Community discussions

Search found 966 matches

by Rudios
Thu Mar 02, 2017 1:49 pm
Forum: Beginner Basics
Topic: Export Neighbour list
Replies: 3
Views: 909

Re: Export Neighbour list

just do a
/ip neighbor print file=<name>
If you need detailed information, add the 'detail' parameter.
by Rudios
Thu Mar 02, 2017 1:30 pm
Forum: General
Topic: Prevent connecting unauthorized devices
Replies: 1
Views: 368

Re: Prevent connecting unauthorized devices

Aren't the LLDP packets based on the neighour discovery?
Disable this.
by Rudios
Fri Feb 24, 2017 4:15 pm
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 4786

Re: OSPF setup

You need to supply more information, like IP assignments etc.
by Rudios
Fri Feb 24, 2017 3:45 pm
Forum: Beginner Basics
Topic: Route traffic between two interfaces
Replies: 9
Views: 2242

Re: Route traffic between two interfaces

I guess both servers are using their default gateway (192.168.1.1) and therefore their ether2 connected slave.
I would create a dedicated route on both servers, that if the other server is the destination, forward the packet to the 10.15.x.1 gateway.
by Rudios
Sat Feb 04, 2017 4:22 pm
Forum: Beginner Basics
Topic: Hairpin won't work, but why?
Replies: 13
Views: 1326

Re: Hairpin won't work, but why?

I would put the dst-address of your hairpin nat rule being the server only
dst-address=192.168.1.252
Also I don't know what the parameter out-interface-list=all does
Last but not least, leave out the protocol parameter
by Rudios
Sat Feb 04, 2017 4:13 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2134

Re: bridge only for wireless

Regarding wiki I need to bridge wireless interfaces and switch master port. In this configuration, when I'm running speedtest wired, I see up to 60% CPU usage. When I removed bridge, created new one only with wireless interfaces, running dhcp on it. On master switch port second dhcp server. Then wh...
by Rudios
Sat Feb 04, 2017 11:20 am
Forum: General
Topic: PS4 and mikrotik
Replies: 17
Views: 8165

Re: PS4 and mikrotik

I don't see any reason to use IP 10.10.10.10 on your DNS.
Try again after removing it, or do you have good reason to use it?
by Rudios
Fri Feb 03, 2017 4:57 pm
Forum: General
Topic: bridge only for wireless
Replies: 14
Views: 2134

Re: bridge only for wireless

So how to achieve this? ether1 - wan ether25 - lan wlan12 - wifi. Create bridge between ether1 & wlan12 (without lan access?), leave ether25 in normal switch mode without bridging? I tried to remove ether25 from bridge and leave there ether1 and wlan12 but it didn't works. Any help please. TIA. Don...
by Rudios
Thu Feb 02, 2017 11:28 am
Forum: Beginner Basics
Topic: RB450 RS232
Replies: 4
Views: 685

Re: RB450 RS232

I don't think this is going to work.
The RS232 connection on the RB only gives you serial connection to the management interface of RouterOS.
I don't think you would be able to read/write any tcp/ip data to/from the PLC
by Rudios
Thu Feb 02, 2017 9:57 am
Forum: Beginner Basics
Topic: Beginner firewall rule question
Replies: 3
Views: 472

Re: Beginner firewall rule question

Another option would be to allow dns requests to the router on UDP/TCP port 53 and block the rest.
I have to add that I follow this generic rule: Allow specific desired connection and drop everything else.
by Rudios
Wed Feb 01, 2017 11:38 am
Forum: Beginner Basics
Topic: port forwarding mistake
Replies: 2
Views: 421

Re: port forwarding mistake

You should be able to reach the router by winbox
On the other hand, you configured the rule on ether3, what if you connect your cable to a different port
by Rudios
Sat Jan 14, 2017 8:56 am
Forum: General
Topic: mikrotik hacked
Replies: 5
Views: 3277

Re: mikrotik hacked

I vote for unknown port forward!
by Rudios
Thu Jan 12, 2017 10:03 pm
Forum: RouterBOARD hardware
Topic: Faulty RB2011UiAS-RM
Replies: 7
Views: 1314

Re: Faulty RB2011UiAS-RM

I have two RB2011's just like this currently. Ports 1-5 work perfectly as a dumb switch, but there does not seem to be a way to communicate with the internals. The LCD screen is white as well. I've tried Winbox, NetInstall, serial console, ssh, telnet, mac telnet, reset button, and spanning the har...
by Rudios
Thu Jan 12, 2017 12:59 pm
Forum: Beginner Basics
Topic: Port forwarding in local network
Replies: 11
Views: 3991

Re: Port forwarding in local network

You have to make a Hairpin NAT Rule,
http://wiki.mikrotik.com/wiki/Hairpin_NAT
by Rudios
Wed Jan 11, 2017 6:33 pm
Forum: RouterBOARD hardware
Topic: Faulty RB2011UiAS-RM
Replies: 7
Views: 1314

Re: Faulty RB2011UiAS-RM

The device has a serial port, try to connect to it in order to see if it reacts.
by Rudios
Wed Jan 11, 2017 6:31 pm
Forum: General
Topic: tag and and untagged on same port
Replies: 11
Views: 2929

Re: tag and and untagged on same port

I think you have to clarify a little.
If you want untagged traffic only, just use the normal interface.
Or are you looking for something that drops all packets that DO have vlan tag?
by Rudios
Wed Jan 11, 2017 1:39 pm
Forum: Beginner Basics
Topic: Multiple VLAN's using 1 internet connection
Replies: 9
Views: 3865

Re: Multiple VLAN's using 1 internet connection

Disable the master port assignment for port 5.
by Rudios
Tue Jan 10, 2017 8:33 am
Forum: General
Topic: subnets connection problem
Replies: 6
Views: 776

Re: subnets connection problem

In order to know your firewall rules are blocking the traffic in the right way,
Just ping from a PC in one subnet to a connected client on the other subnet (No the router itself)
by Rudios
Mon Jan 09, 2017 4:42 pm
Forum: Beginner Basics
Topic: Connect 2 networks with separate internet connections
Replies: 16
Views: 2674

Re: Connect 2 networks with separate internet connections

If you configure it as in the image, you need to create static routes in Fritzbox and Zyxel. RB750 should have similar IP: - 192.168.1.X (ideal static IP, excluded from DHCP) on the interface connected to Fritzbox, eg 192.168.1.2 - 192.168.100.X (ideal static IP, excluded from DHCP) on the interfac...
by Rudios
Mon Jan 09, 2017 4:33 pm
Forum: Beginner Basics
Topic: Multiple VLAN's using 1 internet connection
Replies: 9
Views: 3865

Re: Multiple VLAN's using 1 internet connection

Create the needed VLANs on Eth5 and give each VLAN interface a dedicated address (use separate subnets). Build firewall rules in such a way that the traffic can only go outside /ip firewall filter add chain=forward in-interface=vlan-x out-interface=ether1 action=allow add chain=forward in-interface=...
by Rudios
Mon Jan 09, 2017 4:26 pm
Forum: General
Topic: subnets connection problem
Replies: 6
Views: 776

Re: subnets connection problem

You probably mean you type ping!
And what device is holding the IP 10.20.0.254.
If it is the router (interface connected to the 10.20.0.0/24 subnet) it makes sense, because connections to the router itself are handled in the input chain.
by Rudios
Mon Jan 09, 2017 2:09 pm
Forum: General
Topic: subnets connection problem
Replies: 6
Views: 776

Re: subnets connection problem

What do you mean by "ipconfig to the other subnet"?
Maybe draw us a picture and share some more detailed information about your configuration(s)
by Rudios
Mon Jan 09, 2017 8:24 am
Forum: General
Topic: Forward packet for public IP to local IP
Replies: 3
Views: 687

Re: Forward packet for public IP to local IP

You have to use dst-nat for this.
create something like
/ip firewall nat
add chain=dstnat action=dst-nat src-address=192.168.88.10 protocol=udp dst-address=88.88.88.88 dst-port=xxx to-address=192.168.88.11
by Rudios
Tue Dec 20, 2016 8:12 am
Forum: Beginner Basics
Topic: Firewall rules
Replies: 41
Views: 84080

Re: Firewall rules

That is because the dst-nat rule is carried out before the filter rule is applied, and after the dst-nat rule is applied your dst-address is not your public IP anymore but the 10.x.y.z. address. Also you have to handle the filter rules on your forward chain instead of your input because of this dst-...
by Rudios
Tue Dec 06, 2016 8:09 am
Forum: RouterBOARD hardware
Topic: RB433ah problem booting :( :(
Replies: 10
Views: 2225

Re: RB433ah problem booting :( :(

For sure that your firewall could have some negative impact on your tries.
Just temporarily disable your firewall completely on your PC.
by Rudios
Thu Dec 01, 2016 1:42 pm
Forum: General
Topic: what is the lates version for mAP 2n?
Replies: 5
Views: 755

Re: what is the lates version for mAP 2n?

It depends on the channel you are checking. As of today the most current release is 6.37.3 for the stable channel, for the bug-fix-only channel the latest version is 6.36.4 In order to update you can always download the latest version from the Mikrotik website and upload the package to your routerbo...
by Rudios
Mon Nov 28, 2016 8:14 am
Forum: General
Topic: Forwarding
Replies: 3
Views: 536

Re: Forwarding

The thing is that I do not want to connect ( call ) through my WAN IP and use my internet bandwidth when inside WLAN. I want packet to get forwarded directly to my PBX server so that they are not going through my WAN port whenever Im inside my LAN. I guess it is just a matter of routing, you don't ...
by Rudios
Fri Nov 25, 2016 1:07 pm
Forum: General
Topic: Does the order of the ports knocked matters in Port Knocking?
Replies: 2
Views: 734

Re: Does the order of the ports knocked matters in Port Knocking?

As I see it you either have to first knock 1000 OR 2000 and if you then knock 3000 you will be granded access. If you want a specific order, all three should be assigned a dedicated address-list. so knock 1000, add to list port-knock1 then; knock 2000, when in port-knock1, add to port-knock2 then kn...
by Rudios
Fri Nov 25, 2016 10:50 am
Forum: Beginner Basics
Topic: Dropping Packets between subnets with an exception
Replies: 11
Views: 1060

Re: Dropping Packets between subnets with an exception

I would even go for one allow rule, and then a generic drop.
by Rudios
Fri Nov 25, 2016 10:46 am
Forum: General
Topic: Forwarding
Replies: 3
Views: 536

Re: Forwarding

I assume you have a port forward on our router in order to connect you mobile phone via your external IP.
If that is the case you should configure a HairPin NAT rule in order to be able to connect via your WAN ip when inside your network.
by Rudios
Fri Nov 25, 2016 10:29 am
Forum: RouterBOARD hardware
Topic: I lost the access of my mikrotik router after deleting the default bridge
Replies: 3
Views: 819

Re: I lost the access of my mikrotik router after deleting the default bridge

MikroTik RouterBOARD RB2011UiAS-RM
That model does have a serial console port, so when you have physical access to the device, use this.
by Rudios
Mon Nov 21, 2016 8:20 am
Forum: Virtualization
Topic: Hyper-V 2012 R2 & Mikrotik version 5.2
Replies: 5
Views: 1316

Re: Hyper-V 2012 R2 & Mikrotik version 5.2

Keep in mind to use the Legacy Network adapters on your guest configuration.
When using the Standard adapters, they will appear within RouterOS, but will not passthrough any traffic.
by Rudios
Mon Nov 21, 2016 8:07 am
Forum: Wireless Networking
Topic: Design a network
Replies: 4
Views: 890

Re: Design a network

I also had the first thought to go for simple solution with VLAN's.
@jarda: But how to solve the wireless links in combination with these VLAN's. I have come across some possible solution with WDS, but it is not that stable after-all.
by Rudios
Mon Nov 14, 2016 3:51 pm
Forum: Beginner Basics
Topic: [advice] Configuration RBwAP2nD
Replies: 16
Views: 3984

Re: [advice] Configuration RBwAP2nD

Based on your first screenshot you are not using the IP segment 192.168.88.0 at all on your router. Your local IP address is 192.168.1.1 You have set the subnet mask to /8 (255.0.0.0) I guess you have to revert that back to /24 (255.255.255.0) Also your WAN connection is getting an IP address in ran...
by Rudios
Mon Nov 14, 2016 8:01 am
Forum: Beginner Basics
Topic: how to connect a pc behind a router to nas that is on main cable modem?
Replies: 5
Views: 836

Re: how to connect a pc behind a router to nas that is on main cable modem?

