Community discussions

Search found 21 matches

by blackzero
Fri Sep 13, 2019 5:54 am
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 6
Views: 667

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

I think I found the issue. /ip route print detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 A S dst-address=0.0.0.0/0 gateway=internet gateway-status=internet reachable distance=1 scope=3...
by blackzero
Thu Sep 12, 2019 10:27 am
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 6
Views: 667

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

How did you try to ping internet via secondary modem? If by using /ping , you might have to set src-address with IP correct for interface DLINK . I've had my share of problems when RB chose wrong own address when pinging and the remote party did not have appropriate route to reply back. Other than ...
by blackzero
Thu Sep 12, 2019 4:47 am
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 6
Views: 667

2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

My configs are as follow: 1st WAN (Port No 1): Dedicated ISP Line -> port 1 mikrotik -> switch -> LAN. All works fine. 2nd WAN (Port No 3): Modem Mifi -> to Mikrotik through port 3 (RJ45 interface modem)-> Switch -> LAN. modem can ping internet , Mikrotik can ping modem, modem can ping Mikrotik but ...
by blackzero
Fri Aug 10, 2018 4:38 am
Forum: Beginner Basics
Topic: Block websites http and https without Web Proxy / 100% works.
Replies: 17
Views: 13081

Re: Block websites http and https without Web Proxy / 100% works.

Advice of the original poster is misleading, incomplete and I do not suggest to use this method to block websites. In addition to false positives, you will also kill the CPU of your router. Why not use the new tls-host matcher in firewall instead? I came from Google search. My local Mikrotik vendor...
by blackzero
Wed Aug 08, 2018 12:26 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 88842

Re: Winbox vulnerability: please upgrade

***
by blackzero
Sun Jul 22, 2018 2:54 am
Forum: General
Topic: CloudFlare DNS over TLS
Replies: 41
Views: 18270

Re: CloudFlare DNS over TLS

Why would you trust your metadata to a third party else than where you sent you internet traffic through!?
Irrelevant. We're requesting TLS and HTTPS (for DNS) support.

---

Please Mikrotik team, do this. DNS hijacking/redirection is a real issue.
by blackzero
Sun Apr 22, 2018 2:04 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 157
Views: 45490

Re: Feature request - DNSCrypt support...

Please do this. Anything man, DNSCrypt or DNS over TLS. I can do with either. Just do it don't be lazy.
by blackzero
Mon Apr 09, 2018 7:06 am
Forum: Beginner Basics
Topic: I want my Mikrotik to use external DNS but with non-standard Port 53
Replies: 12
Views: 1268

I want my Mikrotik to use external DNS but with non-standard Port 53

My Mikrotik can't use other IP Addresses than my ISP's on IP->DNS setting. Basically outgoing port 53 is blocked TCP/UDP by my ISP. I'm forced to use theirs. I want to use Google / Cloudflare's DNS 8.8.8.8/1.1.1.1 On Windows, I can use DNSCrypt, but that's not the case. I'm sure Mikrotik can use oth...
by blackzero
Thu Mar 23, 2017 11:46 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 105852

Re: Blacklist Filter update script

Your two schedulers don't seem to work as the name for either is conflicting each others. Renaming it will work. Maybe you need to mention this in your first post.

Thanks for the good work.
by blackzero
Tue Feb 21, 2017 9:45 am
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 2848

Re: Hairpin nat weirdness

No Mikrotik experts on Mikrotik forum? BTW if I enable masquerade rule all my connections from lan to wan_ip "come" with source-ip of router. How to avoid this? In Linux it works with a few simple rules. Hairpin nat is like a "duct tape". This happens to my case as well. But in my problem it is mor...
by blackzero
Tue Feb 21, 2017 9:28 am
Forum: General
Topic: I have Mikrotik 5.xx, now I want to use Mikrotik 6.xx, how do I migrate the SIMPLE queue without typing one by one?
Replies: 3
Views: 447

Re: I have Mikrotik 5.xx, now I want to use Mikrotik 6.xx, how do I migrate the SIMPLE queue without typing one by one?

