo salida internet" log=yes log-prefix=Bloqueo protocol=tcp src-address=10.45.9.105 dst-address-list=!WebsPermitidas You will need to use the router f...
by 2frogs
Thu Sep 09, 2021 5:12 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 755

Re: route to another MK

You are routing to 192.168.88.0/24, but that filter rule is for traffic destined to 192.168.2.0/24. So which one are you trying to reach?
by 2frogs
Thu Sep 09, 2021 5:01 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 755

Re: route to another MK

Do you still have the default filter rules on MK2? The last one for chain=forward is to drop every thing not dst-nat, so you would need to disable it or add an accept above it for the other network. /ip firewall filter add chain=forward src-address=192.168.1.0/24 action=accept If you are still havin...
by 2frogs
Thu Sep 09, 2021 4:40 am
Forum: General
Topic: route to another MK
Replies: 9
Views: 755

Re: route to another MK

On MK1, it is a simple route: /ip route add distance=1 dst-address=192.168.88.0/24 gateway=192.168.1.154 On MK2, you will need to exclude 192.168.1.0/24 from the default src-nat rule (using dst-address=!192.168.1.0/24 or address list) or disable the scr-nat rule on MK2 and let MK1 handle all for bot...
by 2frogs
Fri Aug 27, 2021 5:00 pm
Forum: Beginner Basics
Topic: Home Lab, Hairpin NAT situation(?) not working (with vlans) [SOLVED]
Replies: 9
Views: 2883

Re: Home Lab, Hairpin NAT situation(?) not working (with vlans) [SOLVED]

Your dst-nat rule is what is limiting you to outside connections only. Local traffic does not come in on WAN, so you can not use in-interface or in-interface-list. Instead, use dst-address with either external ip address (static address) or ddns (dynamic address). You can also set dst-address-type=l...
by 2frogs
Thu Aug 26, 2021 4:44 pm
Forum: Wireless Networking
Topic: HAP AC2 - Internet not connecting
Replies: 15
Views: 5438

Re: HAP AC2 - Internet not connecting

I would suggest performing a netinstall on this device. https://wiki.mikrotik.com/wiki/Manual:Netinstall Be sure to check the box "Apply default config", especially if it was purchased from Amazon or the similar. If still does not work, try connecting it to your tplink and see if it works ...
by 2frogs
Tue Jul 13, 2021 7:13 am
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 2859

Re: Block internet from all but one user

/ip firewall filter add action=drop chain=forward comment="no internet midnight to 5" src-address=!192.168.1.46 time=23h57m-5h,sun,mon,tue,wed,thu,fri,sat As nje431 stated, this rule drops ALL forwards except from 192.168.1.46 when active. This would include all others from LAN and all fr...
by 2frogs
Thu Jul 01, 2021 3:59 pm
Forum: Beginner Basics
Topic: Change WAN from ether1
Replies: 8
Views: 1326

Re: Change WAN from ether1

I believe I stated exactly why he should order a replacement! Not all damage is immediately apparent and to suggest all is fine is absolute folly.
by 2frogs
Thu Jul 01, 2021 3:35 pm
Forum: Beginner Basics
Topic: Change WAN from ether1
Replies: 8
Views: 1326

Re: Change WAN from ether1

I am going to suggest you get a replacement ordered. Even though all may seem fine, you could start having intermittent issues with the router that are unexplainable and cause great grief in trying to diagnose. I would also suggest adding a inline surge protector to your WAN line to help from happen...
by 2frogs
Thu Jun 17, 2021 4:10 pm
Forum: General
Topic: Double NAT + Firewall forward block => no internet access [SOLVED]
Replies: 4
Views: 1682

Re: Double NAT + Firewall forward block => no internet access [SOLVED]

block all incoming forwards You have to allow for returning connections, if you block all incoming connections you are also blocking your wanted connections. Below is the default firewall rules and other necessary settings for it to work. You will see the section for Forward that allows Established...
by 2frogs
Wed Jun 09, 2021 10:22 pm
Forum: Beginner Basics
Topic: Queue List questions
Replies: 3
Views: 833

Re: Queue List questions

You need to disable fast-track found in IP>Firewall>Filter or at least exclude your guest-lan from it.
by 2frogs
Fri Jun 04, 2021 3:42 pm
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 1870

Re: Guest network doesn't have internet

The reason your configuration on the cAP is not working, is due to the src-nat rule. It is using out-interface-list=WAN and the only interface-list=WAN is ether1. In your case, the bridge interface will be your WAN and the guestbridge will be your LAN. But I would not changing the interface-list to ...
by 2frogs
Thu May 27, 2021 4:02 pm
Forum: General
Topic: Cloud Router Bricked after firmware update
Replies: 3
Views: 810

Re: Cloud Router Bricked after firmware update

Try using netinstall. You may also try a different power supply.

https://wiki.mikrotik.com/wiki/Manual:Netinstall
by 2frogs
Wed May 26, 2021 3:22 am
Forum: Beginner Basics
Topic: GrooveGA-52HPacn won't save LAN IP address
Replies: 9
Views: 1437

Re: GrooveGA-52HPacn won't save LAN IP address

3 Jan/02/197000:01:08 memory system.error. critical. unknown. unknown. unknown error while running customized default configuration script: interrupted This indicates the default script was replaced with a custom script. Perform a netinstall and select "Apply default config" to revert thi...
by 2frogs
Mon May 24, 2021 8:46 pm
Forum: Beginner Basics
Topic: GrooveGA-52HPacn won't save LAN IP address
Replies: 9
Views: 1437

Re: GrooveGA-52HPacn won't save LAN IP address

You should perform a netinstall on this device. Simply resetting the device may not be enough to remove any bad code.
by 2frogs
Fri May 21, 2021 7:48 pm
Forum: The Dude
Topic: problems accessing hAP lite
Replies: 6
Views: 8099

Re: problems accessing hAP lite

You might also try netinstall with a different power supply for the hAP lite. It may not be providing the proper power needed for boot up.
by 2frogs
Fri May 21, 2021 7:43 pm
Forum: Beginner Basics
Topic: UPnP defaulting to ether1; should be sfp(WAN)
Replies: 3
Views: 646

Re: UPnP defaulting to ether1; should be sfp(WAN)

Since you have made changes outside of the Quick Set screen, do not use it any longer for making changes. It relies on fairly simple scripts to make it's changes and can't account for what you do outside of it's scripting.
by 2frogs
Fri May 21, 2021 1:33 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 12034

Re: Mikrotik,pihole & unbound. [SOLVED]

It works in my testing. Can you post full export?
by 2frogs
Tue May 18, 2021 4:49 pm
Forum: Beginner Basics
Topic: Too many address in /ip dns static
Replies: 5
Views: 1066

Re: Too many address in /ip dns static

You should do a netinstall. A simple reset may not remove all compromising components.
by 2frogs
Thu May 13, 2021 7:56 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 12034

Re: Mikrotik,pihole & unbound. [SOLVED]

/ip firewall filter add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface=\ bridge out-interface-list=WAN add action=drop chain=forward comment="Drop All Else" These 2 firewall rules are causing both issues. I suggest using this one and it will also replace th...
by 2frogs
Tue May 11, 2021 11:31 pm
Forum: General
Topic: Suspect hAP ac lite wasn't new
Replies: 10
Views: 1426

Re: Suspect hAP ac lite wasn't new

If you decide to keep it, you should do a netinstall just to be sure there are no bad things left on it.
by 2frogs
Mon May 10, 2021 3:55 pm
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 12034

Re: Mikrotik,pihole & unbound. [SOLVED]

/ip firewall nat add chain=dstnat dst-address=192.168.88.1 src-address=!192.168.88.5 in-interface=bridge dst-port=53 protocol=tcp action=dst-nat to-address=192.168.88.5 add chain=dstnat dst-address=192.168.88.1 src-address=!192.168.88.1 in-interface=bridge dst-port=53 protocol=udp action=dst-nat to...
by 2frogs
Sun May 09, 2021 8:51 pm
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 12034

Re: Mikrotik,pihole & unbound. [SOLVED]

The reason the NAT rules do not work when in the same subnet, is because the clients communicate directly with one another. For the router to do the NAT, that traffic has to passthrough it's CPU. This does not happen even when clients are connected to the router, but on bridged interfaces. If this w...
by 2frogs
Fri May 07, 2021 2:31 am
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 12034

Re: Mikrotik,pihole & unbound. [SOLVED]

It is better to have your PiHole on a different subnet, this way you can use dst-nat to do the fail over. You will not have to wait for your dhcp-lease on each device to renew before the fail over works. /ip route add dst-address=192.168.188.2 gateway=bridge /ip dhcp-server network add address=192.1...
by 2frogs
Mon May 03, 2021 8:58 pm
Forum: The Dude
Topic: Unable to connect Dude client since upgrading to 6.48.2 [SOLVED]
Replies: 2
Views: 9116

Re: Unable to connect Dude client since upgrading to 6.48.2 [SOLVED]

Did you update the client to the same version? The server and client have to be the same version.
by 2frogs
Fri Apr 23, 2021 4:22 pm
Forum: Beginner Basics
Topic: DSTNAT doesn't opening port
Replies: 9
Views: 1858

Re: DSTNAT doesn't opening port

When testing for the ports to be open, are you testing from a device on the WAN side or the server on LAN? Your NAT rule only allows from the WAN. I see no error with your NAT rules. As far Filter rules, the default state (without rules) is to accept. Your original configuration was not block the NA...
by 2frogs
Fri Apr 23, 2021 1:28 am
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 4563

Re: Port forwarding not working from Public IP ranges [SOLVED]

You should do a netinstall instead of just a reset. There sometimes is weirdness that can't be fixed with a reset or upgrade/downgrade.
by 2frogs
Wed Apr 21, 2021 7:52 pm
Forum: Beginner Basics
Topic: hAP ac lite as NAT device
Replies: 2
Views: 722

