Community discussions

MUM Europe 2020

Search found 20 matches

by grizly
Fri Aug 11, 2017 10:25 am
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 291811

Re: Winbox 3.11 released!

On Windows8 I can run it, but cannot connect to any of my routers, if I try an older version, it says I need to update, which gives me 3.11.. when I try and connect I get the error: ERROR: no roteros.jg found Not sure what that means, Google hasn't been forthcoming. Possibly a picture with a typo? r...
by grizly
Wed Apr 30, 2014 2:18 am
Forum: General
Topic: Firewalling a MESH, how can this be done?
Replies: 2
Views: 662

Re: Firewalling a MESH, how can this be done?

What are you having trouble with?
Ok, just realized this post was 2 years old.. in my defense, I'm recovering from surgery.
by grizly
Wed Apr 30, 2014 2:17 am
Forum: General
Topic: Firewalling a MESH, how can this be done?
Replies: 2
Views: 662

Re: Firewalling a MESH, how can this be done?

What are you having trouble with? I can see input chains and Mangle/prerouting chains etc all working on my Mesh. Create a rule but only "log" first, see if you are matching correctly, for yours, I would create the following on your Mesh Portal device: /ip firewall mangle add action=log chain=prerou...
by grizly
Wed Oct 09, 2013 2:45 am
Forum: Scripting
Topic: SNMPGET OIDs
Replies: 3
Views: 2867

Re: SNMPGET OIDs

Don't you need to specify the community string "-c string" with snmpget?
/usr/bin/snmpget -c nagios -t 1 -v 1 mikrotik .1.3.6.1.2.1.2.2.1.7.10
iso.3.6.1.2.1.2.2.1.7.10 = INTEGER: 1
by grizly
Wed Oct 09, 2013 2:42 am
Forum: Beginner Basics
Topic: Mikrotik router monitoring in nagios
Replies: 3
Views: 18439

Re: Mikrotik router monitoring in nagios

That is the community string specified on the router.

As per: http://wiki.mikrotik.com/wiki/Manual:SNMP
by grizly
Wed Jul 24, 2013 9:28 am
Forum: The User Manager
Topic: Webproxy account Logging Problem
Replies: 5
Views: 23215

Re: Webproxy account Logging Problem

You have an open proxy chief.. block the internet from accessing your proxy server!
/ip firewall filter
add chain=input in-interface=<Your WAN Port> protocol=tcp dst-port=8080 action=drop
by grizly
Tue Jul 23, 2013 4:57 am
Forum: General
Topic: logging visited url with source IP address
Replies: 7
Views: 16666

Re: logging visited url with source IP address

Not sure if you guys got the help you needed, but it looks like your proxy has been opened to the world, you need a rule like: /ip firewall filter add action=jump chain=input comment=\ "Ensure proxy is accessible only to internal clients" disabled=no \ dst-port=8080 in-interface=ether1 jump-target=d...
by grizly
Mon Feb 25, 2013 12:08 am
Forum: General
Topic: Proxylizer is not working
Replies: 17
Views: 5446

Re: Proxylizer is not working

I got it to work.. partly. Its logging entries at least, thousands of them! Made a better solution by directing the logs to my Ubuntu workstation and filtering input with some simple syslog-ng configs.. Got proper logs and it all just "works".. :-) The critical part: filter web { match('web-proxy' ...
by grizly
Wed Jan 02, 2013 5:22 am
Forum: General
Topic: Proxylizer is not working
Replies: 17
Views: 5446

Re: Proxylizer is not working

I got it to work.. partly. Its logging entries at least, thousands of them! For some reason it splits requests into User & URL's into domain and path.. which is weird, as rebuilding them from the database is made more difficult, something I discovered when I couldn't get the bloody thing to produce ...
by grizly
Tue Dec 18, 2012 7:19 am
Forum: General
Topic: MRTG
Replies: 3
Views: 837

Re: MRTG

Have you read: http://wiki.mikrotik.com/wiki/SNMP_MRTG

Because I got it working with that. Lovely graphs too!
by grizly
Wed Dec 12, 2012 6:07 am
Forum: Beginner Basics
Topic: i want to block the facebook in my internal network
Replies: 43
Views: 20873