I still would suggest my earlier solution.
Bridge all ports on the MikroTik and let the DCHP on your cable modem assign addresses to your NASs (or put static if needed)
by Rudios
Fri Nov 11, 2016 8:51 am
Forum: Beginner Basics
Topic: Setup mAP as AP
Replies: 3
Views: 1121

Re: Setup mAP as AP

You actually not using the DNS server supplied by your DHCP server (use-peer-dns=no parameter on your dhcp-client)
by Rudios
Fri Nov 11, 2016 8:45 am
Forum: Beginner Basics
Topic: 3 Routers 1 SSID
Replies: 8
Views: 1152

Re: 3 Routers 1 SSID

Please share your configurations, that will make it more easy to help you out.
by Rudios
Thu Nov 10, 2016 9:48 pm
Forum: Scripting
Topic: SD card backup
Replies: 6
Views: 1920

Re: SD card backup

rsc is the result of export
by Rudios
Thu Nov 10, 2016 9:35 pm
Forum: Scripting
Topic: SD card backup
Replies: 6
Views: 1920

Re: SD card backup

I would go for the export feature! The big downside to making a backup is that it could only be restored on the same type device, with exact same RouterOS version. When creating an export (rsc file) you could alter fhe file if needed and load it on practical any replacement device when needed. [EDIT...
by Rudios
Thu Nov 10, 2016 9:28 pm
Forum: Wireless Networking
Topic: station/AP config issues
Replies: 3
Views: 867

Re: station/AP config issues

I am not sure, but I guess you will need a device that has 2 wirelss interfaces.
For as much as my information goes, any wireless interface can only be running as an AP or station at any given time uniquely, no dual modes together.
by Rudios
Thu Nov 10, 2016 9:21 pm
Forum: Beginner Basics
Topic: No access to LAN over SSTP VPN (can only ping router)
Replies: 13
Views: 3992

Re: No access to LAN over SSTP VPN (can only ping router)

Hi everyone, I found my mistake, actually everything worked well from the start, without having to add route. The packed arrived well in my LAN, but could not return to the VPN, because I marked packets in my LAN to WAN1. I therefore excluded marking packets for the VPN: chain=prerouting action=mar...
by Rudios
Thu Nov 10, 2016 9:19 pm
Forum: Beginner Basics
Topic: No access to LAN over SSTP VPN (can only ping router)
Replies: 13
Views: 3992

Re: No access to LAN over SSTP VPN (can only ping router)

Hi everyone, I found my mistake, actually everything worked well from the start, without having to add route. The packed arrived well in my LAN, but could not return to the VPN, because I marked packets in my LAN to WAN1. I therefore excluded marking packets for the VPN: chain=prerouting action=mar...
by Rudios
Wed Nov 09, 2016 8:21 pm
Forum: Beginner Basics
Topic: access router from internet
Replies: 4
Views: 689

Re: access router from internet

not working, I already tried.

chain=dstnat action=dst-nat to-addresses=192.168.88.1 to-ports=8291 protocol=tcp in-interface=pppoe-out1 dst-port=8291 log=no log-prefix=""

for filter rules, I have default rules.
If you have default rules, you should add one for allowing traffic after dst-nat.
by Rudios
Wed Nov 09, 2016 3:47 pm
Forum: Beginner Basics
Topic: Access IP Address Via Wifi
Replies: 2
Views: 513

Re: Access IP Address Via Wifi

What device is holding your wifi AP?
Where is the device connecting from located? At the same wifi or on the internet somewhere?
by Rudios
Wed Nov 09, 2016 3:45 pm
Forum: Beginner Basics
Topic: access router from internet
Replies: 4
Views: 689

Re: access router from internet

The best way is to port-forward (dst-nat) an explicit outside port to the internal ip address of your routerboard, port 8291 (default winbox).
Additionally you probably need an allow rule in your firewall filter input chain.
by Rudios
Wed Nov 09, 2016 12:47 pm
Forum: Beginner Basics
Topic: No access to LAN over SSTP VPN (can only ping router)
Replies: 13
Views: 3992

Re: No access to LAN over SSTP VPN (can only ping router)

on your RB1100 put the following
/ip route
add dst-address=192.168.0.0/24 gateway=10.10.10.11
by Rudios
Wed Nov 09, 2016 8:04 am
Forum: Beginner Basics
Topic: Mikrotik is lab network connected to corporate domain
Replies: 3
Views: 623

Re: Mikrotik is lab network connected to corporate domain

If you do not have the possibility to alter the corp. network infrastructure, the only thing is left is adding a static route on your corp. domain systems. I don't know what type of systems you are using? As last resort you can also NAT masquerade the traffic from your lab environment towards the co...
by Rudios
Tue Nov 08, 2016 9:10 pm
Forum: Beginner Basics
Topic: No access to LAN over SSTP VPN (can only ping router)
Replies: 13
Views: 3992

Re: No access to LAN over SSTP VPN (can only ping router)

You should add a route to your remote network on your RB1100
by Rudios
Tue Nov 08, 2016 6:02 pm
Forum: Beginner Basics
Topic: No access to LAN over SSTP VPN (can only ping router)
Replies: 13
Views: 3992

Re: No access to LAN over SSTP VPN (can only ping router)

What if you do a trace route towards the server?
by Rudios
Tue Nov 08, 2016 4:43 pm
Forum: Beginner Basics
Topic: how to connect a pc behind a router to nas that is on main cable modem?
Replies: 5
Views: 836

Re: how to connect a pc behind a router to nas that is on main cable modem?

Just disable all DHCP stuff on the routerboard and add all ports to the same bridge.
If bridging all ports, it is just like a switch.
Give the MikroTik an IP address for management only (in the 192.168.0.x segment)
by Rudios
Tue Nov 08, 2016 4:07 pm
Forum: Beginner Basics
Topic: Mikrotik is lab network connected to corporate domain
Replies: 3
Views: 623

Re: Mikrotik is lab network connected to corporate domain

You have to configure routes towards the corp. domain side of your routerboard.
If only 1 or 2 single devices from your corp. domain needs access to your lab environment I would put a static route on these devices.
If you have multiple, I would solve it in your corp. domain router.
by Rudios
Tue Nov 08, 2016 4:02 pm
Forum: Beginner Basics
Topic: how to connect a pc behind a router to nas that is on main cable modem?
Replies: 5
Views: 836

Re: how to connect a pc behind a router to nas that is on main cable modem?

Make only 1 network segment and connect directly to the NAS,
Why you put the MikroTik in between with routing (and probably also NAT)?
by Rudios
Tue Nov 08, 2016 4:00 pm
Forum: Beginner Basics
Topic: No access to LAN over SSTP VPN (can only ping router)
Replies: 13
Views: 3992

Re: No access to LAN over SSTP VPN (can only ping router)

how about any firewall filter rules? For only routing the traffic to the office over the SSTP connection, you have to connect to your office without supplying a default gateway to the connection. Additionally you have to manually put a route on your desktop for the network segment(s) used on your of...
by Rudios
Tue Nov 08, 2016 3:31 pm
Forum: Beginner Basics
Topic: Port Forwarding Issue
Replies: 19
Views: 2564

Re: Port Forwarding Issue

So here's the thing to remember: RouterOS process NAT rules before it does Filter rules, so an Accept rule on the input chain will never get hit if you're NATing the traffic. [...]. If referring to dst-nat you are right, dst-nat is handled in pre-routing (before routing decisions are made) Based on...
by Rudios
Tue Nov 08, 2016 2:30 pm
Forum: Beginner Basics
Topic: Port Forwarding Issue
Replies: 19
Views: 2564

Re: Port Forwarding Issue

When you are connected to your internal network, how do you access your camera? By using port 80 or 8150? <edit> Since you have supplied your public IP in your previous post I just gave it a try and when I go to port 8150 I end up seeing some "Shark Security" login page for a camera, so in my perspe...
by Rudios
Mon Nov 07, 2016 4:42 pm
Forum: Beginner Basics
Topic: Port Forwarding Issue
Replies: 19
Views: 2564

Re: Port Forwarding Issue

Input chain is used when traffic is destined for the router itself forward chain is used when traffic is destined for a client and router used to forward the traffic towards it. Then comes the NAT-ting part. Look at http://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6 and there you will come to the c...
by Rudios
Mon Nov 07, 2016 2:29 pm
Forum: Beginner Basics
Topic: Port Forwarding Issue
Replies: 19
Views: 2564

Re: Port Forwarding Issue

Hi pcarlo71, In my humble opinion you should put in FILTER rules, before rule nr. 6, a rule to accept connections for port 8150: IP -> FIREWALL -> FILTER 1. In GENERAL Tab, click "+", for add new rule 2. select CHAIN = input 3. select PROTOCOL = (6) tcp 4. select destination port = Dst. Port [] 815...
by Rudios
Fri Nov 04, 2016 12:51 pm
Forum: General
Topic: RB750UP port problem
Replies: 4
Views: 617

Re: RB750UP port problem

I would try to re-install RouterOS and if that doesn't help I would contact MikroTik support or your supplier because I assume it could be a hardware fault.
by Rudios
Thu Nov 03, 2016 3:46 pm
Forum: RouterBOARD hardware
Topic: RB433ah problem booting :( :(
Replies: 10
Views: 2225

Re: RB433ah problem booting :( :(

It looks like your installation is broken (unable to start from internal storage)
RouterBoard will try to start from netinstall.
I would setup netinstall on your PC, hook it up to port 1 of the routerboard and see if it boots.
If so, install a proper RouterOS version via netinstall.
by Rudios
Tue Nov 01, 2016 10:46 am
Forum: Scripting
Topic: How to setup remote dns no-ip connect everywhere
Replies: 6
Views: 2603

Re: How to setup remote dns no-ip connect everywhere

i want to know how to link dns no-ip and mikrotik. i already try script but not working. someone can help my problem. i am beginner. i will give you teamviewer connection. please help Like I replied before with the script. Create a new script (Within winbox go to system -> scripts, hit the plus sig...
by Rudios
Tue Nov 01, 2016 10:42 am
Forum: General
Topic: Routing problem
Replies: 18
Views: 1446

Re: Routing problem

Solved, put my NAT rule masquerade for src.address 172.16.10.0/24 in router 2 to the top (just notice it behind other nat rules so it won't work.) and it work like a charm. Gotta note it =.=!! Thanks you guys for helping me all this time :) Good to hear you solved it, nevertheless I am curious abou...
by Rudios
Tue Nov 01, 2016 9:58 am
Forum: General
Topic: RB750UP port problem
Replies: 4
Views: 617

Re: RB750UP port problem

The description is quite obvious (is there a loop)
Without you telling us what is connected to the ports it is very difficult to tell what is going on.
by Rudios
Tue Nov 01, 2016 9:53 am
Forum: Scripting
Topic: How to setup remote dns no-ip connect everywhere
Replies: 6
Views: 2603

Re: How to setup remote dns no-ip connect everywhere

I use the following code and it works perfect. #************************************************************************************************ # Parameters #************************************************************************************************ :local username <my-username> :local passwor...
by Rudios
Tue Nov 01, 2016 9:46 am
Forum: General
Topic: Routing problem
Replies: 18
Views: 1446