Re: hAP ac lite as NAT device

Since you want to use the wireless to connect to remote networks, you will want to use mode=station. Create a dhcp-client for the wlan also. If you have need to remember the connections, you can use the wireless connect-list. You will also either add another src-nat rule for wlan or change first one...
by 2frogs
Wed Apr 14, 2021 11:36 pm
Forum: Beginner Basics
Topic: Forcing IP requests to a specific WAN
Replies: 8
Views: 2367

Re: Forcing IP requests to a specific WAN

/ip firewall mangle
add chain=prerouting action=mark-routing dst-address=138.68.XXX.XXX in-interface=bridge1 new-routing-mark=to_WAN1 passtrough=no
by 2frogs
Wed Apr 14, 2021 8:26 pm
Forum: Beginner Basics
Topic: HAP AC Lite DHCP-SERVER Network DNS Server Config Wrong but Working?
Replies: 2
Views: 877

Re: HAP AC Lite DHCP-SERVER Network DNS Server Config Wrong but Working?

dns-none=no (default) means without setting dns-server= the dhcp-server will pass the dynamic dns.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server
by 2frogs
Mon Apr 12, 2021 6:46 pm
Forum: Scripting
Topic: Resolve - change dns server
Replies: 1
Views: 774

Re: Resolve - change dns server

Yes:
/resolve www.mikrotik.com server=8.8.8.8
by 2frogs
Mon Apr 12, 2021 4:45 pm
Forum: Scripting
Topic: need a script for heartbeat
Replies: 1
Views: 1295

Re: need a script for heartbeat

Using Fetch command in a schedule should do the trick.

https://wiki.mikrotik.com/wiki/Manual:System/Scheduler
https://wiki.mikrotik.com/wiki/Manual:Tools/Fetch

Code should be as simple as:
/tool Fetch url="provided.unique.url" mode=http
by 2frogs
Fri Apr 09, 2021 2:47 pm
Forum: General
Topic: number range
Replies: 2
Views: 3548

Re: number range

There is a shorter command:
:for i from=0 to=12 do={/interface bridge port set $i pvid=101}
by 2frogs
Fri Apr 09, 2021 6:18 am
Forum: The Dude
Topic: Web Access in Dude Server 6.45.7
Replies: 5
Views: 8535

Re: Web Access in Dude Server 6.45.7

Maybe you should a netinstall. I had a new hEX S that was in a boot loop from the box. I preformed a netinstall and it has been fine since.
by 2frogs
Wed Apr 07, 2021 11:06 pm
Forum: Beginner Basics
Topic: HELP: access external web page:port
Replies: 4
Views: 1677

Re: HELP: access external web page:port

Reading your post, it seems you are actually attempting to reach an internal server using the external address. Using an in-interface in this situation will not work. You need to use dst-address=external-ip (best practice with static ip) or dst-type=local dst-address=!router-ip (works with dynamic i...
by 2frogs
Wed Apr 07, 2021 4:26 pm
Forum: Wireless Networking
Topic: WiFi in packing hall - how to build it
Replies: 7
Views: 2176

Re: WiFi in packing hall - how to build it

I would test a triple chain NetMetal or RouterBoard with a triple chain wireless card. Treat each chain as a seperate AP as far as mounting is concerned. This way you should only need 4 APs. You will need to get as much physical separation as possible and reduce the power some. You should be able to...
by 2frogs
Wed Apr 07, 2021 4:56 am
Forum: The Dude
Topic: Web Access in Dude Server 6.45.7
Replies: 5
Views: 8535

Re: Web Access in Dude Server 6.45.7

Screenshot_20210406-204552_Opera.jpg
Maybe you have a custom skin and have Dude menu blocked. https://myrouter/webfig/#Dude will return you to the Quickset, you have include :Menu_Name. Such as https://myrouter/webfig/#Dude:Network_Maps
by 2frogs
Fri Apr 02, 2021 6:40 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 43
Views: 8653

Re: port 53 open despite firewall rules

Is this your full export? I also do not see any of your LAN settings. No bridge_lan or ports connected to it. No DHCP Server.

From what you have posted, you don't have DNS running on your device.
/ip dns
set allow-remote-requests=yes
Or you would see this present.
by 2frogs
Wed Mar 31, 2021 10:46 pm
Forum: General
Topic: Port forwarding from a different subnet [SOLVED]
Replies: 15
Views: 3260

Re: Port forwarding from a different subnet [SOLVED]

Have you tried using 192.168.3.5:67-69 directly? To other devices on this subnet, the it would seem no different if the NVRs were directly attached (if your firewall is not dropping the traffic).

Maybe a misconfiguration on the Modem/Router. Or it needs a hairpin nat.
by 2frogs
Wed Mar 31, 2021 6:32 pm
Forum: General
Topic: Port forwarding from a different subnet [SOLVED]
Replies: 15
Views: 3260

Re: Port forwarding from a different subnet [SOLVED]

Looks to me your firewall is doing as it should and your answers should be in your logs.

Hint: prefix=!public
by 2frogs
Wed Mar 31, 2021 4:28 pm
Forum: Scripting
Topic: Completing a script for checking and updating dynamic ISPs Gateway
Replies: 13
Views: 6752

Re: Completing a script for checking and updating dynamic ISPs Gateway

Just need to add "where" to the find and you can search using multiple parameters. :if ($bound=1) do={/ip route set [find where dst-address=0.0.0.0/0 routing-mark=ISP2] gateway=$"gateway-address" } Alternatively, you could set comment=ISP2-Default or something unique and use that...
by 2frogs
Mon Mar 22, 2021 5:53 pm
Forum: Beginner Basics
Topic: Trying to Setup New WiFi Password!
Replies: 2
Views: 740

Re: Trying to Setup New WiFi Password!

In webfig menu area there is a hide-password button to see the password as you typed. Also there is a safe mode button that if on when you change the password, you will have to toggle off/on to make changes permanent.
by 2frogs
Mon Mar 22, 2021 4:32 pm
Forum: Scripting
Topic: SCRIPT Works in System Script but no in NETWATCH??? [SOLVED]
Replies: 4
Views: 2823

Re: SCRIPT Works in System Script but no in NETWATCH??? [SOLVED]

Correction: it was 2018. VER 6.42

https://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch

There is an example in the wiki. Create the script with dont-require-permissions=yes.
by 2frogs
Mon Mar 22, 2021 4:17 pm
Forum: Scripting
Topic: SCRIPT Works in System Script but no in NETWATCH??? [SOLVED]
Replies: 4
Views: 2823

Re: SCRIPT Works in System Script but no in NETWATCH??? [SOLVED]

Fetch may also needs permissions not available to Netwatch. These changes were made in response to the 2019 security issues, I believe.
by 2frogs
Mon Mar 22, 2021 2:50 pm
Forum: The Dude
Topic: The Dude and windows 10
Replies: 3
Views: 5423

Re: The Dude and windows 10

Insure your Dude client is the same version as server. I believe with server ver 6.48.1 and client ver 6.48, it was stuck on getting stuff with no upgrade notice.
by 2frogs
Mon Mar 22, 2021 1:51 pm
Forum: Scripting
Topic: SCRIPT Works in System Script but no in NETWATCH??? [SOLVED]
Replies: 4
Views: 2823

Re: SCRIPT Works in System Script but no in NETWATCH??? [SOLVED]

Netwatch (also DHCP, PPP, etc.) lacks permissions to use global variables.

You can create a script where permissions are not required and then call on that script.
by 2frogs
Sat Mar 20, 2021 5:20 pm
Forum: General
Topic: needing netinstall most of the times after restarting the router
Replies: 8
Views: 1324

Re: needing netinstall most of the times after restarting the router

If the 9 volt adapter does not have enough amp rating it could cause strange behavior. The device uses max 7 watts with no attachments which is .8 amps at 9 volts. It has 24 watt max total or 2.7 amps at 9 volts.
by 2frogs
Sat Mar 20, 2021 4:12 pm
Forum: General
Topic: Discovery of external IP address (Noip.com)
Replies: 30
Views: 6111

Re: Discovery of external IP address (Noip.com)

You will have to have port forwarding available on at least one of the modems (No IP is just another DDNS services) or you will have to connect both to third device that has a public IP or the ability to forward ports. There is no magical way of connecting from one network to another directly withou...
by 2frogs
Sat Mar 20, 2021 2:51 pm
Forum: General
Topic: Compromised clients / Firewall question
Replies: 3
Views: 2377

Re: Compromised clients / Firewall question

You are seeing all of those log messages because of this firewall rule: add action=drop chain=forward comment=\ "Drop packets from SMTP spammer address list." log=yes src-address-list=\ "SMTP spammer" The devices you see in the logs have been caught by the SMTP Spammer rules and ...
by 2frogs
Sat Mar 20, 2021 6:25 am
Forum: Wireless Networking
Topic: Indoor PTP links without line of sight
Replies: 11
Views: 2236

Re: Indoor PTP links without line of sight

Have you considered powerline adapters?
https://mikrotik.com/product/pl7510gi
by 2frogs
Sat Mar 20, 2021 5:53 am
Forum: General
Topic: Discovery of external IP address (Noip.com)
Replies: 30
Views: 6111

Re: Discovery of external IP address (Noip.com)

There is a built in DDNS under IP>Cloud.

