Community discussions

MikroTik App

Search found 30 matches

by iScape
Wed May 06, 2020 2:21 am
Forum: General
Topic: Where to get list of malicious hosts (sim to spamhaus dshield cymru torlist) and what can replace malwaredomainlist.com?
Replies: 17
Views: 2517

Re: Where to get list of malicious hosts (sim to spamhaus dshield cymru torlist) and what can replace malwaredomainlist.

I am using the following. malc0de has not been updated since 16/12/19, but I am still including its content. I am using PowerShell on a Windows server to grab the lists and host on a local web server, such that I can block any outbound traffic from the router, other than NATed traffic passing throu...
by iScape
Mon May 04, 2020 9:04 pm
Forum: General
Topic: Where to get list of malicious hosts (sim to spamhaus dshield cymru torlist) and what can replace malwaredomainlist.com?
Replies: 17
Views: 2517

Re: Where to get list of malicious hosts (sim to spamhaus dshield cymru torlist) and what can replace malwaredomainlist.

Good luck with that..... The service offered is very cheap for the incredible value. ( A couple of cups of coffee per month !!! ) Compared to what I pay here........... https://axiomcyber.com/shield/ If it wasn't possible to write it off as business expense I would be using Mozerds advice. Went the...
by iScape
Mon May 04, 2020 8:00 pm
Forum: General
Topic: How to replicate home WiFi while staying in a hotel (VPN, capsman)?
Replies: 9
Views: 1846

Re: How to replicate home WiFi while staying in a hotel (VPN, capsman)?

I still need to find out how to do capsman over VPN. It depends on through what parts of the world you plan to travel. CAPsMAN prefers L2 transparency between the cAPs and the CAPsMAN master, but if it doesn't have one, it is happy with routed UDP, so there is no need to waste bandwidth on tunnelli...
by iScape
Mon May 04, 2020 7:30 pm
Forum: Wireless Networking
Topic: Wireless Bridge with CAPsMAN
Replies: 5
Views: 3202

Re: Wireless Bridge with CAPsMAN

@iScape: CAPsMAN is intended for controlling APs. My suggestion was to use CAPsMAN to control the two access points in ac bridge mode and configure the station mode hAP AC Lite as a standalone device. I could have been clearer with that, though. Sorry, I may have not read it carefuly. Anyway, are y...
by iScape
Mon May 04, 2020 6:17 pm
Forum: General
Topic: How to config BOGON FW rules not to block "valid" traffic from my ISP's router if my MikroT is behind it?
Replies: 4
Views: 990

Re: How to config BOGON FW rules not to block "valid" traffic from my ISP's router if my MikroT is behind it?

Filtering BOGON addresses normally is not going to bring you any additional security. Of course it can bring you problems. When your network skills are not good enough to analyze and solve those problems, I would recommend not trying to setup such filters. yep, 0/0 counters in BOGON rules of FW so ...
by iScape
Mon May 04, 2020 6:10 pm
Forum: General
Topic: How to replicate home WiFi while staying in a hotel (VPN, capsman)?
Replies: 9
Views: 1846

Re: How to replicate home WiFi while staying in a hotel (VPN, capsman)?

You could use wAP ac (or similar dual band device), connect 2.4GHz to hotel wifi und use 5GHz for your SSID via capsman. 1/2 of the idea was to use travel/mini router:) Maybe MT will sometime release 2 radio upgrade to mAP:) though unlikely. Anyway, thanks. Speaking of "use 5GHz for your SSID via c...
by iScape
Mon May 04, 2020 6:04 pm
Forum: General
Topic: How to replicate home WiFi while staying in a hotel (VPN, capsman)?
Replies: 9
Views: 1846

Re: How to replicate home WiFi while staying in a hotel (VPN, capsman)?

What is possible, though, is to run a STA mode and an AP mode on the same wireless interface. So you can set up the physical wireless interface to station mode, connect to the hotel WiFi, and on the same channel and with the same physical settings, run several virtual interfaces in AP mode, using t...
by iScape
Mon May 04, 2020 5:36 pm
Forum: General
Topic: How to config BOGON FW rules not to block "valid" traffic from my ISP's router if my MikroT is behind it?
Replies: 4
Views: 990

Re: How to config BOGON FW rules not to block "valid" traffic from my ISP's router if my MikroT is behind it?

If you know for sure the BOGON address your ISP is going to present you, just put a FW rule ahead of the blocking one that jumps around the blocking one for traffic from that address. That lets you continue to decide what input and forarding traffic you are going to accept from the ISP connection, ...
by iScape
Mon May 04, 2020 2:10 pm
Forum: General
Topic: How to replicate home WiFi while staying in a hotel (VPN, capsman)?
Replies: 9
Views: 1846

Re: How to replicate home WiFi while staying in a hotel (VPN, capsman)?