Re: Routing problem

I would first disable all firewall rules to see how that goes (maybe only let exist the masquerade rule on RouterA to have internet connection)
by Rudios
Mon Oct 31, 2016 6:29 pm
Forum: General
Topic: Routing problem
Replies: 18
Views: 1446

Re: Routing problem

Does your DHCP supply gateway address?
by Rudios
Sun Oct 30, 2016 7:59 am
Forum: General
Topic: i can't install the user manager on hAp ac lite RB952Ui
Replies: 8
Views: 1740

Re: i can't install the user manager on hAp ac lite RB952Ui

Pick the npk file from the same version you are running.
Also take note of the architecture.
by Rudios
Fri Oct 28, 2016 2:45 pm
Forum: General
Topic: Routing problem
Replies: 18
Views: 1446

Re: Routing problem

Can you please share your 2 configs.
by Rudios
Fri Oct 28, 2016 8:04 am
Forum: General
Topic: Routing problem
Replies: 18
Views: 1446

Re: Routing problem

are you using any NAT on the second router?
How about firewall, on both routers and the destination client?
by Rudios
Mon Oct 24, 2016 3:52 pm
Forum: General
Topic: Managing Appartment Block Internet
Replies: 6
Views: 1022

Re: Managing Appartment Block Internet

I am not really into the specific performance differences between various MikroTik models, but I would go for a central MikroTik device to handle all the outgoing traffic and bandwith throttling. Maybe it is worth the effort of putting up dedicated IP segments between the central router and each app...
by Rudios
Tue Oct 18, 2016 12:42 pm
Forum: General
Topic: Mikrotik RB951G-2HnD as a switch
Replies: 3
Views: 835

Re: Mikrotik RB951G-2HnD as a switch

Sure it is possible, just clear the config of R2 with no defaults.
Create a new bridge and put all ports as member of put port port1 as a master for port 2-5
Maybe for easy maintenance access, assign an IP address to either port 1 or the new created bridge (depending on your choice above)
by Rudios
Mon Oct 17, 2016 8:35 am
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Re: Firewall connections overview

During the writing of the post I did check again and found NOTHING of this behaviour anymore!!! OK, that's good as a result, less so as still being unexplained. Indeed glad they're gone, still unclear why For lowering the load on the CPU and block useless traffic I added unreachable routes to my ro...
by Rudios
Thu Oct 13, 2016 11:16 am
Forum: General
Topic: Device can't communicate RB951G-2HND
Replies: 6
Views: 750

Re: Device can't communicate RB951G-2HND

same issue with Samsung TV and this router, no fix so far that i am aware of. I think someone narrowed it down to the device not wanting to talk to the bridge, if you do not have it bridged it works, but as soon as you join the port to a bridge it stops working. Might be worth it to give that a try...
by Rudios
Wed Oct 12, 2016 11:58 am
Forum: General
Topic: Device can't communicate RB951G-2HND
Replies: 6
Views: 750

Re: Device can't communicate RB951G-2HND

Since my RB2011 also has 100Mbit ports and the printer only has 10/100 Mbit capabilities I did not look further into the problem, I just connected the printer to a 10/100 Mbit port. So I am unaware of any solution (other then the one you found; adding a dumb switch). PS. What are the speed capabilit...
by Rudios
Wed Oct 12, 2016 10:59 am
Forum: General
Topic: Device can't communicate RB951G-2HND
Replies: 6
Views: 750

Re: Device can't communicate RB951G-2HND

I have seen somewhat the same behavior with a printer and an RB2011. My conclusion that time was that for some reason the printer wouldn't work when connected to one of the Gbit interfaces of my RB2011. Since you are using an RB951G, also with Gbit ports, I suppose it is cause by some same issue. I ...
by Rudios
Mon Oct 10, 2016 10:09 am
Forum: General
Topic: NTP Server
Replies: 4
Views: 1953

Re: NTP Server

Like th0massin0 mentioned before, take good notice of the applicable version.
If you would like to add a package, upload the file from the corresponding version as your router is running.
You said you upgraded, but the printout is stilll showing 6.37 (not .1)
by Rudios
Mon Oct 10, 2016 8:44 am
Forum: Beginner Basics
Topic: Inside Outside Interfaces
Replies: 1
Views: 309

Re: Inside Outside Interfaces

It is up to you to configure which is which.
Just build your firewall rules in such a way that the traffic is allowed/blocked the way you want it to.
by Rudios
Mon Oct 10, 2016 8:19 am
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Re: Firewall connections overview

Apologies for the late reply; it has been a busy week. No worries for late replies. Just to make sure I have established the correct picture of your situation (as it's not your everyday SOHO setup you have running there): Traffic originating from 192.168.110.253 destined for 172.18.3.4 is coming in...
by Rudios
Thu Oct 06, 2016 1:51 pm
Forum: Beginner Basics
Topic: Forum Active Topics - No Jump to Unread link
Replies: 4
Views: 678

Re: Forum Active Topics - No Jump to Unread link

I'm looking into the same question.
I find it very annoying that I'm unable to jump to the first unread post straight away.
By the way, the same applies when listing "Your posts" and is not limited to the "Active Topics" listing.
by Rudios
Wed Oct 05, 2016 8:21 am
Forum: Announcements
Topic: Winbox 3.6 released!
Replies: 25
Views: 9082

Re: Winbox 3.6 released!

I have found an issue when using inline comments. On initial opening at least the interfaces or firewall windows (maybe other as well, didn't check) the comments column is not there. I have to disable and re-enable the inline comments option in order to let it be shown. And after checking more, I fo...
by Rudios
Wed Oct 05, 2016 8:09 am
Forum: General
Topic: 4 ADSL Lines PCC
Replies: 3
Views: 516

Re: 4 ADSL Lines PCC

Hello I made some changes in your configuration,please try it and tell me if it works ok or not. Please tell me why are you using "log-prefix" /interface ethernet set [ find default-name=ether1 ] comment="Modem #1" set [ find default-name=ether2 ] comment="Modem #2" set [ find default-name=ether3 ]...
by Rudios
Wed Oct 05, 2016 8:05 am
Forum: General
Topic: change default configuration
Replies: 2
Views: 853

Re: change default configuration

I believe you can.
Your desired default configuration can be loaded via netinstall when installing the RouterOS.
by Rudios
Wed Oct 05, 2016 8:03 am
Forum: General
Topic: Routing blackhole
Replies: 13
Views: 7704

Re: Routing blackhole

If the destination is unreachable, then the router will drop the packets, but will also generate an ICMP destination unreachable message to the sender. This would be good in an internal network because it will speed up failure detection. Also, when not using an OS that wants to hide all technical m...
by Rudios
Tue Oct 04, 2016 2:05 pm
Forum: Beginner Basics
Topic: Configure static IP for mikrotik router
Replies: 10
Views: 7562

Re: Configure static IP for mikrotik router

Aaah, I just thought how about disabling the DHCP client on that specific interface, but I just checked one of my test systems and found out that DHCP client can not be bound to a PPPoE client interface. I assume that it will grab an IP automatically. Isn't your ISP supplying you with your static as...
by Rudios
Tue Oct 04, 2016 9:49 am
Forum: General
Topic: Routing blackhole
Replies: 13
Views: 7704

Re: Routing blackhole

@ZeroByte Adding a blackhole rule for the /16 was indeed the way I was tending to go. An in the meantime I think I will also add 10.0.0.0/8 and 172.16.0.0/12 just to block all private ranges. Does this still make sense? Definitely. I put those very routes in all of my border routers. No need wastin...
by Rudios
Tue Oct 04, 2016 9:46 am
Forum: General
Topic: Feature request: Exporting without pagebreaks
Replies: 0
Views: 473

Feature request: Exporting without pagebreaks

Wouldn't it be possible to export the configuration to a file without all the unhandy page-breaks?

I have a script that creates an configuration export.
The annoying thing is that there are a lot of page-breaks in the file, which makes it harder to read and to compare.
by Rudios
Tue Oct 04, 2016 9:29 am
Forum: Beginner Basics
Topic: Configure static IP for mikrotik router
Replies: 10
Views: 7562

Re: Configure static IP for mikrotik router

How about just configuring your ISP supplied IP address to the PPPoE client, and disable the DHCP-client on it?
by Rudios
Tue Oct 04, 2016 8:11 am
Forum: General
Topic: 4 ADSL Lines PCC
Replies: 3
Views: 516

Re: 4 ADSL Lines PCC

Also when running 6.36 my test environment works as suspected.
With the passthrough parameter set to no the system keeps working, so I assume it is not version related in this matter.
This makes it even more weird for me....
by Rudios
Tue Oct 04, 2016 8:08 am
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Re: Firewall connections overview

The IP Addresses shown by the firewall connections are indeed Ubiquiti devices that are managed by the CRM point. However, these devices are all situated behind either MT3, MT4 or MT5. So I would assume that this traffic flows via MT2 (Central router) towards MT3,4 or 5, and not towards the border ...
by Rudios
Mon Oct 03, 2016 7:24 pm
Forum: General
Topic: Routing blackhole
Replies: 13
Views: 7704

Re: Routing blackhole

@ZeroByte Adding a blackhole rule for the /16 was indeed the way I was tending to go. An in the meantime I think I will also add 10.0.0.0/8 and 172.16.0.0/12 just to block all private ranges. Does this still make sense? Definitely. I put those very routes in all of my border routers. No need wastin...
by Rudios
Mon Oct 03, 2016 4:22 pm
Forum: General
Topic: 4 ADSL Lines PCC
Replies: 3
Views: 516

4 ADSL Lines PCC

I have again bounced into some weird behaviour. I am managing a system that does PCC over 4 ADSL lines. These 4 ADSL lines are having an individual modem per line and all 4 modems are connected to a RB2011 for doing the PCC splitting. For testing purposes I have re-build the same situation with some...
by Rudios
Mon Oct 03, 2016 3:49 pm
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Re: Firewall connections overview

The IP Addresses shown by the firewall connections are indeed Ubiquiti devices that are managed by the CRM point. However, these devices are all situated behind either MT3, MT4 or MT5. So I would assume that this traffic flows via MT2 (Central router) towards MT3,4 or 5, and not towards the border r...
by Rudios
Mon Oct 03, 2016 10:59 am
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Re: Firewall connections overview

I have to come back to my previous statement. I have looked at the torch a little while longer I have seen a short period where there were indeed entries with connections between 192.168.110.253 and 172.18.x.x Althought I only have seen it twice. See my attachments below Firewall connections overvie...
by Rudios
Mon Oct 03, 2016 9:02 am
Forum: General
Topic: Job: Looking for a config builder...
Replies: 4
Views: 728

Re: Job: Looking for a config builder...

