Community discussions

MikroTik App

Search found 320 matches

  • 1
  • 2
by matiaszon
Tue Jan 02, 2024 5:48 pm
Forum: Wireless Networking
Topic: Wave2 - Bridge.Ports vs. Wifi.Datapath
Replies: 20
Views: 6349

Re: Wave2 - Bridge.Ports vs. Wifi.Datapath

I have just switched to 7.13 and it seems it's that the only way to make it working is to let the device add CAP locally with datapath. If you don't let the device to be added locally it won't be added remontly on CAPS server anyway, and your CAP will not work properly.
by matiaszon
Tue Feb 22, 2022 12:27 pm
Forum: General
Topic: L2TP IPSec VPN not working from W10 (other Windows connects OK)
Replies: 8
Views: 6081

Re: L2TP IPSec VPN not working from W10 (other Windows connects OK)

After a recent update on windows 10, IPsec connections would fail... This was later patched... So make sure your operating system has all the recent updates... https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h2#2773msgdesc I am aware about that. I have all windows update...
by matiaszon
Thu Feb 03, 2022 12:17 pm
Forum: General
Topic: L2TP IPSec VPN not working from W10 (other Windows connects OK)
Replies: 8
Views: 6081

Re: L2TP IPSec VPN not working from W10 (other Windows connects OK)

I am having the same problem - any solution for that? I have 2 different mikrotik routers, on both there is L2TP servers with IPSec configured. I can connect to both with iPhone. However, only to one I can connect with my Windows 10 client. There was a problem before with Windows 10 (after some udpd...
by matiaszon
Fri Oct 29, 2021 7:27 pm
Forum: General
Topic: windows 10 machine fails to connect for L2TP VPN [SOLVED]
Replies: 6
Views: 6443

Re: windows 10 machine fails to connect for L2TP VPN [SOLVED]

I am writing post here, as I am still fighting with L2TP vpn on mikrotik. So, I have Orange FunBox 3.0 from the provider working as an optical modem (public IP working firn, local IP 192.168.1.1). Unfortunately I can't replace that. I have set up DMZ for 192.168.1.254 which is my MT on RouterOS 7.1r...
by matiaszon
Mon Jun 08, 2020 2:01 pm
Forum: Wireless Networking
Topic: RB4011iGS+5HacQ2HnD problem with 5 GHz wifi
Replies: 4
Views: 2390

RB4011iGS+5HacQ2HnD problem with 5 GHz wifi

I am using RB4011iGS+5HacQ2HnD and capsman. I have 2 different SSIDs for 2.4 GHz and 5 GHz networks. All used to work fine. Unfortunately, after update to ROS 6.47 (I used 6.47rc2 lastly) I started to have problems with 5 GHz connection on my laptop. Unfortunately coming back to 6.47rc2 didn't chang...
by matiaszon
Sun Feb 02, 2020 11:07 pm
Forum: Wireless Networking
Topic: Best settings to get maximum speed for 5 GHz on RB4011
Replies: 10
Views: 12633

Re: Best settings to get maximum speed for 5 GHz on RB4011

Can you please post the output of /caps-man export hide-sensitive Here it is: > /caps-man export hide-sensitive # feb/02/2020 22:06:36 by RouterOS 6.47beta19 # software id = D5JB-SV6V # # model = RB4011iGS+5HacQ2HnD # serial number = B8E00A1EB08D /caps-man security add authentication-types=wpa-psk,...
by matiaszon
Sun Feb 02, 2020 11:01 pm
Forum: Wireless Networking
Topic: Best settings to get maximum speed for 5 GHz on RB4011
Replies: 10
Views: 12633

Re: Best settings to get maximum speed for 5 GHz on RB4011

A lot of related reading: https://www.duckware.com/tech/wifi-in-the-us.html 650Mbps interface rate gives 357Mbps data rate, in this elaborated overview. (55% efficiency) This is also without any interference or retransmitting in the shared medium. Even another idle AP generates quite some air-time ...
by matiaszon
Fri Jan 31, 2020 12:40 pm
Forum: Wireless Networking
Topic: Best settings to get maximum speed for 5 GHz on RB4011
Replies: 10
Views: 12633

Re: Best settings to get maximum speed for 5 GHz on RB4011

I have just installed RB4011 and it seems the wireless connection is not at it's best speed. My ISP allows to use the net with the speed of 600/50 Mbps. On a cable I am reaching that 550 - 600 Mbps. Sadly, on 5 GHz I cannot reach more than 200 - 250 Mbps. Anybody could help with using proper settin...
by matiaszon
Fri Jan 31, 2020 12:39 pm
Forum: Wireless Networking
Topic: Best settings to get maximum speed for 5 GHz on RB4011
Replies: 10
Views: 12633

Re: Best settings to get maximum speed for 5 GHz on RB4011

Well , I did notice this one before you asked to look at it. There is a lot of information missing though, so I didn't start on it. The RB4011 can handle this, that's OK CAPsMAN, on the RB4011 or other device? Then the 5 GHz. What is the setting? Channel width and frequency! What is the signal for ...
by matiaszon
Thu Jan 30, 2020 2:03 am
Forum: Wireless Networking
Topic: Strange behaviour on 5 GHz radio with 6.46.x RouterOS
Replies: 3
Views: 2093

Re: Strange behaviour on 5 GHz radio with 6.46.x RouterOS

Looks like it was DFS. Once I turned it off it appears immediately. Thank you all.

I have also started another topic viewtopic.php?f=7&t=156842 but as you are already here, maybe you may help on that too? Thanks in advance.
by matiaszon
Wed Jan 29, 2020 10:34 pm
Forum: Wireless Networking
Topic: Best settings to get maximum speed for 5 GHz on RB4011
Replies: 10
Views: 12633

Best settings to get maximum speed for 5 GHz on RB4011

I have just installed RB4011 and it seems the wireless connection is not at it's best speed. My ISP allows to use the net with the speed of 600/50 Mbps. On a cable I am reaching that 550 - 600 Mbps. Sadly, on 5 GHz I cannot reach more than 200 - 250 Mbps. Anybody could help with using proper setting...
by matiaszon
Wed Jan 29, 2020 10:32 pm
Forum: Wireless Networking
Topic: Strange behaviour on 5 GHz radio with 6.46.x RouterOS
Replies: 3
Views: 2093

Strange behaviour on 5 GHz radio with 6.46.x RouterOS

Hi, I am not sure when it started to happen, but IMO after upgrading to 6.46.x firmware. I have tried both hAP ac2 and brand new (bought today) RB4011iGS+5HacQ2HnD-IN. Let's focus on hAP ac2 as first. When it starts up, the 5 GHz starts broadcasting SSID, devices are connecting to it, and then it di...
by matiaszon
Tue Sep 03, 2019 7:10 pm
Forum: Beginner Basics
Topic: GRE on IPSec doesnt' work
Replies: 9
Views: 3116

Re: GRE on IPSec doesnt' work

Well, I had to set up specifically IPSec for GRE tunnel. I couldn't just check IPSec option in GRE configuration, because it was working not properly with L2TP/IPSec config. Now it seems it works fine (for now - since yesterday).
by matiaszon
Mon Sep 02, 2019 10:31 pm
Forum: Beginner Basics
Topic: GRE on IPSec doesnt' work
Replies: 9
Views: 3116

Re: GRE on IPSec doesnt' work

I think I know what the problem is. I have also L2TP server set up with IPSec and this is causing problems most probably.
by matiaszon
Mon Sep 02, 2019 8:44 pm
Forum: Beginner Basics
Topic: GRE on IPSec doesnt' work
Replies: 9
Views: 3116

Re: GRE on IPSec doesnt' work

The rule you mentioned has chain=forward. Maybe you made the same oversight in the other 3 rules? It should be chain=input for this, not chain=forward. That is for plain IPsec tunnels only. I made new rule with ipsec input accept, but it didn't help. However, IPSec is connecting (I can see keys, an...
by matiaszon
Sat Aug 31, 2019 4:00 pm
Forum: Beginner Basics
Topic: GRE on IPSec doesnt' work
Replies: 9
Views: 3116

Re: GRE on IPSec doesnt' work

Maybe firewall rule? For GRE/IPsec you need to accept on input: - udp port 500 - protocol esp - protocol gre with IPsec policy: in:ipsec I have accepted: - (17 udp) 500 - (17 udp) 4500 - (51 ipsec-ah) - (50 ipsec-esp) Could you please explain this Ipsec policy in:ipsec? You mean: add action=accept ...
by matiaszon
Sat Aug 31, 2019 2:49 pm
Forum: Beginner Basics
Topic: GRE on IPSec doesnt' work
Replies: 9
Views: 3116

GRE on IPSec doesnt' work

I have set up an GRE tunnel with IPSec (just added password to GRE configuration). Unfortunately, it doesn't work properly. When IPSec password is specified I can't reach other network no matter from which side. When IPSec pass is erased, it works without any problems. However, from time to time, it...
by matiaszon
Tue Jul 02, 2019 12:09 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 195533

Re: v6.45.1 [stable] is released!

After coming back to 6.43.16 it works fine again. v6.43.16 is using P2P ip configuration for LTE passthrough. 6.45 is using small ip block, back as it was in pre-6.43. check what ip you get and if you can ping the gateway at least. What do you exactly mean? What should I check? It is not a public I...
by matiaszon
Mon Jul 01, 2019 10:30 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 195533

Re: v6.45.1 [stable] is released!

After swtiching from 6.43.16 to 6.54.1 I am not able to use my LTE connection. My main router (RB2011) is getting an IP from BaseBox2 + R11e-LTE (passthorugh, using only Band 3, T-Mobile Poland). Modem shows status connected and everything seems to be OK. However, there is no traffic coming through...
by matiaszon
Mon Jul 01, 2019 2:51 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 195533

Re: v6.45.1 [stable] is released!

After swtiching from 6.43.16 to 6.54.1 I am not able to use my LTE connection. My main router (RB2011) is getting an IP from BaseBox2 + R11e-LTE (passthorugh, using only Band 3, T-Mobile Poland). Modem shows status connected and everything seems to be OK. However, there is no traffic coming through ...
by matiaszon
Tue Jun 04, 2019 11:48 am
Forum: Beginner Basics
Topic: NAT problem?
Replies: 12
Views: 2336

Re: NAT problem?

To put it straight. Your ISP router is set up with DHCP and assigns addreses 192.168.0.0/24. It doesn't know, that your Mikrotik has it's LAN address assigned as 192.168.1.1, because it's on the LAN side of Mikrotik. You can only access (PORBABLY, we don't know it because we don't know your configs ...
by matiaszon
Fri May 31, 2019 1:42 pm
Forum: Beginner Basics
Topic: Connection tracking and VoWIFi
Replies: 1
Views: 1052

Connection tracking and VoWIFi

I am using VoWiFi service (voice over WiFi) at my mobile phone provider. Sometimes, when my phone loses connection with my WIFi at home (I am going out or change CAP when walking down- or upstairs, it can't reconnect to VoWiFi service again. I mean it can, but after some time. I just realized, that ...
by matiaszon
Wed May 22, 2019 1:30 pm
Forum: Beginner Basics
Topic: Low LTE speed with RBSXTR
Replies: 8
Views: 2527

Re: Low LTE speed with RBSXTR

You have answered yourself. I don't think it's a real reason, but let it be. So how I can connect to the specific BTS? Now it picks up the strongest signal automatically. There is similar topic described here on forum refering to wAP LTE kit. The last advise is to change MTU from 1500 to 1428. How ...
by matiaszon
Tue May 21, 2019 2:59 pm
Forum: Beginner Basics
Topic: Low LTE speed with RBSXTR
Replies: 8
Views: 2527

Re: Low LTE speed with RBSXTR

I have selected 1800 band as it is the only that works so so. Band 20 is much slower. This is strange... I have another installation that uses the same LTE modem, which is over 6 km away from the BTS, and it works nicely reaching 25-35 Mbps depending on the time. This SXT is only 300-400 m away from...
by matiaszon
Tue May 21, 2019 3:12 am
Forum: Beginner Basics
Topic: Low LTE speed with RBSXTR
Replies: 8
Views: 2527

Re: Low LTE speed with RBSXTR

Yes, I am pointing directly at the BTS. Signal is full (-60 to -50 dBm). At this specific BTS there is only LTE 1800 (band 3), 800 (band 20) and UMTS 2100.
by matiaszon
Mon May 20, 2019 9:03 pm
Forum: Beginner Basics
Topic: Low LTE speed with RBSXTR
Replies: 8
Views: 2527