If you have an update client running on a device in your network, you can enter your DDNS in IP>Firewall>Address List and it will resolve it to your IP.
by 2frogs
Fri Mar 19, 2021 3:37 am
Forum: General
Topic: No access to MT after WinBox reset
Replies: 16
Views: 1656

Re: No access to MT after WinBox reset

In testing I have found that creating a virtual station on a wlan with ap bridge works sometimes and not others (I have done ap bridge on mode station many times with out issue.) Maybe a better solution is to just use the wlan as station temporarily. 1. Make export of current config and save it some...
by 2frogs
Fri Mar 19, 2021 12:57 am
Forum: General
Topic: No access to MT after WinBox reset
Replies: 16
Views: 1656

Re: No access to MT after WinBox reset

If your other MikroTik device has wireless and is in range, you could setup a virtual wireless interface in station mode with a dhcp-client on it. Then use the telnet tools to access the other device.
by 2frogs
Thu Mar 18, 2021 8:59 pm
Forum: General
Topic: I can't connect to my NVRs [SOLVED]
Replies: 12
Views: 4187

Re: I can't connect to my NVRs [SOLVED]

The reason you can't connect to your adsl is because of the /16 (192.168.0.0-192.168.254.254) IP scope you have set. It's IP belong in this range and is being routed out on the bridge instead of your WAN. Looking at your config, I do not see a reason not to use /24 and have a single subnet (192.168....
by 2frogs
Thu Mar 18, 2021 8:37 pm
Forum: General
Topic: No access to MT after WinBox reset
Replies: 16
Views: 1656

Re: No access to MT after WinBox reset

The User Manual from product page: https://help.mikrotik.com/docs/display/UM/mAP+lite Depending on age of the device, the earlier ROS versions may not have had all the safe guards in place or pre-configured differently from a more up to date version. Or possibly had been configured by someone else p...
by 2frogs
Thu Mar 18, 2021 6:39 pm
Forum: Scripting
Topic: Completing a script for checking and updating dynamic ISPs Gateway
Replies: 13
Views: 6752

Re: Completing a script for checking and updating dynamic ISPs Gateway

If I understood your requirements, X.X.X.X/32 (example 111.222.112.221/32) is static IP of data center. From: https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Client bound - 1 - lease is added/changed; 0 - lease is removed So this says when lease is added (new/reboot) or changed to set the gateway for ...
by 2frogs
Thu Mar 18, 2021 6:12 pm
Forum: General
Topic: No access to MT after WinBox reset
Replies: 16
Views: 1656

Re: No access to MT after WinBox reset

It should have a default SSID MikroTik-######(last six octets of wlan1 MAC) with no password.
by 2frogs
Thu Mar 18, 2021 5:57 pm
Forum: General
Topic: No access to MT after WinBox reset
Replies: 16
Views: 1656

Re: No access to MT after WinBox reset

The default config should be Home AP for this device. This means the ether1 is WAN and wlan1 is LAN. The default firewall rules only allow access to the mAP from LAN. You will have to have someone connect to the wireless of the mAP with a device that you can remote into to be able to reconfigure it....
by 2frogs
Thu Mar 18, 2021 5:43 pm
Forum: Scripting
Topic: Completing a script for checking and updating dynamic ISPs Gateway
Replies: 13
Views: 6752

Re: Completing a script for checking and updating dynamic ISPs Gateway

Put this in the script under dhcp-client. It will update only if there is a changed.
:if ($bound=1) do={/ip route set [find dst-address=X.X.X.X/32] gateway=$"gateway-address" }
by 2frogs
Thu Mar 18, 2021 4:16 pm
Forum: Wireless Networking
Topic: extended WiFi to LAN, router --> cAP ac --> LAN clients: works but don't understand 100% why
Replies: 10
Views: 1675

Re: extended WiFi to LAN, router --> cAP ac --> LAN clients: works but don't understand 100% why

The reason you have configure it the way you have has to do with a limitation of the wireless standards. More specifically it has to do with the way MAC addresses are passed from the client to the connected network. In a normal connection, only the MAC of the connected device is seen by the network....
by 2frogs
Wed Mar 17, 2021 9:17 pm
Forum: Wireless Networking
Topic: Transparent L2 bridge via wireless P2P but no LOS
Replies: 1
Views: 810

Re: Transparent L2 bridge via wireless P2P but no LOS

Very straightforward! Use ap-bridge & station-bridge on the pairs.
by 2frogs
Wed Mar 17, 2021 4:14 pm
Forum: Beginner Basics
Topic: No Internet on Wlan bridge [SOLVED]
Replies: 11
Views: 4243

Re: No Internet on Wlan bridge [SOLVED]

On your Bridge1 configuration you have the address 192.168.177.1 set to interface=ether2, this should be set to the Bridge that port salved to, interface=bridge_192.168.177.0.

Also the other IP's for the other ports also slaved to that bridge will also not work.
by 2frogs
Thu Mar 11, 2021 11:52 pm
Forum: Scripting
Topic: since in netwatch [SOLVED]
Replies: 15
Views: 2739

Re: since in netwatch [SOLVED]

I missed the closing ]. I have updated, please try again.
by 2frogs
Wed Mar 10, 2021 6:15 pm
Forum: Scripting
Topic: since in netwatch [SOLVED]
Replies: 15
Views: 2739

Re: since in netwatch [SOLVED]

Try:
:local since [/tool netw get [find where comment=MAIN CONNECTION] since]
My apologies for my other reply, I was pulled away before I could complete my thought and didn't realize I had submitted it.
by 2frogs
Wed Mar 10, 2021 3:11 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 15
Views: 1889

Re: Port Forwarding

I agree with erlinden, your rule seems to be working. As a quick sanity check, you can change the to-port to the same as the first one and see if it opens. It would seem to me that there is an issue with the device you are forwarding to. Either you have the wrong port or it's firewall is not open to...
by 2frogs
Tue Mar 09, 2021 6:48 pm
Forum: Beginner Basics
Topic: Separate network with access to the internet
Replies: 3
Views: 1602

Re: Separate network with access to the internet

Your /interface list members are set incorrectly. You have the individual Interfaces set as members, but the interfaces are slaved to a bridge, so you must use the bridges as the interface. As a result, your firewall filter rules are currently dropping your traffic. You should only need: /interface ...
by 2frogs
Sat Mar 06, 2021 5:59 am
Forum: Scripting
Topic: since in netwatch [SOLVED]
Replies: 15
Views: 2739

Re: since in netwatch [SOLVED]

value-name=since
by 2frogs
Tue Mar 02, 2021 7:10 pm
Forum: Beginner Basics
Topic: Block Router Admin Access from the Wireless Interfaces
Replies: 7
Views: 3784

Re: Block Router Admin Access from the Wireless Interfaces

Another option is to set your device IP or list of IP's in IP> Service.
by 2frogs
Tue Mar 02, 2021 2:45 pm
Forum: General
Topic: RouterOS on USB flash
Replies: 3
Views: 714

Re: RouterOS on USB flash

Did you format the USB disk to Fat32?
by 2frogs
Tue Mar 02, 2021 12:49 am
Forum: Beginner Basics
Topic: Port 22 / SFTP/SSH Being Blocked
Replies: 34
Views: 5103

Re: Port 22 / SFTP/SSH Being Blocked

Export current configuration, then NetInstall current rOS version and Import your configuration. I have seen random weirdness with devices before. I just had to NetInstall a new hAP AC that was in a boot loop straight out of the box.
by 2frogs
Tue Mar 02, 2021 12:13 am
Forum: The Dude
Topic: autoscan and auto deletion for devices in dude
Replies: 1
Views: 4236

Re: autoscan and auto deletion for devices in dude

I wouldn't think so since the whole purpose of The Dude is to monitor devices and their state. How would The Dude know the difference between a device that is down that is supposed to up? Or a device no longer connected to your network that no longer needs monitoring?
by 2frogs
Tue Mar 02, 2021 12:10 am
Forum: General
Topic: winbox multiple instances/databases
Replies: 5
Views: 816

Re: winbox multiple instances/databases

Why not use Group in Advanced Mode.
by 2frogs
Fri Feb 26, 2021 7:16 pm
Forum: Scripting
Topic: Help with Script to read routes and create import file of FW addresses
Replies: 7
Views: 2174

Re: Help with Script to read routes and create import file of FW addresses

Variables have a 4096 byte limit. Instead of writing from an array, just amend the file. It is similar to amending an array. Here is an example: /file print file=test; :delay 2s; /file set test.txt contents="/ip firewall address-list\n"; :foreach i in=[/ip firewall address-list find where ...
by 2frogs
Tue Feb 23, 2021 6:41 pm
Forum: General
Topic: Winbox Question
Replies: 8
Views: 1386

Re: Winbox Question

Open Winbox, Tools>Move Session Folder. Set to something other than your desktop.
by 2frogs
Tue Feb 23, 2021 5:53 pm
Forum: Beginner Basics
Topic: How do I manage WISP AP via WebUI?
Replies: 10
Views: 4822

Re: How do I manage WISP AP via WebUI?