For some reason I was unable to send you a PM.
Contact me on babbelbox@zonnet.nl
by Rudios
Mon Oct 03, 2016 8:42 am
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Re: Firewall connections overview

Doing a torch on the incoming port of the central MT1 is not showing any traffic from the management device 192.168.110.253
by Rudios
Mon Oct 03, 2016 8:07 am
Forum: General
Topic: Routing blackhole
Replies: 13
Views: 7704

Re: Routing blackhole

@haik01 Like said by Che, more specific routes (I do have /24 for each segment) 'win' in favor of the /16. @che I'm not redistributing my statics within OSPF, I'm only distributing my default route from my central router which has a 0.0.0.0/0 towards the internet. @ZeroByte Adding a blackhole rule f...
by Rudios
Fri Sep 30, 2016 2:57 pm
Forum: General
Topic: Routing blackhole
Replies: 13
Views: 7704

Routing blackhole

I have a system consisting of multiple MikroTik routers (MT1 MT2, MT3 and MT4), all connected towards 1 central Mikrotik (MTC) which has an internet connection. MT1, MT2, MT3 and MT4 are all handling their own 192.168.x.0/24 ip segment and OSPF is running. In order to prevent unnecessary routing tow...
by Rudios
Fri Sep 30, 2016 10:39 am
Forum: Wireless Networking
Topic: link 2 pc via wifi
Replies: 12
Views: 1041

Re: link 2 pc via wifi

You have to make sure that both the WLAN interface and the interface the PC is connected to are in the same bridge. Seen from your pictures the WLAN interface is not added to any bridge and ether3,4 and 5 are slaved to ether2 So create a bridge (if not already existing) and add ether2 and wlan inter...
by Rudios
Fri Sep 30, 2016 10:26 am
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Re: Firewall connections overview

It indeed is normal, internal traffic and I have made the same assumption you did.
When doing a trace route from any given MT (3,4 or 5) towards the CMR Point the result shows a direct connection with only the IP address of MT2 router at connection point of chosen MT3,4 or 5.
by Rudios
Fri Sep 30, 2016 8:15 am
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Re: Firewall connections overview

I tried to add a small drawing of the situation multiple times, but for some reason it keeps failing.
Hereby a link to the drawing.
https://www.dropbox.com/s/7ja71gc105q8q ... p.jpg?dl=0
by Rudios
Thu Sep 29, 2016 3:10 pm
Forum: General
Topic: Firewall connections overview
Replies: 15
Views: 1927

Firewall connections overview

I bounced into something very strange. Imagine the following scenario 1 Routerboard with ADSL modem behind it. Doing NAT towards the modem and internally connected to a second routerboard. 3 additional routerboards are connected, each handling a dedicated network segment (192.168.11.0/24, 192.168.12...
by Rudios
Wed Sep 28, 2016 7:58 am
Forum: Beginner Basics
Topic: Viewing a file?
Replies: 6
Views: 578

Re: Viewing a file?

In my case, right clicking gives me a list of options, including download.
The way I do it is clicking the 'copy' icon (third icon, the one with two sheets behind each other) and then paste somewhere on disk on my PC.
by Rudios
Mon Sep 26, 2016 8:33 am
Forum: Beginner Basics
Topic: Viewing a file?
Replies: 6
Views: 578

Re: Viewing a file?

I muddled through and found it:
/file edit [filename] contents
Another option would be is to download the file to your PC and open it with your preferred editor.
by Rudios
Mon Sep 26, 2016 8:13 am
Forum: General
Topic: Shared/Common address list for WinBox?
Replies: 13
Views: 3201

Re: Shared/Common address list for WinBox?

I just tested and it seems that the file is just saved next to the winbox executable file. Maybe that is because I have saved it once this way and that Winbox keeps it like that and that it is not the default behaviour, but hey, if I can, you probably can :) Rethinking it I guess it can be saved any...
by Rudios
Fri Sep 23, 2016 2:03 pm
Forum: The User Manager
Topic: User manager Installaion issues
Replies: 3
Views: 895

Re: User manager Installaion issues

Are you installing the correct version?
by Rudios
Fri Sep 23, 2016 2:02 pm
Forum: General
Topic: info 2 adsl
Replies: 2
Views: 339

Re: info 2 adsl

What is your goal with the 2 ADSL lines.
Are you looking for some load-balancing solution or primary / backup situation.
Maybe it is worth reading this http://wiki.mikrotik.com/wiki/Manual:PCC
This will help you build a load-balancing solution with failover capabilities.
by Rudios
Fri Sep 23, 2016 1:57 pm
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34937

Re: v6.37 [current] is released!

Funny if i check for downloads. I see a new version available (6.37) but the changelog is set back to 6.30
nstalled Version 6.36.3
Latest Version 6.37
What's new in 6.30 (2015-Jul-08 09:07)
Even when running 6.37 it shows the 6.30 changelog.
Probably in-between fix for the changelog-to-long issue.
by Rudios
Fri Sep 23, 2016 8:10 am
Forum: General
Topic: 100 CPU on any mikrotik router using basic rules
Replies: 25
Views: 6298

Re: 100 CPU on any mikrotik router using basic rules

I can imagine that it is a hustle if you need to forward a whole bunch of ports, but are you really in that situation?
How many ports do you need to forward?
I don't know your ISP supplied router, but maybe it is possible to forward a range.
by Rudios
Wed Sep 21, 2016 3:58 pm
Forum: General
Topic: 100 CPU on any mikrotik router using basic rules
Replies: 25
Views: 6298

Re: 100 CPU on any mikrotik router using basic rules

Why not use a different IP segment behind your hEX? How can i port forward than?ISP router blocks all the traffic, and i can only port forward from him and in that 192.168.1.0/24 range, usualy i put mikrotik IP in DMZ zone on ISP router, than all ports are open on mirkotik and i firewall and port f...
by Rudios
Wed Sep 21, 2016 3:46 pm
Forum: General
Topic: 100 CPU on any mikrotik router using basic rules
Replies: 25
Views: 6298

Re: 100 CPU on any mikrotik router using basic rules

Why not use a different IP segment behind your hEX?
by Rudios
Wed Sep 21, 2016 12:52 pm
Forum: Beginner Basics
Topic: Wireless bridge and DHCP
Replies: 8
Views: 6499

Re: Wireless bridge and DHCP

[...] Why would you use station-pseudobridge instead of the normal station-bride mode? From what I understand, station-bridge mode requires RouterOS devices on the AP and the station. In my case, my RouterOS device is the station and not the AP. http://wiki.mikrotik.com/wiki/Manual:Wireless_Station...
by Rudios
Wed Sep 21, 2016 8:23 am
Forum: Beginner Basics
Topic: Wireless bridge and DHCP
Replies: 8
Views: 6499

Re: Wireless bridge and DHCP

Why would you use station-pseudobridge instead of the normal station-bride mode?
by Rudios
Tue Sep 20, 2016 10:28 am
Forum: Beginner Basics
Topic: help needed IP phone VLAN
Replies: 13
Views: 1580

Re: help needed IP phone VLAN

Is your DHCP server supplying a router address
Go into DHCP-Server -> Network and check
There is probably the default entry for 192.168.88.0/24 with the corresponding router address (probably called gateway).
Add a new network entry for the 192.168.89.0/24 network with the correct gateway.
by Rudios
Fri Sep 09, 2016 1:45 pm
Forum: Beginner Basics
Topic: help needed IP phone VLAN
Replies: 13
Views: 1580

Re: help needed IP phone VLAN

I wouldn't assign the 192.168.88.x address to port 5 directly, as there is a desire to connect more phones (possibly laptops) in the future. I would just configure the VLAN as described and create a new bridge and add the newly create VLAN as member. Put the 192.168.89.x address to the VLAN bridge, ...
by Rudios
Fri Sep 09, 2016 1:38 pm
Forum: Beginner Basics
Topic: Routing via 2 interfaces
Replies: 3
Views: 413

Re: Routing via 2 interfaces

Just create a dummy route rule (just a copy of the existing route rule) with a higher distance.
by Rudios
Thu Sep 08, 2016 11:35 am
Forum: Beginner Basics
Topic: Port forwarding doesn't work
Replies: 5
Views: 944

Re: Port forwarding doesn't work

I think you also need something like this
http://wiki.mikrotik.com/wiki/Hairpin_NAT
by Rudios
Wed Sep 07, 2016 12:45 pm
Forum: Announcements
Topic: v6.36.3 [current] is released!
Replies: 43
Views: 13519

Re: v6.36.3 [current] is released!

We are still on 6.34.6 as 6.35 and 6.36 broke our routing-marks for multi-wan setups... Is this issue fixed again? Can't you fix that by turning off fastpath? I have a setup running with a 4-WAN config and did not experience any problems while running 6.36 My test-setup is running 6.36.2 and also t...
by Rudios
Fri Sep 02, 2016 4:49 pm
Forum: Beginner Basics
Topic: Multiple WAN IP's & Port Forward
Replies: 2
Views: 1052

Re: Multiple WAN IP's & Port Forward

Or even combine both in-interface AND dst-address.
by Rudios
Fri Sep 02, 2016 4:47 pm
Forum: General
Topic: load blance
Replies: 7
Views: 863

Re: load blance

Hello Anyone Help me Pls?
You need to configure something like PCC (http://wiki.mikrotik.com/wiki/Manual:PCC)
by Rudios
Fri Sep 02, 2016 4:43 pm
Forum: General
Topic: no transparent traffic through bridge
Replies: 3
Views: 462

Re: no transparent traffic through bridge

Be sure your subnet mask are correct on all devices (R1, R2 and PC1)
Also check your firewall on both your Routers and your PC.
by Rudios
Fri Sep 02, 2016 4:16 pm
Forum: General
Topic: [solved]DHCP assigning IPs out of the pool
Replies: 11
Views: 966

Re: DHCP assigning IPs out of the pool

... Unless you made a typo with pasting here, your pool3 has a very strange range /ip pool add name=pool3 ranges= 162 .168.30.120-192.168.30.159 AHHH!! Thank you. This must be the problem!! Could be, although it is very weird that the router 'chooses' to assign 192.168.29.x and not anything startin...
by Rudios
Fri Sep 02, 2016 4:07 pm
Forum: General
Topic: Serial number significance
Replies: 6
Views: 1143

Re: Serial number significance

Do you put only a config on the box? Or do you downgrade RouterOS to an old and wellknown version? The latter is not generally possible. You should not downgrade RouterOS to an older version than the device came with. Agree (although I find it strange that a newly delivered device with let's say 6....
by Rudios
Fri Sep 02, 2016 3:48 pm
Forum: General
Topic: [solved]DHCP assigning IPs out of the pool
Replies: 11
Views: 966

Re: DHCP assigning IPs out of the pool

...
Unless you made a typo with pasting here, your pool3 has a very strange range

/ip pool
add name=pool3 ranges=162.168.30.120-192.168.30.159
by Rudios
Fri Sep 02, 2016 3:44 pm
Forum: General
Topic: Serial number significance
Replies: 6
Views: 1143

Re: Serial number significance

Be aware that RouterOS is a quiet picky when it comes to config files with respect to versions.
Some commands do not exist anymore in newer versions.
So make sure your config file is compatible with the designated RouterOS version.
by Rudios
Fri Sep 02, 2016 2:01 pm
Forum: Announcements
Topic: v6.36.2 [current] is released!
Replies: 54
Views: 14976

Re: v6.36.2 [current] is released!

and what about the IPv6 EoIP? as it was said, just add eoipv6 tunnel, not eoip: [admin@TestPlace] /interface eoipv6> add remote-address=2a00:1028:8386:8c5e::1 tunnel-id=0 Ha! thank you, overlooked that. Works like a charm now. If there are specific IPv6 related interfaces to be created, why are the...
by Rudios
Wed Aug 31, 2016 8:19 am
Forum: Beginner Basics
Topic: Can Anyone help me in setting up 750GL.
Replies: 2
Views: 423

Re: Can Anyone help me in setting up 750GL.

I'm willing to give it a try, what do you exactly want?
by Rudios
Tue Jun 14, 2016 8:51 pm
Forum: General
Topic: Strange behaviour
Replies: 6
Views: 703

Re: Strange behaviour

If I connect the printer to a 100Mbit port, it works! When connecting to a Gbit port, the Routerboard stated the negotiation was done and speed is set to 100 Mbit. That is ok, since the printer doesn't have a Gbit interface. I couldn't find any setting in the printer to force to any speed, but forci...
by Rudios
Thu Jun 09, 2016 6:24 pm
Forum: General
Topic: Strange behaviour
Replies: 6
Views: 703

Re: Strange behaviour

@darkprocess:
Yes, all are member of the same bridge.

@pe1chl:
All set to auto.

I thought it could be related to gbit capable interfaces, since the mAP only has fast ethernet ports. I only tested the gbit interfaces of the RB2011.
by Rudios
Wed Jun 08, 2016 10:02 pm
Forum: General
Topic: Strange behaviour
Replies: 6
Views: 703

Strange behaviour

I happen to experience some strange behaviour. Last week I bought an HP printer, with ethernet port. When I connect the printer to any port of my RB2011 (tried multiple cables and upgraded to ROS 6.35.2 during testing) the printer will not receive an IP from my DHCP server. Also when I configure an ...
by Rudios
Fri Apr 15, 2016 12:15 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

How great!