Low LTE speed with RBSXTR

I have an issue with configuring SXT LTE. I have installed it outside and the signal is maximum. Unfortunately I can reach only 17-20 Mbps download while being inside I can easily reach 32-35 Mbps on my iPhone. What am I doing wrong? Mikrotik is with the latest stable firmware.
by matiaszon
Wed May 15, 2019 10:57 am
Forum: Beginner Basics
Topic: Direct specific content through VPN
Replies: 4
Views: 1455

Direct specific content through VPN

Is there any way to route traffic by specific content through VPN? Not just by domains and/or IPs, but by content of the site?
by matiaszon
Fri May 10, 2019 11:57 am
Forum: Beginner Basics
Topic: Bridged LTE dovado modem not reachable from MT
Replies: 0
Views: 749

Bridged LTE dovado modem not reachable from MT

Hi, I had the same topic once, but the solution is not working now... https://forum.mikrotik.com/viewtopic.php?f=13&t=63786&p=326275#p326275 I have dovado router with LTE usb stick bridged. IP from ISP is assigned directly to ether1 on MT. I have added another IP address manually to ether1 w...
by matiaszon
Tue Apr 30, 2019 10:32 am
Forum: Wireless Networking
Topic: hAP ac2 as bridge and CAP
Replies: 6
Views: 2196

Re: hAP ac2 as bridge and CAP

I don't think I can use virtual wlan and CAP configuration together.
by matiaszon
Mon Apr 29, 2019 12:50 pm
Forum: Wireless Networking
Topic: hAP ac2 as bridge and CAP
Replies: 6
Views: 2196

Re: hAP ac2 as bridge and CAP

It's a simple story. There is an AP (BaseBox2 - connected to CAPsMAN) working on 2 GHz.There is a station device (hAP ac2) that has 2 radios: 2 (wlan1) & 5 (wlan2) GHz. Wlan1 is working as a station connected to AP and wlan2 is configured as CAP. This allows to use only 5 GHz wifi in the extende...
by matiaszon
Sun Apr 28, 2019 1:11 pm
Forum: Beginner Basics
Topic: FastTrack and dual WAN
Replies: 4
Views: 2311

Re: FastTrack and dual WAN

Should I add something to fasttrack rule to point, that it is only for WAN1 connections?
by matiaszon
Sun Apr 28, 2019 2:28 am
Forum: Beginner Basics
Topic: FastTrack and dual WAN
Replies: 4
Views: 2311

FastTrack and dual WAN

I have RB2011UiAS-2HnD-IN running dual WAN. I am using mangle to mark IPs 10.10.10.180 to 10.10.10.200 as "to_WAN2" and all the rest of IPs as "to _WAN1". Everything works fine when fasttrack is disabled. When it is enabled, there is only one IP (10.10.10.181 - PlasyStation 4) th...
by matiaszon
Sat Apr 27, 2019 11:40 pm
Forum: Wireless Networking
Topic: hAP ac2 as bridge and CAP
Replies: 6
Views: 2196

hAP ac2 as bridge and CAP

Hi, I have just installed CAPs in my house. All of them work fine. However, as there is separated house for guests, and there is no cable, I have installed there hAP ac2. Wlan1 (2GHz) works a station (client) and wlan2 (5GHz) as a CAP. I was wondering if there is any chance to somehow create virtual...
by matiaszon
Sat Feb 16, 2019 9:08 pm
Forum: General
Topic: Is there any chance for SXT LTE or LHG LTE with 1 Gbps Ethernet?
Replies: 4
Views: 1649

Is there any chance for SXT LTE or LHG LTE with 1 Gbps Ethernet?

What is the real reason of giving only 10/100 Mbps Ethernet port to these devices? I was installing a modem, where modem delivered by operator easily reached 120-130 Mbps download over its built-in access point. That seems to be impossible to get with any (SXT or LHG) LTE devices from Mikrotik. Am I...
by matiaszon
Sun Oct 28, 2018 8:20 pm
Forum: General
Topic: Tunnel between 2 MT where on one there is no public IP
Replies: 3
Views: 941

Re: Tunnel between 2 MT where on one there is no public IP

Do you need routed access between sites or must the be on same layer 2 network? If routed, look at SSTP tunnel with one side that does not have public IP as a client and dial into the other site. If you need layer 2, then look at bridge control protocol over SSTP I don't think I need any routing. T...
by matiaszon
Sun Oct 28, 2018 7:37 pm
Forum: General
Topic: Tunnel between 2 MT where on one there is no public IP
Replies: 3
Views: 941

Tunnel between 2 MT where on one there is no public IP

Hi, I need to connect two LANs with tunnel and give access to all devices. In each LAN there is MT router on the edge. Unfortunatelly, one of these Internet accesses is without public IP. I used to use IPSec to connect both LANs, but since there is no public IP, and it is changing from time to time,...
by matiaszon
Mon Apr 23, 2018 2:38 pm
Forum: Beginner Basics
Topic: Load balancing with fail over (again)
Replies: 12
Views: 2345

Re: Load balancing with fail over (again)

LAN1 Destination 0.0.0.0 Gateway (IP address WAN1) CheckGateway: Ping, Distance = 1 Routing Mark - LAN1_Traffic Destination 0.0.0.0 Gateway (IP address WAN2) CheckGateway: Ping, Distance = 2 Routing Mark - LAN1_Traffic LAN2 Destination 0.0.0.0 Gateway (IP address WAN2) CheckGateway: Ping, Distance ...
by matiaszon
Sun Apr 22, 2018 7:14 pm
Forum: Beginner Basics
Topic: Load balancing with fail over (again)
Replies: 12
Views: 2345

Re: Load balancing with fail over (again)

So to be clear, which is true: 1. you want both LANS to use WAN 2, ONLY if WAN1 is unavailable? 2. you only want Lan1 to only use WAN1 and LAN2 to only use Wan 2? 3. You want both LANS to access either WAN, based on a per session basis - taking turns? (regardless of where the request is coming from...
by matiaszon
Sat Apr 21, 2018 2:53 am
Forum: Beginner Basics
Topic: Load balancing with fail over (again)
Replies: 12
Views: 2345

Load balancing with fail over (again)

Trying to set up load balancing with fail over, but can't get the proper results. WAN1: static IP, connection over PPPoE WAN2: LTE, dynamic IP, non-public LAN1: 10.10.10.0/24 LAN2: 192.168.83.0/24 The best would be to combine (bond) these two WANs, but since they come from two different ISPs, I supp...
by matiaszon
Sun Apr 15, 2018 2:52 pm
Forum: Beginner Basics
Topic: Proper configuration of MT
Replies: 1
Views: 835

Re: Proper configuration of MT

OK, sorted it out.
by matiaszon
Fri Apr 13, 2018 2:40 pm
Forum: Beginner Basics
Topic: Stopping double NAT on WAP LTE with RB951G-2Hnd
Replies: 4
Views: 1813

Re: Stopping double NAT on WAP LTE with RB951G-2Hnd

Hi All, I've been using my RB951G-2HnD for years with 3 seperate ADSL Modems and all has been working swimingly. Today I've received the wAP LTE Kit, the kit iself works fine, however the issue I have is trying to get it to work with my 951 properly without getting double NAT. My LTE Carrier (EE in...
by matiaszon
Fri Apr 13, 2018 1:26 pm
Forum: Beginner Basics
Topic: Proper configuration of MT
Replies: 1
Views: 835

Proper configuration of MT

I was wondering how to properly make configuration of the following situation. 1. My main router is RB2011. I have a WAN port assigned to port ether10. All ports ether1 - ether2 are bridged to bridge1. I have CAPsMAN running on it as well and CAPs are also assigned to bridge1. IP address of bridge1:...
by matiaszon
Mon Feb 12, 2018 11:52 pm
Forum: Beginner Basics
Topic: MikroTik Home Setup
Replies: 6
Views: 1852

Re: MikroTik Home Setup

You'll want to have at least a CRS1 or CRS3 type switch for VLAN creating and testing.
Can you explain why?
by matiaszon
Sun Feb 11, 2018 8:57 pm
Forum: Beginner Basics
Topic: MikroTik hEX + USB 3G/4G Modem? Does it works?
Replies: 4
Views: 13190

Re: MikroTik hEX + USB 3G/4G Modem? Does it works?

Does MikroTik hEX works with USB 3G/4G Modems?

-MikroTik hEX lite
-MikroTik hEX
-MikroTik hEX PoE lite
https://wiki.mikrotik.com/wiki/Manual:Peripherals
by matiaszon
Fri Feb 09, 2018 11:47 am
Forum: Beginner Basics
Topic: MikroTik Home Setup
Replies: 6
Views: 1852

Re: MikroTik Home Setup

You don't say anything about number of users in your LAN, but I am guessing there won't be many. That should be OK. For future consider buying other MT devices to use them as CAPs - you will be able to manage wi-fi clients from the main router.
by matiaszon
Mon Feb 05, 2018 11:22 pm
Forum: General
Topic: simple port forwarding not working
Replies: 6
Views: 13192

Re: simple port forwarding not working

Hello, my firewall export is [admin@MikroTik] /ip firewall> export # feb/06/2018 06:41:36 by RouterOS 6.40.5 # software id = AWE7-LI4Q # # model = CRS125-24G-1S # serial number = 6D08058AB1C9 /ip firewall filter add action=drop chain=input comment="stop external dns queries from being answered...
by matiaszon
Sat Feb 03, 2018 5:04 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 104
Views: 32177

Re: v6.41.1 [current]

With tls-host you have to have new rule for each host. I do not understand what do you man. Why do you assume that you can not block HTTPS traffic with address list? /ip firewall address-list add list=block address=www.example1.com add list=block address=www.example2.com /ip firewall filter add cha...
by matiaszon
Fri Feb 02, 2018 10:22 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 104
Views: 32177

Re: v6.41.1 [current]

matiaszon - Depends on situation. You can add domain names to address list and then drop access to specific dst-address-list.
But thi won't work on https sites. I am talking about tls-host functionality. How can you block more than 1 site using this feature?
by matiaszon
Fri Feb 02, 2018 12:17 pm
Forum: Beginner Basics
Topic: Static WAN address no internet access
Replies: 3
Views: 2321

Re: Static WAN address no internet access

Dear all, I am new to Mikrotik and I wanted to discover all the features it has but it seems I am stuck right at the beginning. I have a static IP 86.xxx.168.50 with the subnet mask 255.255.255.128 and gateway 86.xxx.148.1 where xxx is obvious the same number. I have entered the configuration in th...
by matiaszon
Fri Feb 02, 2018 11:27 am
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 104
Views: 32177

Re: v6.41.1 [current]

tls-host now seems to work very nice!
However, is there any way to block a list of hosts, or I have to create separate rule for everysite I want to block?
by matiaszon
Mon Jan 29, 2018 1:08 pm
Forum: Beginner Basics
Topic: Firewall e Nat Rule - FTP Upload
Replies: 6
Views: 1415

Re: Firewall e Nat Rule - FTP Upload

Hi, need help to configure a FTP (active mode) upload from my server ip 192.168.98.222 that can upload VIA ftp a file outside can anyone help me? Thank you If I understand correctly, you want a device inside your LAN to connect to a FTP server in the Internet and upload file? Normally, if there are...
by matiaszon
Sat Jan 27, 2018 4:56 pm
Forum: Beginner Basics
Topic: CAPsMAN does not work after setup.
Replies: 6
Views: 3180

Re: CAPsMAN does not work after setup.

On main router you also exclude wlan from local bridge,and configure as it was remote AP.
by matiaszon
Sat Jan 27, 2018 3:56 pm
Forum: Beginner Basics
Topic: CAPsMAN does not work after setup.
Replies: 6
Views: 3180

Re: CAPsMAN does not work after setup.

