hello guys
i want to know how to make any mac beginning with a specific syllable to be bypassed
like that
any mac begin with 00:13:8f be automatically by passed in the ip binding
hello, i use a mangle to mark all connections by its size as a way to make the download not affecting browsing on the network , and a big speed for all and it has been successful but there is a problem ....... i want to mark video streaming and watching online and live video chat to have the first p...
can it be applied depending on the layer 7 protocol depending on the extensions of files
as when i depend on content it is work to some extent
but i want to use the layer 7 as it is more accurate
thanks in advance
and sorry for disturbing you
thaks alot , is there a way to limit the connection of download programs iam suffering from alot of connection for only one file please i want to understand some rules that drop the connection depending on the type of the files you can add more types like pdf,wav .....etc /ip firewall filter add ac...
thaks alot ,
is there a way to limit the connection of download programs
iam suffering from alot of connection for only one file
please i want to understand
I am starting to sound like an old record, because I keep recommending the following link to every one who wants to do some QOS: http://wiki.mikrotik.com/wiki/Connection_Rate but I feel very comfortable with that. Any way, I would like to see also the rule which marks the packets as "download&...
i want when i open ip ---- firewall ---- connections not see more than 5 connections for every client and all other connection dropped by the firewall The rule in question would not do that. It would drop only the tcp connections in syn state. In firewall connection you would see all connections fr...
why do u use net mask 32 ?? i imagine that we should use net mask 30 Because the network with netmask 32 has only one IP Device, while the network with netmask 30 does have 2 of them. So the rule would be applied to one device when you specify the netmask 32 instead of two when you specify netmask ...
Yes, it is possible, To only allow not more than 5 simultaneous connections from each of the clients, do the following: /ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop In my opinion limiting connections is not effective way to stop download manager...
Yes, it is possible, To only allow not more than 5 simultaneous connections from each of the clients, do the following: /ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop In my opinion limiting connections is not effective way to stop download manager...
hello in my network for example a user make a big number of downloads in the same time i want to limit his connections with the router for example i want to limit for him 4 conections on the tcp protocol and all other connections will be dropped so i could force him to limit his connections in the i...
OpenDNS only filters by domain names, that is all it is able to do. You are expecting it to be able to do more than it can if you expect it to prevent people from directly going to IP addresses. When someone tries to access a website directly by an IP address they are able to bypass using DNS since...
enable RouterOS proxy, then /ip firewall filter add chain=forward action=reject place-before=0 after that, clients must have your proxy configured. any other proxy as well as direct access will not work SIR that is very good it is able to block the proxy but unfortunatly it blocks the yahoo messeng...
now i use open dns which is 208.67.222.123 208.67.220.123 i want to block proxy so when some body put any manual proxy in the browser it will not work they use proxy like 155.98.35.7 port 3128 and it works very well i dont want any manual proxy work i want to stop them all with out get harm to chatt...
i want only to block porno sites by using open dns filter which is 208.67.222.123 208.67.220.123 and i do not want any one to bypass this so i want to block access to proxy and block hot spot shield now hotspot shield was done with the help of the above post so i wannt to block the proxy or using th...
that is fantastic thank u
but the problem here is that wen i block these ports some chat programs stop working
any way to force them to use my specify protocol and not use any other proxy
that is wondeful the way has succeeded but there is still a problem when an employee uses a manual proxy , the hotspot shield program easily worked and when they use these proxies they bypass the whole rules too so i want a way to prevent any manual proxies and use only mikrotik proxy thanks in adva...
in the company
i use open DNS to filter some kinds of sites
but lately some employees uses a disastrous program called #hotspot shield#
which make big problems in the routine
please help me
i want an active way to protect from this program
my mikrotik is version 3.3
thanks in advance
i couldnt understand
my question is about that some virus in network computers affect the performance of the internet and make alot of "request timed out"
are there some codes in mikrotik that would prevent this effection on the internet ??
/ip firewall filter add action=drop chain=forward comment="2 connection exe" connection-limit=2,30 \ content=.exe disabled=no protocol=tcp like this mr fewi that works well but i want this connection limit be for all downloads not for a specific extension is there an idea like if the size ...
some programs like internet download manager make connections with the download server like media fire till 16 connections that equal 16 clients make download that is affecting badly on the network i want here : how to control these connections i want the internet download manager cant make more tha...
some programs like internet download manager make connections with the download server like media fire till 16 connections that equal 16 clients make download that is affecting badly on the network i want here : how to control these connections i want the internet download manager cant make more tha...
can i make the first mikrotik to be the gateway of the second mikrotik
in the first one i will make pcc load balancing
and in the second i will take the loadbalancing traffic coming from the first
then i will make my hotspot and give the traffic for the users
i want the traffic from two gateways pass throw one gate way
then the traffic will reach the second device in this second device we will put only ip route and only two interfaces wan and lan not two wans an d one lan
i want to carry oyt pcc load balancing to collect traffic from two lines make the whole traffic coming from two gateways pass throw only one gate way in another mikrotik device so i can deal with two lines as if it is one line and one gateway in this way 2 mega from one line + 2 mega frome the secon...
1) Control physical access to your network; 2) Use smart switch to protect your local network; 3) Use PPPoE, when higher security is necessary. ok thanks for paying attention how can i control physical access to my network (please give some details) v3.3 mikrotik how can i use smart switch to prote...
in the file attached before the queue used is queue tree the limit of download is 1 mega if the line band width 2 mega then 1 mega for download 2 mega for browsing if download traffic isnt consumed 1 mega for browsing if download traffic is consumed so that there will be always free space for browsi...
dear feklar . thanks alot i reached your point of view but ...... concerning (distinguishing browsing and download) we can ... i use this way " by the member (hazem amer)" and it works very very well this way depends on layer7protocols in identifying the content of the page it depends on t...
what is the way to encrypt information about mac and ips
so mac scan or ip scan see wrong ips or no ips
and mac is seen like this (ff:ff:ff:ff:ff) or not seen
ok sir i reached your point and have been convinced
thanks alot
but please tell me if there is a way or rule in hotspot
to mask or prevent ips and macs in the scanning programs from appearing or appear like that
not real (ff:ff:ff:ff:ff:ff)
no no no the dhcp doesnt give the spoofer mac the same ip as it is bounded before the spoofer must provide it for his connection manually here we must make a virtual gateway to the dhcp server the spoofer will not be able to know it moreover you can change this virtual gateway every day it is easy t...
i will specify the property of one address per mac
this address will be bound by the real mac
and the spoofer cant bound the same address when the true client is active
ok your reply prove that my idea is probably true now to solve this problem we will bind a specific ip with the mac and specify a big lease time such 60d and be careful that the client bound the ip before the spoofer we will disable the broadcast and not mak address pool we will make it static only ...
why do you say that ? every problem has a solution this is real i tested this and have some success when the spoofing mac join and the real client is active the spoofing mac cant take an the same ip of the client from dhcp server so the hacker must make manual ip for his internet connection we can s...
1-i will make one address per mac 2-i will specify an address for the client 3- i will make shared users more than "1"or "none" 4 i will disable broadcast 5- i will make a virtual gateway for dhcp when the hacker who use mac spoofing try to join by the spoofing mac he cant take t...
there is a fact in mikrotik system tell that "If the user has IP address specified, only one simultaneous login is allowed. If the same credentials are used again when the user is still active, the active one will be automatically logged off." how can i change that i mean that when the cli...