Just tried again today with the latest RC (6.35rc49) and it seems to work on Hyper-V running on Windows 10!
Also the 'normal' Hyper-V network interface is functional!
Keep up the good work!
by Rudios
Tue Dec 22, 2015 10:40 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

Hi folks....I pulled down the VM images and Hyper-V gets an IMPORT FAILED! A server Error occurred while attempting to import the virtual machine. Import failed. Import failed. Unable to find virtual machine import files under location "D:\xfer\Mikrotik\VM\". You can import a virtual machine only i...
by Rudios
Thu Nov 26, 2015 8:40 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

[...]
We will check what is going on on Windows 8.1 and Windows 10 and normal Hyper-V interface.
That would be nice!!
Hope to hear some possible solutions soon!
by Rudios
Thu Nov 26, 2015 8:37 am
Forum: Beginner Basics
Topic: insert a picture in "webproxy/error.html"
Replies: 4
Views: 1400

Re: insert a picture in "webproxy/error.html"

What you did was indeed what I suggested.
And what happens if you put the PNG into the same directory as the error.html and refer to it by name only (src="stop.png")
by Rudios
Wed Nov 25, 2015 10:47 pm
Forum: Forwarding Protocols
Topic: OSPF BUG
Replies: 7
Views: 1945

Re: OSPF BUG

I would not put this as a bug right away.
192.168.0.0/24 IS icluded in 192.168.0.0/20
Although 192.168.1.0/24 up to 192.168.4.0/24 are also included.

More basic question, why do you have these overlapping subnets in the first place?
by Rudios
Wed Nov 25, 2015 10:31 pm
Forum: General
Topic: Which WDS mode do I need?
Replies: 4
Views: 509

Re: Which WDS mode do I need?

AFAIK Level 3 RouterOS does not support AP mode for wireless...
by Rudios
Wed Nov 25, 2015 10:19 pm
Forum: Beginner Basics
Topic: I need your help :) Does anyone know how to combine 4 ISPs to get max. upload speed using RB951G-2HnD
Replies: 3
Views: 688

Re: I need your help :) Does anyone know how to combine 4 ISPs to get max. upload speed using RB951G-2HnD

One of the little things you can do is PCC. This will load-balance your traffic over multiple connections. But you will in no way be able to aggregate the full speed of all connections if you have no control of the equipment on the other side of the lines. If you would have this control, you would b...
by Rudios
Wed Nov 25, 2015 10:11 pm
Forum: Beginner Basics
Topic: insert a picture in "webproxy/error.html"
Replies: 4
Views: 1400

Re: insert a picture in "webproxy/error.html"

and if you start your url with a '/'?
by Rudios
Wed Nov 25, 2015 10:04 pm
Forum: Beginner Basics
Topic: Site2Site IPsec problems
Replies: 7
Views: 1242

Re: Site2Site IPsec problems

I agree with cdiedrich
by Rudios
Wed Nov 25, 2015 9:56 pm
Forum: Beginner Basics
Topic: Trunk on SFP+ ports when connected to CISCO switch in switchport mode trunk
Replies: 3
Views: 1121

Re: Trunk on SFP+ ports when connected to CISCO switch in switchport mode trunk

Also keep in mind that when on a Cisco a port is in access mode, the packets exiting the port are actually not tagged with any VLAN information, it's just all access ports with the same vlan are like a separate switch. And since you have bound the 99.1 IP address to the SPF+ interface on your MikroT...
by Rudios
Fri Nov 20, 2015 1:42 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

I have tested CHR on Windows 10 just now. Running 6.31. I only see my legacy network adapter, not the normal one. Another issue I noticed is that when I check for updates, it tells me that version 6.33.1 is available and after download and reboot it tries to install but the VM keeps rebooting. {add}...
by Rudios
Mon Oct 19, 2015 8:40 am
Forum: Beginner Basics
Topic: Use WiFi network as WAN
Replies: 2
Views: 5601

Re: Use WiFi network as WAN

If you want your own internal LAN, make sure you put DHCP on your LAN bridge or master port and make sure the WLAN interface is not member of the bridge. Also make sure you create a masquerade rule for the traffic on out-interface=WLAN. If you do not really need your own dedicated LAN IP segment, ju...
by Rudios
Tue Oct 06, 2015 9:35 pm
Forum: Beginner Basics
Topic: How can I use the download from a line and the upload from another line at the same moment ?
Replies: 1
Views: 409

Re: How can I use the download from a line and the upload from another line at the same moment ?

You can make use of the mangle facilties in the firewall.
As long as the source and destination for both streams are different.
Look at the PCC samples on the web and alter it in order to force certain communication over a dedicated line.
by Rudios
Mon Oct 05, 2015 8:12 am
Forum: Beginner Basics
Topic: MAC address questions
Replies: 8
Views: 1523

Re: MAC address questions

Another option would be defining the admin MAC static by choosing one of the assigned interfaces.
Than it never changes depending on PPTP and so on.
by Rudios
Fri Sep 11, 2015 8:52 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

new images for CHR http://www.mikrotik.com/download/share/chr_6_32.img http://www.mikrotik.com/download/share/chr_6_32.vmdk Hyper-V normal interface is fixed. I don't know what is wrong, but in my case it just keeps rebooting on Hyper-V (Running on Windows 10) [edit] I also have tried to start from...
by Rudios
Fri Sep 11, 2015 8:36 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

new images for CHR http://www.mikrotik.com/download/share/chr_6_32.img http://www.mikrotik.com/download/share/chr_6_32.vmdk Hyper-V normal interface is fixed. I don't know what is wrong, but in my case it just keeps rebooting on Hyper-V (Running on Windows 10) [edit] I also have tried to start from...
by Rudios
Mon Aug 24, 2015 9:58 am
Forum: Beginner Basics
Topic: How To Lease time infinite ?
Replies: 10
Views: 17456

Re: How To Lease time infinite ?

What's the purpose of leasing indefinitely?
Making leases static will always assign that IP to the specified MAC.
And the DHCP protocol will refresh the lease within the specified lease-time anyway.
by Rudios
Mon Aug 24, 2015 9:41 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

I don't know whether it is already mentioned by somebody but I did not read it yet. I have tried the latest available version (6.31) on Hyper-V (Running on windows 10, if it matters) and it seems to work. Only thing I noticed is that only legacy network interfaces are available on the RouterOS inst...
by Rudios
Fri Aug 21, 2015 8:05 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

Another possible bug I found is that when I assign more than 1 virtual processor, the interface I configured won't get an IP address from my DHCP server (running on a real routerboard).
The routerboard does offer an IP, but it keeps in status offered and the DHCP client on the CHR keeps searching.
by Rudios
Thu Aug 20, 2015 11:20 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188219

Re: Cloud Hosted Router

I don't know whether it is already mentioned by somebody but I did not read it yet. I have tried the latest available version (6.31) on Hyper-V (Running on windows 10, if it matters) and it seems to work. Only thing I noticed is that only legacy network interfaces are available on the RouterOS insta...
by Rudios
Fri Jul 31, 2015 9:45 am
Forum: General
Topic: create a my own default configuration to run after reset configuration
Replies: 8
Views: 1796

Re: create a my own default configuration to run after reset configuration

Also worth adding no-defaults=yes and skip-backup=yes to the reset command.
This will prevent the router from building the default setup (like the 88.1 IP address etc.)
by Rudios
Wed Jul 08, 2015 9:35 pm
Forum: Beginner Basics
Topic: Two AP, one DHCP server, 2 SSID's
Replies: 15
Views: 3634

Re: Two AP, one DHCP server, 2 SSID's

Can you share your configs please?
Possibly something with masquerading rule?
by Rudios
Tue Jul 07, 2015 9:23 pm
Forum: Beginner Basics
Topic: VLAN Trunking
Replies: 9
Views: 1120

Re: VLAN Trunking

you could add drop rules for all the possible connections you do not want, like this /ip firewall filter add chain=forward action=drop src-address=172.28.8.0/24 dst-address=172.28.9.0/24 add chain=forward action=drop src-address=172.28.8.0/24 dst-address=172.28.10.0/24 add chain=forward action=drop ...
by Rudios
Mon Jul 06, 2015 8:27 am
Forum: Beginner Basics
Topic: No internet access WHY?
Replies: 24
Views: 8340

Re: No internet access WHY?

You said you're able to ping 8.8.8.8 from the routerboard itself.
How are the IP and routing settings on your connected PC's?
I can not fully understand why you are using 192.9.x.x address ranges on both internal networks.
by Rudios
Mon Jul 06, 2015 8:09 am
Forum: Beginner Basics
Topic: VLAN Trunking
Replies: 9
Views: 1120

Re: VLAN Trunking

Also keep in mind that when port5 is slave to port2, assign the VLAN interface to port2 on the mikrotik.
by Rudios
Mon Jul 06, 2015 8:06 am
Forum: Beginner Basics
Topic: VLAN with TP-Link TL-WA701 multiple SSID
Replies: 2
Views: 1644

Re: VLAN with TP-Link TL-WA701 multiple SSID

I have always used VLANs as interfaces on the ethernet, not used switchport but here's an option. Create the two desired VLAN interfaces on ether9 /interfaces vlan add name=vlan1-e9 vlan-id=1 interface=ether9 add name=vlan2-e9 vlan-id=2 interface=ether9 Build the DCHP servers for each VLAN and assig...
by Rudios
Mon Jul 06, 2015 7:56 am
Forum: Beginner Basics
Topic: static routing
Replies: 6
Views: 868

Re: static routing

That's not gonna work.
192.168.x.x is a private range, and not routable over the internet.
If you want communication between the two locations, build a VPN tunnel (pptp, lt2p, sstp) between them and route the designated traffic over that tunnel.
by Rudios
Fri Jul 03, 2015 1:19 pm
Forum: Beginner Basics
Topic: Two AP, one DHCP server, 2 SSID's
Replies: 15
Views: 3634

Re: Two AP, one DHCP server, 2 SSID's

If you mean that every connected device will be limited to the 4Mbit of internet speed, just configure simple queue on the master router.
by Rudios
Fri Jul 03, 2015 1:07 pm
Forum: Beginner Basics
Topic: Upgrade issue and loading config fails
Replies: 2
Views: 389

Re: Upgrade issue and loading config fails

For the failed upgrade, make sure you uploaded the correct packags. For CCR units use the Tile version of the package. The RB2011 uses mipsbe packages which are different. When you are importing your config, which looks fine by the way, does it give any errors? Is the unit running with default confi...
by Rudios
Mon Jun 29, 2015 3:11 pm
Forum: Beginner Basics
Topic: Query regarding routing between two PC using 2-LAN ports of a single MikroTik router
Replies: 18
Views: 2262

Re: Query regarding routing between two PC using 2-LAN ports of a single MikroTik router

Please post your current /export and the IP addresses of the 2 PC's.

Maybe just start without NAT and check whether that is working fine.
by Rudios
Thu Jun 25, 2015 9:14 am
Forum: Beginner Basics
Topic: Query regarding routing between two PC using 2-LAN ports of a single MikroTik router
Replies: 18
Views: 2262

Re: Query regarding routing between two PC using 2-LAN ports of a single MikroTik router

Did you change your routerboard config as jarda mentioned.
Remove port 3 and 4 from slaving and make them individual ports
by Rudios
Wed Jun 24, 2015 3:22 pm
Forum: Beginner Basics
Topic: Basic must have firewall settings?
Replies: 4
Views: 2407

Re: Basic must have firewall settings?

