Community discussions

MikroTik App

Search found 19 matches

by grizly
Fri Aug 11, 2017 10:25 am
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 359252

Re: Winbox 3.11 released!

On Windows8 I can run it, but cannot connect to any of my routers, if I try an older version, it says I need to update, which gives me 3.11.. when I try and connect I get the error: ERROR: no roteros.jg found Not sure what that means, Google hasn't been forthcoming. Possibly a picture with a typo? r...
by grizly
Wed Apr 30, 2014 2:18 am
Forum: General
Topic: Firewalling a MESH, how can this be done?
Replies: 2
Views: 1137

Re: Firewalling a MESH, how can this be done?

What are you having trouble with?
Ok, just realized this post was 2 years old.. in my defense, I'm recovering from surgery.
by grizly
Wed Apr 30, 2014 2:17 am
Forum: General
Topic: Firewalling a MESH, how can this be done?
Replies: 2
Views: 1137

Re: Firewalling a MESH, how can this be done?

What are you having trouble with? I can see input chains and Mangle/prerouting chains etc all working on my Mesh. Create a rule but only "log" first, see if you are matching correctly, for yours, I would create the following on your Mesh Portal device: /ip firewall mangle add action=log ch...
by grizly
Wed Oct 09, 2013 2:45 am
Forum: Scripting
Topic: SNMPGET OIDs
Replies: 3
Views: 3717

Re: SNMPGET OIDs

Don't you need to specify the community string "-c string" with snmpget?
/usr/bin/snmpget -c nagios -t 1 -v 1 mikrotik .1.3.6.1.2.1.2.2.1.7.10
iso.3.6.1.2.1.2.2.1.7.10 = INTEGER: 1
by grizly
Wed Oct 09, 2013 2:42 am
Forum: Beginner Basics
Topic: Mikrotik router monitoring in nagios
Replies: 3
Views: 21277

Re: Mikrotik router monitoring in nagios

That is the community string specified on the router.

As per: http://wiki.mikrotik.com/wiki/Manual:SNMP
by grizly
Tue Jul 23, 2013 4:57 am
Forum: General
Topic: logging visited url with source IP address
Replies: 7
Views: 20180

Re: logging visited url with source IP address

Not sure if you guys got the help you needed, but it looks like your proxy has been opened to the world, you need a rule like: /ip firewall filter add action=jump chain=input comment=\ "Ensure proxy is accessible only to internal clients" disabled=no \ dst-port=8080 in-interface=ether1 jum...
by grizly
Mon Feb 25, 2013 12:08 am
Forum: General
Topic: Proxylizer is not working
Replies: 17
Views: 6845

Re: Proxylizer is not working

I got it to work.. partly. Its logging entries at least, thousands of them! Made a better solution by directing the logs to my Ubuntu workstation and filtering input with some simple syslog-ng configs.. Got proper logs and it all just "works".. :-) The critical part: filter web { match('w...
by grizly
Wed Jan 02, 2013 5:22 am
Forum: General
Topic: Proxylizer is not working
Replies: 17
Views: 6845

Re: Proxylizer is not working

I got it to work.. partly. Its logging entries at least, thousands of them! For some reason it splits requests into User & URL's into domain and path.. which is weird, as rebuilding them from the database is made more difficult, something I discovered when I couldn't get the bloody thing to prod...
by grizly
Tue Dec 18, 2012 7:19 am
Forum: General
Topic: MRTG
Replies: 3
Views: 1456

Re: MRTG

Have you read: http://wiki.mikrotik.com/wiki/SNMP_MRTG

Because I got it working with that. Lovely graphs too!
by grizly
Wed Dec 12, 2012 6:07 am
Forum: Beginner Basics
Topic: i want to block the facebook in my internal network
Replies: 43
Views: 23975