Remove wlan interface on the device from any birdges you want to use as cap.
by matiaszon
Fri Jan 26, 2018 12:09 am
Forum: General
Topic: [offtopic] iptables
Replies: 5
Views: 1406

Re: [offtopic] iptables

For the record, even if this works, it's not the best way, because now access to this port (through this router) will work only for connections coming via VPN interface. If you'd have dstnat to same port also from client router's local public address (I suspect there might not be one in this case a...
by matiaszon
Thu Jan 25, 2018 8:34 pm
Forum: General
Topic: [offtopic] iptables
Replies: 5
Views: 1406

Re: [offtopic] iptables

It's not OT. As you see already, it's because of your SNAT rule and once it changes source address, there's no way to get the original back. So it's simple, get rid of that SNAT rule. It will break things at first, but it's not hard to fix. On client add new default route in another routing table w...
by matiaszon
Thu Jan 25, 2018 2:41 pm
Forum: General
Topic: [offtopic] iptables
Replies: 5
Views: 1406

[offtopic] iptables

I know it is not the proper forum, but I was trying to get some help on other with no luck. The only thing about mikrotik in my case is that I use it as VPN client in this scenarion. OK, let's get back to the beginning. I have set up an OpenVPN server (tun) with the following addresses: public IP - ...
by matiaszon
Mon Jan 22, 2018 11:08 pm
Forum: Beginner Basics
Topic: Establishing VPN trough Mikrotik RB2011iLS-in
Replies: 4
Views: 1316

Re: Establishing VPN trough Mikrotik RB2011iLS-in

Does it mean, that you have some Cisco device running VPN server in your corporate network? If so, you probably need to set MikroTik to accept and/or passthrough protocols and/or set up port forwarding to the server.
by matiaszon
Mon Jan 22, 2018 10:53 pm
Forum: Beginner Basics
Topic: Simple VPN
Replies: 7
Views: 2229

Re: Simple VPN

Do you have any VPN server running at your office? What is it? OpenVPN, L2TP, IPSec, etc.?
by matiaszon
Mon Jan 22, 2018 4:14 pm
Forum: General
Topic: Capture all traffic https with webproxy?
Replies: 13
Views: 29815

Re: Capture all traffic https with webproxy?

I was just struggling how to block HTTPS social sites in my small network, and I think I found a solution, at least it works here. Maybe not in 100% as I would wish, but it some how works. 1. Setting up a list of disallowed websites (let's call it 'social'). As I am located in Poland, I have to rest...
by matiaszon
Sat Jan 20, 2018 3:34 pm
Forum: General
Topic: Show user ip on lan side [SOLVED]
Replies: 5
Views: 1415

Re: Show user ip on lan side [SOLVED]

Post result of:
/ip firewall export hide-sensitive
by matiaszon
Sat Jan 20, 2018 3:28 pm
Forum: General
Topic: VPS + VPN + source IP forwarding
Replies: 4
Views: 2511

Re: VPS + VPN + source IP forwarding

up up up
by matiaszon
Sat Jan 20, 2018 3:12 pm
Forum: General
Topic: iOS VPN Issues
Replies: 8
Views: 1745

Re: iOS VPN Issues

It's not that complicated to connect iOS device to MikroTik over L2TP/IPsec tunnel.
Post your export here by executing command:
/export hide-sensitive
by matiaszon
Sat Jan 20, 2018 2:58 pm
Forum: Beginner Basics
Topic: Simple VPN
Replies: 7
Views: 2229

Re: Simple VPN

You haven't even mentioned what typeof VPN server is at your office.
by matiaszon
Mon Jan 15, 2018 3:07 pm
Forum: Beginner Basics
Topic: port forwarding to 1 web cam.
Replies: 13
Views: 2521

Re: port forwarding to 1 web cam.

/export hide-sensitive
by matiaszon
Mon Jan 15, 2018 11:14 am
Forum: Beginner Basics
Topic: hAP ac lite cant connect to internet with SXT Lite5
Replies: 1
Views: 693

Re: hAP ac lite cant connect to internet with SXT Lite5

First of all, your gateway address is EXACTLY the same, as the address of your SXT (192.168.88.1). I don't know if you have the access to SXT device, but teoretically you have 2 ways to go. However, I will stick with 1, where you have NAT on you hAP ac lite. Let hAP get address from SXT as it alread...
by matiaszon
Mon Jan 15, 2018 10:38 am
Forum: Beginner Basics
Topic: Help with Port Forwarding an OpenVPN Client Interface
Replies: 4
Views: 1749

Re: Help with Port Forwarding an OpenVPN Client Interface

Try adding this line: /ip firewall filter add action=accept chain=input comment="webif access" connection-state=established,related,new dst-port=80 protocol=tcp By the way, you filter firewall seems to be very small. Have you considered reseting the configuration and run the default one fr...
by matiaszon
Mon Jan 15, 2018 10:23 am
Forum: Beginner Basics
Topic: Help! Beginner
Replies: 11
Views: 3145

Re: Help! Beginner

/export hide-sensitive
by matiaszon
Sun Jan 14, 2018 3:51 pm
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 11861

Re: Port forward not working for me [SOLVED]

You can apply HairPIN NAT for sa many as servers as you need. The only problem is to set up ports correctly. Let's say you have two different servers both working on port tcp 80. If you set up an external port for the firat one you have to choose another port number for the second server. For exampl...
by matiaszon
Sun Jan 14, 2018 3:35 pm
Forum: Beginner Basics
Topic: Help with Port Forwarding an OpenVPN Client Interface
Replies: 4
Views: 1749

Re: Help with Port Forwarding an OpenVPN Client Interface

Post results of:
/ip firewall filter export
by matiaszon
Sun Jan 14, 2018 3:27 pm
Forum: Beginner Basics
Topic: Rb450G on an hAP ac, weird problems [SOLVED]
Replies: 4
Views: 1793

Re: Rb450G on an hAP ac, weird problems [SOLVED]

I had similar problem, but after connecting some devices bridge was ruined. I had to check cables ports, and finally found out, that on the other end some devices were making problems. Try changing power supply, and then switch cables, connect cable without anything on the other end, and connect dev...
by matiaszon
Fri Jan 12, 2018 10:20 am
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 11861

Re: Port forward not working for me [SOLVED]

Just to remember: this will make problems, when you will have another server in LAN working on another port.
by matiaszon
Thu Jan 11, 2018 2:13 pm
Forum: Beginner Basics
Topic: Router time and date
Replies: 9
Views: 2391

Re: Router time and date

by matiaszon
Thu Jan 11, 2018 10:46 am
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 11861

Re: Port forward not working for me [SOLVED]

Just add accept rule for port tcp 8123 in filter section: /ip fi fi add action=accept chain=input comment="allow WEB" dst-port=8123 protocol=tcp place-before=3 If that would be the problem, you would have to add "accept" rules in the filter table for each forwarded port. I have ...
by matiaszon
Thu Jan 11, 2018 10:04 am
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 11861

Re: Port forward not working for me [SOLVED]

I would put masquarades on top of the list (however don't think it has so much affect on port forwarding, but you can try after changing), and delete: add action=dst-nat chain=dstnat disabled=yes dst-port=8123 in-interface=ether1 protocol=tcp src-port=443 \ to-addresses=192.168.10.16 to-ports=8123 S...
by matiaszon
Thu Jan 11, 2018 2:01 am
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 11861

Re: Port forward not working for me [SOLVED]

Export your settings here hiding sensitive
export hide-sensitive


Wysłane z iPhone za pomocą Tapatalk
by matiaszon
Wed Jan 10, 2018 11:36 pm
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 11861

Re: Port forward not working for me [SOLVED]

I made a small mistake in the code. It should be: /ip firewall nat add action=dst-nat chain=dstnat comment=Webserver dst-port=8123 in-interface=ether1 protocol=tcp to-addresses=192.168.10.16 to-ports=8123 However, I can see, that you changed it to "in-interface-list=WAN". I believe that yo...
by matiaszon
Wed Jan 10, 2018 7:22 pm
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 11861

Re: Port forward not working for me [SOLVED]

I assume, that you have apublic address from your ISP. There is no rule pointing to your server. You need to add: /ip firewall nat add action=dst-nat chain=dstnat comment=Webserver dst-port=8123 in-interface-list=ether1 protocol=tcp to-addresses=192.168.10.16 to-ports=8123 More to read here: https:/...
by matiaszon
Fri Dec 29, 2017 3:11 pm
Forum: Beginner Basics
Topic: Split address-list traffic between 2 routes
Replies: 2
Views: 897

Re: Split address-list traffic between 2 routes

Shouldn't you add
dst-address 0.0.0.0/0
to you route rule?
by matiaszon
Fri Dec 29, 2017 2:44 pm
Forum: Beginner Basics
Topic: Port foward for https and http
Replies: 11
Views: 4650

Re: Port foward for https and http

Hairpin NAT is what you need. Delete/disable all rules regarding port 80 and 443 from your Firewall, and add these: /ip firewall nat add action=dst-nat chain=dstnat comment="WWW server http" dst-address=YOUR_PUBLIC(ISP)_IP_HERE dst-port=80 protocol=tcp to-addresses=192.168.1.5 add action=m...
by matiaszon
Fri Dec 29, 2017 2:35 pm
Forum: Beginner Basics
Topic: Port forwarding from one router to another
Replies: 3
Views: 1635

Re: Port forwarding from one router to another

Did you try to add the rule on router 2?
/ip firewall filter add action=accept chain=input comment="ssh" connection-state=established,related,new dst-port=22 protocol=tcp
by matiaszon
Fri Dec 29, 2017 2:19 pm
Forum: Beginner Basics
Topic: Forward port from one router to another router [SOLVED]
Replies: 11
Views: 5985

Re: Forward port from one router to another router [SOLVED]

Later, much later tonight I'll try getting the router 2 in bridge mode just to get something working before moving on the moving routers around. The more I work with the routers the more I learn. The easiest way to do it in steps. 1. Get the latest RouterOS on both of your devices. 2. Reset your RB...
by matiaszon
Fri Dec 29, 2017 12:53 am
Forum: Beginner Basics
Topic: Forward port from one router to another router [SOLVED]
Replies: 11
Views: 5985

Re: Forward port from one router to another router [SOLVED]

The quick answer for double NATing is the first router is a RB750GL (not wireless) and router 2 is a RB951G-2HnD (wireless). Years ago I purchased the first router thinking (actually not thinking ahead or lack of planning) that I wasn't going to need a wireless router. Didn't have a wireless camera...
by matiaszon
Thu Dec 28, 2017 9:49 pm
Forum: Beginner Basics
Topic: Forward port from one router to another router [SOLVED]
Replies: 11
Views: 5985

Re: Forward port from one router to another router [SOLVED]

Internet | | router 1 Gateway IP: 192.168.98.1 ---------Computer, IP 192.168.98.100 | | router 2 IP assign to router 2 from router 1 = 192.168.98.200 GW: 192.168.99.1 | | | camera IP: 192.168.99.120 port:9003 On router 2: /ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-port=9003 i...
by matiaszon
Thu Dec 28, 2017 1:36 pm
Forum: Beginner Basics
Topic: Forward port from one router to another router [SOLVED]
Replies: 11
Views: 5985

Re: Forward port from one router to another router [SOLVED]

1. You are not writing from where would you like to have the access to cameras - from the LAN of 1st MikroTik and/or from the Internet?
2. Are MikroTiks in the same subnet or not?
by matiaszon
Mon Dec 25, 2017 11:36 pm
Forum: General
Topic: VPS + VPN + source IP forwarding
Replies: 4
Views: 2511

Re: VPS + VPN + source IP forwarding

80 views and nothing?
by matiaszon
Mon Dec 25, 2017 9:41 pm
Forum: General
Topic: capsman, wifi 5ghz not work I must set manual frequency
Replies: 2
Views: 1019

Re: capsman, wifi 5ghz not work I must set manual frequency

Some AP I see on 5GHz, but some AP are transmitting at a forbidden frequency and I cant see on my devices. Where is wrong settings?
Maybe just some APs simply don't support 5 GHz (they physically don't have 5 GHz radios built-in)?
by matiaszon
Mon Dec 25, 2017 12:22 am
Forum: Beginner Basics
Topic: youtube to other gateway [SOLVED]
Replies: 20
Views: 4304

Re: youtube to other gateway [SOLVED]

What about adding youtube as domain name to address list? MikroTik will resolve all addresses automatically. Then you can make a mangle rule marking that connection and then, route connection with that mark through the desired WAN.
by matiaszon
Sat Dec 23, 2017 4:47 pm
Forum: General
Topic: VPS + VPN + source IP forwarding
Replies: 4
Views: 2511

Re: VPS + VPN + source IP forwarding

No one?
by matiaszon
Fri Dec 22, 2017 3:10 pm
Forum: General
Topic: VPS + VPN + source IP forwarding
Replies: 4
Views: 2511

Re: VPS + VPN + source IP forwarding

I am still trying to find a solution for that, and I was just thinking about setting up a PPPoE server on VPS and redirect the public IP of VPS to my router (actually I need only like 1 tcp port with that IP)? Do you think that would be possible? But what about other clients connecting to OpenVPN ru...
by matiaszon
Fri Dec 22, 2017 10:33 am
Forum: Beginner Basics
Topic: Port-forwarding 2 Public IP addresses
Replies: 9
Views: 1882