It is possible, but in the general case it is very tricky. @nostromog - sorry, I hadn't say thank you last time I've read your post as I had issues with accessing the forum and then it just felt away. So thank you! Good luck solving all the puzzles and if by chance you've already came by with stabl...
by iScape
Mon May 04, 2020 2:00 pm
Forum: General
Topic: Where to get list of malicious hosts (sim to spamhaus dshield cymru torlist) and what can replace malwaredomainlist.com?
Replies: 17
Views: 2517

Re: Where to get list of malicious hosts (sim to spamhaus dshield cymru torlist) and what can replace malwaredomainlist.

Thanks for the offer, but so far I'm looking for "free" solutions - as home user without mission critical apps/services in my home network (that is somehow "covered" by my ISP), I think it may be enough to run "community"-level services. If anything changes, I will be glad to run proposed trial, tha...
by iScape
Mon May 04, 2020 1:53 pm
Forum: General
Topic: Does anybody have script that uses ip.team-cymru.com (or similar) to check if your host/IP is known as compromised?
Replies: 0
Views: 677

Does anybody have script that uses ip.team-cymru.com (or similar) to check if your host/IP is known as compromised?

Hi, I'm looking for ways to harden my security configuration using my mikrotik home router. I've seen that ip.team-cymru.com allows to check if your host/network is in the list of compromised hosts/IPs known to Team Cymru. Thus I'm wondering if that's valuable check to be periodically running on my ...
by iScape
Mon May 04, 2020 1:35 pm
Forum: General
Topic: Where to get list of malicious hosts (sim to spamhaus dshield cymru torlist) and what can replace malwaredomainlist.com?
Replies: 17
Views: 2517

Where to get list of malicious hosts (sim to spamhaus dshield cymru torlist) and what can replace malwaredomainlist.com?

Hi, I'm looking for maintained malicious hosts/addresses lists and respective fetch/update scripts that will allow me as a home user to harden my security configuration using my mikrotik router. So far I came by to: * https://www.spamhaus.org/drop/drop.txt * https://www.dshield.org/block.txt * BOGON...
by iScape
Mon May 04, 2020 4:05 am
Forum: General
Topic: How to config BOGON FW rules not to block "valid" traffic from my ISP's router if my MikroT is behind it?
Replies: 4
Views: 990

How to config BOGON FW rules not to block "valid" traffic from my ISP's router if my MikroT is behind it?

Noob question here on double NAT and BOGON FW filtering on "internal" router. My network structure is as follows: I have ISP's router (fiber) with DHCP srv; My router's WAN is connected to one of ISP's ETH ports. I know MAC address of the ISP's port and have basic access to ISP's router settings. My...
by iScape
Mon Jul 22, 2019 1:30 am
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 51508

Re: v6.45.2 [stable] is released!

hEX PoE + wAP ac (CAPsMAN): upgrade to 6.45.2 (also 6.46beta9) from 6.43.x resulted in issues - Chromecast couldn't connect to WiFi with "4-way handshake timeout" in logs. Roll-back to 6.43.16 fixed the issue. FYI I've upgraded again, but this time through interim long-term 6.44 and after that to 6...
by iScape
Mon Jul 22, 2019 12:30 am
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 51508

Re: v6.45.2 [stable] is released!

hEX PoE (VPN, IPsec with IKE2 RSA signature): upgrade to 6.45.2 from 6.43.x resulted in issue - somehow IPsec config was changed in a way that affected peers configuration. Clients couldn't connect due to "identity not found for peer: DER DN". Attempts to fix it in peers config didn't help, though ...
by iScape
Sun Jul 21, 2019 7:17 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 51508

Re: v6.45.2 [stable] is released!

hEX PoE (VPN, IPsec with IKE2 RSA signature): upgrade to 6.45.2 from 6.43.x resulted in issue - somehow IPsec config was changed in a way that affected peers configuration. Clients couldn't connect due to "identity not found for peer: DER DN". Attempts to fix it in peers config didn't help, though m...
by iScape
Sun Jul 21, 2019 7:01 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 51508

Re: v6.45.2 [stable] is released!

hEX PoE + wAP ac (CAPsMAN): upgrade to 6.45.2 (also 6.46beta9) from 6.43.x resulted in issues - Chromecast couldn't connect to WiFi with "4-way handshake timeout" in logs.
Roll-back to 6.43.16 fixed the issue.
FYI
by iScape
Tue Mar 19, 2019 12:14 am
Forum: General
Topic: How to replicate home WiFi while staying in a hotel (VPN, capsman)?
Replies: 9
Views: 1846

How to replicate home WiFi while staying in a hotel (VPN, capsman)?

Hello. Please help me with advice. What I want: connect "traveling" mAP lite to any of available WiFi networks at place. Once connected to WiFi, automatically connect to home vpn. Then automatically get only one of 2.4GHz configs provisioned to mAP lite (from capsman), so other devices can connect t...
by iScape
Sat Jan 05, 2019 12:02 am
Forum: General
Topic: Google Cast (chromecast and youtube) with vlan and bridge filtering.
Replies: 3
Views: 2607

Re: Google Cast (chromecast and youtube) with vlan and bridge filtering.

