I think I found the issue. /ip route print detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 A S dst-address=0.0.0.0/0 gateway=internet gateway-status=internet reachable distance=1 scope=3...

How did you try to ping internet via secondary modem? If by using /ping , you might have to set src-address with IP correct for interface DLINK . I've had my share of problems when RB chose wrong own address when pinging and the remote party did not have appropriate route to reply back. Other than ...

My configs are as follow: 1st WAN (Port No 1): Dedicated ISP Line -> port 1 mikrotik -> switch -> LAN. All works fine. 2nd WAN (Port No 3): Modem Mifi -> to Mikrotik through port 3 (RJ45 interface modem)-> Switch -> LAN. modem can ping internet , Mikrotik can ping modem, modem can ping Mikrotik but ...

Advice of the original poster is misleading, incomplete and I do not suggest to use this method to block websites. In addition to false positives, you will also kill the CPU of your router. Why not use the new tls-host matcher in firewall instead? I came from Google search. My local Mikrotik vendor...

***

Why would you trust your metadata to a third party else than where you sent you internet traffic through!?

Irrelevant. We're requesting TLS and HTTPS (for DNS) support.

---

Please Mikrotik team, do this. DNS hijacking/redirection is a real issue.

Please do this. Anything man, DNSCrypt or DNS over TLS. I can do with either. Just do it don't be lazy.

My Mikrotik can't use other IP Addresses than my ISP's on IP->DNS setting. Basically outgoing port 53 is blocked TCP/UDP by my ISP. I'm forced to use theirs. I want to use Google / Cloudflare's DNS 8.8.8.8/1.1.1.1 On Windows, I can use DNSCrypt, but that's not the case. I'm sure Mikrotik can use oth...

Your two schedulers don't seem to work as the name for either is conflicting each others. Renaming it will work. Maybe you need to mention this in your first post.

Thanks for the good work.

No Mikrotik experts on Mikrotik forum? BTW if I enable masquerade rule all my connections from lan to wan_ip "come" with source-ip of router. How to avoid this? In Linux it works with a few simple rules. Hairpin nat is like a "duct tape". This happens to my case as well. But in ...

Use /export to file. Check and edit on computer then import to new ROS. See http://wiki.mikrotik.com/wiki/Manual:Configuration_Management for more info. /export brings so many invalid entries. In fact, none of my old 5.xx is accepted by 6.xx Example: old 5.xx entry add burst-limit=0/0 burst-thresho...

Topic title.

Mikrotik 5.xx has like 500 entries, I don't feel like typing one by one on 6.xx

So I have listed three IP Public IPs. All of them can be ping-ed just fine. Ex: 1.1.1.1, 1.1.1.2, 1.1.1.3 Currently all machines including Email Server are using the 1.1.1.1 when going outside. I want email server to use 1.1.1.2. add action=src-nat chain=srcnat disabled=no out-interface=internet src...

Edit the queue named "DKMPDC" and set its max-limit to 1000000/1000000. Do that for each queue that is supposed to be exempt from simple queues further down the list. Did that just now. Here's my new setting: http://imageshack.us/photo/my-images/695/queue2.jpg/ From that laptop (192.168.2...

0 ;;; Masquerade chain=srcnat action=masquerade - why do you need this? Is it really necessary to masquerade everything? I have some problems with understanding the rules :). But still the queue problem is strange. It should at least have unlimited upload, as the dst-nat (for upload packets) is don...

Show us your queue settings :) If you are using queue simple - just create one queue with unlimited bandwidth for target address of the e-mail server and put it in the beginning of the list of queues. If you are using queue tree - in the beginning of mangle just throw out the packets from/to e-mail...

bump

My network config: Internet -> Modem (bridge mode) -> Mikrotik (two ethernet cards)-> Hub -> LAN/Servers/Clients Let's say I have a client (laptop) with ip 192.168.2.33 (Windows XP) My Mikrotik LAN card has ip 192.168.2.1 My email server has ip 192.168.2.4 (Windows 2003 server with hmail) I also has...

Thanks. I'll post a new topic then for another issues.

They are the same thing. Winbox just has it labeled differently than what is in the CLI. I don't use the proxy much, so I'm not 100% on this, but this is the rule you should need to deny all web sites. /ip proxy access add action=deny disabled=no dst-address=0.0.0.0/0 Put your accept rules above it...

Could anyone please explain to me what's the difference between -> ip proxy vs ip web proxy I'm currently using the latter. For Web Proxy configurations is as follows (number 3): 0 ;;; Masquerade chain=srcnat action=masquerade 1 ;;; Web chain=dstnat dst-address=118.96.xxx.xxx protocol=tcp dst-port=8...