Re: Port-forwarding 2 Public IP addresses

It's a crutch. What crutch? Sometimes, if you have no other way to get the public IP, it's the only way. Better change the ISP. Yes, if you have plenty of them. Imagine the situation, that you have only 1 mobile ISP available in your area, becuse you like to live in a countryside. Maybe you will be...
by matiaszon
Thu Dec 21, 2017 9:57 pm
Forum: Beginner Basics
Topic: Port-forwarding 2 Public IP addresses
Replies: 9
Views: 1882

Re: Port-forwarding 2 Public IP addresses

The other way is to set up a VPN on remote machine (VPS), and make port forwarding to your LAN through your router. This is what I have recently done. It's a crutch. What crutch? Sometimes, if you have no other way to get the public IP, it's the only way. Better change the ISP. Yes, if you have ple...
by matiaszon
Thu Dec 21, 2017 2:22 pm
Forum: Beginner Basics
Topic: Port-forwarding 2 Public IP addresses
Replies: 9
Views: 1882

Re: Port-forwarding 2 Public IP addresses

The other way is to set up a VPN on remote machine (VPS), and make port forwarding to your LAN through your router. This is what I have recently done.
It's a crutch.
What crutch? Sometimes, if you have no other way to get the public IP, it's the only way.
by matiaszon
Thu Dec 21, 2017 10:33 am
Forum: Beginner Basics
Topic: Port-forwarding 2 Public IP addresses
Replies: 9
Views: 1882

Re: Port-forwarding 2 Public IP addresses

The other way is to set up a VPN on remote machine (VPS), and make port forwarding to your LAN through your router. This is what I have recently done.
by matiaszon
Thu Dec 21, 2017 9:52 am
Forum: General
Topic: How do I take this? Static routes?
Replies: 12
Views: 2343

Re: How do I take this? Static routes?

You don't need any access to anything else than MikroTiks, to make it more simple (unless, clients in room 2 and 3 have static IPs on their devices). Just make these MikroTiks in "bridge mode", so they rather behave like swicthes with AP than routers. Right now, clients of the last MikroTi...
by matiaszon
Thu Dec 21, 2017 1:46 am
Forum: General
Topic: VPS + VPN + source IP forwarding
Replies: 4
Views: 2511

VPS + VPN + source IP forwarding

Here is the situation. I have successfully set up OpenVPN server on VPS (IP: 1.1.1.1). I have then connected my MikroTik to that server as a client (WAN: 2.2.2.2, LAN: 10.10.10.0/24, Client VPN IP: 10.8.0.101). I have also set up port forwarding on VPS so once you try to connect with 1.1.1.1:2502 yo...
by matiaszon
Thu Dec 14, 2017 12:19 pm
Forum: Beginner Basics
Topic: 2x WAN & 1x LAN
Replies: 1
Views: 841

2x WAN & 1x LAN

Introduction My friend (more than 2000 km away) is trying to figure out making connection with 2x WAN and a single LAN. WAN1: LTE/4G dongle, much faster down and up links, no public IP, private IP on router 192.168.3.10, gateway 192.168.3.1, WAN2: ether1, old slow line (1,5/0,5 Mbps), public but no...
by matiaszon
Sun Dec 10, 2017 12:52 am
Forum: General
Topic: mikrotik ipsec and strongswan
Replies: 7
Views: 7001

Re: mikrotik ipsec and strongswan

I would appreciate any help on that too.
by matiaszon
Mon Dec 04, 2017 10:40 am
Forum: Beginner Basics
Topic: How do I connect using browser to router's IP address [SOLVED]
Replies: 2
Views: 1789

Re: How do I connect using browser to router's IP address [SOLVED]

I'm using RouterOS 6.40.5 and the RouterBOARD 750G r3. I have the default setup with Ip 192.168.4.1 assigned to the router and the dhcp 192.168.4.10-100. I can connect from the windows box using IP 192.168.4.1 to winbox. If I try to use the same IP in a browser it doesn't connect. What or how do I ...
by matiaszon
Sun Dec 03, 2017 2:30 pm
Forum: Beginner Basics
Topic: Forcing single URL to use specific WAN
Replies: 3
Views: 1989

Re: Forcing single URL to use specific WAN

Searching topics doesn't hurt.
viewtopic.php?t=94141
by matiaszon
Sun Dec 03, 2017 2:27 pm
Forum: General
Topic: Forum troubles
Replies: 39
Views: 6875

Re: Forum troubles

At least forum and threads are opening normally now. Posting a reply still needs more time, but in my opinion much faster than 2 days ago.
by matiaszon
Sat Dec 02, 2017 12:32 pm
Forum: General
Topic: Forum troubles
Replies: 39
Views: 6875

Re: Forum troubles

I thought it's only me, but generally it's hard to use that forum.
by matiaszon
Fri Dec 01, 2017 6:13 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

This is how I woud see your network, if you want to keep separated subnet 192.168.8.0/24

Image
And then what you need is just to set up some filter rules, if you don't want all 192.168.8.0/24 users to see "Server A".
by matiaszon
Fri Dec 01, 2017 6:11 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

This is how I woud see your network, if you want to keep separated subnet 192.168.8.0/24

Image
by matiaszon
Fri Dec 01, 2017 5:35 pm
Forum: Beginner Basics
Topic: Is my interface done correctly [SOLVED]
Replies: 6
Views: 2238

Re: Is my interface done correctly [SOLVED]

It's working fine. But if I want ethher1 to be WAN and other 4 to be just switch, how do I go about it? Because we don't know ANYTHING about your config, the only proper answer is below. Make sure you have latest firmware installed, open WinBox, and then: System > Reset Configuration Make sure noth...
by matiaszon
Fri Dec 01, 2017 4:53 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

I see your point. The main reason is that I was developing some code for IOT devices (what else in this moment :) ) and the code use a publicdomanindame.com:portnumber to connect the server .200:realportnumber for exchanging data. The idea is to move the IOT device in another location and they stil...
by matiaszon
Fri Dec 01, 2017 4:51 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

I see your point. The main reason is that I was developing some code for IOT devices (what else in this moment :) ) and the code use a publicdomanindame.com:portnumber to connect the server .200:realportnumber for exchanging data. The idea is to move the IOT device in another location and they stil...
by matiaszon
Fri Dec 01, 2017 2:55 pm
Forum: Beginner Basics
Topic: Help with blocking DHCP on WAN1 and ether1 and only allow WAN2 to receive
Replies: 7
Views: 1520

Re: Help with blocking DHCP on WAN1 and ether1 and only allow WAN2 to receive

There is also something like DHCP relay on MikroTik, but honestly, I have never tried how it works and if it would fit in your conditions.
by matiaszon
Fri Dec 01, 2017 2:52 pm
Forum: Beginner Basics
Topic: OpenVPN and network neighborhood
Replies: 1
Views: 735

Re: OpenVPN and network neighborhood

Hello, I have configured a OpenVPN server on MT and it works fine besides one thing - I'd like to see windows network neighborhood while my windows PC is connected as a client. Is it possible to see it? How should it be configured?
Did yo uset up proxy-arp for your LAN interface?
by matiaszon
Fri Dec 01, 2017 2:20 pm
Forum: Beginner Basics
Topic: Help with blocking DHCP on WAN1 and ether1 and only allow WAN2 to receive
Replies: 7
Views: 1520

Re: Help with blocking DHCP on WAN1 and ether1 and only allow WAN2 to receive

I don't think that having two DHCP servers on two different devices in the same network is a good idea. Where do you have 1st DHCP server, is that another MikroTik? If it is on MikroTik, maybe you should consider creating CAPsMAN on it and manage RB411 wlans from there? If not, maybe it would be bet...
by matiaszon
Fri Dec 01, 2017 2:02 pm
Forum: Beginner Basics
Topic: Help with blocking DHCP on WAN1 and ether1 and only allow WAN2 to receive
Replies: 7
Views: 1520

Re: Help with blocking DHCP on WAN1 and ether1 and only allow WAN2 to receive

I don't think that having two DHCP servers on two different devices in the same network is good idea. Where is the main DHCP server located - is it MikroTik too? If so, I would consider creating CAPsMAN and manage RB411 wlans from there. Otherwise, maybe you should use RB411 as a router, create anot...
by matiaszon
Fri Dec 01, 2017 11:13 am
Forum: Beginner Basics
Topic: Help with blocking DHCP on WAN1 and ether1 and only allow WAN2 to receive
Replies: 7
Views: 1520

Re: Help with blocking DHCP on WAN1 and ether1 and only allow WAN2 to receive

First of all I guess it's not WAN1 and WAN2 but wlan1 and wlan2, because you are talking about wireless, aren't you? Second, please post your settings here, by executing below command: /export hide sensitive Third, does it mean you have one DHCP in your network on server, and second one on RB411 and...
by matiaszon
Thu Nov 30, 2017 7:53 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

I cannot fully understand the point 2) because the AP-Wifi has two port: one is the WAN that it is fisically connected to the ethernet 3 of the mikrotik. The second port is the "Wifi" port that allow the connection to the router. For the two 3) is already done and for this reason the PCB ...
by matiaszon
Thu Nov 30, 2017 3:28 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

So there is no 192.168.8.0/24 address assigned to any of MikroTik ports. The only local address assigned on MikroTik I can see is: /ip address add address=192.168.1.1/24 interface=ether2 network=192.168.1.0 So, if you want to keep WiFi users separated (or at least most of them), I would do the follo...
by matiaszon
Thu Nov 30, 2017 1:55 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

I am lost again :) Now I start to think, that MikroTik is connected with a cable (ether3) to Router B on it's WAN. Am I right? What is the exact address of ether3 and WAN. Making a command /ip export hide-sensitive would help a bit. If the above is right, and the Router B is not connected to 192.168...
by matiaszon
Thu Nov 30, 2017 12:38 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

I don't think it is needed but in case I also put the miktorik eth1 in the DMZ of the Modem/router OMG, it's a total mess. So PC B is tripple NATed...! DMZ is necessary. More convenient would be to set up modem in a bridge mode and make PPPoE connection on MikroTik, so you will get the public IP di...
by matiaszon
Wed Nov 29, 2017 10:40 am
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

I re-read your post and I think I am 99% right, that it is the router B. However, we don't know what kind of router is it and how it is configured, but this is for sure the thing which doesn't allow to use hairpin NAT.
Do you really want that router?
by matiaszon
Tue Nov 28, 2017 3:10 pm
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

I apologies. I was thinking it was quite clear within the use of subnets address. It wasn't, and unfortunately it is still not. But in case here a more complete diagram The mikrotik has the eth1 configured in ppoe is connected to the VDSL modem (WAN) OK, that is clear. the eth2 is connected to a sw...
by matiaszon
Tue Nov 28, 2017 12:14 am
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

First of all you need to correct your diagram to show us, what is connected to what, which devices is a gateway to the Internet, etc.,and what you are doing and what is the problem. Otherwise we won't be able to help you. Hairpin NAT was just a guess from my side.
by matiaszon
Mon Nov 27, 2017 10:27 am
Forum: Beginner Basics
Topic: OpenVPN and LAN access
Replies: 12
Views: 15596

Re: OpenVPN and LAN access

As far as I know OVPN server does not support all features of OpenVPN server running for example on linux. I have 2 subnets in my network and after logging in to OVPN on MikroTik I can see only the devices from the same subnet of the IP I have got, i.e. if I set up OVPN to assign IP from subent1, I...
by matiaszon
Mon Nov 27, 2017 1:33 am
Forum: Beginner Basics
Topic: Help in proper nat inside multiple subnet
Replies: 21
Views: 3915

Re: Help in proper nat inside multiple subnet

Hi. I need to correctly forward a connection from a subnet to another one. In the same time the IP to be used must be the public one. In the diagram the configuration and the nat configuration I'm using. Immagine1.png If the PC A try to reach the SERVER A using the public domain name is correctly f...
by matiaszon
Mon Nov 27, 2017 1:19 am
Forum: Beginner Basics
Topic: Link 2 Mikrotik Routers [SOLVED]
Replies: 8
Views: 2299

Re: Link 2 Mikrotik Routers [SOLVED]

What would be the effect of this change? I thought that .../24 is used for matching 0-254 in the last ip block. Here I want one static ip address for Mikrotik2. Using matiaszon instructions everythings seems to be working fine now. All thats left is a static ip for the device connected to ether2. /...
by matiaszon
Mon Nov 27, 2017 1:15 am
Forum: Beginner Basics
Topic: Link 2 Mikrotik Routers [SOLVED]
Replies: 8
Views: 2299