In the meantime I found a solution - seems that chromecast audio uses one more multicast network: "224.0.0.0/24". After allowing this in the filters everything started to work. Can someone please give example of filter rule (or what's required) how this can be done (assuming the goal is to get clos...
by iScape
Tue Oct 23, 2018 3:17 am
Forum: Wireless Networking
Topic: Wireless Bridge with CAPsMAN
Replies: 5
Views: 3202

Re: Wireless Bridge with CAPsMAN

If you want to, you can create a virtual WLAN interface in ap-bridge mode and add it to the same bridge. This will add AP functionality to the device, but will also incur a performance penalty to the whole wireless network. I know the thread is old, but for those who is looking for solution - as of...
by iScape
Thu Oct 18, 2018 12:50 am
Forum: General
Topic: Feature Request: NUT Client
Replies: 26
Views: 8211

Re: Feature Request: NUT Client

+1

Has anyone figured out how to script MT in a way, that if APC (attached via UBS) goes on battery, then MT notifies all other network devices about power down?
by iScape
Wed Oct 05, 2016 12:07 am
Forum: RouterBOARD hardware
Topic: Build time of mAP lite is Aug'2015 - is it engineering sample?
Replies: 2
Views: 777

Build time of mAP lite is Aug'2015 - is it engineering sample?

Hi, Unless I've missed smth, mAP lite appeared on sale in spring'2016. I've just got one with build time (from Resources) to be Aug/2015. Pre-installed RouterOS is 6.30.4 (6.31 was released on 2015-Aug-14). CPU is MIPS 24Kc V7.4 Seller claims it's regular device. However, what's strange is that that...
by iScape
Sun Feb 15, 2015 10:35 pm
Forum: General
Topic: Please advise on CPU-efficient load balancing approach
Replies: 2
Views: 1065

Re: Please advise on CPU-efficient load balancing approach

I guess you're hitting the hardware limit. You could try profiling the system while under load with /tool profile
I know I hit HW limit for both approaches PCC/BB, but I'm wondering if I can get more thoroughput using some other HW-efficient approach (if it exist).

Anybody? Any advise on 1st post?
by iScape
Sun Jan 25, 2015 2:58 am
Forum: General
Topic: Please advise on CPU-efficient load balancing approach
Replies: 2
Views: 1065

Please advise on CPU-efficient load balancing approach

Hi, I'm in process of setting up my home network with two identical incoming links (100Mbps each) from my ISP. ISP gives me two Ethernet links via UTP/RJ45. As expected ISP don't want to bother with bonding/aggregation. Even for extra money. So I'm trying to set up load balancing of two independent ...
by iScape
Mon Nov 17, 2014 10:57 pm
Forum: General
Topic: Feature Request: NUT Client
Replies: 26
Views: 8211

Re: Feature Request: NUT Client

+1 for xcom request
by iScape
Sat Jan 05, 2013 12:28 pm
Forum: RouterBOARD hardware
Topic: Routerboard + Mikrotik + 802.11 n mini pci mdules
Replies: 2
Views: 2169

Re: Routerboard + Mikrotik + 802.11 n mini pci mdules

Has something changed from 2008 - are Sparklan WMIA-199N supported now in ROS6?
by iScape
Sun Dec 30, 2012 12:55 am
Forum: Beginner Basics
Topic: Can't surf web on simple config though ping and tracert work
Replies: 5
Views: 1322

Re: Can't surf web on simple config though ping and tracert

I've added my WiFi AP and DHCP - so far, so good. P2P works full speed, WiFi works and web pages opens as expected. CelticComms and gotsprings , thank's again. So for any newbie who is dumb in networking and for some reason need to set up basic config of RB493G, please refer to compact export of my ...
by iScape
Sat Dec 29, 2012 1:12 pm
Forum: Beginner Basics
Topic: Can't surf web on simple config though ping and tracert work
Replies: 5
Views: 1322

Re: Can't surf web on simple config though ping and tracert

It appeared that I missed some of aspects in Manual:Default_Configurations , i.e. necessity to set admin-mac for bridge interface. So, CelticComms and gotsprings I did what you've suggested and small extra (ROS upgrade) and now internet works thought it open pages with certain delay comparing to my ...
by iScape
Sun Dec 23, 2012 10:58 am
Forum: Beginner Basics
Topic: Can't surf web on simple config though ping and tracert work
Replies: 5
Views: 1322

Can't surf web on simple config though ping and tracert work

Hi, I've recently bought RB493G and now I'm trying to set it up for simple config that will replace my D-Link DIR-655 router. So far I can't get it working as easy as it's stated in Manual:Initial Configuration . After I added filter rules that are not mention in Manual:Initial Configuration, I got ...