Less of a works-as-expected and more of a you-cant-mikrotik... I gave up! 😕
by 2frogs
Thu Feb 11, 2021 9:15 pm
Forum: Scripting
Topic: Disable or Enable any item in mikrotik by using Terminal
Replies: 2
Views: 3622

Re: Disable or Enable any item in mikrotik by using Terminal

You was in the wrong menu. Lists can only be added or removed, but members can be disable. Sometimes the flow between Winbox and CLI can be seeming backwards...
interface list member set [find list=POE] disabled=yes
by 2frogs
Thu Feb 11, 2021 6:25 am
Forum: Scripting
Topic: local dictionary variable persisting between runs [SOLVED]
Replies: 14
Views: 3301

Re: local dictionary variable persisting between runs [SOLVED]

You can narrow the scope for the local variable to help mitigate the issue: global main do={ #populate dict with values based on given name if ($1="bob") do={ local dict ({}) set ($dict->"name") "bob" set ($dict->"address") "maple st." set ($dict->&q...
by 2frogs
Wed Feb 10, 2021 4:45 pm
Forum: Beginner Basics
Topic: Groove connecting to wifi but not passing IP to Routerboard
Replies: 8
Views: 2329

Re: Groove connecting to wifi but not passing IP to Routerboard

I would use the Groove in CPE mode and the hAP in WISP AP mode. First reset the Groove to factory default. Then insure the mode on Quickset is set to CPE. You should be able to use the Quickset to connect to an AP, browse the Internet and update the Groove when connected directly to it. Next, reset ...
by 2frogs
Tue Feb 09, 2021 4:54 am
Forum: Scripting
Topic: string to ip data type [SOLVED]
Replies: 2
Views: 1489

Re: string to ip data type [SOLVED]

Are you getting a blank space in your $dnsIp by chance? As expected: :local dnsIp "172.0.0.1"; :put "length=$[:len $dnsIp]"; :put "v alue=$dnsIp"; :put "type=$[:typeof $dnsIp]"; :set $dnsIp [:toip $dnsIp]; :put "v alue=$dnsIp"; :put "type=$[type...
by 2frogs
Mon Feb 08, 2021 11:50 pm
Forum: Beginner Basics
Topic: Port 22 / SFTP/SSH Being Blocked
Replies: 34
Views: 5103

Re: Port 22 / SFTP/SSH Being Blocked

Have you tried with:
/ip ssh
set forwarding-enabled=no
by 2frogs
Mon Feb 08, 2021 3:43 pm
Forum: Scripting
Topic: Please help to see this script for batch adding add-list [SOLVED]
Replies: 4
Views: 3228

Re: Please help to see this script for batch adding add-list [SOLVED]

:for i from=1 to=50 do={/ip firewall address-list add list="user_$i" address="172.16.1.$(($i*5)-4)-172.16.1.$($i*5)"}
by 2frogs
Wed Dec 30, 2020 3:43 pm
Forum: Beginner Basics
Topic: How do I manage WISP AP via WebUI?
Replies: 10
Views: 4822

Re: How do I manage WISP AP via WebUI?

I have discovered there is a flaw in the script that the Quickset uses to change to WISP AP. It leaves intact and active the default firewall rules, including the Drop Input not from the Interface-List LAN. It also removes the Bridge Interface from this list and only adds the individual Interfaces (...
by 2frogs
Sun May 31, 2020 7:52 pm
Forum: Beginner Basics
Topic: hAP AC2 management problem [SOLVED]
Replies: 4
Views: 1663

Re: hAP AC2 management problem [SOLVED]

Disable the firewall rules before changing to WISP AP. The Quickset is broken, when you make the change it removes the bridge from interface-list=LAN and this causes the firewall filter input rules to drop IP traffic to the router. If you use Winbox, you can connect to the device using the MAC inste...
by 2frogs
Sun May 31, 2020 5:59 pm
Forum: Wireless Networking
Topic: Netmetal AC2 Disappointments [SOLVED]
Replies: 30
Views: 12872

Re: Netmetal AC2 Disappointments [SOLVED]

Anav, you need to read up on antenna radiation patterns. Antennas radiate their power in lobes, even omni antennas. The more directional the antenna, the more the lobes are concentrated in one direction and typically there are more lobes. Back lobes are what you need to pay attention to. They radiat...
by 2frogs
Sun May 31, 2020 5:02 am
Forum: Scripting
Topic: [Hotspot] Redirect new devices on external website, cut connection if skipped
Replies: 1
Views: 988

Re: [Hotspot] Redirect new devices on external website, cut connection if skipped

Redirect to your page first and have the login on it (or a link to a separate login page.) This way both android and ios devices will see your advertisements.
by 2frogs
Sat May 30, 2020 5:34 pm
Forum: Beginner Basics
Topic: Redirect outgoing DNS requets to internal DNS server
Replies: 15
Views: 21022

Re: Redirect outgoing DNS requets to internal DNS server

Your firewall is dropping the traffic. 172.16.0.0/24 is included in the address-list=not_from_intrrnet and is being dropped.
by 2frogs
Sat May 30, 2020 3:53 pm
Forum: Beginner Basics
Topic: Redirect outgoing DNS requets to internal DNS server
Replies: 15
Views: 21022

Re: Redirect outgoing DNS requets to internal DNS server

Please post your full config. Use “/export hide-sensitive file=myexport” and this will create a myexport.src file you can download and edit with your favorite txt editor. The use of ether2 with slaves is outdated, so you may need to change your IPs to be on your “bridge”. Or you need to consider upd...
by 2frogs
Sat May 30, 2020 12:38 am
Forum: Wireless Networking
Topic: Netmetal AC2 Disappointments [SOLVED]
Replies: 30
Views: 12872

Re: Netmetal AC2 Disappointments [SOLVED]

Long range on Mikrotik marketing is usually referring to multiple km with high gain antennas and not covering a back yard.

The wAP AC has 3 chains on 5ghz compared to 2 chains of the netmetal. And the wAP is the same enclosure as the wireless wire (wAPG-60adkit), so it will be just fine outdoors.
by 2frogs
Sat May 30, 2020 12:03 am
Forum: Wireless Networking
Topic: Netmetal AC2 Disappointments [SOLVED]
Replies: 30
Views: 12872

Re: Netmetal AC2 Disappointments [SOLVED]

PS. The netmetal is what I would get for outdoor and probably with an antenna that has a 180 sector such that I dont get leakage into the house area. This is why you should not be giving product advice! A netmetal with sector is such bad advice for a home user. By the way, the best value Outdoor pr...
by 2frogs
Fri May 29, 2020 4:15 pm
Forum: Wireless Networking
Topic: How to measure WiFi performance from a Mikrotik AP to a Mac? [SOLVED]
Replies: 6
Views: 6607

Re: How to measure WiFi performance from a Mikrotik AP to a Mac? [SOLVED]

Testing with the built in tools should not be used a true measure of performance as it uses the cpu for both the test and connectivity.

Only use iperf (or similar) between 2 capable PCs as a true measure of performance. Connect the 2 PCs directly and test first to see what they are capable of.
by 2frogs
Wed May 27, 2020 8:22 pm
Forum: Beginner Basics
Topic: Redirect outgoing DNS requets to internal DNS server
Replies: 15
Views: 21022

Re: Redirect outgoing DNS requets to internal DNS server

Using dstnat is correct for changing the destination no matter if it is incoming or outgoing! I would suggest changing the ip scope of the pi-hole to outside your lan ip scope. This way you can see individual devises on your pi-hole instead of the router. Add something like 172.16.0.1/24 to the same...
by 2frogs
Wed May 27, 2020 2:32 pm
Forum: Beginner Basics
Topic: What's wrong with this NAT command ?
Replies: 5
Views: 1694

Re: What's wrong with this NAT command ?

Use in-interface or out-interface to use interface name.

You have to define the interface list if you want to use in-interface-list or out-interface-list.
/interface list
add name=WAN

/interface list member
add list=WAN interface=wan
by 2frogs
Fri May 22, 2020 5:14 pm
Forum: Wireless Networking
Topic: Wi-Fi download speed in RB751U-2HnD
Replies: 5
Views: 1698

Re: Wi-Fi download speed in RB751U-2HnD

Use export instead of print:
/interface wireless export
You should now see if tx-chain=0 or tx-chain=1. It should be tx-chain=0,1. You can change it using:
/interface wireless set wlan1 tx-chain=0,1
by 2frogs
Thu May 21, 2020 11:35 pm
Forum: General
Topic: Hotspot Dynamic and Authorized Host
Replies: 2
Views: 1779

Re: Hotspot Dynamic and Authorized Host

It is because you have set an address-pool at either /ip hotspot or /ip hotspot user profile. Change both to address-pool=none. Setting an address-pool was intended to help device that might a static IP set in their setting be a able to still connect to the hotspot. That is no longer a common practi...
by 2frogs
Thu May 21, 2020 6:10 pm
Forum: Beginner Basics
Topic: Internet stop working / DNS Issue
Replies: 10
Views: 3852

Re: Internet stop working / DNS Issue

It was most likely the use of Quickset after you had already made changes. Quickset relies on basic scripts to make the changes and if you make changes outside of Quickset, it has know way allowing for your changes. And there are other instances of Quickset just being broke. If can avoid it using it...
by 2frogs
Wed May 20, 2020 5:57 pm
Forum: General
Topic: print built in RouterOS variables
Replies: 8
Views: 6461

Re: print built in RouterOS variables

[tab] button is your best friend in RouterOS.

/[tab] - will show you directory and available commands for that directory

/int[tab] > /interface - auto completes

/interface set [tab] - will show all variables
by 2frogs
Tue May 19, 2020 7:45 pm
Forum: Beginner Basics
Topic: Internet stop working / DNS Issue
Replies: 10
Views: 3852

Re: Internet stop working / DNS Issue

I don’t see a dhcp client.
/ip dhcp-client add interface=lte
The only other odd thing is a blank interface-list-member.
by 2frogs
Tue May 19, 2020 5:53 pm
Forum: Beginner Basics
Topic: Internet stop working / DNS Issue
Replies: 10
Views: 3852

Re: Internet stop working / DNS Issue

/export hide-sensitive file=myconfig
Download myconfig.rsc from Files and edit with your favorite txt editor. Post content.
by 2frogs
Tue May 19, 2020 5:16 pm
Forum: Beginner Basics
Topic: Where do I set the default mode "station" on webfig?
Replies: 12
Views: 3613

Re: Where do I set the default mode "station" on webfig?

In Quickset it is the very top drop down box, you want “CPE”, but I highly recommend NOT using Quickset as it has a bad habit of breaking things. Just Don’t! I only provided it as one of the places this change could be made... Issue this command in terminal: /interface wireless set wlan1 mode=statio...
by 2frogs
Tue May 19, 2020 3:47 pm
Forum: Beginner Basics
Topic: Does RouterOS block NTP traffic by default? [SOLVED]
Replies: 23
Views: 15852

Re: Does RouterOS block NTP traffic by default? [SOLVED]

Auto correct victim.... or poor typing skills....