Re: Link 2 Mikrotik Routers [SOLVED]

Awesome, that seemed to work. Thank you so much! You are right, I want the 2nd router to act as a switch. I took the suggestion of assigning the address 192.168.88.2 to the Bridge and deleting all DHCP-Client settings. Are there any advantages for either approach (i.e. DHCP-Client vs manual assigni...
by matiaszon
Sun Nov 26, 2017 3:51 pm
Forum: Beginner Basics
Topic: port forwarding confusion
Replies: 8
Views: 3208

Re: port forwarding confusion

Sorry in advance for the neophyte nature of my questions - Internal IP of my desktop in question is 192.168.88.12X (windows 10 - Fiewall totally disabled (Domain - everything) Cable modem FW also is off) I cant seem to forward ports. I tried the following resources http://www.icafemenu.com/how-to-p...
by matiaszon
Sun Nov 26, 2017 3:10 pm
Forum: General
Topic: VPN IPsec remote LAN works, except router
Replies: 1
Views: 747

Re: VPN IPsec remote LAN works, except router

Post your exported settings.
by matiaszon
Sun Nov 26, 2017 2:40 pm
Forum: Beginner Basics
Topic: OpenVPN and LAN access
Replies: 12
Views: 15596

Re: OpenVPN and LAN access

As far as I know OVPN server does not support all features of OpenVPN server running for example on linux. I have 2 subnets in my network and after logging in to OVPN on MikroTik I can see only the devices from the same subnet of the IP I have got, i.e. if I set up OVPN to assign IP from subent1, I ...
by matiaszon
Sun Nov 26, 2017 2:33 pm
Forum: Beginner Basics
Topic: Link 2 Mikrotik Routers [SOLVED]
Replies: 8
Views: 2299

Re: Link 2 Mikrotik Routers [SOLVED]

Hello, ... set name="MikroTik LivingRoom" I assume, that the 2nd router has nothing to do with routing. It actually works as a switch. If I see right, your ether1 port is not bridged with the others. You need to switch your config a bit. 1. Remove all addresses from all physical ports. 2....
by matiaszon
Sun Nov 26, 2017 2:22 pm
Forum: Beginner Basics
Topic: Problems Accessing Server From Within LAN
Replies: 3
Views: 978

Re: Problems Accessing Server From Within LAN

Happy to see you sorted it out.
by matiaszon
Thu Nov 09, 2017 11:02 am
Forum: Beginner Basics
Topic: Integrated WLAN with Capsman
Replies: 10
Views: 2485

Re: Integrated WLAN with Capsman

It's actually quite unbelievable that no one in this forum was able to move a finger to help, now that I've just happened to stumble upon the problem and managed to fix it a few hours ago. I'm sure this would've been dead easy for any hardcore routerOS person on here. Go to IP > Firewall and disabl...
by matiaszon
Tue Nov 07, 2017 11:03 pm
Forum: General
Topic: CAPsMAN Bug (I think)
Replies: 2
Views: 875

Re: CAPsMAN Bug (I think)

hAP lite doesn't support 5 GHz, as it doesn't have such a radio.
Here is the spec
https://mikrotik.com/product/RB941-2nD-TC
by matiaszon
Mon Nov 06, 2017 9:02 pm
Forum: General
Topic: ping remote host interconnected network [SOLVED]
Replies: 4
Views: 1462

Re: ping remote host interconnected network [SOLVED]

By asking about possibility of pinging 8.8.8.8 I ment if you can ping anything outside the modem. But nevermind. I am not 100% sure, what you want to achieve, but I believe, that if you have modem, MT is the router and NAT for your local network. The simplest way is to log in, get the latest stable ...
by matiaszon
Mon Nov 06, 2017 12:49 pm
Forum: General
Topic: ping remote host interconnected network [SOLVED]
Replies: 4
Views: 1462

Re: ping remote host interconnected network [SOLVED]

Hello. Maybe it is crazy and simple question but actually I didn't found the problem. So first of all excuse me for it. But I was wondered if anyone help me about whats the hell with my doing. Logically I think there shouldn't be problem. Its so easy And a simple scenario. I have One Mikrotik (RB95...
by matiaszon
Mon Nov 06, 2017 12:39 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 3
Views: 1541

Re: Port Forwarding

Hi! Im new to microtik, and i'm trying to portforward my minecraft server. Its ip adress is 192.168.88.29 and i have a routerboard 951g 2hnd. Can someone help? (P.S., my routers ip is 192.168.88.1)
There are a lot of topics on the forum about port forwarding. Even google knows how to do it.
by matiaszon
Mon Nov 06, 2017 12:25 pm
Forum: General
Topic: MikroTik LTE "bridge-mode" to ETHER1
Replies: 9
Views: 7810

Re: MikroTik LTE "bridge-mode" to ETHER1

Has anyone figured out how to do this? Best Regards! MikroTik introduced new feature called "passthrough" in 6.41rc. However, it is not the passthrough we really wanted. It only passes through the IP, that your modem gives. So, if your modem is HiLink(with NAT) than it gives an address li...
by matiaszon
Sun Nov 05, 2017 10:44 pm
Forum: General
Topic: MikroTik LTE "bridge-mode" to ETHER1
Replies: 9
Views: 7810

Re: MikroTik LTE "bridge-mode" to ETHER1

Has anyone figured out how to do this? Best Regards! MikroTik introduced new feature called "passthrough" in 6.41rc. However, it is not the passthrough we really wanted. It only passes through the IP, that your modem gives. So, if your modem is HiLink(with NAT) than it gives an address li...
by matiaszon
Sun Nov 05, 2017 2:14 am
Forum: Beginner Basics
Topic: Optimal config for NAS: swith or router?
Replies: 11
Views: 2545

Re: Optimal config for NAS: swith or router?

Hi, I have a NAS at home and I'd like to accelerate the connectivity between my computer and the NAS as much as possible. My router is a 2011UiAS-2HnD. What would be the best way to accelerate the communication between my computer and my NAS? Would it make sense to put configure a couple of ports o...
by matiaszon
Sat Nov 04, 2017 2:47 pm
Forum: Beginner Basics
Topic: Mikrotik RBSXTG-5HPacD doesn't scan for a 2.4 Ghz home Wi-Fi network
Replies: 1
Views: 614

Re: Mikrotik RBSXTG-5HPacD doesn't scan for a 2.4 Ghz home Wi-Fi network

Is this a joke, or what?
Why are you so surprised, that 5 GHz radio doesn't "talk" to 2.4 GHz radio??? 5 GHz radio works with other 5 GHz radios, and 2.4 GHz with 2.4 GHz.
Read the spec oh RBSXTG-5HPacD.
by matiaszon
Fri Nov 03, 2017 10:11 pm
Forum: General
Topic: LTE Interface Drops Consistently
Replies: 9
Views: 3222

Re: LTE Interface Drops Consistently

Try to install stable version of ROS. The latest one is 6.40.4.
And you can post
/export hide-sensitive
by matiaszon
Fri Nov 03, 2017 3:15 pm
Forum: General
Topic: LTE Interface Drops Consistently
Replies: 9
Views: 3222

Re: LTE Interface Drops Consistently

Are you logging it? What does the log say?
by matiaszon
Fri Nov 03, 2017 12:00 am
Forum: Beginner Basics
Topic: Hap lite user access control
Replies: 2
Views: 1000

Re: Hap lite user access control

Your question is too general.
by matiaszon
Thu Nov 02, 2017 11:43 am
Forum: Beginner Basics
Topic: HAP AC Restrict Eth Port
Replies: 1
Views: 605

Re: HAP AC Restrict Eth Port

I think the easiest way is to: 1) create a bridge and add ether2, ether3 and ether4 ports, 2) assign IP to that bridge (let's say it will be 192.168.1.1, network 192.168.1.0/24), 3) create DHCP for that bridge, 4) assign IP for ether5 (let's say 192.168.2.1, network 192.168.2.0/24), 5) create DHCP f...
by matiaszon
Thu Nov 02, 2017 10:16 am
Forum: Beginner Basics
Topic: with lhg 5 I can not see local cameras
Replies: 32
Views: 3651

Re: with lhg 5 I can not see local cameras

I bet LHG was set up as a router, so either you had to formward desired ports to TP-Link or set the passthrough to it.
by matiaszon
Thu Nov 02, 2017 10:08 am
Forum: Beginner Basics
Topic: microtik to softether (site to site)
Replies: 3
Views: 1268

Re: microtik to softether (site to site)

If you search: softether mikrotik in google you will get few topics containing what you want. And first links refer to THIS FORUM!
by matiaszon
Tue Oct 31, 2017 1:08 am
Forum: Beginner Basics
Topic: home network setting
Replies: 10
Views: 2551

Re: home network setting

I do not want :) but as I said I do not know what to do and last idea which I have had is that AP should be influenced by second AP or/and ethernet router. But as I said...it does not make a sense but I have not any other idea what to do. Do you have the same problems with other mikrotik devices, o...
by matiaszon
Mon Oct 30, 2017 11:59 pm
Forum: Beginner Basics
Topic: home network setting
Replies: 10
Views: 2551

Re: home network setting

I am still not successful. I have tried all options - release Reset button when flashing diodes ethernet, wifi and CAP/AP. Release Reset button when flashing only CAP/AP button. Release Reset button when lighting ethernet and wifi diodes. Result is same -> after while seconds CAP/AP diodes is light...
by matiaszon
Sun Oct 29, 2017 11:49 pm
Forum: General
Topic: Ipsec Site to Site, again...
Replies: 14
Views: 4179

Re: Ipsec Site to Site, again...

I can't see any rules/ that would point both routers what to do, when devices want to access other LAN network, so you should add few lines. At the home router /ip firewall filter add action=accept chain=forward connection-state=established,related,new dst-address=192.168.0.0/24 src-address=192.168....
by matiaszon
Sun Oct 29, 2017 8:16 pm
Forum: Beginner Basics
Topic: How to set-up dhcp router [SOLVED]
Replies: 2
Views: 1092

Re: How to set-up dhcp router [SOLVED]

any one please help on how to set-up my router os. Please give me a complete guide on how to set-up dhcp wan,lan and wireless lan. my default isp gateway is 192.168.254.254. thank you! You can actually plug your mikrotik into your network with default config. If there is DHCP on your ISP side, and ...
by matiaszon
Sun Oct 29, 2017 4:12 pm
Forum: Beginner Basics
Topic: Capsman without second address network
Replies: 6
Views: 1802

Re: Capsman without second address network

Ok, I’d did it. It took me 4 tries clearing the configuration to zero but I now have the LAN1(ether2) interface on a bridge, and this bridge assigned to CAPsMAN through which the APs are accessed. I did it by using ether5 as a master interface and configuring over and over until the bridge worked. ...
by matiaszon
Sat Oct 28, 2017 7:44 pm
Forum: Beginner Basics
Topic: Capsman without second address network
Replies: 6
Views: 1802

Re: Capsman without second address network

You don't have to create special bridge, just add CAPs to your existing bridge. Or, if you already created bridge for CAPs, just add LAN ports to the same bridge, and you will have 1 DHCP for all your network.
by matiaszon
Sat Oct 28, 2017 3:41 pm
Forum: General
Topic: wAP LTE kit in "Bridge-Mode"
Replies: 13
Views: 11500

Re: wAP LTE kit in "Bridge-Mode"

But that is for sure a limitation from the usb modem, not the mtik, if you can configure the usb to work as a bridge (that I doubt it in LTE modems) the passthrough will let you configure the ppp-client in the mtik itself (having the 25mb top).. Sorry, but what exactly you mean it is a limitation f...
by matiaszon
Sat Oct 28, 2017 2:36 am
Forum: Beginner Basics
Topic: how to two subnet to communicate?
Replies: 10
Views: 3247

Re: how to two subnet to communicate?

I manage to succeed something. I add in routes of these two routers in destinatiom address whole subnet of second router amd gateway set to l2tp, which I with main router have access to them. Do in my main router i have l2tp connection over ipsec. And now two routers can communicate and can see any...
by matiaszon
Fri Oct 27, 2017 11:51 pm
Forum: General
Topic: wAP LTE kit in "Bridge-Mode"
Replies: 13
Views: 11500

Re: wAP LTE kit in "Bridge-Mode"

But that is for sure a limitation from the usb modem, not the mtik, if you can configure the usb to work as a bridge (that I doubt it in LTE modems) the passthrough will let you configure the ppp-client in the mtik itself (having the 25mb top).. Sorry, but what exactly you mean it is a limitation f...
by matiaszon
Fri Oct 27, 2017 11:44 pm
Forum: Beginner Basics
Topic: How to set ether5 on wAC AP become uplink/wan port?
Replies: 3
Views: 1446

Re: How to set ether5 on wAC AP become uplink/wan port?