Use /export to file. Check and edit on computer then import to new ROS. See http://wiki.mikrotik.com/wiki/Manual:Configuration_Management for more info. /export brings so many invalid entries. In fact, none of my old 5.xx is accepted by 6.xx Example: old 5.xx entry add burst-limit=0/0 burst-thresho...
by blackzero
Thu Aug 09, 2012 11:36 am
Forum: General
Topic: need to change email server outgoing ip
Replies: 1
Views: 732

need to change email server outgoing ip

So I have listed three IP Public IPs. All of them can be ping-ed just fine. Ex: 1.1.1.1, 1.1.1.2, 1.1.1.3 Currently all machines including Email Server are using the 1.1.1.1 when going outside. I want email server to use 1.1.1.2. add action=src-nat chain=srcnat disabled=no out-interface=internet src...
by blackzero
Tue Aug 23, 2011 2:07 pm
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 1119

Re: Queue question.

Edit the queue named "DKMPDC" and set its max-limit to 1000000/1000000. Do that for each queue that is supposed to be exempt from simple queues further down the list. Did that just now. Here's my new setting: http://imageshack.us/photo/my-images/695/queue2.jpg/ From that laptop (192.168.2.33) I tri...
by blackzero
Tue Aug 23, 2011 1:29 pm
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 1119

Re: Queue question.

0 ;;; Masquerade chain=srcnat action=masquerade - why do you need this? Is it really necessary to masquerade everything? I have some problems with understanding the rules :). But still the queue problem is strange. It should at least have unlimited upload, as the dst-nat (for upload packets) is don...
by blackzero
Tue Aug 23, 2011 12:39 pm
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 1119

Re: Queue question.

Show us your queue settings :) If you are using queue simple - just create one queue with unlimited bandwidth for target address of the e-mail server and put it in the beginning of the list of queues. If you are using queue tree - in the beginning of mangle just throw out the packets from/to e-mail...
by blackzero
Tue Aug 23, 2011 10:47 am
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 1119

Re: Queue question.

bump
by blackzero
Fri Aug 12, 2011 11:13 am
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 1119

Queue question.

My network config: Internet -> Modem (bridge mode) -> Mikrotik (two ethernet cards)-> Hub -> LAN/Servers/Clients Let's say I have a client (laptop) with ip 192.168.2.33 (Windows XP) My Mikrotik LAN card has ip 192.168.2.1 My email server has ip 192.168.2.4 (Windows 2003 server with hmail) I also has...
by blackzero
Tue Aug 09, 2011 6:48 pm
Forum: Beginner Basics
Topic: Need help regarding proxy.
Replies: 4
Views: 892

Re: Need help regarding proxy.

Thanks. I'll post a new topic then for another issues.
by blackzero
Tue Aug 09, 2011 4:49 pm
Forum: Beginner Basics
Topic: Need help regarding proxy.
Replies: 4
Views: 892

Re: Need help regarding proxy.

They are the same thing. Winbox just has it labeled differently than what is in the CLI. I don't use the proxy much, so I'm not 100% on this, but this is the rule you should need to deny all web sites. /ip proxy access add action=deny disabled=no dst-address=0.0.0.0/0 Put your accept rules above it...
by blackzero
Tue Aug 09, 2011 3:51 pm
Forum: Beginner Basics
Topic: Need help regarding proxy.
Replies: 4
Views: 892

Need help regarding proxy.

Could anyone please explain to me what's the difference between -> ip proxy vs ip web proxy I'm currently using the latter. For Web Proxy configurations is as follows (number 3): 0 ;;; Masquerade chain=srcnat action=masquerade 1 ;;; Web chain=dstnat dst-address=118.96.xxx.xxx protocol=tcp dst-port=8...