Adding the fasttrack option is only applicable for the forward chain.
It does not affect the input chain.
by Rudios
Wed Jun 24, 2015 3:00 pm
Forum: Beginner Basics
Topic: Query regarding routing between two PC using 2-LAN ports of a single MikroTik router
Replies: 18
Views: 2262

Re: Query regarding routing between two PC using 2-LAN ports of a single MikroTik router

How about the IP configuration of the two PC's?
And also there is an overlap on your 2 IP segments 10.140.0.0/16 includes 10.140.1.0/26
And last but not least I go with jarda about the switching settings.
by Rudios
Thu Apr 09, 2015 8:42 am
Forum: General
Topic: NetWatch: Is it a bug or do I not understand
Replies: 1
Views: 374

NetWatch: Is it a bug or do I not understand

I experience some behaviour with netwatch I don't understand. I am checking an IP address with an interval of 1 minute (the default) and when the IP goes down/up it will send me an email. That functions as expected. But I have put the timeout to 600000ms (10 minutes) because I don't want to get noti...
by Rudios
Fri Mar 27, 2015 7:58 am
Forum: Beginner Basics
Topic: Help with Site to Site VPN Tunnel.
Replies: 8
Views: 996

Re: Help with Site to Site VPN Tunnel.

Are your routes ok?
Does your Home device know how to reach the 10.10.7.0/24 segment?

Also take care of your firewall filter rules.
If you have any, also make sure you have an allowance for pinging from the tunnel interface.
by Rudios
Tue Mar 17, 2015 2:37 pm
Forum: General
Topic: Weird behaviour for NAT
Replies: 4
Views: 884

Re: Weird behaviour for NAT

Changing the port to something else (i tried 81) did not make any difference (Obviously also changed the NAT rules :) ).

The thing that did help was rebooting the device.
Still I have no clue what went wrong but after reboot http is working again.
by Rudios
Tue Mar 17, 2015 2:10 pm
Forum: General
Topic: Need some assistance here for proper setup
Replies: 1
Views: 457

Need some assistance here for proper setup

Consider the following setup. Setup question.jpg Router RBA and RBB are both MikroTik routers. RBA has all interfaces bridged and two vlan interfaces tied to the bridge (id 18 en 20) 3 dedicated networks are available for the three interfaces 192.168.109.0/24 for the bridge 172.18.16.0/23 for vlan18...
by Rudios
Mon Mar 16, 2015 2:49 pm
Forum: General
Topic: Weird behaviour for NAT
Replies: 4
Views: 884

Re: Weird behaviour for NAT

Why are you trying to dstnat to the router itself? In your dstnat rules you have specified as to-addresses the IP of the router, you are doing some kind of redirect here. The dstnat rules on the modem should be sufficient to reach the router services you are trying to reach. Although I would sugges...
by Rudios
Mon Mar 16, 2015 10:07 am
Forum: General
Topic: Weird behaviour for NAT
Replies: 4
Views: 884

Weird behaviour for NAT

Picture the following situation. ADSL Modem with normal home use, so including NAT and firewall. IP address inside 192.168.12.1/24 3 nat rules incoming ports 10022, 10080 and 18291 are forwarded to 192.168.12.2, no change of ports. Connected Mikrotik with ether1, with IP address 192.168.12.2/24 Seco...
by Rudios
Fri Mar 13, 2015 4:07 pm
Forum: Beginner Basics
Topic: RB2011L - which port is used
Replies: 11
Views: 2032

Re: RB2011L - which port is used

I would leave the names as their default and add a comment to identify the connected devices.
by Rudios
Fri Mar 13, 2015 3:57 pm
Forum: Beginner Basics
Topic: RouterOs 6.25: how to manage 2 different ADSL
Replies: 13
Views: 2172

Re: RouterOs 6.25: how to manage 2 different ADSL

marking each packet with a routing mark directly will probably work, but will require all packets to traverse the selection criteria. This takes more resources than first tag the connection and then, depending the connection mark with routing mark. On the other hand I guess it also to overcome the i...
by Rudios
Wed Mar 11, 2015 10:00 am
Forum: Beginner Basics
Topic: RouterOs 6.25: how to manage 2 different ADSL
Replies: 13
Views: 2172

Re: RouterOs 6.25: how to manage 2 different ADSL

Theoretical the traffic will be divided into two groups, marked with routing-mark. These routing-marks will be used by the routing-table in order to route the traffic outside over 1 of the available ADSL lines. I have PCC configured for 3 ADSL lines and I have 9 routing rules. 3 for each ADSL line, ...
by Rudios
Tue Mar 10, 2015 1:32 pm
Forum: Beginner Basics
Topic: CRS125 does not route between subnets
Replies: 13
Views: 2428

Re: CRS125 does not route between subnets

I vote for firewall issue on the PC's itself.
If 1 of the PC's can ping both IP addresses of the CRS, routing is ok.
by Rudios
Sat Mar 07, 2015 11:11 pm
Forum: General
Topic: SRC-NAT rule for IPSec to work
Replies: 3
Views: 3275

Re: SRC-NAT rule for IPSec to work

Why do I need an additional rule like this? (seen of system A) /ip firewall nat add chain=srcnat action=accept src-address=<local lan A> dst-address=<local lan B> As far as I know the masquerading rule "should" not catch the outgoing traffic towards the other side of the tunnel, because it is not e...
by Rudios
Thu Mar 05, 2015 2:08 pm
Forum: General
Topic: SRC-NAT rule for IPSec to work
Replies: 3
Views: 3275

SRC-NAT rule for IPSec to work

I don't understand. Why do I need a src-nat accept rule in order to get IPSec functional. System setup explanation: I have 2 locations, each with static IP over PPPoE initiated from an RB951. One is L2TP server, the other is L2TP client. I connect from A to the public IP of B, this works fine. On ea...
by Rudios
Thu Mar 05, 2015 8:08 am
Forum: Beginner Basics
Topic: MikroTik RB2011UiAS-RM LCD touch screen
Replies: 1
Views: 738

Re: MikroTik RB2011UiAS-RM LCD touch screen

If packages are installed and you are running default configuration there should be multiple entries on the LCD to choose from and also some interface usage slideshow.
If your display only lights-up when booting I wonder if it is broken.
Are you seeing some text when booting, "like booting from nand"?
by Rudios
Thu Mar 05, 2015 7:55 am
Forum: Beginner Basics
Topic: Need Remote Administration RB2011
Replies: 7
Views: 3316

Re: Need Remote Administration RB2011

I would go for this set of rules. /ip firewall filter add action=drop chain=input comment="Drop invalid connections" connection-state=invalid add chain=input comment="Allow ping from outside" disabled=yes in-interface=ether1 protocol=icmp add chain=input comment="Accept established connections" conn...
by Rudios
Thu Mar 05, 2015 7:53 am
Forum: Beginner Basics
Topic: Connecting RB750 to existing ADSL Router
Replies: 6
Views: 1150

Re: Connecting RB750 to existing ADSL Router

Probably you need to create a route or some mangle rules in order to force traffic to go over the tunnel.
If you are using the default configuration, all traffic will be forwarded over ether1.

If your PPTP tunnel is up, can you perform a ping to the other side of the tunnel?
by Rudios
Tue Mar 03, 2015 11:41 am
Forum: Beginner Basics
Topic: Need some help setting up a simple network
Replies: 4
Views: 696

Re: Need some help setting up a simple network

Create a DHCP server, attached to the bridge.
Define the correct network and specify DNS and Gateway in order to hand these to DHCP client.
by Rudios
Mon Mar 02, 2015 4:39 pm
Forum: Beginner Basics
Topic: Connecting RB750 to existing ADSL Router
Replies: 6
Views: 1150

Re: Connecting RB750 to existing ADSL Router

If you connect ether1 of your RB750 to your existing TP-Link and connect your PC (with DHCP on) to one of the ports of the MikroTik it should work right away with default config. - Is your MikroTik served with an IP address from the TP-link? - When you connect your PC to the MikroTik, are you served...
by Rudios
Mon Mar 02, 2015 3:56 pm
Forum: Beginner Basics
Topic: Subnetting Question
Replies: 2
Views: 556

Re: Subnetting Question

rextended is right. I can assume that you have the desire that subnet on port 2 can initiate connection to all different subnets but subnet on port 3 and 4 are only allowed to go online (via port 1) If that is the case, use these rules /ip firewall filter add chain=forward connection-state=related a...
by Rudios
Mon Mar 02, 2015 2:08 pm
Forum: Beginner Basics
Topic: Port Forwarding - Beginner needs help.
Replies: 12
Views: 2310

Re: Port Forwarding - Beginner needs help.

Thank you, I will give it a try. At which position has the accept rule to be set? chain=forward action=accept protocol=tcp dst-address=192.168.0.5 in-interface=pppoe-WAN dst-port=8083 log=no log-prefix="" And has the masquerade NAT rule to be at the TOP or at the bottom of the port forwarding rules...
by Rudios
Mon Mar 02, 2015 11:09 am
Forum: Beginner Basics
Topic: Port Forwarding - Beginner needs help.
Replies: 12
Views: 2310

Re: Port Forwarding - Beginner needs help.

I would go for the following default rules. /ip firewall filter add action=drop chain=input comment="Drop invalid connections" connection-state=invalid add chain=input comment="Allow ping from outside" disabled=yes in-interface=ether1 protocol=icmp add chain=input comment="Accept established connect...
by Rudios
Mon Mar 02, 2015 9:46 am
Forum: Beginner Basics
Topic: Firewall Drop
Replies: 5
Views: 953

Re: Firewall Drop

What you could do (although it is not a real solution) is put a bogus IP address as reservation for the deisred MAC address. If the device then request an IP from the DHCP server it will get a unusable IP address and will not be able to browse the internet. (e.g. assign 192.168.100.254 for the devic...
by Rudios
Mon Mar 02, 2015 9:36 am
Forum: Beginner Basics
Topic: Port Forwarding - Beginner needs help.
Replies: 12
Views: 2310

Re: Port Forwarding - Beginner needs help.

Are you trying to connect from outside your own network of from inside? If you are trying from inside, you will need an additional hairpin nat rule http://wiki.mikrotik.com/wiki/Hairpin_NAT The rules you have posted are looking fine to me, although I would go for a slightly different set of default ...
by Rudios
Fri Feb 27, 2015 12:14 pm
Forum: Beginner Basics
Topic: RB2011L - which port is used
Replies: 11
Views: 2032

Re: RB2011L - which port is used

I don't understand, the interfaces are named with text below each connection port
by Rudios
Fri Feb 27, 2015 8:08 am
Forum: Beginner Basics
Topic: How would one go about downgrading the RouterOS Version ?
Replies: 11
Views: 6626

Re: How would one go about downgrading the RouterOS Version ?

Do not put the full zip file. You indeed need to extract the zip and put all the individual (needed) npk files. They will show up on the files list, not on packages. Please be sure to obtain the correct version of the desired packages. I see you are linking to the MIPSLE package, what RouterBoard do...
by Rudios
Thu Feb 26, 2015 4:46 pm
Forum: Beginner Basics
Topic: Need some help setting up a simple network
Replies: 4
Views: 696

Re: Need some help setting up a simple network

Create a bridge, and put both wlan and ether interface to that bridge.
Define a security profile to connect via your laptop.
I assume you want a plain bridging connection.
by Rudios
Thu Feb 26, 2015 4:43 pm
Forum: Beginner Basics
Topic: DHCP for Ubiquiti AP on VLAN port
Replies: 4
Views: 1387

Re: DHCP for Ubiquiti AP on VLAN port

Can you please share your config to see how your VLAN interfaces are bound to your hardware interfaces.
I have somewhat the same situation and did not came across this issue.
by Rudios
Thu Feb 26, 2015 4:38 pm
Forum: Beginner Basics
Topic: Port Forwarding - Beginner needs help.
Replies: 12
Views: 2310

Re: Port Forwarding - Beginner needs help.