It seems so. I saw that missing on 6.41rc44 too.
by matiaszon
Fri Oct 27, 2017 3:27 pm
Forum: Beginner Basics
Topic: Capsman without second address network
Replies: 6
Views: 1802

Re: Capsman without second address network

Hi - I have successfully set up capsman using it's own set of addresses, bridge, DHCP, etc., and it all works. However I have two issues. 1. I'd like the capsman network to have the same addresses as the physical network, and use the same DHCP range, etc. I've looked everywhere but I can't seem to ...
by matiaszon
Fri Oct 27, 2017 2:42 pm
Forum: Beginner Basics
Topic: home network setting
Replies: 10
Views: 2551

Re: home network setting

Yes, I tried refresh many times. Also MAC address but always I got a message "ERROR: could not connect to ... (IP address or MAC address)". Why do you think "be careful"? Do you mean during pressing reset button -> for how long (in seconds) button is pressed or something else? Y...
by matiaszon
Fri Oct 27, 2017 2:25 pm
Forum: Beginner Basics
Topic: Bridge mode
Replies: 9
Views: 26901

Re: Bridge mode

Synology RT2600ac works in 802.11ac standard. Look for "ac" products from MikroTik and you should be able to reach the same. Depending on your need and requirements you can use the following devices:

hAP ac Lite
hAP ac
hAP ac Lite Tower
wAP ac
the same wAP ac but in black color
by matiaszon
Fri Oct 27, 2017 1:59 pm
Forum: Beginner Basics
Topic: How to set ether5 on wAC AP become uplink/wan port?
Replies: 3
Views: 1446

Re: How to set ether5 on wAC AP become uplink/wan port?

Either you set up IP address or creat DHCP client on ether5 to get the IP from your ISP. You can bridge other ports and assign private IP address for it. Create DHCP for that bridge. Create masquarade for ether5 or private IP range. Everything is described here . The only thing to remember is to swi...
by matiaszon
Fri Oct 27, 2017 12:02 pm
Forum: Beginner Basics
Topic: how can I setup mikrotik + local dns server
Replies: 2
Views: 18831

Re: how can I setup mikrotik + local dns server

Not sure, if this is what you are looking for, but did you try to add static DNS in MikroTik?
by matiaszon
Fri Oct 27, 2017 11:21 am
Forum: General
Topic: wAP LTE kit in "Bridge-Mode"
Replies: 13
Views: 11500

Re: wAP LTE kit in "Bridge-Mode"

it is possible do using the passthrough option: https://wiki.mikrotik.com/wiki/Manual:Interface/LTE#Passthrough Why it is not possible when using RB951G with Huawei E3372 modem? We tested and it worked - the passthrough client got the 192.168.8.100 IP address. This IP address NOT is passthrough fro...
by matiaszon
Mon Oct 23, 2017 8:49 pm
Forum: Beginner Basics
Topic: home network setting
Replies: 10
Views: 2551

Re: home network setting

If it lights power, you should be able to connect via MAC. Did you try to refresh list of neighbors? If so, try to reset it again but be careful, which way you are doing it...
by matiaszon
Mon Oct 23, 2017 8:46 pm
Forum: Beginner Basics
Topic: Bridge mode
Replies: 9
Views: 26901

Re: Bridge mode

Yes.. I think I'll do that. Use the Wireless router as an Access Point, and use the Mikrotik for the DHCP, firewall etc. @matiaszon I bought the RT2600 2 months ago I think. I didn't knew Mikrotik at this time. It's not a bad router, so I'll keep it... Thanks for your answers :) Cheers sim I think ...
by matiaszon
Mon Oct 23, 2017 11:42 am
Forum: Beginner Basics
Topic: Help : RB962UiGS-5HacT2HnT + Huawei E8372 USB modem configuration
Replies: 3
Views: 3620

Re: Help : RB962UiGS-5HacT2HnT + Huawei E8372 USB modem configuration

What you have explained here has nothing to do with accessing your LAN devices form WAN side. It seems, that you are probably double NAT-ed (1st NAT is on Huawei modem that gives IP addresses 192.168.8.0/24 and 2nd NAT is on MikroTik which gives addresses 192.168.88.0/24). You have to decide if you ...
by matiaszon
Mon Oct 23, 2017 11:30 am
Forum: Beginner Basics
Topic: Bridge mode
Replies: 9
Views: 26901

Re: Bridge mode

Can you tell us, what do you actually want to achieve? What kind of functionality? In your diagram I cannot see any role that MikroTik is doing. You can easily take it out and connect your Synology directly to your modem. I am guessing, that you maybe want to use Synology as an AP in your network. I...
by matiaszon
Sun Oct 22, 2017 7:15 pm
Forum: Beginner Basics
Topic: Bridge mode
Replies: 9
Views: 26901

Re: Bridge mode

So the RT2600ac would have the same public IP (as hEX), and be aware of it.
What do you actually mean "the same public IP"? Could you make a diagram or something showing what do you want to achieve?
by matiaszon
Fri Oct 20, 2017 2:11 pm
Forum: Beginner Basics
Topic: Slow Internet When Hotspot On
Replies: 5
Views: 2752

Re: Slow Internet When Hotspot On

I am not saying I will help, but without export of your settings nobody will be able to do it... Go to terminal and do
/export hide-sensitive
by matiaszon
Thu Oct 19, 2017 12:45 pm
Forum: Beginner Basics
Topic: wAP LTE and bridge?
Replies: 7
Views: 2359

Re: wAP LTE and bridge?

In previous published rc version of 6.41 (I think it was 6.41rc38) this E3372-153 didn't work at all. You informed via ticket, that you are aware about it, and next release candidate published will solve the problem. Then we got 6.41.rc44, problem solved, but not the way we wanted... Is it going to...
by matiaszon
Thu Oct 19, 2017 12:05 pm
Forum: General
Topic: wAP LTE kit in "Bridge-Mode"
Replies: 13
Views: 11500

Re: wAP LTE kit in "Bridge-Mode"

it is possible do using the passthrough option: https://wiki.mikrotik.com/wiki/Manual:Interface/LTE#Passthrough Why it is not possible when using RB951G with Huawei E3372 modem? We tested and it worked - the passthrough client got the 192.168.8.100 IP address. uldis, don't you think it doesn't make...
by matiaszon
Thu Oct 19, 2017 2:10 am
Forum: Wireless Networking
Topic: Mikrotik and Huawei 3372 LTE modem - LTE Passtrough
Replies: 9
Views: 16925

Re: Mikrotik and Huawei 3372 LTE modem - LTE Passtrough

we are jsut passing through the IP configuration that we get from the modem. If the modem uses NAT and provides local IP then we are passing that IP to the configured interface. If you can configure the modem to provide public IP then that IP will be passed through. Seriously, from the early beginn...
by matiaszon
Wed Oct 18, 2017 7:58 pm
Forum: Beginner Basics
Topic: wAP LTE and bridge?
Replies: 7
Views: 2359

Re: wAP LTE and bridge?

In previous published rc version of 6.41 (I think it was 6.41rc38) this E3372-153 didn't work at all. You informed via ticket, that you are aware about it, and next release candidate published will solve the problem. Then we got 6.41.rc44, problem solved, but not the way we wanted... Is it going to ...
by matiaszon
Wed Oct 18, 2017 3:52 pm
Forum: Wireless Networking
Topic: Mikrotik and Huawei 3372 LTE modem - LTE Passtrough
Replies: 9
Views: 16925

Re: Mikrotik and Huawei 3372 LTE modem - LTE Passtrough

I have the same situation. I asked the same question days ago, but nobody knows what to answer.
by matiaszon
Wed Oct 18, 2017 3:27 pm
Forum: General
Topic: wAP LTE kit in "Bridge-Mode"
Replies: 13
Views: 11500

Re: wAP LTE kit in "Bridge-Mode"

it is possible do using the passthrough option:
https://wiki.mikrotik.com/wiki/Manual:I ... assthrough
Why it is not possible when using RB951G with Huawei E3372 modem?
by matiaszon
Wed Oct 18, 2017 2:34 pm
Forum: Beginner Basics
Topic: Using MikroTik AP with a different brand of router?
Replies: 3
Views: 1559

Re: Using MikroTik AP with a different brand of router?

Hi Guys, I am new to here and I have no experience with MikroTik devices at all. We are a company with 12 branches and I want to create a Hotspot environment for our customers. In our branches we are using Draytek Routers and I doubt if Mikrotik sxt lite5 device works with Draytek Router? Also can ...
by matiaszon
Wed Oct 18, 2017 2:23 pm
Forum: Beginner Basics
Topic: MikroTik RB951 reset issue
Replies: 4
Views: 1137

Re: MikroTik RB951 reset issue

1. Connect MikroTik via cable to your computer.
2. Run WinBox on your computer.
3. Click on "Neighbors" card.
4. Click "Refresh".
5. Connect with the desired device by MAC address.
by matiaszon
Wed Oct 18, 2017 2:14 pm
Forum: Beginner Basics
Topic: wAP LTE and bridge?
Replies: 7
Views: 2359

Re: wAP LTE and bridge?

Use the Passthrough feature like matiaszon mentioned - if your provider will give the public IP you will get that IP on the RB2011.
It should be the same on MikroTik device equiped with USB LTE modem, but it's not! Or am I missing something...?
by matiaszon
Wed Oct 18, 2017 12:45 pm
Forum: Beginner Basics
Topic: home network setting
Replies: 10
Views: 2551

Re: home network setting

Hi, I am really newbie, first time using mikrotik router OS..could you please help me with network setting? I have a modem from internet provider -> next is RB2011il-IN (ethernet router without wifi) -> from RB2011il-IN going LAN cables to other rooms in my house and 2xLAN cables to two wifi AP (cA...
by matiaszon
Wed Oct 18, 2017 12:08 pm
Forum: Beginner Basics
Topic: Add firewall filter in top position
Replies: 3
Views: 1970

Re: Add firewall filter in top position

... and when using WinBox just drag & drop by mouse left-click :)
by matiaszon
Tue Oct 17, 2017 11:13 pm
Forum: Wireless Networking
Topic: iPhones dropping wifi (CAPsMAN)
Replies: 30
Views: 14974

Re: iPhones dropping wifi (CAPsMAN)

Coming back to this post again... Now I have iPhone 7 with the latest iOS 11.0.2 There are 2 different issues now. 1. iPhone works fine, but then, suddenly, it somehow disconnects form wifi. However it shows full wifi signal on screen. I can't ping any IP, even local. I need to disconnect wifi on iP...
by matiaszon
Tue Oct 17, 2017 7:17 pm
Forum: General
Topic: ** WE WANT A LTE BRIDGE-MODE **
Replies: 82
Views: 38114

Re: ** WE WANT A LTE BRIDGE-MODE **

I got it working with rc44 but not the way I was thinking it will work. My laptop got IP from Huawei's LAN range (198.168.8.0/24). I thought it will get IP directly from ISP... May you please provide a configuration which is working for you? Thank you! This one on wiki works good, but not the way I...
by matiaszon
Sun Oct 15, 2017 1:34 pm
Forum: General
Topic: ** WE WANT A LTE BRIDGE-MODE **
Replies: 82
Views: 38114

Re: ** WE WANT A LTE BRIDGE-MODE **

So, is this the proper way it is should work, or am I missing something? In my opinion it doesn't make sense. NAT is USB modem anyway, and we all wanted to have one and only NAT on MikroTik.
by matiaszon
Sun Oct 15, 2017 1:31 pm
Forum: Beginner Basics
Topic: Connect two Mikrotik hAP under the same LAN
Replies: 3
Views: 1208

Re: Connect two Mikrotik hAP under the same LAN

CAPsMAN It is empty, because you need to configure it! 1st hAP will be CAP Manager and the other will be just CAP (Access Point assigned to CAP Manager). The advantage is that you manage all your access points (if they are assigned to CAP Manage) from one place! You will see all clients connected in...
by matiaszon
Sat Oct 14, 2017 1:08 pm
Forum: Beginner Basics
Topic: wAP LTE and bridge?
Replies: 7
Views: 2359

Re: wAP LTE and bridge?