Re: i want to block the facebook in my internal network

can you explain what can i do with the link? My implementation: /ip firewall address-list add address=31.13.24.0/21 comment=\ "Facebook IP Subnets from: http://bgp.he.net/AS32934#_prefixes" disabled=\ no list=Facebook add address=31.13.64.0/24 disabled=no list=Facebook add address=31.13.64.0/19 dis...
by grizly
Wed Dec 12, 2012 4:06 am
Forum: Beginner Basics
Topic: fighting ISP, tampering DNS TTL
Replies: 4
Views: 2441

Re: fighting ISP, tampering DNS TTL

Yeah, I've encountered these DNS Violations before.. really the only way to avoid that, is to either use a public DNS server (if you can get to google's etc), or run your own server. Running your own DNS server is pretty easy, doesn't use too much resources, but you will need to be able to contact o...
by grizly
Tue Dec 11, 2012 5:43 am
Forum: Beginner Basics
Topic: FTP NAT rule
Replies: 3
Views: 1081

Re: FTP NAT rule

Can you show us the rule you are using? /ip firewall nat print chain=dstnat Refer here for specific guidance: http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP Note, FTP generally requires port 20 as well. Don't forget to disable the FTP server in MicroTik /ip service disable ftp Als...
by grizly
Tue Dec 11, 2012 3:14 am
Forum: General
Topic: Tx traffic rate drops to zero all of a sudden
Replies: 3
Views: 1376

Re: Tx traffic rate drops to zero all of a sudden

Do you send syslogs to yourself to monitor it? /system logging action set 3 bsd-syslog=yes name=remote remote=YOURSYSLOGSERVERIP remote-port=514 src-address=0.0.0.0 syslog-facility=local3 syslog-severity=notice target=remote add action=remote disabled=no prefix="" topics=info Now everything that get...
by grizly
Tue Dec 11, 2012 3:04 am
Forum: General
Topic: Port Forwarding and redirecting a Internal IP Address
Replies: 1
Views: 1014

Re: Port Forwarding and redirecting a Internal IP Address

You are forwarding two TCP ports, does your game only use TCP? This page suggests forwarding errors too: http://www.trinitycore.org/f/topic/4467-realm-access-error/ Perhaps you need the dst-addrees (WAN IP) set as per: http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP Try something l...
by grizly
Tue Dec 11, 2012 2:54 am
Forum: Beginner Basics
Topic: fighting ISP, tampering DNS TTL
Replies: 4
Views: 2441

Re: fighting ISP, tampering DNS TTL

Try this: /ip firewall mangle add action=change-ttl chain=postrouting protocol=tcp dst-port=53 disabled=no new-ttl=set:100 passthrough=yes /ip firewall mangle add action=change-ttl chain=postrouting protocol=udp dst-port=53 disabled=no new-ttl=set:100 passthrough=yes Will obey existing rules (passth...
by grizly
Tue Dec 11, 2012 2:27 am
Forum: Beginner Basics
Topic: how to remove web proxy (Mikrotik HttpProxy)
Replies: 1
Views: 6427

Re: how to remove web proxy (Mikrotik HttpProxy)

The proxy needs the dstnat rule in NAT, so check that too.
/ip firewall nat print chain=dstnat
See if it is actually proxying connections:
/ip proxy connections print
by grizly
Mon Dec 10, 2012 2:33 am
Forum: General
Topic: mark-connection VS mark-packet
Replies: 28
Views: 65317

Re: mark-connection VS mark-packet

Figured it out, had to use "Passthrough" to add extra marks to packets, routes and connections.. Damn this is cool! FYI: Passthrough means it will continue processing rules, so a mangle rule adds a route-mark, then another checks and adds a Packet Mark, then a third checks and adds the connection Ma...
by grizly
Fri Nov 30, 2012 1:36 am
Forum: General
Topic: mark-connection VS mark-packet
Replies: 28
Views: 65317

Re: mark-connection VS mark-packet

How many connection marks can we put on there?
I have been using mangle rules to mark connections as FTP/SSH/etc.. and now want to ensure that traffic goes through the correct interfaces, but I'm worried that my exquisitely written rules will fail if they detect the wrong connection-mark..