Re: i want to block the facebook in my internal network

can you explain what can i do with the link? My implementation: /ip firewall address-list add address=31.13.24.0/21 comment=\ "Facebook IP Subnets from: http://bgp.he.net/AS32934#_prefixes" disabled=\ no list=Facebook add address=31.13.64.0/24 disabled=no list=Facebook add address=31.13.6...
by grizly
Wed Dec 12, 2012 4:06 am
Forum: Beginner Basics
Topic: fighting ISP, tampering DNS TTL
Replies: 4
Views: 3565

Re: fighting ISP, tampering DNS TTL

Yeah, I've encountered these DNS Violations before.. really the only way to avoid that, is to either use a public DNS server (if you can get to google's etc), or run your own server. Running your own DNS server is pretty easy, doesn't use too much resources, but you will need to be able to contact o...
by grizly
Tue Dec 11, 2012 5:43 am
Forum: Beginner Basics
Topic: FTP NAT rule
Replies: 3
Views: 1596

Re: FTP NAT rule

Can you show us the rule you are using? /ip firewall nat print chain=dstnat Refer here for specific guidance: http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP Note, FTP generally requires port 20 as well. Don't forget to disable the FTP server in MicroTik /ip service disable ftp Als...
by grizly
Tue Dec 11, 2012 3:14 am
Forum: General
Topic: Tx traffic rate drops to zero all of a sudden
Replies: 3
Views: 2335

Re: Tx traffic rate drops to zero all of a sudden

Do you send syslogs to yourself to monitor it? /system logging action set 3 bsd-syslog=yes name=remote remote=YOURSYSLOGSERVERIP remote-port=514 src-address=0.0.0.0 syslog-facility=local3 syslog-severity=notice target=remote add action=remote disabled=no prefix="" topics=info Now everythin...
by grizly
Tue Dec 11, 2012 3:04 am
Forum: General
Topic: Port Forwarding and redirecting a Internal IP Address
Replies: 1
Views: 1630

Re: Port Forwarding and redirecting a Internal IP Address

You are forwarding two TCP ports, does your game only use TCP? This page suggests forwarding errors too: http://www.trinitycore.org/f/topic/4467-realm-access-error/ Perhaps you need the dst-addrees (WAN IP) set as per: http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP Try something l...
by grizly
Tue Dec 11, 2012 2:54 am
Forum: Beginner Basics
Topic: fighting ISP, tampering DNS TTL
Replies: 4
Views: 3565

Re: fighting ISP, tampering DNS TTL

Try this: /ip firewall mangle add action=change-ttl chain=postrouting protocol=tcp dst-port=53 disabled=no new-ttl=set:100 passthrough=yes /ip firewall mangle add action=change-ttl chain=postrouting protocol=udp dst-port=53 disabled=no new-ttl=set:100 passthrough=yes Will obey existing rules (passth...
by grizly
Tue Dec 11, 2012 2:27 am
Forum: Beginner Basics
Topic: how to remove web proxy (Mikrotik HttpProxy)
Replies: 1
Views: 8043

Re: how to remove web proxy (Mikrotik HttpProxy)

The proxy needs the dstnat rule in NAT, so check that too.
/ip firewall nat print chain=dstnat
See if it is actually proxying connections:
/ip proxy connections print
by grizly
Mon Dec 10, 2012 2:33 am
Forum: General
Topic: mark-connection VS mark-packet
Replies: 28
Views: 84348

Re: mark-connection VS mark-packet

Figured it out, had to use "Passthrough" to add extra marks to packets, routes and connections.. Damn this is cool! FYI: Passthrough means it will continue processing rules, so a mangle rule adds a route-mark, then another checks and adds a Packet Mark, then a third checks and adds the con...
by grizly
Fri Nov 30, 2012 1:36 am
Forum: General
Topic: mark-connection VS mark-packet
Replies: 28
Views: 84348

Re: mark-connection VS mark-packet

How many connection marks can we put on there?
I have been using mangle rules to mark connections as FTP/SSH/etc.. and now want to ensure that traffic goes through the correct interfaces, but I'm worried that my exquisitely written rules will fail if they detect the wrong connection-mark..