“ I didn’t say they should.”
by 2frogs
Tue May 19, 2020 3:15 pm
Forum: Beginner Basics
Topic: Does RouterOS block NTP traffic by default? [SOLVED]
Replies: 23
Views: 15852

Re: Does RouterOS block NTP traffic by default? [SOLVED]

I didn’t say they should! It could be done in a poor attempt to redirect to their own server. Or a Mom/Pop shop that just doesn’t know any better.

The fact the OP stated this was ongoing from before his Mikrotik router implies to me it is the ISP.
by 2frogs
Tue May 19, 2020 1:59 pm
Forum: Beginner Basics
Topic: Does RouterOS block NTP traffic by default? [SOLVED]
Replies: 23
Views: 15852

Re: Does RouterOS block NTP traffic by default? [SOLVED]

I believe both of the previous responses was either backwards or missed the mark, so I am going to give my 2 cents. When you are connecting to a time server, you do so on port 123. This is no different from http on port 80 and https on port 443. The return port is what will be random. Your device wi...
by 2frogs
Tue May 19, 2020 5:43 am
Forum: Beginner Basics
Topic: How to port forward and access my ISM modem device
Replies: 1
Views: 770

Re: How to port forward and access my ISM modem device

If the modem is in bridge mode, your will need to add an IP address to the interface that it is connected to on the Mikrotik in the range that the modem is in. For example; If your Modem has an IP of 192.168.1.1 and connected to ether1, you would add 192.168.1.2/24 to ether1. /ip address add address...
by 2frogs
Tue May 19, 2020 5:14 am
Forum: Beginner Basics
Topic: Failed to connect to internet
Replies: 16
Views: 5772

Re: Failed to connect to internet

If you plug into the modem directly with your PC or connect to its wireless, do you get an IP from it? Are you able to browse the Internet or ping Internet IPs? If you are having to set an IP in the range of your modem to ping it/ access its web interface, then it is most likely in bridge mode. This...
by 2frogs
Mon May 18, 2020 8:14 pm
Forum: Beginner Basics
Topic: Outdoor AP? [SOLVED]
Replies: 8
Views: 6675

Re: Outdoor AP? [SOLVED]

The wAP AC is an excellent outdoor AP.
https://mikrotik.com/product/RBwAPG-5HacT2HnD
by 2frogs
Mon May 18, 2020 7:29 pm
Forum: Beginner Basics
Topic: Where do I set the default mode "station" on webfig?
Replies: 12
Views: 3613

Re: Where do I set the default mode "station" on webfig?

If mode=station keeps changing to mode=station-wds then it is being changed on Quickset, /interface/wireless or by a script. A WDS link is still possible if mode=station and mode-wds is not =disabled.
by 2frogs
Mon May 18, 2020 3:03 pm
Forum: Beginner Basics
Topic: Failed to connect to internet
Replies: 16
Views: 5772

Re: Failed to connect to internet

1. & 2. look good. 3. action=srcnat is normally used when you have multiple IPs on your WAN interface. Using src-address as an example, you could have 1 internal IP use one external IP while the rest of your internal IPs use another. action=masquerade is the default because it works well with a ...
by 2frogs
Mon May 18, 2020 2:04 am
Forum: Beginner Basics
Topic: Failed to connect to internet
Replies: 16
Views: 5772

Re: Failed to connect to internet

First, thank you for your help. Here is the configuration # jan/02/1970 04:56:35 by RouterOS 6.46.5 # software id = YCEF-KZ52 # # model = RB941-2nD # serial number = D1130BA3F321 /interface bridge add admin-mac=C4:AD:34:C9:6E:47 auto-mac=no comment=defconf name=bridge /interface wireless set [ find...
by 2frogs
Sat May 16, 2020 10:33 pm
Forum: General
Topic: Solution needed: router PoE + WIreless
Replies: 6
Views: 2010

Re: Solution needed: router PoE + WIreless

https://mikrotik.com/product/RB750UPr2 The RB750UPr2 is only rated to 30v. It includes a 24v power supply. https://mikrotik.com/product/RB960PGS The RB960PGS (HEX POE) is rated to 57v and includes a 24v power supply. It is passive power, so it will supply what ever you input to it. All Mikrotik POE ...
by 2frogs
Sat May 16, 2020 7:24 pm
Forum: Scripting
Topic: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]
Replies: 25
Views: 18463

Re: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]

An alternate would be to use something like:
/interface bridge host print
:D

It won't get you the address, but it will get you mac-address and interface it is on. You could then combine this with data from the /ip dhcp-server lease of your router.
by 2frogs
Sat May 16, 2020 7:09 pm
Forum: Scripting
Topic: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]
Replies: 25
Views: 18463

Re: How to get IP, MAC, EtherPort for all currently active EtherPorts? [SOLVED]

Since all your ethernet port are slaved to the bridge, only the bridge will show as the interface. You can change the script to: { :local ethlist; :local buffer; :local fileName "address-list"; :foreach i1 in=[/interface find running=yes] do={:set $ethlist [/interface get $i1 value-name=na...
by 2frogs
Sat May 16, 2020 5:54 pm
Forum: Scripting
Topic: Create list of interfaces in a loop [SOLVED]
Replies: 2
Views: 2799

Re: Create list of interfaces in a loop [SOLVED]

:foreach i in=[/interface bridge port find where bridge="bro"] do={/interface bridge port set $i pvid=10}
:D
by 2frogs
Sat May 16, 2020 5:19 am
Forum: Scripting
Topic: Address Lists [SOLVED]
Replies: 2
Views: 4682

Re: Address Lists [SOLVED]

:foreach i in=[/ip fire add find where list=name address~".net"] do={:if ([/ping [/ip fire add get $i value-name=address] interval=1s count=5]>0) do={/ ip fire add set $i timeout=30d}}
:D
by 2frogs
Fri May 15, 2020 6:01 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 4273

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

@bpwl This is a Ubiquiti issue. The clients routers are not getting DHCP from the Ubiquiti CPE. I use Mikrotiks at all my towers, using DHCP to hand the IP to the Ubiquiti radios. The radio is configured to then hand out an IP to the customers router . @jakkwb You might try changing lease time to 86...
by 2frogs
Fri May 15, 2020 5:13 pm
Forum: General
Topic: Static DNS best practice with dedicated server
Replies: 7
Views: 2342

Re: Static DNS best practice with dedicated server

@anav 1. Not sure what you mean!?!? (leave on tcp,upd :53) 2. I believe this would be best, so if there is an issue with it you can redirect to somewhere else. (see 9.) 3. This would be more personal preference. I only use vlan for my Guest network. 4. 192.168.254.1 is pi-Hole in this example: /ip d...
by 2frogs
Thu May 14, 2020 8:05 pm
Forum: General
Topic: Dual WAN 1 LAN with NAT configuration [SOLVED]
Replies: 27
Views: 7669

Re: Dual WAN 1 LAN with NAT configuration [SOLVED]

This is a strange way of handing out multiple IPs. It is usually considered to be a big No-No to make multiple connections to the same device. You normally have to configure manually for the additional IPs. You might contact your ISP to be sure you have done this correctly.
by 2frogs
Thu May 14, 2020 7:43 pm
Forum: General
Topic: Static DNS best practice with dedicated server
Replies: 7
Views: 2342

Re: Static DNS best practice with dedicated server

It has it's drawbacks as well! When forwarding, the Pi-hole only sees the Router as a client, so the per client/group blocking won't work. Devices on my network only get 1.1.1.1 & 1.0.0.1, so if I was to disable both sets of NAT rules the devices would still have functioning DNS. I originally ha...
by 2frogs
Thu May 14, 2020 8:28 am
Forum: General
Topic: Dual WAN 1 LAN with NAT configuration [SOLVED]
Replies: 27
Views: 7669

Re: Dual WAN 1 LAN with NAT configuration [SOLVED]

Your firewall rules need a lot of work! chain=input is for traffic going to the router it's self (Webfig, Winbox, Ping, DNS, etc.) chain=forward is for any traffic being forwarded by the router (from one interface to another.) All the rules you added mostly belonged to the chain=forward since it was...
by 2frogs
Thu May 14, 2020 6:59 am
Forum: General
Topic: Static DNS best practice with dedicated server
Replies: 7
Views: 2342

Re: Static DNS best practice with dedicated server

Not sure if is proper way of handling DNS, but I left Cloudflare as DNS under DHCP-Server>Network and use NAT to redirect to my Pi-hole instance. My Pi-hole has the router set as it's DNS so that I could use Static DNS and the router had Cloudflare set for it's DNS. I have some that I don't want goi...
by 2frogs
Wed May 13, 2020 5:00 pm
Forum: General
Topic: Dual WAN 1 LAN with NAT configuration [SOLVED]
Replies: 27
Views: 7669

Re: Dual WAN 1 LAN with NAT configuration [SOLVED]

I am going to ask the more obvious! Are you using the default firewall? And did you add ETH3-WAN2 to WAN Interface List?
by 2frogs
Tue May 12, 2020 12:41 am
Forum: Beginner Basics
Topic: Internet stop working / DNS Issue
Replies: 10
Views: 3852

Re: Internet stop working / DNS Issue

Looks like you are not getting an IP Address on LTE. On your Quick Set page it is empty. And when you pinged 8.8.8.8, which you don’t need DNS to ping IP, it returned “ no route to host”.
by 2frogs
Sun May 10, 2020 7:11 am
Forum: Beginner Basics
Topic: remote forwarding remote winbox issue [SOLVED]
Replies: 14
Views: 8145

