Community discussions

MikroTik App

Search found 19 matches

by sirEgghead
Tue Dec 17, 2013 7:53 am
Forum: Beginner Basics
Topic: Squid transparent proxy
Replies: 8
Views: 102526

Re: Squid transparent proxy

CTrain, You can't have a dstnat action on the srcnat chain. supfors, I found the best way to make the setup work is to enable the web proxy in your RouterOS and set the "parent proxy" to your squid server's address and port. After that I disabled the caching on the Mikrotik. If you decide to do this...
by sirEgghead
Mon Nov 19, 2012 9:06 pm
Forum: General
Topic: Segregated LANs, 1 Trunk
Replies: 4
Views: 2443

Re: Segregated LANs, 1 Trunk

Well I got it setup. I'm just not a big fan of using VLANs. I was just hoping to find some way around it. No big deal though, I suppose. Here's how I did it. Added vlan1 with ID 100 on ether4. Added vlan2 with ID 200 on ether4. Added vlan1 to bridge1 (ether2 was already in bridge1). Moved address 17...
by sirEgghead
Mon Nov 19, 2012 6:16 am
Forum: General
Topic: Segregated LANs, 1 Trunk
Replies: 4
Views: 2443

Re: Segregated LANs, 1 Trunk

Yeah I was hoping to stay away from VLANs. Doesn't ever happen that way though.

Thanks.
by sirEgghead
Mon Nov 19, 2012 3:50 am
Forum: General
Topic: Segregated LANs, 1 Trunk
Replies: 4
Views: 2443

Segregated LANs, 1 Trunk

So originally I setup my network so that ether1 is my WAN, and ether2 is my LAN. LAN is 172.16.1.0/24. Now I have an additional WAN and an additional LAN. ether3 is WAN2 and ether4 is LAN2. LAN2 is 172.16.13.0/24. I setup my RB450G so that LAN1 and LAN2 do not communicate. Initially after the change...
by sirEgghead
Thu Sep 06, 2012 12:03 am
Forum: General
Topic: L7 filtering
Replies: 1
Views: 562

Re: L7 filtering

Just a quick bump to see if anyone had any ideas on this issue.
by sirEgghead
Thu Aug 30, 2012 4:42 am
Forum: General
Topic: mikrotik rb1100 dual wan port
Replies: 3
Views: 1005

Re: mikrotik rb1100 dual wan port

Good luck. Let me know how it works out for ya.
by sirEgghead
Thu Aug 30, 2012 12:58 am
Forum: General
Topic: Destination Ip address fot forwarding port
Replies: 7
Views: 990

Re: Destination Ip address fot forwarding port

I can't see your image, but to enable a rule the 'disabled' value needs to be set to 'no'.
by sirEgghead
Wed Aug 29, 2012 11:49 pm
Forum: General
Topic: mikrotik rb1100 dual wan port
Replies: 3
Views: 1005

Re: mikrotik rb1100 dual wan port

All you have to do is set a greater 'distance' value for the failover.
/ip route add gateway=192.168.1.1 check-gateway=ping
/ip route add gateway=192.168.2.1 check-gateway=ping distance=2

Thomas
by sirEgghead
Wed Aug 29, 2012 11:00 pm
Forum: General
Topic: VLAN using RB750
Replies: 13
Views: 3013

Re: VLAN using RB750

/ip firewall filter add disabled=no in-interface=ether1 out-interface=ether2 action=drop /ip firewall filter add disabled=no in-interface=ether2 out-interface=ether1 action=drop That will work if you want the 2 to not talk to each other. Or: /ip firewall address-list add list="LAN1" address=192.168...
by sirEgghead
Wed Aug 29, 2012 10:11 pm
Forum: General
Topic: Destination Ip address fot forwarding port
Replies: 7
Views: 990

Re: Destination Ip address fot forwarding port

Looks good to me. Just don't forget to add filter rules to allow the connection. View my first response for info on the filter rules.

Let me know if you have any more questions.