Please make sure you have enabed, /interface bridge settings set use-ip-firewall=yes if bridge is used on your router. Why does this have to be enabled, as far as it seems to me it is just a plain router, with incoming on pppoe. 1. First, enable IP Cloud from WinBox menu. 2. Also here, /ip firewall...
by Rudios
Wed Feb 25, 2015 1:43 pm
Forum: Beginner Basics
Topic: How would one go about downgrading the RouterOS Version ?
Replies: 11
Views: 6626

Re: How would one go about downgrading the RouterOS Version ?

Just upload the desired packages to the routerboard by pasting on the folders entry within winbox GO to System -> Packages and hit downgrade. Where can I get previous versions ? You can alter the download link of the latest version into the version you want. I don't know what is officially view of ...
by Rudios
Wed Feb 25, 2015 8:22 am
Forum: Beginner Basics
Topic: How would one go about downgrading the RouterOS Version ?
Replies: 11
Views: 6626

Re: How would one go about downgrading the RouterOS Version ?

Just upload the desired packages to the routerboard by pasting on the folders entry within winbox

GO to System -> Packages and hit downgrade.
by Rudios
Wed Feb 25, 2015 8:20 am
Forum: Beginner Basics
Topic: RouterOs 6.25: how to manage 2 different ADSL
Replies: 13
Views: 2172

Re: RouterOs 6.25: how to manage 2 different ADSL

Go for PCC configuration.

I have it running with multiple ADSL lines for almost 2 years now and is working great.

http://wiki.mikrotik.com/wiki/Manual:PCC
by Rudios
Fri Feb 20, 2015 12:38 pm
Forum: Beginner Basics
Topic: Port fwd issues with firewall
Replies: 1
Views: 729

Re: Port fwd issues with firewall

I think you should add the in-interface parameter on your dstnat rules.
At this stage, all the traffic, both from inside and outside is dst-nat'ted to the Synology.
by Rudios
Fri Feb 20, 2015 12:34 pm
Forum: General
Topic: System Error sending email timeout occurred
Replies: 16
Views: 9871

Re: System Error sending email timeout occurred

How are your email settings?
Server, username etc.
by Rudios
Fri Feb 20, 2015 7:53 am
Forum: Beginner Basics
Topic: Lắp Mạng Internet FPT Tiền Giang
Replies: 16
Views: 2806

Re: Why is unable to load website

Hi RazorMK, use the following, making sure that where I have set ether1 you set it to the interface where you connect to your isp. /ip firewall mangle add action=change-mss chain=forward new-mss=1400 in-interface=ether1 protocol=tcp tcp-flags=syn tcp-mss=1401-65535 add action=change-mss chain=forwa...
by Rudios
Fri Feb 20, 2015 7:43 am
Forum: Beginner Basics
Topic: Port forwarding
Replies: 9
Views: 2170

Re: Port forwarding

All you need is a Hairpin nat rule
htttp://wiki.mikrotik.com/wiki/Hairin_NAT

something like

/ip firewall nat
add chain=srcnat action=masquerade src-address=192.168.2.0/24 dst-address=192.168.2.200 out-interface=<local lan bridge>
by Rudios
Fri Feb 20, 2015 7:33 am
Forum: Beginner Basics
Topic: need help to config router board
Replies: 11
Views: 1747

Re: need help to config router board

I can't direct you to any videos, but I am sure youtube is loaded with mikrotik configuration examples
Also check the mikrotik manual @ http://wiki.mikrotik.com/wiki/Manual:TOC

On the other hand, if you have some difficulties maybe you can put your issue/question here and we can help you.
by Rudios
Thu Feb 19, 2015 3:31 pm
Forum: Beginner Basics
Topic: local network domain
Replies: 2
Views: 784

Re: local network domain

For the first two you can probably solve it by creating static DNS entries on your routerboard.

For the last option you will need a hairpin-nat rule to let that work
See http://wiki.mikrotik.com/wiki/Hairpin_NAT for that.
by Rudios
Thu Feb 19, 2015 12:57 pm
Forum: Beginner Basics
Topic: Configuration migration from RB750GL -> RB951G-2HnD - Cannot configure wireless!
Replies: 2
Views: 722

Re: Configuration migration from RB750GL -> RB951G-2HnD - Cannot configure wireless!

You have to move your DHCP server to be on the created bridge, this is probably still on the master-interface.
This also applies for your IP address assignment
by Rudios
Wed Feb 18, 2015 3:01 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208308

Re: Feature requests

I would be nice that in /ip service I could set more ip address or one addres-list
erm, you actually can do this (not with ACLs but with multiple IPs)
Image
Why not just block unwanted access by firewall?
by Rudios
Wed Feb 18, 2015 8:59 am
Forum: General
Topic: System WebGUI
Replies: 7
Views: 1397

Re: System WebGUI

I guess you have some dst-nat rule configured.
by Rudios
Fri Feb 13, 2015 3:02 pm
Forum: Beginner Basics
Topic: Change DHCP and Router IP results in DNS not working
Replies: 10
Views: 2367

Re: Change DHCP and Router IP results in DNS not working

Get more familiar with RouterOS and the way of configuration and get rid of QuickConfig.
by Rudios
Thu Feb 12, 2015 9:46 am
Forum: Beginner Basics
Topic: Change DHCP and Router IP results in DNS not working
Replies: 10
Views: 2367

Re: Change DHCP and Router IP results in DNS not working

Can you share your config?
by Rudios
Thu Feb 12, 2015 9:42 am
Forum: Beginner Basics
Topic: How to shutdown a port programmatically?
Replies: 7
Views: 1283

Re: How to shutdown a port programmatically?

That looks weird.

I have just checked with one of my RB750UP's and when I disable any port, the led will turn off and the connected computer shows disconnected cable state.

Maybe it is worth installing via NetInstall
by Rudios
Thu Feb 12, 2015 9:35 am
Forum: Beginner Basics
Topic: [solved] forward one port from one vlan to another vlan
Replies: 2
Views: 617

Re: forward one port from one vlan to another vlan

By default the devices are able to communicate because the routerboard will route the traffic between the two segments.
By applying firewall rules, traffic can be blocked.

What are your exact problems or where do you get stuck?
by Rudios
Sun Feb 01, 2015 10:36 pm
Forum: Beginner Basics
Topic: Pasting script into Winbox / ssh terminal
Replies: 5
Views: 1717

Re: Pasting script into Winbox / ssh terminal

Unless you can't upgrade to v.6
Nope, no IP6 here as far as I know.
Hossain2094a ment RouterOS version 6, not ip
by Rudios
Thu Jan 29, 2015 1:35 pm
Forum: General
Topic: Two WAN IPs
Replies: 2
Views: 597

Re: Two WAN IPs

What happens when you configure your NAT (I assume it is an action=masquerade rule) with src-address=192.168.1.0/24
by Rudios
Thu Jan 29, 2015 8:47 am
Forum: Beginner Basics
Topic: Router config not working out for me!
Replies: 2
Views: 664

Re: Router config not working out for me!

How is your internal network configured?
If you are using normal private IP's for your servers, you need to create NAT rules in order to let outside clients connect.
by Rudios
Wed Jan 28, 2015 12:06 pm
Forum: Beginner Basics
Topic: Pasting script into Winbox / ssh terminal
Replies: 5
Views: 1717

Re: Pasting script into Winbox / ssh terminal

You are missing a <space> on the first line, /system script add

Also do not use CTRL+V shortcut for pasting, it will give you some weird auto-complete function.
by Rudios
Tue Jan 13, 2015 3:37 pm
Forum: Beginner Basics
Topic: VLAN setup for WiFi AP guest SSID separation - step-by-step
Replies: 11
Views: 13793

Re: VLAN setup for WiFi AP guest SSID separation - step-by-s

I use a similar setup except there's a switch in between.
[...]

Masquerading on WAN needs no change if it is already set up.

This should do it.
If masquerading rule also has src-address specified, it needs to be changed/duplicated
by Rudios
Tue Dec 23, 2014 12:38 pm
Forum: Beginner Basics
Topic: Port 81 redirects to local port 81
Replies: 3
Views: 715

Re: Port 81 redirects to local port 81

You probably want the DVR to be reachable from the outside.
If that is the case, add in-interface=<your wan> to your rule.
by Rudios
Tue Dec 23, 2014 12:35 pm
Forum: General
Topic: VLANs not behaving as expected?
Replies: 3
Views: 884

Re: VLANs not behaving as expected?

Hi Rudios, [...] Hmm, just thought of something. Do you know of a way to make the vlan ID dynamic? (In other words, instead of specify vlan 100 forwards, and vlan 200 forwards, could it be a variable that it pulls in? This is because my AP can assign VLAN IDs dynamically which is a useful feature.....
by Rudios
Mon Dec 22, 2014 12:50 pm
Forum: Beginner Basics
Topic: Access IP from different subnet without a gateway
Replies: 5
Views: 1542

Re: Access IP from different subnet without a gateway

So that means your RB is not gateway for the VoIP system.
Does the router between your system and the VoIP system has a route towards your admin network?
by Rudios
Mon Dec 22, 2014 7:59 am
Forum: Beginner Basics
Topic: Access IP from different subnet without a gateway
Replies: 5
Views: 1542

Re: Access IP from different subnet without a gateway

Could you please give some more IP related info.
What are your gateway addresses for each subnet and where is your router (I assume it's your routerboard)
by Rudios
Sun Dec 21, 2014 5:08 pm
Forum: General
Topic: VLANs not behaving as expected?
Replies: 3
Views: 884

Re: VLANs not behaving as expected?

It is a bit hard to fully get your config right but if I read your story correct you have only blocked forwarding traffic from eiter VLAN to the untagged management segment. That means that VLAN to VLAN should work. Probably is laptop to laptop traffic blocked by a firewall running on the laptop loc...
by Rudios
Tue Dec 16, 2014 1:24 pm
Forum: Beginner Basics
Topic: NetInstall problems
Replies: 7
Views: 1934

Re: NetInstall problems

And how are your IP settings on your PC.
DHCP of static IP in the 192.168.88.x range?
by Rudios
Mon Dec 15, 2014 10:53 am
Forum: Beginner Basics
Topic: ether+wireless and bridge/routed question.
Replies: 4
Views: 883

Re: ether+wireless and bridge/routed question.

That's correct
by Rudios
Mon Dec 15, 2014 8:34 am
Forum: Beginner Basics
Topic: ether+wireless and bridge/routed question.
Replies: 4
Views: 883

Re: ether+wireless and bridge/routed question.

That sounds correct to me. Although you probably already have IP, DHCP and firewall settings applied to ether2. If that is the case, just move these from ether2 to the bridge, no need for duplication here. And for the bridge the use-ip-firewall setting is not needed if your bridge would just be a lo...
by Rudios
Tue Dec 09, 2014 4:16 pm
Forum: General
Topic: NTP not working
Replies: 4
Views: 929

Re: NTP not working

I have not noticed the problem before.
I have various boards, 1 x RB2011-UiAS, 2 x RB750UP, 2 x RB750GL and 1 x RB951G-2HnD.

The 2011 is not working, and for the 750's of either type 1 is working and one is not. So I doubt it is model related.
by Rudios
Tue Dec 09, 2014 12:48 pm
Forum: General
Topic: NTP not working
Replies: 4
Views: 929

NTP not working

Today I noticed that NTP is not working anymore. I have multiple devices, all running latest Ros 6.23 All are using the NTP package. For some of the devices, the NTP status stays on started. On others, it goes from started to reached to synchronized. On the devices that are not working I'm able to p...
by Rudios
Mon Dec 08, 2014 9:29 pm
Forum: Beginner Basics
Topic: ospf
Replies: 3
Views: 575

Re: ospf

It sounds correct to me, since your public IP address is assumably assinged to the ISP connected routers. I assume you are using private IP ranges in your internal network. These IP's are not routed over the internet and outgoing traffic needs to be source-NAT'ed in order to go over the internet. Ps...
by Rudios
Fri Dec 05, 2014 2:45 pm
Forum: Beginner Basics
Topic: Bridge vs master/slave?
Replies: 1
Views: 690

Re: Bridge vs master/slave?

