Community discussions

MUM Europe 2020

Search found 13 matches

by shyrwall
Sun Dec 08, 2019 8:05 pm
Forum: General
Topic: Feature requests
Replies: 1191
Views: 233011

Re: Feature requests

Create an option under /ip/settings called "ICMP Errors Ingress Reply" Description : Makes the router reply with the ip of the ingress interface to icmp errors. -- The checkbox just does echo 1 > /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr --- Extremely easy features request. No reason to just...
by shyrwall
Sun Dec 08, 2019 8:00 pm
Forum: General
Topic: FastPath/FastTrack with conntrack off
Replies: 10
Views: 1143

Re: FastPath/FastTrack with conntrack off

BTW3 - So instead of Mikrotik just making it behave like any other router out there i should buy other hardware? :D Mikrotik has many virtues but high speed firewalling is not one of them. I'm not saying MT should avoid this merket, but it's obvously not in their focus ... not right now. There shou...
by shyrwall
Sun Dec 08, 2019 5:11 pm
Forum: General
Topic: FastPath/FastTrack with conntrack off
Replies: 10
Views: 1143

Re: FastPath/FastTrack with conntrack off

So, where did I not answer question? OP somehow think that conntrack and fasttrack don't have anything in common. However, the truth is that fastrack is actually a smart way of using conntrack tables, without conntrack it can't work. One can't have the former without the later. BTW, not many smart ...
by shyrwall
Sun Dec 08, 2019 4:19 pm
Forum: General
Topic: FastPath/FastTrack with conntrack off
Replies: 10
Views: 1143

Re: FastPath/FastTrack with conntrack off

I've never seen any explanation about how fasttrack really performs (could be that MT considers it a trade secret). It, however, seems that fasttrack completely bypasses (stateful part of) firewall for packets belonging connections marked for fasttracking. Which means only non-fasttracked packets g...
by shyrwall
Sun Dec 08, 2019 4:16 pm
Forum: General
Topic: FastPath/FastTrack with conntrack off
Replies: 10
Views: 1143

Re: FastPath/FastTrack with conntrack off

With conntrack and fasttrack enabled only the first packet of a connection is checked over (established). All packets on the same connection are then waved through and not checked at all. You have to to tell conntrack which traffic should be waved through after checking the first package. Like I sa...
by shyrwall
Sun Dec 08, 2019 1:37 pm
Forum: General
Topic: FastPath/FastTrack with conntrack off
Replies: 10
Views: 1143

Re: FastPath/FastTrack with conntrack off

With conntrack and fasttrack enabled only the first packet of a connection is checked over (established). All packets on the same connection are then waved through and not checked at all. You have to to tell conntrack which traffic should be waved through after checking the first package. Like I sa...
by shyrwall
Sun Dec 08, 2019 1:03 pm
Forum: General
Topic: FastPath/FastTrack with conntrack off
Replies: 10
Views: 1143

FastPath/FastTrack with conntrack off

Hi I need clarification on something i don't really understand. So let's first say I have 1 firewall rule. What the rule does is not important. But it's there so "fastpath" is disabled. I then also disable all connection tracking by using "no track" in the RAW table (haven't tried if the scenario be...
by shyrwall
Sat Jul 06, 2019 6:20 pm
Forum: General
Topic: Make ICMP replies from ingress interface
Replies: 3
Views: 566

Re: Make ICMP replies from ingress interface

Bringing up this again for input because I still don't get why it's not implemented. Using the "devel"-login and setting, # echo 1 > /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr shows that it works and there's no kernel issue from custom MT code or anything to make it work. Please give a respon...
by shyrwall
Sun Jun 09, 2019 2:23 am
Forum: General
Topic: API Security Vulnerability
Replies: 1
Views: 417

API Security Vulnerability

Hi

Not sure which versions this concerns but v6.45beta54 allows API login without password for all users incl admin.

Can someone verify and possibly also verify other versions so it's fixed asap.


Thank you
by shyrwall
Thu Mar 15, 2018 8:22 am
Forum: General
Topic: Make ICMP replies from ingress interface
Replies: 3
Views: 566

Make ICMP replies from ingress interface

I'm tired of RouterOS behaving differently than any other router on the market. ICMP error replies should be sent from the same interface that received the ICMP request. Without this tracerouting to something which passes through RouterOS-equipment and is multihomed is useless. I'm just asking Route...
by shyrwall
Fri Jul 07, 2017 5:47 pm
Forum: Forwarding Protocols
Topic: Routing filter order
Replies: 11
Views: 3321

Re: Routing filter order

Ok. So as I thought then. No difference on how it works just how it looks in cli/winbox. I'm just trying to imagine on how it looks in the internal "database" (or however its stored). To keep track of where a rule in the chain is I feel that there has to be some internal number unique for that rule ...
by shyrwall
Tue Jul 04, 2017 2:07 pm
Forum: Forwarding Protocols
Topic: Routing filter order
Replies: 11
Views: 3321

Routing filter order

Hi So if I understood this correctly the routing filters are processed from top to bottom in the same chain. Each rule in the filters has a rule number. Example, routing filter print. 0 chain=IPV4-TRANSIT-IN invert-match=no action=accept set-bgp-local-pref=100 set-bgp-prepend-path="" set-bgp-med=500...
by shyrwall
Wed Dec 14, 2011 8:37 am
Forum: General
Topic: RouterOS v5.9 released
Replies: 166
Views: 43355

Re: RouterOS v5.9 released

Not sure if I should post this here but..

When flashing the BIOS of my RB450G to 2.38 the CPU Mhz gets set to 100Mhz.

Took a while to figure out because I upgraded to 5.9 at the same time.

Just a heads up if some people are complaining about performance problems after upgrading RouterOS.