There is a new functionality in RouterOS 6.41rc that allows to "bridge" your LTE/4G modem with the device being connected to MikroTik with LTE modem. However, it doesn't work the way I thought in case of 4G USB modem, but maybe it is different in case of wAP LTE. You can try to do a passth...
by matiaszon
Fri Oct 13, 2017 11:36 pm
Forum: Beginner Basics
Topic: Connect two Mikrotik hAP under the same LAN
Replies: 3
Views: 1208

Re: Connect two Mikrotik hAP under the same LAN

I don't know if you are receiving public IP from your ISP, but if so, please remember, that if you go this way, you will have two NATs. Anyway, you can always set DMZ for you 1st hAP. I understand, that your 2nd hAP will be connected to the 1st one by LAN cable. Please look for CAPsMAN settings. Wha...
by matiaszon
Fri Oct 13, 2017 10:55 pm
Forum: General
Topic: ** WE WANT A LTE BRIDGE-MODE **
Replies: 82
Views: 38114

Re: ** WE WANT A LTE BRIDGE-MODE **

I got it working with rc44 but not the way I was thinking it will work. My laptop got IP from Huawei's LAN range (198.168.8.0/24). I thought it will get IP directly from ISP...
by matiaszon
Tue Oct 10, 2017 7:23 pm
Forum: General
Topic: RB3011UiAS - 6.40.4 (stable)
Replies: 1
Views: 1214

Re: RB3011UiAS - 6.40.4 (stable)

I had similar problem when replaced APs with CAPs. Suddenly everything stopped working properly. It took me 2 days to figure out that there was 1 device that was causing problems. What APs were not bridged (Ubiquiti) only 1 ethernet port on RB3011 was causing problems, but nobody eben noticed for 1 ...
by matiaszon
Mon Oct 09, 2017 10:55 am
Forum: General
Topic: ** WE WANT A LTE BRIDGE-MODE **
Replies: 82
Views: 38114

Re: ** WE WANT A LTE BRIDGE-MODE **

Thanks for the info!
by matiaszon
Sun Oct 08, 2017 3:23 pm
Forum: General
Topic: ** WE WANT A LTE BRIDGE-MODE **
Replies: 82
Views: 38114

Re: ** WE WANT A LTE BRIDGE-MODE **

I have spare RB951G that I wanted to try with Huawei E3372s-153 (Megafon provider). After puting commands with passthrough, apn etc. on ether1, and connecting ether1 to my laptop, my computer doesn't get any IP form MikroTik. Is this modem supported or am I missing something? /system resource usb pr...
by matiaszon
Fri Oct 06, 2017 12:22 pm
Forum: General
Topic: hEX gigabit problem
Replies: 5
Views: 1461

Re: hEX gigabit problem

Yeah? So let me explain... 1st device hEX (10.10.10.1) - router + CAPsMAN RAM: 256 MB CPU: mmips 880 MHz 2nd device RB2011UAS-2Hnd (10.10.10.3) - switch + CAP RAM: 128 MB CPU: mipsbe 600 MHz 3rd device RB951G-2HnD RAM: 128 MB CPU: mipsbe 600 MHz Now, when running test on hEX (the most powerful of th...
by matiaszon
Thu Oct 05, 2017 7:52 pm
Forum: General
Topic: hEX gigabit problem
Replies: 5
Views: 1461

Re: hEX gigabit problem

How should I search the forum? When I look for "bandwidth test" or even "alternative bandwidth test/btest" it gives back tones of posts, about btest...
by matiaszon
Thu Oct 05, 2017 12:58 pm
Forum: General
Topic: hEX gigabit problem
Replies: 5
Views: 1461

hEX gigabit problem

I have encountered strange problem. I got few MikroTiks in my LAN. The main router connected to the Internet is hEX (10.10.10.1). It has to bridges configured because of the CAPs reasons. Anyway, there are two other MikroTiks connected to it: RB2011UAS-2HnD (10.10.10.3) and RB951G-2Hnd (10.10.10.4)....
by matiaszon
Thu Aug 31, 2017 1:20 am
Forum: General
Topic: How to block Youtube and facebook Android App in router Mikrotik
Replies: 31
Views: 99754

Re: How to block Youtube and facebook Android App in router Mikrotik

Mikrotik offer a scripted method of blocking sites here :- http://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Block_access_to_specific_websites It finally did the job for me! The goal was to block youtube on my son's iPad. After running that script it blocked youtube site (even on https) but s...
by matiaszon
Mon Jun 12, 2017 2:11 pm
Forum: Beginner Basics
Topic: hAP ac as bridge only
Replies: 3
Views: 1772

Re: hAP ac as bridge only

I have the same configuration, and my client is set up as pseudo-bridge. However, did you bridge your LAN and WLAN ports? Did you assign DHCP-Client to that bridge? That should be more than enough to pass through DHCP requests and replies. Can you see on your router if it notices any DHCP request? D...
by matiaszon
Sun Jun 04, 2017 10:02 pm
Forum: Beginner Basics
Topic: Second Mikrotik IP address
Replies: 14
Views: 3337

Re: RE: Re: Second Mikrotik IP address

Was trying to help you understand the issue, but it seems you are too arrogant. What was the purpose of your post anyway, if you "don't have problems anymore"? You came off arrogant to start with. I'm just reciprocating. The purpose, for the third time, is to find out what IP address a se...
by matiaszon
Fri Jun 02, 2017 4:20 pm
Forum: Beginner Basics
Topic: Second Mikrotik IP address
Replies: 14
Views: 3337

Re: Second Mikrotik IP address

Was trying to help you understand the issue, but it seems you are too arrogant. What was the purpose of your post anyway, if you "don't have problems anymore"?
by matiaszon
Fri Jun 02, 2017 1:54 pm
Forum: Beginner Basics
Topic: Second Mikrotik IP address
Replies: 14
Views: 3337

Re: Second Mikrotik IP address

Wiat a second, I will get my crystal ball fixed and get back to you shortly... 1. First of all, what is the firewall of your network? Is it modem, that assigns 192.168.0.0/24 addresses or is the one of your MikroTiks? 2. Do you have public IP assigned to modem, or MikroTik? 3. What do you mean by &q...
by matiaszon
Thu Jun 01, 2017 1:29 pm
Forum: General
Topic: SSH port forwarding
Replies: 2
Views: 1252

Re: SSH port forwarding

What exactly do you want to achieve?
by matiaszon
Thu Jun 01, 2017 1:15 pm
Forum: General
Topic: Can Port Forward the Same Port # to 2 Different Internal IP Addresses?
Replies: 10
Views: 4224

Re: Can Port Forward the Same Port # to 2 Different Internal IP Addresses?

As @hgonzale says - impossible. The only thing you can do is to determine another external port and forward it to the desired port of the other device, for example: 1st device forward external port 80 to IP 192.168.1.10 internal port 80 2nd device forward external port 81 to IP 192.168.1.11 internal...
by matiaszon
Thu Jun 01, 2017 1:00 pm
Forum: Beginner Basics
Topic: Mikrotik and camera ports
Replies: 4
Views: 3690

Re: Mikrotik and camera ports

I don't think this will help at all. Port TCP 90 is for http protocol. To be able to use mobile app for cameras there is at least 1 protocol needed which is TCP 37777. Sometimes it is also needed to forward UDP 37778 as well. I don't know how it works on NVR, but this is what I have on DVR produced ...
by matiaszon
Thu Jun 01, 2017 1:35 am
Forum: Beginner Basics
Topic: Port forwarding for Webserver
Replies: 1
Views: 1594

Re: Port forwarding for Webserver

It would be much easier if you post your config from MikroTik. Anyway, will try to guess a bit and you confirm or correct. I understand, that your Fritzbox works as a modem, connects to the Internet and has some IP assigned to it's WAN port. Generally it looks as below [INTERNET] ----- [WAN IP - Fri...
by matiaszon
Fri May 26, 2017 8:16 pm
Forum: Beginner Basics
Topic: DHCP Woes (Relay / Switch / Bridge)??
Replies: 3
Views: 996

Re: DHCP Woes (Relay / Switch / Bridge)??

Make sure that all LAN ports and WLAN are in the same bridge. Assign DHCP-client to that bridge so it can get address from your DHCP server. You can also assign static IP from the same range. That's it. Delete all filter/firewall rules as you hAP will work only as switch & AP.
by matiaszon
Fri May 26, 2017 1:14 am
Forum: Beginner Basics
Topic: OVPN problem
Replies: 6
Views: 12092

Re: OVPN problem

You better hide your public IP and change your username and password...
by matiaszon
Wed May 24, 2017 2:20 pm
Forum: Beginner Basics
Topic: OVPN problem
Replies: 6
Views: 12092

Re: OVPN problem

Your server settings seem to be fine. I have also set up: port=1194 mode=ip netmask=24 mac-address+my_real_mac_address max-mtu=1500 keep-alive-timeout=60 Don't worry about the error - it appears even if everything works good. Here are my settings on Windows 10 & OpenVPN GUI v10 (which version yo...
by matiaszon
Wed May 24, 2017 12:54 pm
Forum: Beginner Basics
Topic: OVPN problem
Replies: 6
Views: 12092

Re: OVPN problem

It would be good to know your OVPN settings on MikroTik...
by matiaszon
Fri May 05, 2017 4:16 pm
Forum: Beginner Basics
Topic: PPTP & Routing
Replies: 75
Views: 17084

Re: PPTP & Routing

Can you ping the private IP of your PPTP server (I guess it's 192.168.2.1?) using your laptop from home?
by matiaszon
Fri May 05, 2017 4:06 pm
Forum: Beginner Basics
Topic: how to open tcp 443 ,udp 123 6 devices ?
Replies: 2
Views: 1324

Re: how to open tcp 443 ,udp 123 6 devices ?

Hi. You can only open port 443 and 123 to one of the internal devices. If you want to open to 6 devices then you will need 6 public IP's setup on your router or you can change the default ports on the remaining 5 devices eg 444 and 124 / 445 and 125 and so on He doesn't have to change default ports...
by matiaszon
Fri May 05, 2017 3:44 pm
Forum: Beginner Basics
Topic: CAPsMAN
Replies: 11
Views: 2548

Re: CAPsMAN

It does say nothing.
/export hide-sensitive
by matiaszon
Sat Apr 29, 2017 2:36 pm
Forum: General
Topic: SXT-LTE bridged mode?
Replies: 21
Views: 14171

Re: SXT-LTE bridged mode?

Thanks for suggestions we have this feature in TODO list but no eta for now. Can you share what other LTE router have this functionality , Model and how they have implemented this feature? NETGEAR 4G LTE-Modem LB1111 ZTE MF282 ZTE MF283+ Since you update RouterOS I will use the LB1111 in bridge-mod...
by matiaszon
Fri Apr 21, 2017 12:45 am
Forum: General
Topic: rb2011+capsman+pcc+pcq is enough?
Replies: 1
Views: 947

Re: rb2011+capsman+pcc+pcq is enough?