When bridges are in use all traffic is handled via CPU.
When master/slave is configured, the switch-chip handles local traffic without loading the processor.
by Rudios
Sun Nov 23, 2014 3:23 pm
Forum: General
Topic: Mikrotik 5.20 iso
Replies: 2
Views: 3842

Re: Mikrotik 5.20 iso

You can request for a free license via the mikrotik website.
by Rudios
Sat Nov 22, 2014 4:31 am
Forum: Beginner Basics
Topic: Access to local web server by its dns name
Replies: 2
Views: 909

Re: Access to local web server by its dns name

Search for hairpin nat. That will solve your problem.
by Rudios
Mon Nov 17, 2014 8:41 am
Forum: General
Topic: 6.22 released!
Replies: 151
Views: 54838

Re: 6.22 released!

951G-2HnD with 6.22 What the hell? I inserted USB flash drive (8Gb), formatted it (FAT32) and got a mess in files. Cannot delete any of those files (because they don't exist obviously) Also I don't know how to walk throught the directory structure in webfig ... mt622_usb.jpg I noticed this too!. Wh...
by Rudios
Sat Nov 15, 2014 3:21 pm
Forum: Beginner Basics
Topic: Change WAN port in RB2011UiAS-2HnD-IN from ether1 to ether10
Replies: 32
Views: 8907

Re: Change WAN port in RB2011UiAS-2HnD-IN from ether1 to eth

In RouterOS there is no such thing as "WAN" port per se . It is just a port that has DHCP-client enabled and firewall rules protect it. So if you would go to the DHCP client menu and change the interface there, then go to "firewall filter" and change interface there also, I think that would be all....
by Rudios
Sat Nov 15, 2014 3:17 pm
Forum: Beginner Basics
Topic: Block External IP RouterOS Login
Replies: 4
Views: 1930

Re: Block External IP RouterOS Login

Build your firewall rules something like this /ip firewall filter add chain=input connection-state=invalid action=block comment="Block invalid packets" add chain=input connection-state=established comment="Allow packets for established connections" add chain=input connection-state=related comment="A...
by Rudios
Thu Nov 13, 2014 12:32 pm
Forum: General
Topic: 6.22 released!
Replies: 151
Views: 54838

Re: 6.22 released!

What about the new feature disk From Winbox I do not see any drives. Looking on the Files menu I see a folder called Disk1. How can I create folders on a drive for e.g. WebProxy or logging? Here are RouterOS commands for it. #WebProxy: /ip proxy set cache-path=disk1/web-proxy1 #Logging: /system log...
by Rudios
Thu Nov 13, 2014 12:26 pm
Forum: Beginner Basics
Topic: connecting 3 Mikrotik
Replies: 4
Views: 1094

Re: connecting 3 Mikrotik

It all depends on your configuration of all three devices.
by Rudios
Thu Nov 13, 2014 7:18 am
Forum: General
Topic: 6.22 released!
Replies: 151
Views: 54838

Re: 6.22 released!

Nah.... Version 6 isn't beta. It's just that some parts of it are still not working quite as well as they need to be.... And with every release it is another part, That is my definition of beta. Wasted 4h yesterday with a problem where a ethernet port did not work when removing it out of a bridge. ...
by Rudios
Tue Nov 04, 2014 3:17 pm
Forum: Beginner Basics
Topic: PPPoE Home Connection
Replies: 4
Views: 786

Re: PPPoE Home Connection

I recommend to put the ASUS on the same network (192.168.88.x) and let the routerboard handle the DHCP.
Put the cable from the MikroTik on any LAN port of the ASUS and disable the DHCP server on the ASUS.
by Rudios
Tue Nov 04, 2014 3:15 pm
Forum: Beginner Basics
Topic: static IP from ISP where to configure?
Replies: 5
Views: 3939

Re: static IP from ISP where to configure?

Hello i hope you can help me i have a MikroTik RB2011UiAS-2HnD-IN and are using DHCP in my home network. I have connect my cable modem (cisco 3212 eMTA) with the RB2011 and into the RB2011 i have wired my Laptop. I also have an ipad,internteradio,and a smart phone which where connected per WLAN. So...
by Rudios
Tue Nov 04, 2014 3:09 pm
Forum: Beginner Basics
Topic: Two default routes - DAC, DS.
Replies: 6
Views: 3941

Re: Two default routes - DAC, DS.

I have cable modem in transparent mode and mikrotik router with DHCP client on wan interface. When modem and router both start simultaneously the router is faster and asks for ip. As the modem is not linked yet to cable provider it provides local address by his own. When the link to operator goes u...
by Rudios
Tue Nov 04, 2014 3:05 pm
Forum: Beginner Basics
Topic: Mikrotik forum request: Avoid double post for newbies
Replies: 7
Views: 2971

Re: Mikrotik forum request: Avoid double post for newbies

new users need their first two posts to be approved. this only works in workdays.
Ok, wasn't aware that. Also can not remember from the time I registered.
by Rudios
Tue Nov 04, 2014 10:26 am
Forum: Beginner Basics
Topic: Mikrotik forum request: Avoid double post for newbies
Replies: 7
Views: 2971

Re: Mikrotik forum request: Avoid double post for newbies

I never experienced any delay of approval stage in my posts.
How come some people do.
Any post written is posted right away, not?
by Rudios
Tue Nov 04, 2014 10:24 am
Forum: Beginner Basics
Topic: Two default routes - DAC, DS.
Replies: 6
Views: 3941

Re: Two default routes - DAC, DS.

Blue lines are inactive so they have no influence on routing decision. Only active routes do. Ah I see. Good. You do not need a DCHP client address from your modem... I assume it is only needed for maintenance tasks on the modem. Yes, I do need it. For firmware updates, etc. It is useful to have th...
by Rudios
Mon Nov 03, 2014 12:13 pm
Forum: Beginner Basics
Topic: ipsec
Replies: 8
Views: 1578

Re: ipsec

500 is the default port IPsec traffic is on.
I guess someone is trying to put a IPsec tunnel online.
by Rudios
Mon Nov 03, 2014 8:59 am
Forum: Beginner Basics
Topic: Two default routes - DAC, DS.
Replies: 6
Views: 3941

Re: Two default routes - DAC, DS.

I have an error in my routing table. Let me explain my home set-up: I use an ADSL/ADSL2+ modem. This modem is connected to ether1-gateway port of my [http://routerboard.com/]RB2011UiAS-2HnD-IN router. My RB2011UiAS-2HnD-IN obtains a LAN IP from the DHCP server configured on the modem (192.168.2.0/2...
by Rudios
Wed Oct 29, 2014 7:45 pm
Forum: Beginner Basics
Topic: 750GL using as switch
Replies: 1
Views: 499

Re: 750GL using as switch

Put the use-ip-firewall to yes on the bridge settings
by Rudios
Thu Oct 09, 2014 3:39 pm
Forum: Forwarding Protocols
Topic: OSPF neighbors connected but no routes interchanged
Replies: 2
Views: 1930

Re: OSPF neighbors connected but no routes interchanged

I don't know whether it is causing the problem but the IP on your loopback bridge on L0Router is /30 instead of /32.
by Rudios
Thu Oct 09, 2014 12:49 pm
Forum: General
Topic: Same subnet - firewall - block device access
Replies: 3
Views: 1309

Re: Same subnet - firewall - block device access

And also if a bridge is configured on the mikrotik configure

ros code

/interface bridge settings
set use-ip-firewall=yes
If you are using master-port configuration, it will not work since the traffic never reaches the CPU of the Routerboard.
by Rudios
Thu Oct 09, 2014 8:36 am
Forum: Beginner Basics
Topic: Port forwarding question
Replies: 7
Views: 2506

Re: Port forwarding question

I haven't tried it, and I don't know if port numbers work like that in an URL. But reading this: http://wiki.mikrotik.com/wiki/Forwarding_a_port_to_an_internal_IP This should work: { :local WanIp x.x.x.x :local Server1Ip x.x.x.x :local Server1Port 443 :local Server2Ip x.x.x.x :local Server2Port 444...
by Rudios
Mon Sep 29, 2014 3:48 pm
Forum: Beginner Basics
Topic: Hairpin NAT and DNS
Replies: 4
Views: 3164

Re: Hairpin NAT and DNS

This does nothing for me... How can I debug this? Hi guys I'm using the follwoing dns script to update my IP: /tool fetch address="freedns.afraid.org" host="freedns.afraid.org" mode=http src-path="dynamic/update.php\?mycode" keep-result=no This works great, now I would like to setup hairpin NAT on ...
by Rudios
Thu Sep 25, 2014 12:51 pm
Forum: Beginner Basics
Topic: What am I missing in my 4G/LTE setup on RB951
Replies: 4
Views: 2448

Re: What am I missing in my 4G/LTE setup on RB951

If you want ether1 and wlan1 to be in the same network, create a bridge and put the desired ports to that bridge.
Then move the IP address and the DHCP server assignments to the bridge instead of the individual interfaces.
by Rudios
Thu Sep 25, 2014 12:47 pm
Forum: Beginner Basics
Topic: Hairpin NAT and DNS
Replies: 4
Views: 3164

Re: Hairpin NAT and DNS

Hi guys I'm using the follwoing dns script to update my IP: /tool fetch address="freedns.afraid.org" host="freedns.afraid.org" mode=http src-path="dynamic/update.php\?mycode" keep-result=no This works great, now I would like to setup hairpin NAT on my network, so that I can use the DNS inside and o...
by Rudios
Tue Sep 16, 2014 4:26 pm
Forum: Beginner Basics
Topic: Basic Routing
Replies: 4
Views: 935

Re: Basic Routing

You can't use 192.168.1.1 as gateway.
A gateway must be in the same network segment as the device itself.
If you configure the router with 2 IP addresses, each in a dediated range, related to the PC it should work.
by Rudios
Tue Sep 09, 2014 3:30 pm
Forum: Beginner Basics
Topic: MT 750GL VLANs With Unifi APs
Replies: 11
Views: 1913

Re: MT 750GL VLANs With Unifi APs

Anyone able to help me configure this MT from scratch?

I'm thinking my setup isn't too involved compared to some networks but configuring the MT is beyond me at this point.
I can try to assist you but can you first give your requirements.
And how is your network setup?
by Rudios
Fri Sep 05, 2014 3:18 pm
Forum: General
Topic: how to load balance "router itself" "local" traffic
Replies: 1
Views: 451

Re: how to load balance "router itself" "local" traffic

I have the same difficulties.
If you look on the packet flow diagrams you see that the first thing that happens when the router send out a packet is routing-decision. Therefor a route is needed. This won't allow marking the packets
by Rudios
Thu Sep 04, 2014 3:25 pm
Forum: General
Topic: identical devices/ROS yet one is missing Quick Set
Replies: 5
Views: 920

Re: identical devices/ROS yet one is missing Quick Set

if I do a diff of /export of both the whole configs they literally differ just in the IP addresses (and few comments like the software id etc.) - so same packages installed, same (default) skin. Same config does not necessarily mean same packages installed. If you have installed the routing or mpls...
by Rudios
Thu Sep 04, 2014 3:21 pm
Forum: Beginner Basics
Topic: Two AP, one DHCP server, 2 SSID's
Replies: 15
Views: 3634

Re: Two AP, one DHCP server, 2 SSID's

A few assumptions: 1. MAIN router worked properly and have two bridges with two different DHCP servers on it, (Bridge-privat) first pool-addresses for Privat LAN,(bridge-public) second pool-addresses for Public LAN. 2. MAIN router have Wireless interface for Privat LAN and have Virtual Wireless int...
by Rudios
Thu Sep 04, 2014 10:00 am
Forum: General
Topic: PCC with double NAT environment?
Replies: 2
Views: 656

Re: PCC with double NAT environment?

Is there any chance to change the config and get rid of the nat on the hotel firewall.
Put a static route on the RB750 towards the hotel subnet and don't do any Nat there.