Thomas
by sirEgghead
Wed Aug 29, 2012 9:48 pm
Forum: Scripting
Topic: Is it possible to write date wise or day wise script????
Replies: 4
Views: 1353

Re: Is it possible to write date wise or day wise script????

Add a scheduler item for each day of the week that you want a change. Set the 'start-date' flag to the first date occurrence that matches when you want the change to occur. Set the interval to '7d'. So for example the next coming Monday is September 3, 2012 and the next coming Thursday is September ...
by sirEgghead
Wed Aug 29, 2012 8:29 pm
Forum: General
Topic: Destination Ip address fot forwarding port
Replies: 7
Views: 990

Re: Destination Ip address fot forwarding port

"disabled=no" just means that the rule is enabled and running. You can disable a rule if you want by changing the value to "yes". "comment" is just a comment. It's a way of labeling rules so that you can easily find them later. It makes it more human readable. 159.147.146.**2 is a publicly routable ...
by sirEgghead
Wed Aug 29, 2012 7:59 pm
Forum: General
Topic: multiple interfaces in the same vlan
Replies: 1
Views: 8924

Re: multiple interfaces in the same vlan

Add the two ports to a bridge and then add the bridge to the VLAN. /interface bridge add name=vlan_bridge /interface bridge port add bridge=vlan_bridge interface=ether1 /interface bridge port add bridge=vlan_bridge interface=ether2 /interface vlan add disabled=no name=vlan1 interface=vlan_bridge vla...
by sirEgghead
Wed Aug 29, 2012 7:33 pm
Forum: General
Topic: Destination Ip address fot forwarding port
Replies: 7
Views: 990

Re: Destination Ip address fot forwarding port

/ip firewall nat add disabled=no comment="dstnat http sever" chain=dstnat dst-address=33.23.146.28 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.10 /ip firewall filter add disabled=no comment="allow http" chain=forward dst-address=192.168.1.10 protocol=tcp dst-port=80 action=allow ...
by sirEgghead
Wed Aug 29, 2012 7:03 pm
Forum: Scripting
Topic: Is it possible to write date wise or day wise script????
Replies: 4
Views: 1353

Re: Is it possible to write date wise or day wise script????

/ip firewall filter add comment="drop http" disabled=yes chain=forward protocol=tcp dst-port=80 action=drop /system scripts add name=drop_http source="/ip firewall filter enable [find comment=\"drop http\"]" /system scripts add name=allow_http source="/ip firewall filter disable [find comment=\"dro...
by sirEgghead
Wed Aug 29, 2012 4:41 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 8322

Re: Firewall rules between two LAN help

Get everything sorted out?
by sirEgghead
Tue Aug 28, 2012 7:26 pm
Forum: Beginner Basics
Topic: Firewall rules between two LAN help
Replies: 13
Views: 8322

Re: Firewall rules between two LAN help

/ip firewall address-list add list="servers" address=192.168.20.100 /ip firewall address-list add list="servers" address=192.168.20.101 /ip firewall address-list add list="servers" address=192.168.30.100 /ip firewall address-list add list="servers" address=192.168.30.101 /ip firewall filter add com...
by sirEgghead
Tue Aug 28, 2012 5:26 pm
Forum: General
Topic: Layer 7 Protocol
Replies: 1
Views: 2325

Re: Layer 7 Protocol

Just exclude the IP address from your drop rule. For instance if you want to allow 192.168.1.105 and drop everything else, you would have the following in the IP address field: 192.168.1.1-192.168.1.104,192.168.1.106-192.168.1.254 Or you could make a separate rule with the action set to allow and pl...
by sirEgghead
Mon Aug 27, 2012 11:04 pm
Forum: General
Topic: L7 filtering
Replies: 1
Views: 562

L7 filtering

I've had issues with L7 filtering before, but I decided to pass it up. This new project is something that I've followed through on and involves L7. I built a simple port knocker that uses UDP and a password in each packet. To begin with, the rules weren't matching at all. So I changed the password t...