Re: remote forwarding remote winbox issue [SOLVED]

dstnat: in :pppoe-out1 out:(unknown 0), proto TCP (SYN), 110.54.222.111:49667->101.58.69.xx:3389, len48
You have log=yes (checked), this is the log showing a connection. This is not an error message. Was the client unable to connect to the router?
by 2frogs
Sun May 10, 2020 7:01 am
Forum: Beginner Basics
Topic: Configure as router and gateway to home wifi
Replies: 1
Views: 823

Re: Configure as router and gateway to home wifi

Using Mikrotik Winbox instead of Webfig is the best option. You should be able to connect to the device using the MAC Address to configure your device. It is also best practice to reset the device without default configuration and configure it manually than trying to rely on the basic scripts in the...
by 2frogs
Sat May 09, 2020 7:15 pm
Forum: Forwarding Protocols
Topic: port forwading
Replies: 13
Views: 3686

Re: port forwading

For the Hotspot to work correctly, it requires internet access so that any html queries can be redirected to the Hotspot login.html landing page. Instead of trying to redirect with firewall, it would be easier to edit the login.html to: <head> <meta http-equiv="refresh" content="5; UR...
by 2frogs
Sat May 09, 2020 4:46 pm
Forum: Beginner Basics
Topic: How to do Mikrotik hotspot who redirects the user to the company website, without login page. [SOLVED]
Replies: 5
Views: 4998

Re: How to do Mikrotik hotspot who redirects the user to the company website, without login page. [SOLVED]

This is what I use with success; <head> <meta http-equiv="refresh" content="0; URL=https://www.yoururl.com/" /> </head> <body> <p>If you are not redirected in five seconds, <a href="https://www.yoururl.com/">click here</a>.</p> </body> Just replace the html code with th...
by 2frogs
Wed Feb 12, 2020 4:48 pm
Forum: General
Topic: Chromecast sleepmode issue
Replies: 25
Views: 6317

Re: Chromecast sleepmode issue

Try increasing DHCP lease-timeout=1d . I know Apple things have issues with the short default lease time.

Edit: just re-read your last post where you changed it, but it might not have been long enough.
by 2frogs
Wed Jan 22, 2020 5:08 pm
Forum: General
Topic: Hotspot already logged in via and status is Active but just stuck at login page and can't go Internet
Replies: 2
Views: 1301

Re: Hotspot already logged in via and status is Active but just stuck at login page and can't go Internet

I have seen lots of explanations of why, most are centered around temporary network issues or bad client devices/drivers. The best solution is to disable the 1:1 NAT by setting the dhcp-pool=none. The 1:1 NAT was introduced to allow devices that had a static IP Address configured to be able to conne...
by 2frogs
Fri Sep 20, 2019 9:30 am
Forum: Beginner Basics
Topic: WAN's seem happy, but no Internet Access
Replies: 2
Views: 1136

Re: WAN's seem happy, but no Internet Access

/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
You will need to disable fasttrack as it will break mangle rules.
by 2frogs
Fri Sep 20, 2019 9:06 am
Forum: Beginner Basics
Topic: Trouble Forwarding Ports [SOLVED]
Replies: 2
Views: 1469

Re: Trouble Forwarding Ports [SOLVED]

Have you set the cable modem to forward the ports to the mikrotik? I see references to a 192.168.1.1 address in a couple of locations that I am assuming is your cable router. If your mikrotik is getting DHCP from 192.168.1.1 and has an 192.168.1.xxx IP, you will have to forward those ports on the ca...
by 2frogs
Fri Sep 20, 2019 8:36 am
Forum: Beginner Basics
Topic: Setup VPN with Mikrotik
Replies: 6
Views: 2468

Re: Setup VPN with Mikrotik

add action=accept chain=input dst-port=1723 comment="accept PPTP" protocol=tcp This needs to go either above or below the "defcon: accept ICMP" because the order matters. Also, chain=input is for any thing going to the router itself. And chain=forward is anything being forwarded...
by 2frogs
Fri Sep 20, 2019 8:07 am
Forum: Beginner Basics
Topic: Licensing question, demo
Replies: 2
Views: 1229

Re: Licensing question, demo

https://wiki.mikrotik.com/wiki/Manual:License https://wiki.mikrotik.com/wiki/Manual:CHR#Free_licenses In short the x86 version has a 24hr demo (level 0) or a very limited demo (level 1.) The CHR has a free version, limited to 1mpbs/interface. Or 60 day trial mode for any CHR License Levels (P1, P10,...
by 2frogs
Fri Sep 20, 2019 7:49 am
Forum: Beginner Basics
Topic: Port forwarding dynamic IP [SOLVED]
Replies: 5
Views: 18515

Re: Port forwarding dynamic IP [SOLVED]

/ip firewall nat add chain=dstnat dst-address=!192.168.88.1 dst-port=80 protocol=tcp dst-address-type=local to-address=192.168.88.253 You can enable the DDNS under IP>Cloud and use the DDNS to access the device. You could also use the DDNS to do the dstnat: /ip firewall address-list add address=you...
by 2frogs
Sun Sep 15, 2019 1:22 am
Forum: Wireless Networking
Topic: wireless bridge problems
Replies: 2
Views: 1630

Re: wireless bridge problems

On the RBMetal, change mode=bridge to mode=ap-bridge, mode=bridge only allows 1 connected client. /interface wireless set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce \ disabled=no hide-ssid=yes mode=ap-bridge security-profile=profile1 ssid=\ <SSID HERE> wps-mode=disabled
by 2frogs
Tue Sep 10, 2019 6:04 am
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 6253

Re: Bit confused by the existence of the hAP AC Lite?

One use case would be vdsl2 areas where the 2.4ghz bands are overcrowded and all but unusable. Another would be for wireless internet providers that use 2.4ghz bands to distribute internet, they can provide a router they can set to not interfere with the channel they are using to connect that client.
by 2frogs
Sat Sep 07, 2019 4:40 pm
Forum: Beginner Basics
Topic: Somehow im blind
Replies: 5
Views: 2003

Re: Somehow im blind

First issue is that the LAN IP address should be on the bridge interface since it is the master and ether2 is slaved to it.

Second, is that your NAT rule has your IP scope on src-address-list instead of src-address. You could define an address-list and use that instead.
by 2frogs
Tue Sep 03, 2019 5:14 am
Forum: Wireless Networking
Topic: Hotspot woes, users having to keep signing in
Replies: 1
Views: 1173

Re: Hotspot woes, users having to keep signing in

Usually seeing the same MAC with multiple IPs is caused from having a pool set in the hotspot or from having dhcp lease times set too short. Setting a IP pool in the hotspot will create a 1:1 NAT for devices that have a static IP. And sometimes it will NAT devices that received a IP from the dhcp se...
by 2frogs
Sat Aug 17, 2019 4:34 am
Forum: Beginner Basics
Topic: can only get a dynamic ip on bridge interface
Replies: 10
Views: 3951

Re: can only get a dynamic ip on bridge interface

If you plug your computer into the cable that is on ether1, does it get an IP address. If it does, make sure it is not in the same range as your router (ie 192.168.88.0/24). I don't see anything in config that would prevent it from obtaining an IP.
by 2frogs
Thu Aug 15, 2019 9:41 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 9496

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

On CRS, navigate to IP>Addresses. Or
/ip address remove [find address="192.168.88.1/24"]
The address is most likely a left-over from the default config.
by 2frogs
Thu Aug 15, 2019 7:08 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 9496

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

Since you have a dhcp-client on bridge, just remove the 192.168.88.1/24 address
by 2frogs
Thu Aug 15, 2019 3:08 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 9496

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

Change: add action=masquerade chain=srcnat comment=LetsencrypLocal dst-address=192.168.88.254 \ dst-port=180,1443 protocol=tcp to add action=masquerade chain=srcnat comment=Hairpin NAT dst-address=192.168.88.0/24 src-address=192.168.88.0/24 as SOB suggested as it is universal. Do you have any static...
by 2frogs
Wed Aug 14, 2019 6:03 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 9496

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

And you have flushed dns on your device?
What is doing or not doing?
Can you provide:
/ip firewall nat export
by 2frogs
Mon Aug 12, 2019 9:02 pm
Forum: General
Topic: Simple Queue not working unless torch is running
Replies: 2
Views: 1260

Re: Simple Queue not working unless torch is running

Try disabling the fast-track firewall rules.
by 2frogs
Sun Aug 11, 2019 5:44 am
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 9496

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

@sebastia

I believe you missed that the server is on ports 180 & 1443. Static DNS entries will not work in this case as it points to ports 80 & 443.
by 2frogs
Sat Aug 10, 2019 3:21 pm
Forum: Beginner Basics
Topic: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server
Replies: 26
Views: 9496

Re: New to Mikrotik trying to setup portforwarding for letsencrypt nginx on unraid server

Instead of the DNS trick, try correcting your dst-nat rules. If you have a static IP: /ip firewall nat add action=dst-nat chain=dstnat comment=Letsencrypt dst-port=80 dst-address=your.external.ip.address protocol=tcp to-addresses=192.168.88.245 to-ports=180 add action=dst-nat chain=dstnat comment=Le...
by 2frogs
Thu Aug 08, 2019 9:10 pm
Forum: Beginner Basics
Topic: wifi speed - 2 clients only
Replies: 2
Views: 1389

Re: wifi speed - 2 clients only

What you are seeing is normal. The data rate is the combined theoretically possible rate for upload and download. Since the AP and Client can only send or receive and do so to a single device at a time it will half the data rate. And as you noticed, if you connect a second device and try to download...
by 2frogs
Thu Aug 08, 2019 4:28 pm
Forum: Beginner Basics
Topic: MikroTik wAP as wireless client?
Replies: 4
Views: 6018

Re: MikroTik wAP as wireless client?

