Community discussions

MikroTik App

Search found 25 matches

by blackzero
Tue Dec 21, 2021 8:12 am
Forum: Beginner Basics
Topic: How to let ping pass through Mikrotik to PPTP client
Replies: 0
Views: 3189

How to let ping pass through Mikrotik to PPTP client

I have activated PPTP server on mikrotik just fine. I have enabled proxy-arp on LAN interface. My PPTP client connects just fine to Mikrotik. PPTP client can also access LAN resources normally. Mikrotik can ping PPTP client, but LAN cannot even ping PPTP client. I want PC/laptop on LAN to be able to...
by blackzero
Tue May 04, 2021 3:42 pm
Forum: Beginner Basics
Topic: Problem with PPTP/L2TP clients pinging internal hosts.
Replies: 4
Views: 844

Re: Problem with PPTP/L2TP clients pinging internal hosts.

Do the server have the mikrotik as default route? If not it need to have a specific route for 192.168.13.0/24 -> mikrotik. Without this it wouldn't where to speak back to the client i the .13.0/24-net. The server's setup is 192.168.14.11/24, gateway 192.168.14.20 (mikrotik's IP), it's wired to Mikr...
by blackzero
Tue May 04, 2021 3:28 pm
Forum: Beginner Basics
Topic: Problem with PPTP/L2TP clients pinging internal hosts.
Replies: 4
Views: 844

Re: Problem with PPTP/L2TP clients pinging internal hosts.

A config would be more than welcome, you can create it with: /export hide-sensitive file=anynameyoulike
Just did. Please kindly check.
by blackzero
Tue May 04, 2021 3:18 pm
Forum: Beginner Basics
Topic: Problem with PPTP/L2TP clients pinging internal hosts.
Replies: 4
Views: 844

Problem with PPTP/L2TP clients pinging internal hosts.

Mikrotik's port 1 (WAN) is PPPoE to ISP. Internet works fine. Port 2,3,4,5 under a bridge, DHCP enabled DHCP Pool 192.168.14.0/24, Gateway's IP (Bridge) 192.168.14.20, Proxy-ARP enabled There's a server with IP 192.168.14.11. All internal clients can access just fine. I have one PPTP setup, it can c...
by blackzero
Fri Sep 13, 2019 5:54 am
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 5
Views: 3486

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

I think I found the issue. /ip route print detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 A S dst-address=0.0.0.0/0 gateway=internet gateway-status=internet reachable distance=1 scope=3...
by blackzero
Thu Sep 12, 2019 10:27 am
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 5
Views: 3486

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

How did you try to ping internet via secondary modem? If by using /ping , you might have to set src-address with IP correct for interface DLINK . I've had my share of problems when RB chose wrong own address when pinging and the remote party did not have appropriate route to reply back. Other than ...
by blackzero
Thu Sep 12, 2019 4:47 am
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 5
Views: 3486

2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

My configs are as follow: 1st WAN (Port No 1): Dedicated ISP Line -> port 1 mikrotik -> switch -> LAN. All works fine. 2nd WAN (Port No 3): Modem Mifi -> to Mikrotik through port 3 (RJ45 interface modem)-> Switch -> LAN. modem can ping internet , Mikrotik can ping modem, modem can ping Mikrotik but ...
by blackzero
Fri Aug 10, 2018 4:38 am
Forum: Beginner Basics
Topic: Block websites http and https without Web Proxy / 100% works.
Replies: 17
Views: 22527

Re: Block websites http and https without Web Proxy / 100% works.

Advice of the original poster is misleading, incomplete and I do not suggest to use this method to block websites. In addition to false positives, you will also kill the CPU of your router. Why not use the new tls-host matcher in firewall instead? I came from Google search. My local Mikrotik vendor...
by blackzero
Wed Aug 08, 2018 12:26 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176637

Re: Winbox vulnerability: please upgrade

***
by blackzero
Sun Jul 22, 2018 2:54 am
Forum: General
Topic: CloudFlare DNS over TLS
Replies: 41
Views: 45477

Re: CloudFlare DNS over TLS

Why would you trust your metadata to a third party else than where you sent you internet traffic through!?
Irrelevant. We're requesting TLS and HTTPS (for DNS) support.

---

Please Mikrotik team, do this. DNS hijacking/redirection is a real issue.
by blackzero
Sun Apr 22, 2018 2:04 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80902

Re: Feature request - DNSCrypt support...

Please do this. Anything man, DNSCrypt or DNS over TLS. I can do with either. Just do it don't be lazy.
by blackzero
Mon Apr 09, 2018 7:06 am
Forum: Beginner Basics
Topic: I want my Mikrotik to use external DNS but with non-standard Port 53
Replies: 12
Views: 3321

I want my Mikrotik to use external DNS but with non-standard Port 53

My Mikrotik can't use other IP Addresses than my ISP's on IP->DNS setting. Basically outgoing port 53 is blocked TCP/UDP by my ISP. I'm forced to use theirs. I want to use Google / Cloudflare's DNS 8.8.8.8/1.1.1.1 On Windows, I can use DNSCrypt, but that's not the case. I'm sure Mikrotik can use oth...
by blackzero
Thu Mar 23, 2017 11:46 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212092

Re: Blacklist Filter update script

Your two schedulers don't seem to work as the name for either is conflicting each others. Renaming it will work. Maybe you need to mention this in your first post.