There were some known problems with efficiency of RB2011. I would consider RB3011UiAS-RM:
2-core CPU
1.4 GHz CPU
1 GB of RAM
10 Gigabit ports
...
Where on RB2011 the CPU usage was 40-50% now most of a time it's 0-2%.
by matiaszon
Thu Apr 20, 2017 5:18 pm
Forum: Beginner Basics
Topic: Can't configure RBwAP2nD-BE (wAP) - SOLVED
Replies: 9
Views: 7300

Re: Can't configure RBwAP2nD-BE (wAP)

Connect the device via ethernet cable. Run WinBox on your PC and click on "Neighbors" card. Look for MAC address of your device. Log in using standard credentials (user: admin and no password). Click on "System" on the left and then "Reset configuration". Do not check a...
by matiaszon
Tue Apr 11, 2017 2:58 pm
Forum: Beginner Basics
Topic: Cannot access the server MikroTik
Replies: 7
Views: 1693

Re: Cannot access the server MikroTik

You just physically don't have the connection to your MikroTik.
by matiaszon
Tue Apr 11, 2017 1:19 pm
Forum: Beginner Basics
Topic: Cannot access the server MikroTik
Replies: 7
Views: 1693

Re: Cannot access the server MikroTik

Open "Neighbors" card in WinBox and see what's there.
by matiaszon
Wed Apr 05, 2017 11:18 am
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 104
Views: 123601

Mikrotik wi-fi and Iphone = problem

I have few devices working with 3 mikrotik APs: iPad 1, iPad Mini, iPhone 5, iPhone 5S, iPhone 4S, iPhone 6S and iPhone 7. None of them is having any problems with working. There was a problem sometime ago, but after upgrading RouterOS and iOS it started to work properly. So I believe it's just a ma...
by matiaszon
Fri Mar 31, 2017 11:04 pm
Forum: General
Topic: Site to site IPSec
Replies: 12
Views: 3438

Re: Site to site IPSec

IF you are connected, see this - should help...
viewtopic.php?f=2&t=120068#p591157
by matiaszon
Fri Mar 31, 2017 3:02 pm
Forum: General
Topic: vpn ipsec lan2lan behind nat
Replies: 13
Views: 3761

Re: vpn ipsec lan2lan behind nat

Try to ping using proper interface. It probably tries to use "WAN" interface.
ping remote_ip_LAN interface=your_local_LAN_interface
You can also define in routes which gateway to use to communicate with the other network.
by matiaszon
Fri Mar 31, 2017 10:12 am
Forum: General
Topic: MULTIPLE UNKNOWN USERS LOGGED ON IN WINBOX
Replies: 2
Views: 1349

Re: MULTIPLE UNKNOWN USERS LOGGED ON IN WINBOX

Create new account with different username and password. Disable damin account and see if it happens again. If it still happens, reset configuration (try not to back up old setting to resetted router). I don't think there are any miracles...
by matiaszon
Thu Mar 30, 2017 11:54 pm
Forum: General
Topic: Site to site IPSec
Replies: 12
Views: 3438

Re: Site to site IPSec

Why did you change authorisation algorithms? Now routers cannot connect. Most probably, if you check installed-SA, you will see nothing there.
by matiaszon
Thu Mar 30, 2017 3:54 pm
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 104
Views: 123601

Re: Mikrotik wi-fi and Iphone = problem

try disabling multicast helper, and enabling multicast buffering
I have multicast helper turned on but with keep alive frames on too.


Wysłane z iPhone za pomocą Tapatalk
by matiaszon
Thu Mar 30, 2017 3:17 pm
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 104
Views: 123601

Re: Mikrotik wi-fi and Iphone = problem

I would set up preamble for "both".
Disable Nstreme
Disable Polling
Enable CSMA

I would suggest to copy & paste export of your settings.
by matiaszon
Thu Mar 30, 2017 1:35 pm
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 104
Views: 123601

Re: Mikrotik wi-fi and Iphone = problem

I also had problems with Apple devices and MikroTiks, but they are now working fine. Let me ask you few questions...

1. What is your iOS version?
2. What is your RouterOS version?
3. What are your DHCP settings?
4. What are your wireless settings (probably most important)?
by matiaszon
Thu Mar 30, 2017 12:50 pm
Forum: General
Topic: OpenVPN server and duplicate packets
Replies: 42
Views: 86843

Re: OpenVPN server and duplicate packets

I thought that was the problem in my case too, but now I can connect and these messages are popping up again. I stopped bothering...
by matiaszon
Thu Mar 30, 2017 1:38 am
Forum: General
Topic: Site to site IPSec
Replies: 12
Views: 3438

Re: Site to site IPSec

You should add filter rules on both your routers. See topic viewtopic.php?f=2&t=120068#p591157
by matiaszon
Thu Mar 30, 2017 12:38 am
Forum: General
Topic: vpn ipsec lan2lan behind nat
Replies: 13
Views: 3761

Re: vpn ipsec lan2lan behind nat

There is something inconsistent between your pic and IP addresses (can't find any 192.168.1.0/24 network on the pic in casapai), but OK, I know which routers are mikrotik, and assume, that you want to have an access from balves, which LAN range is 172.30.7.0/24 to casapai, which LAN range is 172.10....
by matiaszon
Wed Mar 29, 2017 5:05 pm
Forum: General
Topic: vpn ipsec lan2lan behind nat
Replies: 13
Views: 3761

Re: vpn ipsec lan2lan behind nat

One more thing I forgot to ask:
/ip address export
by matiaszon
Tue Mar 28, 2017 5:49 pm
Forum: General
Topic: vpn ipsec lan2lan behind nat
Replies: 13
Views: 3761

Re: vpn ipsec lan2lan behind nat

First of all - are they really connected?
/ip ipsec installed-sa print
Mask your public IPs if you don't want to show them.

Then, I can't see your firewall filters
/ip firewall filter export hide-sensitive
by matiaszon
Tue Mar 28, 2017 4:34 pm
Forum: Beginner Basics
Topic: Using MikroTik hAP as simple switch plus wireless AP
Replies: 37
Views: 33473

Re: Using MikroTik hAP as simple switch plus wireless AP

That's the point I was happy with safe mode. I was never able to connect to the device with no default configuration. :?
And how did you wanted to do that?
by matiaszon
Tue Mar 28, 2017 3:15 am
Forum: Forwarding Protocols
Topic: how to limit VPN user access to one server?
Replies: 12
Views: 32474

Re: how to limit VPN user access to one server?

So finally I achieved what I wanted! Lot's of tries, but it works. First of all, if you have any rules in the top allowing access to other networks, and you don't want VPN users to access them, you have to put this jump rule BEFORE them. add chain=forward action=jump jump-target=ppp Then, I had prob...
by matiaszon
Sat Mar 25, 2017 10:58 pm
Forum: Beginner Basics
Topic: IPSec and bridged ether ports with different IP addresses
Replies: 1
Views: 739

Re: IPSec and bridged ether ports with different IP addresses

OK, I solved the problem. Just added new route and now I can see 192.168.89.0/24 network
/ip route add dst-address=192.168.89.0/24 gateway=bridge-LAN pref-src=192.168.88.1
by matiaszon
Sat Mar 25, 2017 10:36 pm
Forum: Forwarding Protocols
Topic: how to limit VPN user access to one server?
Replies: 12
Views: 32474

Re: how to limit VPN user access to one server?

I was looking for the same solution for my L2TP VPN users, and found this post. I added the lines /ip firewall filter add chain=pptp-filter-in action=accept dst-address=1.1.1.1 protocol=tcp dst-port=21 add chain=pptp-filter-in action=drop add chain=pptp-filter-out action=drop add chain=forward actio...
by matiaszon
Fri Mar 24, 2017 3:37 pm
Forum: General
Topic: L2TP with IPSec with access to only 1 specific IP in LAN
Replies: 2
Views: 995

Re: L2TP with IPSec with access to only 1 specific IP in LAN

Thanks for that.

It seems however I need to work more on VPN, as when I connect to the router it loses IPSec site-to-site tunnel with the other router. I need to modify connection... :(
by matiaszon
Fri Mar 24, 2017 3:30 pm
Forum: General
Topic: L2TP with IPSec with access to only 1 specific IP in LAN
Replies: 2
Views: 995

L2TP with IPSec with access to only 1 specific IP in LAN

I have successfully established connection over L2TP/IPSec, but I can see all devices being in 192.168.88.0/24 network. I would like peers to have an access only to one specific IP, i.e. 192.168.88.100.

What is the quickest way to do so?

Thanks
by matiaszon
Thu Mar 23, 2017 5:35 pm
Forum: Beginner Basics
Topic: IPSec and bridged ether ports with different IP addresses
Replies: 1
Views: 739

IPSec and bridged ether ports with different IP addresses

I have 2 MikroTik routers working in IPSec tunnel. RB2011 with bridged all ether ports and 192.168.89.0/24 assigned to bridge. RB3011 with all bridged ports and (unfortunately) with 3 different IP ranges assigned (192.168.88.0/24 - main LAN, 192.168.10/24 - service for machines, 192.168.0.0/24 - CCT...
by matiaszon
Wed Mar 22, 2017 6:51 pm
Forum: Wireless Networking
Topic: [Solved] CAPsMAN RB3011 - losing connection
Replies: 2
Views: 1892

Re: CAPsMAN RB3011 - losing connection

I found the reason... FINALLY!!! :) It was Allen-Bradley switch, which is installed in the control panel for one of the machines. Once it is connected to LAN, it goes crazy. If you disconnect it - everything works fine. Don't know this equipment, so no idea if it's a hardware or software problem... ...
by matiaszon
Wed Mar 22, 2017 3:41 pm
Forum: General
Topic: CAPSMAN remote upgrade 3011->non ARM clients
Replies: 3
Views: 2041

Re: CAPSMAN remote upgrade 3011->non ARM clients

Hi, I have the same config but can't get it working. The problem is, that when controlled by caps, devices are losing packets dramatically. When set up as independent radio, it works.. By cable also works. What setup for bridge you have? I have really enough of this... Spent almost 3rd day here for ...
by matiaszon
Wed Mar 22, 2017 2:32 pm
Forum: Wireless Networking
Topic: [Solved] CAPsMAN RB3011 - losing connection
Replies: 2
Views: 1892

[Solved] CAPsMAN RB3011 - losing connection

I am working on that for the 3rd day, and thought solved the problem yesterday at 10pm, but in the morning it started again... The problem is, when I control APs by CAPsMAN on RB3011, devices are showing "connected", but when you ping any other device in LAN, the loss is 90-95%... It's eno...
by matiaszon
Sun Mar 19, 2017 4:28 pm
Forum: General
Topic: Some MikroTiks change their MAC
Replies: 1
Views: 1008

Some MikroTiks change their MAC

I had this problem on most of the MikroTik devices... I have 4 MikroTiks in my LAN. One od them is router and has assigned static IP and configured DHCP offering static IPs for other devices. From time to time, other MikroTiks change their MAC addresses of their bridge ports. As the result, they get...
by matiaszon
Sun Mar 19, 2017 4:06 pm
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

As you may noticed, I am a greenhorn regarding MikroTik. Thanks for posting. I started to do some cleaning. :) That DNS rule was made before... I will delete it. As it comes to IPv6 I believe, that ISP has to provide that too? Anyway, I don't know anything about IPv6 :P I added out interace for masq...
by matiaszon
Sun Mar 19, 2017 3:48 am
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

I know I am writing to myself, but after I added out interface ether1 some of the peers can't connect getting "connection time out" info. Once I delete ether1 - all are connecting immediately. What the...?!
by matiaszon
Sun Mar 19, 2017 1:26 am
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

OK, so I know what I did.

Look at the last post of THIS TOPIC.
I have deleted ether1 as out interface in masqueade. When I added it again, IPs started to appear correctly...
by matiaszon
Sun Mar 19, 2017 1:17 am
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

Here it is... /ip firewall filter add action=accept chain=forward comment="LAN Traffic" connection-state="" \ dst-address=192.168.83.0/24 src-address=10.10.10.0/24 add action=accept chain=forward dst-address=192.168.1.0/24 src-address=\ 10.10.10.0/24 add action=fasttrack-connecti...
by matiaszon
Sun Mar 19, 2017 1:06 am
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

Well, I have masquarade on ether1, which is used as WAN port. But I can't say what I have changed that I cannot see real IPs any more...
by matiaszon
Sun Mar 19, 2017 12:42 am
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Not showing the origin IP

So I have a server in my LAN behind mikrotik router. If the peers connected to the router are from LAN (I have two LAN ranges 10.10.10.0/24 and 192.168.83.0/24 configured), then on this server I can see their real IPs. If the connection comes from the Internet (WAN) side, I can see only the IP of th...
by matiaszon
Sat Mar 18, 2017 2:19 am
Forum: Beginner Basics
Topic: Vodafone K4201-Z LTE USB Modem Installation
Replies: 5
Views: 2406

Re: Vodafone K4201-Z LTE USB Modem Installation

Most probably, described situations with 4G modems here are for HiLink modems. It means, that they have NAT built in. MikroTik get the IP, but the real gateway is 4G modem itself. You have 3 options. 1. Set up everything on your modem. Configure DMZ on your MikroTik IP and make a routing there. For ...
by matiaszon
Fri Mar 17, 2017 5:02 pm
Forum: General
Topic: Missing packages for RB3011
Replies: 9
Views: 1706

Re: Missing packages for RB3011

You can configure DMZ on MikroTik's IP (most probably to an address from 192.168.8.0/24 range), and then set up routing on MikroTik. However, you will have 2 NATs then, but for home purposes you won't notice.
by matiaszon
Wed Mar 15, 2017 1:11 am
Forum: General
Topic: Missing packages for RB3011
Replies: 9
Views: 1706

Re: Missing packages for RB3011

Is your modem E3372 working in HiLink mode? If so, there is no matter what you set up in LTE settings... Everything for connection is being set up in modem web interface.
  • 1
  • 2