The best way to set it up is to use Winbox to reset without default and configure it manually. Once you have reset the wAP, you will have to connect to it using it MAC Address. Now you can setup a bridge and add ether1 and wlan1 to it. And now configure wlan1 to be a station with the proper SSID and...
by 2frogs
Thu Aug 08, 2019 7:45 am
Forum: Wireless Networking
Topic: Hotspot Mikrotik Customization
Replies: 2
Views: 1494

Re: Hotspot Mikrotik Customization

The Hotspot Trial user is perfect for what you want. You can edit the default login.html to remove the login box and use the trial user link as the "click here" to agree. https://wiki.mikrotik.com/wiki/Manual:Hotspot_Introduction https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot https://wik...
by 2frogs
Thu Aug 08, 2019 7:30 am
Forum: Scripting
Topic: Failover script to call another script
Replies: 1
Views: 2014

Re: Failover script to call another script

So if you put these in terminal they run, but not from the script? /system script run firewall-to-backup /system script run firewall-to-main You could also change from using in/out-interface to interface-list and not have to change the firewall rules at all: /interface list add comment=defconf name=...
by 2frogs
Thu Aug 08, 2019 6:33 am
Forum: Beginner Basics
Topic: simultaneous user logins
Replies: 2
Views: 1172

Re: simultaneous user logins

/tool user-manager user set [find shared-users=unlimited] shared-users=1
by 2frogs
Thu Aug 01, 2019 6:35 am
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 3696

Re: Very simple VLAN

You mentioned untagging/tagging is why I suggested a bridge. But yes, you can put the IP and DHCP Server directly on vlan1. And you can then remove the bridge port for vlan1 as it is not needed.
by 2frogs
Thu Aug 01, 2019 5:16 am
Forum: Beginner Basics
Topic: VPN problem between local LAN and VPN clients
Replies: 3
Views: 1470

Re: VPN problem between local LAN and VPN clients

Do you have a static route to your LAN set on the Synology and a static route to the Synology from the Router?
by 2frogs
Thu Aug 01, 2019 4:59 am
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 3696

Re: Very simple VLAN

I believe you need to create a new bridge for the vlan and add IP and DHCP Server to the new bridge. Then change the bridge port for vlan1 to the new bridge. /interface bridge add name=vlan1-bridge /interface bridge port add bridge=vlan1-bridge interface=vlan1 The rest of your config should remain t...
by 2frogs
Wed Jul 31, 2019 4:30 pm
Forum: Wireless Networking
Topic: Help with a wireless backbone
Replies: 3
Views: 1485

Re: Help with a wireless backbone

You will need to use vlans, but having two networks in both buildings should not be a problem. There are many tutorials and examples on this forum and elsewhere. You will need a clan capable switch. Or if you only need a few ports and it is indoors you can use something like an hAP-AC/hAP-AC2 and br...
by 2frogs
Wed Jul 31, 2019 2:33 am
Forum: Wireless Networking
Topic: Help with a wireless backbone
Replies: 3
Views: 1485

Re: Help with a wireless backbone

I would use the Wireless Wire to bridge the buildings as it can provide wire speeds.
by 2frogs
Tue Jul 30, 2019 5:35 am
Forum: General
Topic: Mikrotik Mobile App [SOLVED]
Replies: 2
Views: 1721

Re: Mikrotik Mobile App [SOLVED]

The app uses the Winbox port to connect. You can specify the correct port in the address field of app like; 192.168.88.1:1234
by 2frogs
Fri Jul 26, 2019 2:23 pm
Forum: Wireless Networking
Topic: Faile to add queue
Replies: 1
Views: 863

Re: Faile to add queue

From Terminal run this command:
/export hide-sensitive file=export
Download and edit the export.rsc using a text editor to remove any public ips or identifying information and paste using the code wrapper [ code][ /code].
by 2frogs
Fri Jul 26, 2019 2:11 pm
Forum: General
Topic: Ovpn server on separate pool cannot reach lan
Replies: 4
Views: 2382

Re: Ovpn server on separate pool cannot reach lan

Try adding this to the top of your mangle rules:
/ip firewall mangle
add action=accept chain=prerouting dst-address=10.255.255.0/24 in-interface=bridge
I believe your rules are too loose and catching any traffic from your LAN to VPN IP ranges.
by 2frogs
Thu Jul 25, 2019 7:35 am
Forum: General
Topic: Need to set up access to NAS openvpn
Replies: 45
Views: 8491

Re: Need to set up access to NAS openvpn

Thought I would let you know that L2TP/IPSec is not any better. I have a TS-431XeU with AnnapurnaLabs Alpine AL-314 32-bit ARM® Cortex-A15 quad-core 1.7GHz processor and 10-11MB/s is all it will do at 40% CPU usage. QVPN represents only 10% CPU usage.
by 2frogs
Tue Jul 23, 2019 12:15 am
Forum: Wireless Networking
Topic: 6 x 60G AP Sectors Area Configuration Thread
Replies: 5
Views: 2047

Re: 6 x 60G AP Sectors Area Configuration Thread

Separation will do wonders too. Both horizontal and vertical. Any radio device back to back on a mast is usually a bad idea. 2-3 meters vertically and 1 horizontal is about minimal in my opinion.
by 2frogs
Mon Jul 22, 2019 9:25 pm
Forum: General
Topic: Can't access Winbox from VPN - OpenVpn
Replies: 4
Views: 6859

Re: Can't access Winbox from VPN - OpenVpn

/ip firewall filter 
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
This rule, since no interfaces are listed and it is above the drop rule (they are processed in order), allows pings from any where.
by 2frogs
Mon Jul 22, 2019 9:02 pm
Forum: General
Topic: Can't access Winbox from VPN - OpenVpn
Replies: 4
Views: 6859

Re: Can't access Winbox from VPN - OpenVpn

This rule is blocking access: /ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN Your VPN is not included in interface-list. You can add it under /ppp profiles: /ppp profile add local-address=192.168.1.1 name=Ovpn-profil...
by 2frogs
Sat Jul 20, 2019 3:52 am
Forum: Beginner Basics
Topic: RBwAPG-60ad IP Settings
Replies: 1
Views: 1094

Re: RBwAPG-60ad IP Settings

The bridge is the correct place for the dhcp-client as it is the master interface. It looks like the quick-set is broken, but since it is based off of simple scripts it is limited in functionality and should not be used passed initial setup anyway.
by 2frogs
Sat Jul 20, 2019 3:05 am
Forum: Scripting
Topic: am i missing something???
Replies: 2
Views: 2021

Re: am i missing something???

:if ([:len [/ip ipsec policy find dst-address=10.0.0.0/16]]=0) do={:put "Not Found" } else={:put "Found"} Or :if ([:len [/ip ipsec policy find dst-address=10.0.0.0/16]]>0) do={:put "Found"} el se={:put "Not Found"} A missing value is not 0, it is null and ROS...
by 2frogs
Fri Jul 19, 2019 4:13 am
Forum: General
Topic: hair pin when out interface has different address
Replies: 8
Views: 1683

Re: hair pin when out interface has different address

I am sorry, I either miss read your original setup or confused it with another. You don't even need the ddns hack. Use dst-address=192.168.1.252. /ip firewall nat add chain=srcnat action=src-nat protocol=tcp src-address=10.0.1.0/24 dst-address=192.168.1.252 to-address=10.0.1.1 out-interface=bridge d...
by 2frogs
Thu Jul 18, 2019 8:13 pm
Forum: General
Topic: hair pin when out interface has different address
Replies: 8
Views: 1683

Re: hair pin when out interface has different address

Yes, you can use the DDNS you already have setup.
by 2frogs
Wed Jul 17, 2019 8:18 pm
Forum: General
Topic: hair pin when out interface has different address
Replies: 8
Views: 1683

Re: hair pin when out interface has different address

On your 10.0.1.1, enable the built in DDNS. Now add your DDNS URL to an address-list with a name like My_IP. You now use dst-address-list in place of dst-address in the hair-pin nat tutorials.

You can also use the DDNS URL to access your server without having to know your current IP.
by 2frogs
Wed Jul 17, 2019 2:13 pm
Forum: General
Topic: A difficault question about CLI [SOLVED]
Replies: 3
Views: 1403

Re: A difficault question about CLI [SOLVED]

In Terminal, the [TAB] key can be your friend! :)

It can auto complete command and list: directories, commands and variables
by 2frogs
Tue Jul 16, 2019 3:23 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 3332

Re: connection state question [SOLVED]

Correct! It is already accepted!
by 2frogs
Tue Jul 16, 2019 2:42 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 3332

Re: connection state question [SOLVED]

The default for the firewall filter is to accept. If you remove all rules, everything would be accepted. If you only add chain=forward action=drop, then all being forwarded would be dropped. Now change that rule to include in-interface=ether1 and now only forwards coming from ether1 are being droppe...
by 2frogs
Tue Jul 16, 2019 2:21 pm
Forum: General
Topic: A difficault question about CLI [SOLVED]
Replies: 3
Views: 1403

Re: A difficault question about CLI [SOLVED]

unset
/ip firewall nat unset [find action=masquerade] out-interface
by 2frogs
Tue Jul 16, 2019 3:33 am
Forum: General
Topic: Redirecting Problems [SOLVED]
Replies: 3
Views: 1458

Re: Redirecting Problems [SOLVED]

That is correct, you need both rules.
by 2frogs
Mon Jul 15, 2019 3:02 am
Forum: General
Topic: Port Forwarding Not Working but Shows Packets
Replies: 20
Views: 8314

Re: Port Forwarding Not Working but Shows Packets

@anav
hmm, so glad we can agree it could be done with a single rule:
"And your Filter rule need to be for chain=forward: (or enable the default drop rule)"
by 2frogs
Sat Jul 13, 2019 11:45 pm
Forum: General
Topic: Mikrotik Web Interface not accesible via VPN on remote router
Replies: 5
Views: 7131

Re: Mikrotik Web Interface not accesible via VPN on remote router

Or add script to ppp profile to add/remove the interface when you login/logout: on-up=/interface list member add list="LAN" interface=[/interface get [find type=l2tp-in && dynamic=yes] name] on-down=/interface list member remove [find interface!="bridge" && list=&...
by 2frogs
Sat Jul 13, 2019 4:28 am
Forum: General
Topic: Redirecting Problems [SOLVED]
Replies: 3
Views: 1458

Re: Redirecting Problems [SOLVED]

You also need a src-nat:
/ip firewall nat
add action=src-nat chain=srcnat src-address=192.168.0.0/24 dst-address=192.168.0.4 to-address=192.168.0.1
by 2frogs
Sat Jul 13, 2019 1:46 am
Forum: Wireless Networking
Topic: Can I use NV2 and "normal" Wifi on the same device?
Replies: 4
Views: 1536

Re: Can I use NV2 and "normal" Wifi on the same device?