Thanks for the good work.
by blackzero
Tue Feb 21, 2017 9:45 am
Forum: General
Topic: Hairpin nat weirdness
Replies: 24
Views: 6987

Re: Hairpin nat weirdness

No Mikrotik experts on Mikrotik forum? BTW if I enable masquerade rule all my connections from lan to wan_ip "come" with source-ip of router. How to avoid this? In Linux it works with a few simple rules. Hairpin nat is like a "duct tape". This happens to my case as well. But in ...
by blackzero
Tue Feb 21, 2017 9:28 am
Forum: General
Topic: I have Mikrotik 5.xx, now I want to use Mikrotik 6.xx, how do I migrate the SIMPLE queue without typing one by one?
Replies: 3
Views: 1268

Re: I have Mikrotik 5.xx, now I want to use Mikrotik 6.xx, how do I migrate the SIMPLE queue without typing one by one?

Use /export to file. Check and edit on computer then import to new ROS. See http://wiki.mikrotik.com/wiki/Manual:Configuration_Management for more info. /export brings so many invalid entries. In fact, none of my old 5.xx is accepted by 6.xx Example: old 5.xx entry add burst-limit=0/0 burst-thresho...
by blackzero
Thu Aug 09, 2012 11:36 am
Forum: General
Topic: need to change email server outgoing ip
Replies: 1
Views: 1247

need to change email server outgoing ip

So I have listed three IP Public IPs. All of them can be ping-ed just fine. Ex: 1.1.1.1, 1.1.1.2, 1.1.1.3 Currently all machines including Email Server are using the 1.1.1.1 when going outside. I want email server to use 1.1.1.2. add action=src-nat chain=srcnat disabled=no out-interface=internet src...
by blackzero
Tue Aug 23, 2011 2:07 pm
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 2256

Re: Queue question.

Edit the queue named "DKMPDC" and set its max-limit to 1000000/1000000. Do that for each queue that is supposed to be exempt from simple queues further down the list. Did that just now. Here's my new setting: http://imageshack.us/photo/my-images/695/queue2.jpg/ From that laptop (192.168.2...
by blackzero
Tue Aug 23, 2011 1:29 pm
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 2256

Re: Queue question.

0 ;;; Masquerade chain=srcnat action=masquerade - why do you need this? Is it really necessary to masquerade everything? I have some problems with understanding the rules :). But still the queue problem is strange. It should at least have unlimited upload, as the dst-nat (for upload packets) is don...
by blackzero
Tue Aug 23, 2011 12:39 pm
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 2256

Re: Queue question.

Show us your queue settings :) If you are using queue simple - just create one queue with unlimited bandwidth for target address of the e-mail server and put it in the beginning of the list of queues. If you are using queue tree - in the beginning of mangle just throw out the packets from/to e-mail...
by blackzero
Tue Aug 23, 2011 10:47 am
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 2256

Re: Queue question.

bump
by blackzero
Fri Aug 12, 2011 11:13 am
Forum: Beginner Basics
Topic: Queue question.
Replies: 9
Views: 2256

Queue question.

My network config: Internet -> Modem (bridge mode) -> Mikrotik (two ethernet cards)-> Hub -> LAN/Servers/Clients Let's say I have a client (laptop) with ip 192.168.2.33 (Windows XP) My Mikrotik LAN card has ip 192.168.2.1 My email server has ip 192.168.2.4 (Windows 2003 server with hmail) I also has...
by blackzero
Tue Aug 09, 2011 6:48 pm
Forum: Beginner Basics
Topic: Need help regarding proxy.
Replies: 4
Views: 1579

Re: Need help regarding proxy.

Thanks. I'll post a new topic then for another issues.
by blackzero
Tue Aug 09, 2011 4:49 pm
Forum: Beginner Basics
Topic: Need help regarding proxy.
Replies: 4
Views: 1579

Re: Need help regarding proxy.

They are the same thing. Winbox just has it labeled differently than what is in the CLI. I don't use the proxy much, so I'm not 100% on this, but this is the rule you should need to deny all web sites. /ip proxy access add action=deny disabled=no dst-address=0.0.0.0/0 Put your accept rules above it...
by blackzero
Tue Aug 09, 2011 3:51 pm
Forum: Beginner Basics
Topic: Need help regarding proxy.
Replies: 4
Views: 1579

Need help regarding proxy.

Could anyone please explain to me what's the difference between -> ip proxy vs ip web proxy I'm currently using the latter. For Web Proxy configurations is as follows (number 3): 0 ;;; Masquerade chain=srcnat action=masquerade 1 ;;; Web chain=dstnat dst-address=118.96.xxx.xxx protocol=tcp dst-port=8...