The Wireless Wire is basically 2 WAP 60G AP, just pre-configured as PtP pair (they can be reconfigured). They have a 60 degree beam width, so depending on the lay out it could cover your end points. There is also a WAP 60Gx3 AP that can cover 180 degrees.
https://mikrotik.com/product/wap_60gx3_ap
by 2frogs
Fri Jul 12, 2019 9:25 pm
Forum: Wireless Networking
Topic: Can I use NV2 and "normal" Wifi on the same device?
Replies: 4
Views: 1536

Re: Can I use NV2 and "normal" Wifi on the same device?

You can not use 802.11 and NV2 at same time. A dedicated point to point or point to multi-point would be better than trying to use an AP that has other wireless users on it. Have you seen: https://mikrotik.com/product/wap_60g_ap https://mikrotik.com/product/wireless_wire These should be able to conn...
by 2frogs
Fri Jul 12, 2019 9:09 pm
Forum: General
Topic: Port Forwarding Not Working but Shows Packets
Replies: 20
Views: 8314

Re: Port Forwarding Not Working but Shows Packets

Your NAT rules do not need a to-port unless your are changing ports. They should look like this: /ip firewall nat add action=dst-nat chain=dstnat comment="ALA USG VPN" dst-port=500 in-interface=ether1-gateway log=yes protocol=udp to-addresses=10.0.1.89 add action=dst-nat chain=dstnat comme...
by 2frogs
Fri Jul 12, 2019 8:24 pm
Forum: General
Topic: Mikrotik Web Interface not accesible via VPN on remote router
Replies: 5
Views: 7131

Re: Mikrotik Web Interface not accesible via VPN on remote router

There are actually major differences between the 2 routers when you consider the firewall rules. On Router 1, the default drop for input is dropping all from ether1, which is your WAN. By default it is accepting from all other ports including all other ethers, wlans, bridges, l2tp ,etc. /ip firewall...
by 2frogs
Fri Jul 12, 2019 6:35 pm
Forum: Beginner Basics
Topic: Log File [SOLVED]
Replies: 4
Views: 2181

Re: Log File [SOLVED]

Yes
/log print file=log.txt
A remote syslog might b a better option depending on intended use.
https://wiki.mikrotik.com/wiki/Manual:System/Log
by 2frogs
Wed Jul 10, 2019 11:18 pm
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 13314

Re: Very high sector writes

Most likely a partially failed update or some corruption in OS.
by 2frogs
Wed Jul 10, 2019 5:38 am
Forum: General
Topic: Help with IP-> Filter needed
Replies: 2
Views: 1013

Re: Help with IP-> Filter needed

Create a address-list name=payment_gateway and add www.some.paymentsystem.com and dns ip to it.
Now add dst-address-list!=payment_gateway to both of your rules. The "!" means "not".

This should work for http, but I don't think it will for https...
by 2frogs
Wed Jul 10, 2019 3:05 am
Forum: Beginner Basics
Topic: Scripting distance of routes [SOLVED]
Replies: 8
Views: 5026

Re: Scripting distance of routes [SOLVED]

Is x.x.x.x a unique ID or do you have multiple with gateway=x.x.x.x? Copy and paste the following in Terminal: /ip route add dst-address=1.2.3.4/32 gateway=1.2.3.4 distance=5; :if ([/ip route get [find gateway=1.2.3.4] distance]=5) do={:put "True"} else={:put "False"}; ##Should h...
by 2frogs
Tue Jul 09, 2019 7:45 pm
Forum: Beginner Basics
Topic: Scripting distance of routes [SOLVED]
Replies: 8
Views: 5026

Re: Scripting distance of routes [SOLVED]

Spacing maybe!?!? This works for me:
:if ([/ip route [find gateway=x.x.x.x] distance]=2) do={:log error “True”}
by 2frogs
Sat Jul 06, 2019 3:25 am
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 13314

Re: Very high sector writes

/system logging
add topics=debug
Have tried disabling this?
by 2frogs
Thu Jul 04, 2019 3:48 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 4353

Re: Script to disable Wlan when no user are logged on

No, no, no. The WLAN will automatically turn on as soon as someone connects to it. It's so obvious. OK! :mrgreen: /system scheduler add interval=10m name=wlan1-auto-on/off on-event=":if ([/interface wireless get wlan1 disabled]=yes) do={\r\ \n:log info \"Checking for Wireless Users\"...
by 2frogs
Sun Jun 30, 2019 6:07 pm
Forum: Wireless Networking
Topic: Hotspot without pass
Replies: 1
Views: 1102

Re: Hotspot without pass

Use Hotspot with Trial User enabled. You can set your limits by time and/or data and have it reset after a defined period. Now edit/replace login.html the following code and users will be logged in automatically. <!DOCTYPE html> <html> <head> <meta http-equiv="refresh" content="0; url...
by 2frogs
Fri Jun 28, 2019 12:10 am
Forum: Wireless Networking
Topic: Gateway for AP-Bridge, no DHCP
Replies: 2
Views: 1313

Re: Gateway for AP-Bridge, no DHCP

With all ports bridged it does not need a gateway for the clients. It acts like a switch and passes connection through it. It does need a default route for the router itself to connect to the internet. Adding one would allow your NTP Client to work. Should look something like: /ip route add dst-addr...
by 2frogs
Thu Jun 27, 2019 7:25 am
Forum: Beginner Basics
Topic: Simulation two WAN with one ISP
Replies: 3
Views: 1939

Re: Simulation two WAN with one ISP

Use Virtual Machine software (I use VirtualBox) to setup 2 Virtual CHR's. You need 2 virtual ethernet interfaces for each. They need minimal setup: ##Gateway1 /ip address add address=192.168.100.1/24 interface=ether2 network=192.168.100.0 /ip dhcp-client add disabled=no interface=ether1 /ip firewall...
by 2frogs
Wed Jun 26, 2019 4:12 pm
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 7387

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

If you are using the default firewall rules, you could change the default forward drop rule to: /ip firewall filter add chain=forward connection-nat-state=dstnat in-interface=WAN action=accept add chain=forward out-interface=!WAN action=drop And if you are not doing DST-NAT or UPNP, you can omit the...
by 2frogs
Wed Jun 26, 2019 4:10 pm
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 7387

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

Edit: post duplicated.
by 2frogs
Wed Jun 12, 2019 8:23 pm
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 2262

Re: set up second WAN/ISP temporarily

Here is the correct code: /ip firewall mangle add action=mark-connection chain=forward comment="ISP1-In" in-interface=ether1 new-connection-mark="ISP1-In" add action=mark-connection chain=forward comment="ISP2-In" in-interface=ether2 new-connection-mark="ISP2-In&qu...
by 2frogs
Wed Jun 12, 2019 3:07 pm
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 2262

Re: set up second WAN/ISP temporarily

Oops, I copy/paste wrong section of code. Correct it as @sebastia stated. Sorry for my mistakes!
by 2frogs
Wed Jun 12, 2019 6:58 am
Forum: Beginner Basics
Topic: RBwAPG-60ad distance =0.0 ?
Replies: 10
Views: 2447

Re: RBwAPG-60ad distance =0.0 ?

One device has metal casing to give more focus.
So, have you tried without the metal casing?
by 2frogs
Wed Jun 12, 2019 6:53 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 4353

Re: Script to disable Wlan when no user are logged on

Put this in scheduler:
:if ( [ :len [/interface wireless registration find] ] <= 0 ) do={ /interface wireless disable wlan1; :log info "No Wireless Users - Wireless Disabled";}
by 2frogs
Wed Jun 12, 2019 6:02 am
Forum: General
Topic: Make Hotspot Usernames for different APs
Replies: 3
Views: 991

Re: Make Hotspot Usernames for different APs

You will need to put the LAN and all 3 AP's on separate VLAN's. Then create a Hotspot Server for each VLAN. Then on each Username, you can specify which Server that Username is for.
by 2frogs
Wed Jun 12, 2019 3:31 am
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 2262

Re: set up second WAN/ISP temporarily

You need to mark connections coming in to each WAN and then make routing mark based on those connections: /ip firewall mangle add action=mark-connection chain=input comment="ISP1-In" in-interface=ether1 new-connection-mark="ISP1-In" add action=mark-connection chain=input comment=...
by 2frogs
Tue Jun 11, 2019 8:03 pm
Forum: Beginner Basics
Topic: Block acces to a New router
Replies: 2
Views: 1175

Re: Block acces to a New router

Use Winbox to connect using MAC Address. Most likely the default firewall rules is blocking IP access.
by 2frogs
Wed Jun 05, 2019 2:55 am
Forum: Wireless Networking
Topic: AP and 2 repeaters in one line [SOLVED]
Replies: 2
Views: 1564

Re: AP and 2 repeaters in one line [SOLVED]

Add the MAC of the other Basebox in /interface wireless access-list with forward=no and authentication=no. Do this on both.